You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/android-configure.md
+4-6Lines changed: 4 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,7 +15,7 @@ ms.collection:
15
15
ms.topic: conceptual
16
16
ms.subservice: android
17
17
search.appverid: met150
18
-
ms.date: 05/19/2025
18
+
ms.date: 05/21/2025
19
19
---
20
20
21
21
# Configure Defender for Endpoint on Android features
@@ -89,7 +89,7 @@ In the Microsoft Intune admin center, navigate to Apps > App configuration polic
89
89
|Enable Network protection in Microsoft Defender|1 - Enable (default), 0- Disable. This setting is used by the IT admin to enable or disable the network protection capabilities in the Defender app.|
90
90
|Enable Network Protection Privacy|1 - Enable (default), 0 - Disable. Security admins manage this setting to enable or disable privacy in network protection.|
91
91
|Enable Users to Trust Networks and Certificates|1 - Enable, 0 - Disable (default). Security admins manage this setting to enable or disable the end user's in-app experience to trust and untrust unsecure and suspicious networks and malicious certificates.|
92
-
|Automatic Remediation of Network Protection Alerts|1 - Enable (default), 0 - Disable. Security admins manage this setting to enable or disable the remediation alerts that are sent when a user performs remediation activities, such as switching to a safer Wi-Fi access point or deleting suspicious certificates detected by Defender. This setting is only applicable to alerts and not to device timeline events. So, this setting won't applied to open wi-fi and self-signed certificates.|
92
+
|Automatic Remediation of Network Protection Alerts|1 - Enable (default), 0 - Disable. Security admins manage this setting to enable or disable the remediation alerts that are sent when a user performs remediation activities, such as switching to a safer Wi-Fi access point or deleting suspicious certificates detected by Defender. This setting applies exclusively to alerts and does not impact device timeline events. As a result, it will not affect open Wi-Fi networks or self-signed certificates.|
93
93
|Manage Network Protection detection for Open Networks|2- Enable (default), 1- Audit mode, 0 - Disable. Security admins manage this setting to enable, audit, or disable open network detection, respectively. In 'Audit' mode, events are sent only to the ATP portal with no end user experience. For end user experience, the config should be set to 'Enable' mode.|
94
94
|Manage Network protection Detection for Certificates|2- Enable, 1- Audit mode, 0 - Disable (default). In Audit mode, events are sent to SOC admins, but no end-user notifications are displayed to the user when Defender detects a bad certificate. Admins can, however, enable full feature functionality by setting 2 as the value. When the feature is enabled with the value of 2, end-user notifications are sent to the user when Defender detects a bad certificate, and events are also sent to the SOC Admin. |
95
95
@@ -100,11 +100,10 @@ In the Microsoft Intune admin center, navigate to Apps > App configuration polic
100
100
|Enable Network protection in Microsoft Defender|1: Enable (default)<br/> 0: Disable<br/><br/> This setting is used by the IT admin to enable or disable the network protection capabilities in the Defender app.|
101
101
|Enable Network Protection Privacy|1: Enable (default) <br/> 0: Disable <br/><br/> Security admins manage this setting to enable or disable privacy in network protection.|
102
102
|Enable Users to Trust Networks and Certificates|1: Enable <br/>0: Disable (default) <br/><br/> This setting is used by IT admins to enable or disable the end user in-app experience to trust and untrust the unsecure and suspicious networks and malicious certificates.|
103
-
|Automatic Remediation of Network Protection Alerts|1: Enable (default) <br/> 0: Disable <br/><br/> This setting is used by IT admins to enable or disable the remediation alerts that are sent when a user does remediation activities. For example, the user switches to a safer Wi-Fi access point or deletes suspicious certificates that were detected by Defender. This setting is only applicable to alerts and not to the device timeline events. So, this setting won't be applied to open Wi-Fi and self-signed certificate detection.|
104
-
|Manage Network Protection detection for Open Networks| 2: Enable (default)<br/> 1: Audit Mode <br/> 0: Disable <br/> Security admins manage this setting to enable or disable open network detection.|
103
+
|Automatic Remediation of Network Protection Alerts|1: Enable (default) <br/> 0: Disable <br/><br/> This setting is used by IT admins to enable or disable the remediation alerts that are sent when a user does remediation activities. For example, the user switches to a safer Wi-Fi access point or deletes suspicious certificates that were detected by Defender. This setting only applies to alerts and does not affect device timeline events. As such, it does not apply to the detection of open Wi-Fi networks or self-signed certificates| 2: Enable (default)<br/> 1: Audit Mode <br/> 0: Disable <br/> Security admins manage this setting to enable or disable open network detection.|
105
104
|Manage Network protection Detection for Certificates|2: Enable <br/> 1: Audit mode<br/> 0: Disable (default)<br/><br/>In audit mode, events are sent to SOC admins, but no end user notifications are shown when Defender detects a bad certificate. Admins can enable full feature functionality by setting the value 2. When the value is 2, end user notifications are sent to users and events are sent to SOC admins when Defender detects a bad certificate.|
106
105
107
-
6. Add the required groups to which the policy has to be applied. Review and create the policy.
106
+
2. Add the required groups to which the policy has to be applied. Review and create the policy.
108
107
109
108
> [!NOTE]
110
109
> - The other config keys of Network Protection will only work if the parent key '**Enable Network Protection in Microsoft Defender'** is enabled.
@@ -119,7 +118,6 @@ In the Microsoft Intune admin center, navigate to Apps > App configuration polic
119
118
> - Users allow-listed certificates: After the update, downloading/installing/deleting self-signed certificates events, including user-trusted certificates, are sent to the device timeline as events.
120
119
- The previous experience of generating alerts for these activities still continue to apply to GCC tenants.
121
120
122
-
123
121
## Privacy Controls
124
122
125
123
Following privacy controls are available for configuring the data that is sent by Defender for Endpoint from Android devices:
0 commit comments