You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/android-configure.md
+7-6Lines changed: 7 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -111,12 +111,13 @@ In the Microsoft Intune admin center, navigate to Apps > App configuration polic
111
111
> - To ensure comprehensive protection against Wi-Fi threats, users should enable location permission and select the "Allow All the Time" option. This permission is optional but highly recommended, even when the app is not actively in use. If location permission is denied, Defender for Endpoint will only offer limited protection against network threats and will only safeguard users from rogue certificates.
112
112
113
113
> [!IMPORTANT]
114
-
> Starting May 19, 2025, alerts for connecting or disconnecting to an open wireless network and for downloading/installing/deleting self-signed certificates are now generated as events. If auto-remediation key is enabled, old alerts are resolved automatically after the changes take effect.</br>
115
-
> With this change, security operations center (SOC) analysts can now view the connecting/disconnection to open wireless networks and download/installation/removal of self-signed certificates as events in the Timeline tab of a device page. In particular, events are generated following these activities:</br>
116
-
> - Mobile devices connecting/disconnecting to open wireless networks, whether trusted or not. Previously, an alert is generated when end-users connect to an open Wi-Fi network. In the new experience, when an end-user connects or disconnects to an open wireless network multiple times within the same 24-hour period, only one event each is generated.</br>
> For these changes to take effect, end-users must update to the latest version of Defender for Endpoint on Android. Otherwise, the previous experience of generating alerts will still be in place. End-users who turned on auto-update automatically gets these changes.</br>
119
-
> The previous experience of generating alerts for these activities still apply to GCC tenants.</br>
114
+
> Starting May 19, 2025, alerts are no longer generated in the Microsoft Defender portal for mobile devices connecting or disconnecting to an open wireless network and for downloading/installing/deleting self-signed certificates. Instead, these activities are now generated as events and are viewable in the device timeline.</br></br>
115
+
> Here are a key changes about this new experience:</br>
116
+
> - For these changes to take effect, end-users must update to the latest version of Defender for Endpoint on Android available on May 2025. Otherwise, the previous experience of generating alerts will still be in place. If auto-remediation key is enabled by the admin, old alerts are resolved automatically after the changes take effect.</br>
117
+
> - When an end-user connects or disconnects to an open wireless network multiple times within the same 24-hour period, only one event each for the connection and disconnection is generated.</br>
118
+
> - Enable Users to Trust Networks: After the update, connection and disconnection events to open wireless networks, including to trusted networks, are sent to the device timeline as events.
119
+
> - Users allow-listed certificates: After the update, downloading/installing/deleting self-signed certificates events, including user-trusted certificates, are sent to the device timeline as events.</br>
120
+
> - The previous experience of generating alerts for these activities still continue to apply to GCC tenants.
0 commit comments