Microsoft Defender ATP (Advanced Threat Protection) is an enterprise endpoint security service that helps enterprise networks prevent, detect, investigate, and respond to advanced threats. Until now, it available only available on desktop platforms like Windows 10. Microsoft today announced the public preview of Microsoft Defender ATP app for Android devices.
Microsoft Defender ATP for Android supports following features:
- Anti-phishing: Access to unsafe websites from SMS/text, WhatsApp, email, browsers, and other apps is instantly blocked. This works in conjunction with Android to enable the app to inspect the URL to provide anti-phishing protection. If access to a malicious site is blocked, the device user will get a notification about this with the options to allow the connection, report it safe, or dismiss the notification.
- Blocking unsafe connections: The same Microsoft Defender SmartScreen technology is used to also block unsafe network connections that apps automatically might make on the user’s behalf without them knowing. Just as in the phishing example, the user is immediately informed that this activity is blocked and is given the same choices to allow it, report it as unsafe, or dismiss the notification as the product screenshot shows.
- Custom indicators: Security teams can create custom indicators, giving them more fine-grained control over allowing and blocking URLs and domains users connect to from their Android devices. This can be done in the Microsoft Defender Security Center and is an extension of our custom indicators capability already available for Windows.
- Microsoft Defender ATP for Android uses cloud protection powered by deep learning and heuristics to provide coverage for low-fidelity signals which are inconclusively handled by signatures, in addition to offering signature based malware detection. This protection extends to both malicious apps and files on the device.
- Additional layers of protection against malicious access to sensitive corporate information is offered by integrating with Microsoft Endpoint Manager, which includes both Microsoft Intune and Configuration Manager. For example, a compromised device would be blocked from accessing Outlook email. When Microsoft Defender ATP for Android finds that a device has malicious apps installed, it will classify the device as “high risk” and will flag it in the Microsoft Defender Security Center.
- The Microsoft Defender Security Center acts as the single pane of glass experience for security teams to get a centralized view of threats and activities. All the alerts for phishing and malware on Android devices are surfaced here.
Microsoft will bringing more capabilities to Microsoft Defender ATP for Android later this year. Microsoft also announced that Microsoft Defender ATP for iOS is coming later this year.