The Defender for Business allows the protection of Android devices in the same way as the Defender for Endpoint via MDM as well as MAM. The Defender protects the device with a web filter and malware scanning. Both features require Android devices to be managed with Intune. When it comes to administration, a distinction is made between MDM (Mobile Device Management) and MAM (Mobile Application Management). The MAM is used when devices do not belong to the company and only part of the applications on the device are to be protected and managed. Android calls this type of management "Device Administrator".
You want to iOS Protect devices with Defender?
--> Then I have created a guide for you here: Defender for Business for iOS Deployment (MAM and MDM)
Table of Contents
- Defender for Android - Intune - Device Administrator
- Defender for Android - Manual installation (not possible)
- Defender for Business - Overview Android devices (MAM)
Defender for Android - Intune - Device Administrator
In this article I focus on the MAM administration of the Defender for Business of the Android devices. Defender for Endpoint also offers the same options. I will write about the configuration for MDM devices in a separate post.
- Defender for Business or Endpoint and Intune license assigned
- or Microsoft 365 Business Premium
- Device is enrolled in MEM / Intune with Company Portal
Defender for Business - Intune integration
You must ensure that the Intune connection is active. You can find these in the Advanced settings of the Defender.
If you do the initial setup as described here (Defender for Business onboarding/setup), you can skip these steps.
You must also activate the connection for Android devices in the Endpoint Manager.
You can find the option in Endpoint Manager > Endpoint security > Microsoft Defender for Endpoint.
Installation Microsoft Defender App (MAM / Device Administrator)
To distribute the app to the MAM-managed devices, select in the Endpoint Manager under "Apps > Android apps" +Add off. Here's the guy "Android store app"
You have to fill in the name, the description, the publisher and the app URL yourself. Below are the parameters for "Copy Paste".
|Description||Protect. Control. defense|
|App Store URL||https://play.google.com/store/apps/details?id=com.microsoft.scmx|
In the assignment you only have to assign the app to a group. For me, this is a dynamic device group that includes all personal Android devices.
The parameter for this is: (device.deviceOSType -eq "Android") and (device.deviceOwnership -eq "Personal")
User View - Defender for Business MAM
Once the app and policy is assigned, a popup will appear on the end user's MAM device. This indicates that the Defender installation is required, clicking on it takes the user to the installation page in the Play Store.
The first time Defender is started, the user is guided through the setup. This requires a few confirmations from the users and requires everyone to be confirmed in order to complete the onboarding.
After all the many "OK" and "Allow" the Defender is finally set up and directs the user directly to the overview of the apps to be scanned and filtered websites. The apps are then also automatically scanned. All apps are scanned, even if they are not managed by MAM.
If a new app is installed by the user, it is immediately scanned and classified as trustworthy or not. If an app is classified as malicious, it is not in any quarantine or blockade. A blockage only applies to payloads or dangerous websites.
The web filter in Defender for Android works very well and, by the way, also opens a clear traffic jam page in non-Microsoft browsers, which shows that it has been identified by Defender. In the app overview, the user has the option of viewing the URLs scanned and blocked in the last 24 hours. The "Web Protection" menu item only shows that the protection is active and gives the user some information about phishing and co.
Defender for Android - Manual installation (not possible)
Unfortunately, unlike iOS devices, there is currently no way to use Defender without MAM or MDM, so there is no way to test Defender for Android without MAM or MDM. If the app is installed anyway and a user logs in, the message "App Disabled by Administrator" appears in the Defender for Android app. In this case, neither the malware nor the web filter is protected.
Defender for Business - Overview Android devices (MAM)
After some time, the Android smartphone will also appear in the Microsoft 365 Defender Device inventory:
The alarms, security recommendations and software inventory are then listed on the device page as with all other integrated devices.
Events on the end devices can be seen in the portal. Clicking on it takes you to the extended overview, which shows you more details about the incident and the process.
The Defender on the Android devices offers good protection and, in contrast to the version for iOS devices, also scans the applications themselves. What still bothers me at the moment is the time-consuming onboarding process on the user side. Here I wish that this would be even more intuitive and with as little user interaction as possible. In addition, direct blocking of potentially harmful applications is also desirable.