Reduce friction and protect faster with simplified Android onboarding

  • Thread starter Thread starter priyankagill
  • Start date Start date
P

priyankagill

In today's interconnected digital landscape, users can choose from a range of highly-mobile devices to perform tasks—from smartphones to laptops, tablets, and IoT devices. Each of these devices can access sensitive information and interact directly with critical systems, so a robust protection capability beyond traditional endpoints is paramount to safeguarding data integrity and user privacy.



Today, we’re excited to announce that a simplified onboarding experience in Microsoft Defender for Endpoint on Android devices is now available in public preview.

Comprehensive detection and response
Built on the broadest global threat and human intelligence, Defender for Endpoint has evolved over the years to provide robust security on Android platforms with a host of features like antimalware detection, anti-phishing, network protection, vulnerability management, and more. Moreover, coupled with a unified security interface via the Defender portal, security teams have access to centralized information for effective threat remediation across all endpoints.


With the latest enhancement, enterprises can now seamlessly deploy Defender for Endpoint on Android devices enrolled with Microsoft Intune. This streamlined deployment reduces user friction and time taken to completely onboard the MDE application.


Key benefits

  1. Faster setup on Android devices – Simplified Android onboarding supports silent sign-on and auto-granting of certain permissions on a user’s device. As such, users will only be required to grant necessary permissions to completely onboard Defender for Endpoint.
  2. Intuitive guidance - A clear and intuitive flow to guide users through each step.
  3. Supported across multiple Android profiles – Android enterprise BYOD, COPE, and fully-managed.

Configuring Low Touch Onboarding

Although simplified Android onboarding is disabled by default, org admins can enable it through app configuration policies on Intune by following these steps:


Admin steps –


  1. Push the Defender for Endpoint app to the target user group by following these steps.
  1. Push a VPN profile to the user’s device by following the instructions here.
  1. In Apps>Application configuration policies, select Managed Devices.
  1. Provide a name to uniquely identify the policy. Select ‘Android Enterprise’ as the Platform, the required Profile type and ‘Microsoft Defender: Antivirus’ as the targeted app. Click on Next.
  1. Add runtime permissions. Select Location access (fine) (This permission is not supported for Android 13 and above), POST_NOTIFICATIONS and change the Permission state to ‘Auto grant’.

priyankagill_2-1722417581059.png



  1. Under configuration settings, select ‘Use Configuration designer’ and click on Add.
  1. Select Low touch onboarding and User UPN. For User UPN, change the Value type to ‘Variable’ and Configuration value to ‘User Principal Name’ from the drop down Enable Low touch onboarding by changing the configuration value to 1.



priyankagill_3-1722417581060.png



  1. Assign the policy to the target user group.
  1. Review and create the policy.



User steps –

  1. Download the company portal and set up work profile using work credentials.
  1. Users will see a message in the Company Portal app informing them to onboard Defender for Endpoint app to ensure device compliance (if compliance policy is set up by the admin)
  1. When the user opens Defender for Endpoint app, they will automatically be signed-in and taken to a permissions screen.
  1. Grant the necessary permissions to complete onboard defender.



Note:

  1. No EULA license agreement will be shown to the user in Low touch onboarding flow.
  1. Users will need to update the Company Portal app if the app version is 5.0.5655.0 or below.
  1. Users will not be able to disable VPN with Android simplified onboarding




Harness comprehensive endpoint security


Protecting Android phones as part of endpoint protection strategies is essential for addressing the diverse security challenges presented by today's digital landscape. With Defender for Endpoint, we ensure comprehensive security coverage for users and organizations alike and empower IT admins to stay one step ahead of the evolving threat landscape.


For more information:



Continue reading...
 
Back
Top