diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ios-vpn-config.png b/windows/security/threat-protection/microsoft-defender-atp/images/ios-vpn-config.png new file mode 100644 index 0000000000..6b809309ba Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ios-vpn-config.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index c45d5983d7..cbca86da05 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -39,18 +39,18 @@ Follow the steps below to create a compliance policy against jailbroken devices. 1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** -> **Compliance policies** -> click on **Create Policy**. Select "iOS/iPadOS" as platform and click **Create**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager Admin Center](images/ios-jb-policy.png) + > ![Create Policy](images/ios-jb-policy.png) 1. Specify a name of the policy, example "Compliance Policy for Jailbreak". 1. In the compliance settings page, click to expand **Device Health** section and click **Block** for **Jailbroken devices** field. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager Admin Center](images/ios-jb-settings.png) + > ![Policy Settings](images/ios-jb-settings.png) 1. In the *Action for noncompliance* section, select the actions as per your requirements and click **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager Admin Center](images/ios-jb-actions.png) + > ![Policy Actions](images/ios-jb-actions.png) 1. In the *Assignments* section, select the user groups that you want to include for this policy and then click **Next**. 1. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**. @@ -62,9 +62,25 @@ Defender for Endpoint for iOS enables admins to configure custom indicators on i > [!NOTE] > Defender for Endpoint for iOS supports creating custom indicators only for IP addresses and URLs/domains. -## Web Protection +## Web Protection and VPN -By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. +By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. Defender for Endpoint for iOS uses a local VPN in order to provide this protection. + +While enabled by default, there might be some cases that requires you to disable VPN. For example, you want to run some apps that do not work when a VPN is configured. In such cases, you can choose to disable VPN from the app on the device by following the steps below. + +1. On your iOS device, open the **Settings** app and then click on **VPN**. +1. Click on the "i" button for Microsoft Defender ATP. +1. Toggle-off **Connect On Demand** to disable VPN. + + > [!div class="mx-imgBorder"] + > ![VPN config connect on demand](images/ios-vpn-config.png) + +> [!NOTE] +> Web Protection will not be available when VPN is disabled. To re-enable Web Protection, open Microsoft Defender for Endpoint app on the device and click on **Start VPN**. + +### Co-existence of multiple VPN profiles + +Apple iOS does not support multiple device-wide VPNs to be active simultaneously. While multiple VPN profiles can exist on the device, only one VPN can be active at a time. ## Report unsafe site