Announcing the public preview of Microsoft Defender for Endpoint Mobile – Tamper protection

This article is contributed. See the original author and article here.

Mark a device non-compliant after 7 days of inactivity in the Microsoft Defender for Endpoint mobile app.

To be protected, customers must be confident that their end users’ devices are compliant with security policies. Today, end users are often able to bypass protections that are set by their organization. For example, users uninstall, disable settings/permissions, and force stop or clear storage of their Defender for Endpoint mobile app. Removing or disabling the Defender for Endpoint app can leave a mobile device more vulnerable to an attack.

We are excited to announce the public preview of tamper protection for mobile devices. This new feature helps ensure the retention of the Defender for Endpoint mobile app on users’ devices and helps protect devices persistently.  This feature detects devices that are out of protection for over 7 days, due to tampering with the Defender for Endpoint mobile app. These devices are marked non-compliant in Microsoft Intune (part of Microsoft Endpoint Manager).

Organizations can also set up Conditional Access policies to enforce the activation and use of the Defender for Endpoint mobile app. With these Conditional Access policies in place, users can access corporate resources only if their devices are in a compliant state. Blocked users can regain access only after the Defender for Endpoint mobile app is set up with all required permissions and the app is actively sending signals to Defender for Endpoint.

For this initial release we have scoped the detection of devices out of protection for 7 days. In upcoming releases, we plan to make this duration configurable by your security admin or your tenant admin.

How to get and configure this feature

1. Share your Organization Tenant name and Tenant ID with Microsoft at atpm@microsoft.com, to be added to the public preview of this feature.


2. Set up a Device compliance policy that requires Defender for Endpoint to be at or under the following machine risk score: Low (Your risk score can be set per your organization’s requirements)


3. Set up a Conditional Access policy to block access to corporate resources on devices that are non-compliant with your device compliance policy.

 Try tamper protection for mobile devices out and let us know how it goes! We’re excited to share these new updates with you and continue to build on security capabilities across platforms. 

We look forward to hearing your feedback!  

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.