Microsoft has released the first public preview of its Defender Advanced Threat Protection (ATP) app for Android phones.
The public preview of Microsoft Defender ATP for Android offers protection against phishing and unsafe network connections from apps, websites, and malicious apps.
It also has the ability to restrict access to corporate data from devices that are deemed risky, which will allow enterprises to secure users and data on their Android devices.
For effective SpecOps management, all events and alerts will be available in a centralised view within the Microsoft Defender Security Center.
Microsoft Defender ATP offers a set of web protection capabilities aimed at addressing phishing attacks – one of the biggest threat vectors on mobile platforms.
Anti-phishing is performed by instantly blocking access to unsafe websites from SMS/text, WhatsApp, email, browsers, and other apps through the Microsoft Defender SmartScreen service, which helps determine whether a URL is malicious.
If access to a malicious site is blocked, the users will receive a notification with options to allow the connection, report it safe, or dismiss the alert.
Security teams are notified about attempts to access malicious sites via an alert in the Microsoft Defender Security Center.
SmartScreen is also used to also block unsafe network connections that apps may automatically make on the user’s behalf.
The user is immediately informed that this activity is blocked and is given the same options.
Security teams can also create custom indicators, giving them more control over the URLs users are allowed to connect to from their Android devices.
Malware scanning and blocking data access
Microsoft Defender ATP can also scan malware and potentially unwanted applications. If a safe app is downloaded, the user will receive a notification that the app is clean.
Android offers several built-in protections to limit the installation of apps to trusted sources, including Google Play Protect.
Microsoft Defender ATP supplements this with additional controls to keep devices free of malicious apps.
It uses cloud protection that uses deep learning and heuristics to cover low-fidelity signals which are inconclusively handled by signatures, in addition to signature-based malware detection.
Through integration with Microsoft Endpoint Manager, it provides additional protection against malicious access to sensitive corporate information.
In the event that Microsoft Defender ATP for Android finds that a device has malicious apps installed, it will classify the device as “high-risk” and will flag it in the Microsoft Defender Security Center.
Microsoft Intune uses the device’s risk level in conjunction with pre-defined compliance polices to activate conditional access rules that block access to corporate assets from the high-risk device.
The end-user will receive a notification about how to rectify the issue, which could include uninstalling the malicious app.
Once this is done, access to corporate assets is automatically reinstated.