Microsoft Defender for Endpoint on iOS
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.
Microsoft Defender for Endpoint on iOS offers protection against phishing and unsafe network connections from websites, emails, and apps. All alerts are available through a single pane of glass in the Microsoft Defender portal. The portal gives security teams a centralized view of threats on iOS devices along with other platforms.
Caution
Running other third-party endpoint protection products alongside Defender for Endpoint on iOS is likely to cause performance problems and unpredictable system errors.
Prerequisites
For End Users
Microsoft Defender for Endpoint license assigned to the end users of the app. See Microsoft Defender for Endpoint licensing requirements.
For enrolled devices: Devices are enrolled via the Intune Company Portal app to enforce Intune device compliance policies. This configuration requires the end user to be assigned a Microsoft Intune license.
Intune Company Portal app can be downloaded from the Apple App Store.
Note
Apple does not allow redirecting users to download other apps from the app store so this step needs to be done by the user before onboarding to Microsoft Defender for Endpoint app.
Devices are registered with Microsoft Entra ID. This configuration requires the end user to be signed in through Microsoft Authenticator app.
For unenrolled devices: Devices are registered with Microsoft Entra ID. This requires the end user to be signed in through Microsoft Authenticator app.
For more information on how to assign licenses, see Assign licenses to users.
Note
- Defender for Endpoint on iOS requires configuring its VPN to activate the Web Protection feature and to send periodic status signals while the app operates in the background. This VPN is local and pass-through, meaning it does not route traffic through a remote VPN server.
- Customers who opt not to set up a Defender for Endpoint VPN can disable Web Protection and still deploy Defender for Endpoint. In such cases, Defender for Endpoint will only send status signals to the Microsoft Defender portal when the user opens the app. If the app is not opened for 7 days, the device may be marked as inactive in the Microsoft Defender Portal.
For Administrators
Access to the Microsoft Defender portal.
Access to the Microsoft Intune admin center, to:
- Deploy the app to enrolled user groups in your organization.
- Configure Microsoft Defender for Endpoint risk signals in app protection policy (MAM)
Note
- Microsoft Defender for Endpoint now extends protection to an organization's data within a managed application for those who aren't using mobile device management (MDM) but are using Intune to manage mobile applications. It also extends this support to customers who use other enterprise mobility management solutions, while still using Intune for mobile application management (MAM).
- In addition, Microsoft Defender for Endpoint already supports devices that are enrolled using Intune mobile device management (MDM).
System Requirements
Device running iOS/iPadOS 15.0 (ending support January 31, 2025) and later.
The device is either enrolled with the Intune Company Portal app or is registered with Microsoft Entra ID through Microsoft Authenticator with the same account.
Important
Microsoft Defender for Endpoint is ending support for devices running iOS/iPadOS 15 on January 31, 2025. Moving forward, only devices running iOS/iPadOS 16 and later are supported.
Note
- Microsoft Defender for Endpoint on iOS isn't supported on user-less or shared devices.
Installation instructions
Deployment of Microsoft Defender for Endpoint on iOS can be done via Microsoft Intune and both supervised and unsupervised devices are supported. End-users can also directly install the app from the Apple app store.
- For information on deploying on enrolled devices through Microsoft Configuration Manager or Intune, see Deploy Microsoft Defender for Endpoint on iOS.
- For information on using Defender for Endpoint in app protection policy (MAM), see Configure app protection policy to include Defender for Endpoint risk signals (MAM)
Resources
Stay informed about upcoming releases by visiting What's new in Microsoft Defender for Endpoint on iOS or our blog.
Provide feedback through in-app feedback system or through the unified security console
Next steps
- Deploy Microsoft Defender for Endpoint on iOS through Intune for enrolled devices
- Configure app protection policy to include Defender for Endpoint risk signals (MAM)
- Configure Microsoft Defender for Endpoint on iOS features
- Configure Conditional Access policy based on device risk score from Microsoft Defender for Endpoint
- Mobile Application Management (MAM) basics
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.