Table of Contents

    Now Available: Microsoft’s New Android Antivirus App

    New Android Antivirus App

    Customers can now install the first version of Microsoft Defender ATP for Android on their mobile phones. A similar version, named Microsoft Defender ATP for Mac, is set to be rolled out later this year. As more and more work is being done via mobile devices, the threats have evolved. 

    In a recent community forum, Microsoft had mentioned that the threats in mobile devices are extremely high. The app is said to protect devices from phishing, detect malware and PUAs, and run signature-based scans. As of now, the Defender ATP for Android is only available for ATP customers and not for the general public. This is the reason the app isn’t listed on Google Play Store.

    Top Features

    Defender ATP includes the Microsoft SmartScreen™ that can block unsafe connections. It will also include signature-based scans, anti-phishing, and other mobile-centric features.

    Anti-Phishing Systems

    When the user clicks on unsafe URLs received by email, WhatsApp, SMS, or other apps, the SmartScreen technology will instantly block them. The SmartScreen feature works in conjunction with the Android OS to allow the Defender App to inspect the URL. When the anti-phishing engine blocks a suspicious URL, it immediately sends out a notification to the user alongside options to allow the connection request, report as ‘safe’, or to dismiss the notification.

    IT security teams will receive real-time notifications about attempts to access malicious URLs and take immediate action.In an Enterprise-level security setup, IT Teams will be able to define network-level decisions to block specific sites from the app itself.

    Blocking Unsafe Network Connection

    In addition to stopping phishing attacks, the Smartscreen service also blocks unsafe network connection requests that some installed apps make on the user’s behalf.  It also notifies the user about open Wi-Fi networks. Similar to the anti-phishing engine, the app sends out notifications every time it blocks unsafe network connection requests.

    It runs on the proprietary technology of Microsoft’s Defender ATP which allows security administrators to better track and regulate all incoming and outgoing requests within a shared enterprise network. 

    Custom Indicator Creation

    With Defender ATP for Android, security administrators will be able to create custom indicators to define, prevent, and exclude entities. They will be able to define what action needs to be taken, the duration to apply the action, and the scope of the action.

    Using this feature, IT teams can get enhanced control over blocking and allowing selected URLs and domains that users can access on their mobile phones.

    Malware Scanning

    The app will run proactive scans of all installed applications, files and potentially unwanted applications (PUAs) that are on the mobile device. This will help limit the installation of third-party apps or apps from unverified sources. The scanning engine relies on cloud protection backed by heuristic monitoring and deep learning alongside traditional signature-based detection. Once a detailed scan is performed, the app sends out a notification showing the results.

    Blocking Access To Sensitive To Data

    Users will be entitled to additional layers of added protection designed to help prevent and limit the impact of breaches. By expanding upon the combination of Microsoft Endpoint Manager and Conditional Access solutions, devices that have been infiltrated by malicious apps or malware will be assigned a ‘high-risk’ label that prevents these devices from accessing company resource environments. 

    For instance, if your mobile device is scanned as infected, the Defender ATP will classify your device’s ID as ‘high-risk’. When you try to access your Microsoft Outlook email account, your device will be temporarily blocked. Once the malicious program is removed, your access will be automatically restored.

    The Centralized Security Mechanism

    The Microsoft Defender Security Center will provide you with a unified security experience where you can review notifications, gain additional context, set parameters, and quickly respond to threats. This experience is exactly similar to what security teams for Windows, Linux, and Mac receive. Security analysts obtain a more holistic view of attacks and malware on individual devices.

    Android apps with their related risk levels are also shown under the Security Center. Users and IT teams can also review the number of events, active warnings, and logged in users associated with the device on the security details tab.

    How To Get Started

    The Defender ATP app for Android is only available to ATP customers and not the general public. It is compatible with all mobile phones running on Android 6.0 and above and supports both Legacy Device Administrator and Android Enterprise modes on registered devices.

    If you are an existing ATP customer, you can visit the Google Play Store and download the Intune Company Portal App on the registered device. Additional devices can be registered via the app. Depending on your role, you’ll receive access to the Security Center portal or Endpoint Manager Admin Center. 

    Bottom Line

    Microsoft is committed to providing enhanced security solutions to organizations and individual users. Other than the features mentioned here, the company will be releasing additional capabilities for Android devices. More details on the app are yet to be released, so keep an eye out for updates.