Overview As part of its Defender for Endpoint (MDE) enterprise endpoint security platform, Microsoft recently announced that the Mobile Network Protection functionality is generally available to assist organizations in identifying network vulnerabilities affecting Android and iOS devices. As soon as the device is onboarded to MDE and network protection is
As part of its Defender for Endpoint (MDE) enterprise endpoint security platform, Microsoft recently announced that the Mobile Network Protection functionality is generally available to assist organizations in identifying network vulnerabilities affecting Android and iOS devices.
As soon as the device is onboarded to MDE and network protection is enabled, MDE will provide protection and alerts for all network-related suspicious events and activities. Let’s configure these features and see how the network protection works.
The way companies operate has seen a significant transformation in recent years as a result of people working from home or using a hybrid work style. Users are now more dependent on network connections for personal and professional obligations, which expose users & their devices to new security dangers—as such, protecting the data becomes the utmost priority for organizations.
With the addition of network safety capabilities to MDE for mobile devices, you can now protect your enrolled and unenrolled devices from all network attacks. These features include:
Network protection in Microsoft Defender for Endpoint is disabled by default. You must follow these steps to configure Network protection in iOS devices. (Authenticator device registration is required for MAM configuration) in iOS devices. Network Protection initialization will require the end user to open the app once.
If you push your enterprise CA certificate to your devices then make sure that you use ‘Trusted CA certificate list for Network Protection’ as the key and in value add the ‘comma separated list of certificate thumbprints (SHA 1)’ to establish trust for the root CA(s).
By this point, all of the policies have been set up, and users have also logged into the MDE app. The device will be onboarded in Microsoft Defender for Endpoint and visible in the Defender admin console a few minutes after launching the app.
Now, to simulate a network attack, I have not trusted the enterprise root certificate for Android devices. This means that as soon as the MDE policy sync is completed, an alert for a suspicious certificate should be generated, and the device should be reported.
And voila! It’s immediate and works!
As the world continues to make sense of digital transformation, the mobile network protection feature in Defender for Endpoint will help us to identify, assess, and remediate endpoint weaknesses with the help of robust threat intelligence.
And with this new cross-platform coverage, threat and vulnerability management capabilities now support all major device platforms.
It is recommended that you should configure alerts in Defender for this network protection.
I’d love to know what you think, so do leave your comments below, and if you liked it, then do share it.
Cheers/
Somesh
Ref:
Announcing the public preview of Mobile Network Protection for Microsoft Defender on Android and iOS
Configure Microsoft Defender for Endpoint on iOS features | Microsoft Learn