mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-21 05:13:40 +00:00
Merge pull request #9052 from sunasing/patch-5
Added Conditional Access with Intune
This commit is contained in:
jcaparas
GitHub
@ -28,40 +28,11 @@ ms.technology: mde
|
|||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> Defender for Endpoint for iOS would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device.
|
> Defender for Endpoint for iOS would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device.
|
||||||
|
|
||||||
## Configure compliance policy against jailbroken devices
|
## Conditional Access with Defender for Endpoint for iOS
|
||||||
|
Microsoft Defender for Endpoint for iOS along with Microsoft Intune and Azure Active Directory enables enforcing Device compliance and Conditional Access policies
|
||||||
|
based on device risk levels. Defender for Endpoint is a Mobile Threat Defense (MTD) solution that you can deploy to leverage this capability via Intune.
|
||||||
|
|
||||||
To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you set up the following compliance policy on Intune.
|
For more information about how to set up Conditional Access with Defender for Endpoint for iOS, see [Defender for Endpoint and Intune] (https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection).
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> At this time Microsoft Defender for Endpoint for iOS does not provide protection against jailbreak scenarios. If used on a jailbroken device, then in specific scenarios data that is used by the application like your corporate email id and corporate profile picture (if available) can be exposed locally
|
|
||||||
|
|
||||||
Follow the steps below to create a compliance policy against jailbroken devices.
|
|
||||||
|
|
||||||
1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** -> **Compliance policies** -> click on **Create Policy**. Select "iOS/iPadOS" as platform and click **Create**.
|
|
||||||
|
|
||||||
> [!div class="mx-imgBorder"]
|
|
||||||
> 
|
|
||||||
|
|
||||||
1. Specify a name of the policy, example "Compliance Policy for Jailbreak".
|
|
||||||
1. In the compliance settings page, click to expand **Device Health** section and click **Block** for **Jailbroken devices** field.
|
|
||||||
|
|
||||||
> [!div class="mx-imgBorder"]
|
|
||||||
> 
|
|
||||||
|
|
||||||
1. In the *Action for noncompliance* section, select the actions as per your requirements and click **Next**.
|
|
||||||
|
|
||||||
> [!div class="mx-imgBorder"]
|
|
||||||
> 
|
|
||||||
|
|
||||||
1. In the *Assignments* section, select the user groups that you want to include for this policy and then click **Next**.
|
|
||||||
1. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**.
|
|
||||||
|
|
||||||
## Configure custom indicators
|
|
||||||
|
|
||||||
Defender for Endpoint for iOS enables admins to configure custom indicators on iOS devices as well. Refer to [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) on how to configure custom indicators.
|
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> Defender for Endpoint for iOS supports creating custom indicators only for IP addresses and URLs/domains.
|
|
||||||
|
|
||||||
## Web Protection and VPN
|
## Web Protection and VPN
|
||||||
|
|
||||||
@ -79,10 +50,46 @@ While enabled by default, there might be some cases that require you to disable
|
|||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> Web Protection will not be available when VPN is disabled. To re-enable Web Protection, open the Microsoft Defender for Endpoint app on the device and click or tap **Start VPN**.
|
> Web Protection will not be available when VPN is disabled. To re-enable Web Protection, open the Microsoft Defender for Endpoint app on the device and click or tap **Start VPN**.
|
||||||
|
|
||||||
### Co-existence of multiple VPN profiles
|
## Co-existence of multiple VPN profiles
|
||||||
|
|
||||||
Apple iOS does not support multiple device-wide VPNs to be active simultaneously. While multiple VPN profiles can exist on the device, only one VPN can be active at a time.
|
Apple iOS does not support multiple device-wide VPNs to be active simultaneously. While multiple VPN profiles can exist on the device, only one VPN can be active at a time.
|
||||||
|
|
||||||
|
|
||||||
|
## Configure compliance policy against jailbroken devices
|
||||||
|
|
||||||
|
To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you set up the following compliance policy on Intune.
|
||||||
|
|
||||||
|
> [!NOTE]
|
||||||
|
> At this time Microsoft Defender for Endpoint for iOS does not provide protection against jailbreak scenarios. If used on a jailbroken device, then in specific scenarios data that is used by the application like your corporate email id and corporate profile picture (if available) can be exposed locally
|
||||||
|
|
||||||
|
Follow the steps below to create a compliance policy against jailbroken devices.
|
||||||
|
|
||||||
|
1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** -> **Compliance policies** -> **Create Policy**. Select "iOS/iPadOS" as platform and click **Create**.
|
||||||
|
|
||||||
|
> [!div class="mx-imgBorder"]
|
||||||
|
> 
|
||||||
|
|
||||||
|
2. Specify a name of the policy, for example "Compliance Policy for Jailbreak".
|
||||||
|
3. In the compliance settings page, click to expand **Device Health** section and click **Block** for **Jailbroken devices** field.
|
||||||
|
|
||||||
|
> [!div class="mx-imgBorder"]
|
||||||
|
> 
|
||||||
|
|
||||||
|
4. In the *Action for noncompliance* section, select the actions as per your requirements and select **Next**.
|
||||||
|
|
||||||
|
> [!div class="mx-imgBorder"]
|
||||||
|
> 
|
||||||
|
|
||||||
|
5. In the *Assignments* section, select the user groups that you want to include for this policy and then select **Next**.
|
||||||
|
6. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**.
|
||||||
|
|
||||||
|
## Configure custom indicators
|
||||||
|
|
||||||
|
Defender for Endpoint for iOS enables admins to configure custom indicators on iOS devices as well. For more information on how to configure custom indicators, see [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).
|
||||||
|
|
||||||
|
> [!NOTE]
|
||||||
|
> Defender for Endpoint for iOS supports creating custom indicators only for IP addresses and URLs/domains.
|
||||||
|
|
||||||
## Report unsafe site
|
## Report unsafe site
|
||||||
|
|
||||||
Phishing websites impersonate trustworthy websites for the purpose of obtaining your personal or financial information. Visit the [Provide feedback about network protection](https://www.microsoft.com/wdsi/filesubmission/exploitguard/networkprotection) page if you want to report a website that could be a phishing site.
|
Phishing websites impersonate trustworthy websites for the purpose of obtaining your personal or financial information. Visit the [Provide feedback about network protection](https://www.microsoft.com/wdsi/filesubmission/exploitguard/networkprotection) page if you want to report a website that could be a phishing site.
|
||||||
|
|||||||
Reference in New Issue
Block a user