We have spent the last year or so in COVID buried in various IT security poopshows e.g. Solarwinds, a few ransomwares, and the many zero days. We also continue to get attacked with buzzword bingo to potentially address many of these issues like CASB, MTD, Blockchain, Security, EDR, blah blah. The one we are focused on this week is MTD aka Mobile Threat Defense. MTD is basically an antivirus for your mobile device, but it’s a huge expense. Some companies pay 100K for a good MTD, but this week I am here to share a platform/idea that you may already own. Let’s get started!
What is Microsoft Defender for Endpoint Exactly?
Defender for Endpoint is a very significant solution. The best way to think about it is a collection of security products that attain synergy and work together toward covering the endpoint’s attack surface.
Several key items exist inside of Defender to protect your client devices:
- Endpoint behavioral sensors embedded in Windows clients collect data within the sensors and send them up to the Microsoft Security Center.
- Office 365 cloud security analytics aggregate the data between online assets, Office 365, and Windows’ ecosystem, which are driven through machine learning to build insight, detect strange behavior, and deliver recommended remediation for threats.
- Threat Intelligence feeds through Defender to help identify attack patterns, techniques, procedures, and generate alerts when identified in the sensor data.
- Endpoint Detection and Response capabilities, which we will cover more soon help with detecting and protecting/fighting back against attackers.
Requirements for Microsoft Defender
Defender can be obtained in a few different ways licensing-wise:
- Win 10 Enterprise or Education E5
- Microsoft 365 E5/A5 or E5/A5 Security
- Microsoft Defender for Endpoint
A big misnomer with Defender is that you need to use Intune in order to leverage Defender and the Microsoft documentation sort of implies that. You can do a bit of creative engineering per usual to deploy it out. We will be mainly focusing on deploying Defender for iOS, but you can read my article from last year about the full platform here. Let’s focus first on how we can deploy the required capabilities via Workspace ONE.
Capabilities in Microsoft Defender for Endpoint on iOS
The mobile version of Defender has specific capabilities:
- Blocks malicious web links from SMS, messaging apps, browsers, and email.
- Blocks background connections from most apps
- Alert, Allow, or Block IP addresses or domains on your device.
- Single pane-of-glass for reviewing alerts and analytics for mobile devices.
- (In Public Preview) capability to perform category blocks.
Deploying Defender for Endpoint on iOS via Workspace ONE UEM
Setting up Defender for Endpoint is comprised of a VPN profile and deploying the application itself. Check out the video below to see how you can deliver Defender in a very user-friendly way:
Overall it was pretty easy to setup once I figured out how it needs to be set. The settings for the VPN profile can be found below:
Connection Type: Custom Identifier: com.microsoft.scmx Server: 127.0.0.1 Custom Data: Key: Onboard Value: True Per-App VPN: Disabled Include all Networks: True
Setting up Microsoft Defender on the Microsoft Side
You only have a few things to take care of to setup Defender. For instance, check out the video below to see how you can setup things easily to begin using your very own MTD on your suite of mobile devices:
After that, you are ready to begin testing the capabilities on your mobile devices. Let’s check out a demo of the user experience that combines security with synergy.
Microsoft Defender for Endpoint Demo on iOS
You will find it surprising how solid the user experience is on Defender. The biggest issue is that rule changes can take 30 minutes to two hours to take effect. That is nothing new with Azure, but I think it’s a nice experience overall.
In closing, the idea that you need to pay some ridiculous amount of money to deliver a MTD is crazy. Most people know me as a crazy VMware advocate, but I am all about making the most out of your investments. You will find the biggest problem with the Office 365 suite is that most companies have no idea what is in it. It’s very disappointing that Carbon Black doesn’t have a MTD, but I am more than happy to leverage my E5 investment and crush it.