The Defender for Business allows protection including a web filter on iOS devices and also checks the health status - all with a zero-touch configuration! Central administration is possible with Intune / MEM. MDM and MAM devices are supported.
A device can also be configured manually for test purposes or as an unmanaged device.
Table of Contents
- Defender for iOS - Manual installation
- Defender for iOS - Deployment with Intune (zero-touch)
- outcome and behavior
Defender for iOS - Manual installation
The Defender can also be installed individually and manually on an iOS device. All you have to do is use the app "Microsoft Defender Endpoint" in the Appstore, log in with a licensed user and confirm the VPN settings.
If you are already registered with a Microsoft 365 account on your iPad or iPhone, you can select this immediately or alternatively register with another account.
After logging in, you must accept the license terms and configure the local VPN connection. The VPN connection is the interface between the browser and applications on the device for web filtering.
At the end you will see an overview of the filtered websites and the device health status. You will also notice that a VPN connection is active.
It takes a little while for the iPhone to appear in the device overview of Defender for Business or for Endpoint. In my case it was showing as "not boarded" for about 3 hours before it was indexed correctly.
Defender for iOS - Deployment with Intune (zero-touch)
The deployment of Defender for Business and Defender for Endpoint has recently been working "silently" and without much effort.
- Defender for Business or Endpoint and Intune license assigned
- or Microsoft 365 Business Premium
- Device is enrolled in MEM / Intune with Company Portal
- iOS 12+
You must ensure that the Intune connection is active. You can find these in the Advanced settings of the Defender.
If you do the initial setup as described here (Defender for Business onboarding/setup), you can skip these steps.
You must also activate the connection for iOS devices in the Endpoint Manager.
You can find the option in Endpoint Manager > Endpoint security > Microsoft Defender for Endpoint.
Install Microsoft Defender App
First you need to distribute the Defender App. You do not necessarily have to buy this as a VPP app. You can do it under "Apps > iOS/iPadOS" Add.
You can select "iOS 12" for the minimum OS requirement, since the "zero-touch" configuration is only possible from this OS onwards.
In the next step you assign the app to a group or all devices and save the configuration.
Defender VPN configuration
For the VPN configuration, which enables the web filter, we create a new VPN profile.
This under: Devices > iOS/iPadOS > Configuration profiles
You can create the VPN configuration using the screenshot or the table below.
|connectionname||Microsoft Defender for Endpoint|
|VPN server address||127.0.0.1|
|auth method||Username and password|
|Key: SilentOnboard||Value: True|
|Type of automatic VPN||On demand VPN|
|I want to restrict to||EstablishVPN|
outcome and behavior
The zero-touch distribution of Defender for Business / Endpoint for iOS works very quickly and with little configuration effort. Once the configuration is active on the end device, we see the VPN connection as with the manual installation. If a risk is detected while browsing, the corresponding page is immediately blocked with a corresponding message. In Safari, the page remains white, the Edge also displays a SmartScreen message. However, the SmartScreen error message is a function of the Edge browser and also of Defender for iOS.
The end user cannot actually do anything in the Defender app. However, he sees what is active and how many URLs have been scanned and blocked. Because we have distributed Defender via policy, the web filter cannot be switched off manually (possible with manual installation).
Pingback: Defender for Business for Android - MAM | scloud
my device is protected (all green ticks in defender). i tried to access a test malicious site but defender does not pop up block alert. so i am able to load the test malicious site using safari and i get the red page ms defender smartscreen in edge browser.
do you know if there is such setting in defender portal causing this behaviour? i check in intune and everything is configured properly such as vpn loopback and defender app is all green tick.
Have you also activated the "web filter" option in the MDE portal?