Merge pull request #8719 from sunasing/ios-ga

Adding Compliance Policy config for jailbreak scenario
2025-06-20 12:53:38 +00:00 · 2020-11-30 13:16:29 -08:00
parent 10379ea5bb 0885741bfc
commit e6a7aed5a5
4 changed files with 36 additions and 1 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/images/ios-jb-actions.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/ios-jb-actions.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/ios-jb-policy.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/ios-jb-policy.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/ios-jb-settings.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/ios-jb-settings.png
--- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md
@ -27,6 +27,42 @@ ms.topic: conceptual
 > [!NOTE]
 > Defender for Endpoint for iOS would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device.
 > [!IMPORTANT]
 > **PUBLIC PREVIEW EDITION**
 > 
 > This documentation is for a pre-release solution. The guidelines and the solution are subject to change between now and its general availability.
 > 
 > As with any pre-release solution, remember to exercise caution when determining the target population for your deployments.
 ## Configure compliance policy against jailbroken devices
 To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you setup the following compliance policy on Intune.
 > [!NOTE]
 > Currently Defender for Endpoint for iOS does not provide protection against jailbreak scenarios. Some data like your corporate email id and corporate profile picture (if available) will be exposed to the attacker on the jailbroken device.
 Follow the steps below to create a compliance policy against jailbroken devices.
 1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** -> **Compliance policies** -> click on **Create Policy**. Select "iOS/iPadOS" as platform and click **Create**.
    > [!div class="mx-imgBorder"]
    > ![Image of Microsoft Endpoint Manager Admin Center](images/ios-jb-policy.png)
 1. Specify a name of the policy, example "Compliance Policy for Jailbreak".
 1. In the compliance settings page, click to expand **Device Health** section and click **Block** for **Jailbroken devices** field.
    > [!div class="mx-imgBorder"]
    > ![Image of Microsoft Endpoint Manager Admin Center](images/ios-jb-settings.png)
 1. In the *Action for noncompliance* section, select the actions as per your requirements and click **Next**.
    > [!div class="mx-imgBorder"]
    > ![Image of Microsoft Endpoint Manager Admin Center](images/ios-jb-actions.png)
 1. In the *Assignments* section, select the user groups that you want to include for this policy and then click **Next**.
 1. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**.
 ## Configure custom indicators
 Defender for Endpoint for iOS enables admins to configure custom indicators on iOS devices as well. Refer to [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) on how to configure custom indicators.
@ -37,4 +73,3 @@ Defender for Endpoint for iOS enables admins to configure custom indicators on i
 ## Web Protection
 By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks.