Microsoft Defender for Endpoint now detects jailbroken iOS devices

Microsoft has announced new and improved capabilities for enterprise security teams that use Microsoft Defender for Endpoint on Android and iOS and Microsoft threat and vulnerability management APIs.

Mobile device protection

Microsoft Defender for Endpoint – a cloud-powered enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats – now has a new mobile app that makes it easier for users to see whether their (now integrated) Microsoft Tunnel VPN connection is operational, web protection is on, and the apps on their mobile devices are potentially dangerous.

The onboarding process for iOS user has also been simplified.

But the most important new additions are jailbreak detection for iOS and mobile application management (MAM) support for non-Intune enrolled devices on both Android and iOS.

From now on, Microsoft Defender for Endpoint on iOS will detect both unmanaged and managed devices that are jailbroken.

“Jailbreaking an iOS device elevates root access that is granted to the user of the device. Once this happens, users can easily sideload potentially malicious applications and the iPhone won’t get critical, automatic iOS updates that may fix security vulnerabilities. These kinds of devices introduce additional risk and a higher probability of a breach to your organization,” noted Shravan Thota, Senior Program Manager at Microsoft.

If the solution detects a jaibroken device, the security team will see a “high-risk” alert in Microsoft 365 Defender and, if the Conditional Access setup is based on device risk score, the device will be blocked from accessing corporate assets.

Microsoft also advises defenders to set up an additional compliance policy on Microsoft Intune (cloud-based mobile device management and mobile application management service) “as an additional layer of defense against jailbreak scenarios.”

Finally, Microsoft Defender for Endpoint now supports mobile application management (MAM) on Android and iOS for devices what have not been enrolled via Intune.

“With this update Microsoft Defender for Endpoint can protect an organization’s data within a managed application for those who aren’t using an MDM but are using Intune to manage mobile applications. It also extends support to customers who use other enterprise mobility management solutions such as AirWatch, MobileIron, MaaS360, and others, while still using Intune for mobile application management,” Thota added.

Threat and vulnerability management

Microsoft has made available new APIs for Microsoft threat and vulnerability management, for enterprises that need to handle large datasets and device inventories daily.

The new APIs will help them enhance their vulnerability management program by allowing them to create customized reports and dashboards, automate tasks and integrate third-party tools.

The APIs can be used to discover vulnerabilities and misconfigurations on devices, missing security updates, end-of-support products, list software installed on them, etc.

Customized reports and dashboards will allow security teams to concentrate on the things that are most important at specific moments/days and make it easier for them to report key information and insight to top management, Microsoft says.