Skip to content

Commit 24da870

Browse files
Stacyrch140Stacyrch140
authored
Merge pull request #1549 from MicrosoftDocs/revert-1548-revert-1523-docs-editor/mtd-1728304149
Replacement PR for "Update mtd.md""
2 parents 5980f68 + 3ca341f commit 24da870

File tree

1 file changed

+40
-15
lines changed

1 file changed

+40
-15
lines changed

defender-endpoint/mtd.md

Lines changed: 40 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,10 @@ ms.reviewer: tdoucette, sunasing
44
description: Overview of Mobile Threat Defense in Microsoft Defender for Endpoint
55
ms.service: defender-endpoint
66
ms.subservice: onboard
7-
ms.author: deniseb
8-
author: denisebmsft
7+
ms.author: denishdonga
8+
author: denishdonga27
99
ms.localizationpriority: medium
10-
ms.date: 09/05/2024
10+
ms.date: 10/11/2024
1111
manager: deniseb
1212
audience: ITPro
1313
ms.collection:
@@ -62,21 +62,46 @@ The following table summarizes how to deploy Microsoft Defender for Endpoint on
6262
- [Overview of Microsoft Defender for Endpoint on Android](microsoft-defender-endpoint-android.md), and
6363
- [Overview of Microsoft Defender for Endpoint on iOS](microsoft-defender-endpoint-ios.md)
6464

65-
**Android**
65+
## Supported Android enrollment Scenarios
6666

67-
|Enrollment type |Details |
68-
|--------------------|-------------|
69-
|Android Enterprise with Intune |[Deploy on Android Enterprise enrolled devices](android-intune.md#deploy-on-android-enterprise-enrolled-devices)|
70-
|Device Administrator with Intune |[Deploy on Device Administrator enrolled devices](android-intune.md#deploy-on-device-administrator-enrolled-devices)|
71-
|Unmanaged BYOD OR devices managed by other enterprise mobility management / Set up app protection policy (MAM)|[Configure Defender risk signals in app protection policy (MAM)](android-configure-mam.md)|
67+
|Scenarios|Company portal app required on the device?|Protection Profile/Prerequisites|How to deploy|
68+
| -------- | -------- | -------- | -------- |
69+
|Android Enterprise personally owned devices using a work profile|Yes| Protects only the work profile section. [Learn more about the work profile](/mem/intune/apps/android-deployment-scenarios-app-protection-work-profiles)|[Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md#deploy-on-android-enterprise-enrolled-devices) |
70+
|Android Enterprise personally owned devices using a personal profile|Yes| Protects the personal profile. When a customer has a scenario with work profile as well then it protects the entire device. Note the following: The company portal app must be enabled on personal profile and the Microsoft Defender must be already installed and active in work profile to enable Microsoft Defender in personal profile.|[Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md#set-up-microsoft-defender-in-personal-profile-on-android-enterprise-in-byod-mode)|
71+
|Android Enterprise corporate owned work profile (COPE)|Yes|Protects only the work profile section. The Company Portal app and Microsoft Intune app both are automatically installed. | [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md#deploy-on-android-enterprise-enrolled-devices) |
72+
|Android Enterprise corporate owned fully managed - no work profile (COBO)|Yes|Protects the entire device. The Company Portal app and Microsoft Intune app both are automatically installed.|[Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md#deploy-on-android-enterprise-enrolled-devices)|
73+
|MAM|Yes, (need to just install, setup is not required) | Protects only enrolled apps. MAM supports with/without Device enrollment or enrolled with third party Enterprise Mobility Management.|[Configure Microsoft Defender for Endpoint on Android risk signals using App Protection Policies (MAM)](android-configure-mam.md)|
74+
|Device Administrator|Yes|Intune is ending support for android device administrator management on devices with access to Google Mobile Services (GMS) on December 31, 2024.|[Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](android-intune.md#deploy-on-device-administrator-enrolled-devices)|
7275

73-
**iOS**
7476

75-
|Enrollment type |Details |
76-
|--------------------|-------------|
77-
|Supervised devices with Intune |1. [Deploy as iOS store app](ios-install.md)<br/>2. [Setup Web Protection without VPN for supervised iOS devices](ios-install.md#complete-deployment-for-supervised-devices)|
78-
|Unsupervised (BYOD) devices enrolled with Intune |[Deploy as iOS store app](ios-install.md)|
79-
|Unmanaged BYOD OR devices managed by other enterprise mobility management / Set up app protection policy (MAM)|[Configure Defender risk signals in app protection policy (MAM)](ios-install-unmanaged.md)|
77+
### Unsupported Android enrollment scenarios
78+
These scenarios are not currently supported:
79+
- **Android Enterprise corporate-owned Personal profile**
80+
- **Android Enterprise corporate owned dedicated devices (COSU) (Kiosk/Shared)**
81+
- **Android Open-Source Project (AOSP)**
82+
83+
## Supported iOS enrollment Scenarios
84+
85+
|Scenarios|Company portal app required on the device?|Protection Profile/Prerequisites|How to deploy|
86+
| -------- | -------- | -------- | -------- |
87+
|Supervised Devices (ADE and Apple Configurator Enrollment|Yes|Protects the entire device. For ADE, if users who use Just in Time (JIT) registration, the Company portal app is not required because app will enroll the device automatically by connecting to Intune server| [Deploy Microsoft Defender for Endpoint on iOS with Microsoft Intune](ios-install.md#deployment-steps-applicable-for-both-supervised-and-unsupervised-devices) |
88+
|Unsupervised Devices (Device Enrollment)|Yes|Protects the entire device. For web-based device enrollment, the company portal app is not required because after the managed app signs in, the app downloads configuration policies directly and not the company portal app)|[Deploy Microsoft Defender for Endpoint on iOS with Microsoft Intune](ios-install.md#deployment-steps-applicable-for-both-supervised-and-unsupervised-devices)|
89+
|Unsupervised Devices (User Enrollment)|Yes|Protects work data only. The VPN has access to entire device, and the VPN can scan all app traffic|[Deploy Microsoft Defender for Endpoint on iOS with Microsoft Intune](ios-install.md#user-enrollment-setup-only-for-intune-user-enrolled-devices)|
90+
|MAM|No|Protects only enrolled apps. The VPN has access to entire device and can scan all app traffic)|[Deploy Microsoft Defender for Endpoint on iOS with Mobile Application Management](ios-install-unmanaged.md)|
91+
92+
### Unsupported iOS enrollment scenarios
93+
iOS Dedicated/shared/kiosk device enrollment is not supported.
94+
95+
### Android low touch onboarding supported scenarios
96+
97+
1. Android Enterprise personally owned devices using a work profile
98+
1. Android Enterprise corporate owned work profile (COPE)
99+
1. Android Enterprise corporate owned fully managed - No work profile (COBO)
100+
101+
### iOS zero touch onboarding supported scenarios
102+
103+
1. Supervised Devices (ADE and Apple Configurator Enrollment)
104+
1. Unsupervised Devices (Device Enrollment)
80105

81106
### End-user onboarding
82107

0 commit comments

Comments
 (0)