Microsoft Defender ATP for Android [Public Preview]
Following my previous article : https://thibaultchatiron.fr/2020/05/01/microsoft-defender-atp-capabilities-on-mobile-public-preview/
Today, Microsoft announced the public preview of their mobile threat defense capabilities with Microsoft Defender ATP for Android
- Web protection
- Malware scanning
- Blocking access to sensitive data
- Unified SecOps experience
Turn on the preview experience setting to be among the first to try upcoming features.
- In the navigation pane, select Settings > Advanced features > Preview features.
- Toggle the setting on On and select Save preferences.
Web protection capabilities in Microsoft Defender ATP for Android help to address these challenges with:
- Anti-phishing: Access to unsafe websites from SMS/text, WhatsApp, email, browsers, and other apps is instantly blocked. To do this, it will interact with Microsoft Defender SmartScreen service in order to determine whether a URL is potentially malicious.
- Blocking unsafe connections: The same Microsoft Defender SmartScreen technology is used to also block unsafe network connections that apps automatically might make on the user’s behalf without them knowing.
- Custom indicators: Security teams can create custom indicators, giving them more fine-grained control over allowing and blocking URLs and domains users connect to from their Android devices.
Microsoft Defender ATP for Android uses cloud protection powered by deep learning and heuristics to provide coverage for low-fidelity signals which are inconclusively handled by signatures, in addition to offering signature based malware detection. This protection extends to both malicious apps and files on the device.
Blocking access to sensitive data
When Microsoft Defender ATP for Android finds that a device has malicious apps installed, it will classify the device as “high risk”. Microsoft Intune uses the device’s risk level in conjunction with pre-defined compliance polices to activate Conditional Access rules that block access to corporate assets from the high risk device. Once the malicious app is uninstalled, access to corporate assets is restored automatically for the mobile device.
Unified SecOps experience
All the alerts for phishing and malware on Android devices are surfaced in the Security Center portal including :
- the name of the threat,
- its severity,
- the alert process tree for the incident,
- and other additional context including file details and associated SHA information.
The experience is similar to Windows, Mac, and Linux.
What’s next ?
In the coming months, Microsoft will be rolling out more capabilities for Android and will be releasing Microsoft Defender ATP for iOS later this year !
Blocking access to sensitive data – You can learn about how to set up this integration in this documentation.