Skip to content
Defender Android device administrator
Home » Defender for Business for Android—MAM

Defender for Business for Android - MAM

The Defender for Business allows the protection of Android devices in the same way as the Defender for Endpoint via MDM as well as MAM. The Defender protects the device with a web filter and malware scanning. Both features require Android devices to be managed with Intune. When it comes to administration, a distinction is made between MDM (Mobile Device Management) and MAM (Mobile Application Management). The MAM is used when devices do not belong to the company and only part of the applications on the device are to be protected and managed. Android calls this type of management "Device Administrator".

You want to iOS Protect devices with Defender?
--> Then I have created a guide for you here: Defender for Business for iOS Deployment (MAM and MDM)

Table of Contents

Defender for Android - Intune - Device Administrator

In this article I focus on the MAM administration of the Defender for Business of the Android devices. Defender for Endpoint also offers the same options. I will write about the configuration for MDM devices in a separate post.


  • Licenses:
    • Defender for Business or Endpoint and Intune license assigned
    • or Microsoft 365 Business Premium
  • Device is enrolled in MEM / Intune with Company Portal

Defender for Business - Intune integration

You must ensure that the Intune connection is active. You can find these in the Advanced settings of the Defender.
If you do the initial setup as described here (Defender for Business onboarding/setup), you can skip these steps.

Defender for Business Intune integration

You must also activate the connection for Android devices in the Endpoint Manager.
You can find the option in Endpoint Manager > Endpoint security > Microsoft Defender for Endpoint.

Defender for Business Android Connect

Installation Microsoft Defender App (MAM / Device Administrator)

To distribute the app to the MAM-managed devices, select in the Endpoint Manager under "Apps > Android apps" +Add off. Here's the guy "Android store app"

Android store app intune

You have to fill in the name, the description, the publisher and the app URL yourself. Below are the parameters for "Copy Paste".

Android store app Microsoft Defender
NameMicrosoft Defender
DescriptionProtect. Control. defense
App Store URL

In the assignment you only have to assign the app to a group. For me, this is a dynamic device group that includes all personal Android devices.
The parameter for this is: (device.deviceOSType -eq "Android") and (device.deviceOwnership -eq "Personal")

Android Microsoft Defender MAM assignment

User View - Defender for Business MAM

Once the app and policy is assigned, a popup will appear on the end user's MAM device. This indicates that the Defender installation is required, clicking on it takes the user to the installation page in the Play Store.

Microsoft Defender requires android
Microsoft Defender Android installation

The first time Defender is started, the user is guided through the setup. This requires a few confirmations from the users and requires everyone to be confirmed in order to complete the onboarding.

Microsoft Defender Android login
Microsoft Defender Android - setup up
Microsoft Defender Android - Allow data access
Microsoft Defender Android - VPN Connection
Microsoft Defender Android - VPN confirmation
Microsoft Defender Android - downloaded services
Microsoft Defender Android - Accessibility Service
Microsoft Defender Android - Allow view, control and perform action
Microsoft Defender Android - allow running in background

After all the many "OK" and "Allow" the Defender is finally set up and directs the user directly to the overview of the apps to be scanned and filtered websites. The apps are then also automatically scanned. All apps are scanned, even if they are not managed by MAM.

Microsoft Defender Android - scanning
Microsoft Defender Android - device protected

App Security

If a new app is installed by the user, it is immediately scanned and classified as trustworthy or not. If an app is classified as malicious, it is not in any quarantine or blockade. A blockage only applies to payloads or dangerous websites.

Defender risk notification
Defender Android - App Security

Web Filter

The web filter in Defender for Android works very well and, by the way, also opens a clear traffic jam page in non-Microsoft browsers, which shows that it has been identified by Defender. In the app overview, the user has the option of viewing the URLs scanned and blocked in the last 24 hours. The "Web Protection" menu item only shows that the protection is active and gives the user some information about phishing and co.

Microsoft Defender site blocked
status page
Web protection page

Defender for Android - Manual installation (not possible)

Unfortunately, unlike iOS devices, there is currently no way to use Defender without MAM or MDM, so there is no way to test Defender for Android without MAM or MDM. If the app is installed anyway and a user logs in, the message "App Disabled by Administrator" appears in the Defender for Android app. In this case, neither the malware nor the web filter is protected.

Defender Android app disabled

Defender for Business - Overview Android devices (MAM)

After some time, the Android smartphone will also appear in the Microsoft 365 Defender Device inventory:

Device inventory

The alarms, security recommendations and software inventory are then listed on the device page as with all other integrated devices.

Device page

Events on the end devices can be seen in the portal. Clicking on it takes you to the extended overview, which shows you more details about the incident and the process.

Defender for Business Device Alert
Defender for Business Alert Story


The Defender on the Android devices offers good protection and, in contrast to the version for iOS devices, also scans the applications themselves. What still bothers me at the moment is the time-consuming onboarding process on the user side. Here I wish that this would be even more intuitive and with as little user interaction as possible. In addition, direct blocking of potentially harmful applications is also desirable.

Leave a Reply

Your email address will not be published. Required fields are marked *