Microsoft Defender for Endpoint on iOS

Applies to:

Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.

Microsoft Defender for Endpoint on iOS offers protection against phishing and unsafe network connections from websites, emails, and apps. All alerts are available through a single pane of glass in the Microsoft Defender portal. The portal gives security teams a centralized view of threats on iOS devices along with other platforms.

Caution

Running other third-party endpoint protection products alongside Defender for Endpoint on iOS is likely to cause performance problems and unpredictable system errors.

Prerequisites

For End Users

  • Microsoft Defender for Endpoint license assigned to the end users of the app. See Microsoft Defender for Endpoint licensing requirements.

  • For enrolled devices: Devices are enrolled via the Intune Company Portal app to enforce Intune device compliance policies. This configuration requires the end user to be assigned a Microsoft Intune license.

    Intune Company Portal app can be downloaded from the Apple App Store.

    Note

    Apple does not allow redirecting users to download other apps from the app store so this step needs to be done by the user before onboarding to Microsoft Defender for Endpoint app.

    Devices are registered with Microsoft Entra ID. This configuration requires the end user to be signed in through Microsoft Authenticator app.

  • For unenrolled devices: Devices are registered with Microsoft Entra ID. This requires the end user to be signed in through Microsoft Authenticator app.

  • For more information on how to assign licenses, see Assign licenses to users.

Note

  • Defender for Endpoint on iOS requires configuring its VPN to activate the Web Protection feature and to send periodic status signals while the app operates in the background. This VPN is local and pass-through, meaning it does not route traffic through a remote VPN server.
  • Customers who opt not to set up a Defender for Endpoint VPN can disable Web Protection and still deploy Defender for Endpoint. In such cases, Defender for Endpoint will only send status signals to the Microsoft Defender portal when the user opens the app. If the app is not opened for 7 days, the device may be marked as inactive in the Microsoft Defender Portal.

For Administrators

  • Access to the Microsoft Defender portal.

  • Access to the Microsoft Intune admin center, to:

    • Deploy the app to enrolled user groups in your organization.
    • Configure Microsoft Defender for Endpoint risk signals in app protection policy (MAM)

Note

  • Microsoft Defender for Endpoint now extends protection to an organization's data within a managed application for those who aren't using mobile device management (MDM) but are using Intune to manage mobile applications. It also extends this support to customers who use other enterprise mobility management solutions, while still using Intune for mobile application management (MAM).
  • In addition, Microsoft Defender for Endpoint already supports devices that are enrolled using Intune mobile device management (MDM).

System Requirements

Important

Microsoft Defender for Endpoint is ending support for devices running iOS/iPadOS 15 on January 31, 2025. Moving forward, only devices running iOS/iPadOS 16 and later are supported.

Note

  • Microsoft Defender for Endpoint on iOS isn't supported on user-less or shared devices.

Installation instructions

Deployment of Microsoft Defender for Endpoint on iOS can be done via Microsoft Intune and both supervised and unsupervised devices are supported. End-users can also directly install the app from the Apple app store.

Resources

Next steps

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.