| title | Mobile threat defense capabilities in Microsoft Defender for Business | ||||
|---|---|---|---|---|---|
| description | Get an overview of mobile threat defense in Defender for Business. Learn what mobile threat defense includes and how to onboard devices. | ||||
| author | chrisda | ||||
| ms.author | chrisda | ||||
| manager | bagol | ||||
| ms.date | 09/25/2025 | ||||
| ms.topic | article | ||||
| ms.service | defender-business | ||||
| ms.localizationpriority | medium | ||||
| ms.collection |
|
||||
| ms.reviewer | nehabha | ||||
| search.appverid | MET150 | ||||
| f1.keywords | NOCSH | ||||
| audience | Admin |
Microsoft Defender for Business provides advanced threat protection capabilities for devices, such as Windows and Mac clients. Defender for Business also includes mobile threat defense. Mobile threat defense capabilities help protect Android and iOS devices, without requiring you to use Microsoft Intune to onboard mobile devices.
In addition, mobile threat defense capabilities integrate with Microsoft 365 Lighthouse, where Cloud Solution Providers (CSPs) can view information about vulnerable devices and help mitigate detected threats.
The following table summarizes the capabilities that are included in mobile threat defense in Defender for Business:
| Capability | Android | iOS |
|---|---|---|
| Web Protection Anti-phishing, blocking unsafe network connections, and support for custom indicators. Web protection is turned on by default with web content filtering. |
:::image type="icon" source="media/feature-present-icon.png" border="false"::: | :::image type="icon" source="media/feature-present-icon.png" border="false"::: |
| Malware protection Scanning for malicious apps. |
:::image type="icon" source="media/feature-present-icon.png" border="false"::: | :::image type="icon" source="media/feature-absent-icon.png" border="false"::: |
| Jailbreak detection Detection of jailbroken devices. |
:::image type="icon" source="media/feature-absent-icon.png" border="false"::: | :::image type="icon" source="media/feature-present-icon.png" border="false"::: |
| Microsoft Defender Vulnerability Management Vulnerability assessment of onboarded mobile devices. Includes vulnerability assessments for operating systems and apps for Android and iOS. For more information, see Use your vulnerability management dashboard in Microsoft Defender for Business. |
:::image type="icon" source="media/feature-present-icon.png" border="false"::: | :::image type="icon" source="media/feature-present-icon.png" border="false":::¹ |
| Network Protection Protection against rogue Wi-Fi related threats and rogue certificates. Network protection is turned on by default with next-generation protection. As part of mobile threat defense, network protection also includes the ability to allow root certification authority and private root certification authority certificates in Intune. It also establishes trust with endpoints. |
:::image type="icon" source="media/feature-present-icon.png" border="false":::² | :::image type="icon" source="media/feature-present-icon.png" border="false":::² |
| Unified alerting Alerts from all platforms are listed in the unified Microsoft Defender portal (https://security.microsoft.com). In the navigation pane, choose Incidents). For more information, see View and manage incidents in Microsoft Defender for Business |
:::image type="icon" source="media/feature-present-icon.png" border="false"::: | :::image type="icon" source="media/feature-present-icon.png" border="false"::: |
| Conditional Access and conditional launch Conditional Access and conditional launch block risky devices from accessing corporate resources.
|
:::image type="icon" source="media/feature-absent-icon.png" border="false":::³ | :::image type="icon" source="media/feature-absent-icon.png" border="false":::³ |
| Privacy controls Configure privacy in threat reports by controlling the data sent by Defender for Business. Privacy controls are available for admin and end users, and for both enrolled and unenrolled devices. |
:::image type="icon" source="media/feature-absent-icon.png" border="false":::³ | :::image type="icon" source="media/feature-absent-icon.png" border="false":::³ |
| Integration with Microsoft Tunnel Integration with Microsoft Tunnel, a VPN gateway solution for Microsoft Intune. |
:::image type="icon" source="media/feature-absent-icon.png" border="false":::⁴ | :::image type="icon" source="media/feature-absent-icon.png" border="false":::⁴ |
- ¹ Operating system vulnerabilities are included. Software/app vulnerabilities require Microsoft Intune.
- ² You can manage an allowlist of root certification authority certificates and private root certification authority certificates in Microsoft Intune.
- ³ Requires Microsoft Intune.
- ⁴ Requires Microsoft Intune. For more information, see Prerequisites for the Microsoft Tunnel in Intune.
Mobile threat defense capabilities are now generally available to Defender for Business customers. Here's how to get these capabilities for your organization:
-
Make sure that Defender for Business finished provisioning. In the Microsoft Defender portal, go to Assets > Devices.
- The message, "Hang on! We're preparing new spaces for your data and connecting them" means Defender for Business isn't finished provisioning. The process can take up to 24 hours to complete.
- If you see a list of devices, or you're prompted to onboard devices, it means Defender for Business provisioning is complete.
-
Review, and if necessary, edit your next-generation protection policies.
-
Review, and if necessary, edit your firewall policies and custom rules.
-
Review, and if necessary, edit your web content filtering policy.
-
To onboard mobile devices, see the "Use the Microsoft Defender app" procedures in Onboard devices to Microsoft Defender for Business.