Microsoft Defender ATP now warns of jailbroken iPhones, iPads

Microsoft Defender ATP now warns of jailbroken iPhones, iPads

Image: Daniel Korpai

Microsoft has added support for detecting jailbroken iOS devices to Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus.

The new detection capability now available in the enterprise endpoint security platform (previously known as Microsoft Defender Advanced Threat Protection) will warn security teams of both managed and unmanaged jailbroken iPhones and iPads on their network.

“If it’s detected that a device is jailbroken, an alert is surfaced to the security team in Microsoft 365 Defender,” Microsoft Senior Program Manager Shravan Thota explained.

“The device will then be considered as a high-risk device and this risk score is shared with your app protection or device compliance policies so that you can block it from accessing corporate resources.”

By jailbreaking iOS devices, users gain complete write and execution access by elevating their permissions to root, thus removing all restrictions imposed by Apple on installing applications and customizing the OS behavior.

Since there are no restrictions in place, they can later install potentially malicious applications and, by avoiding updating the device to maintain their root access, they will also expose themselves to attacks by skipping on likely critical security updates.

“These kinds of devices introduce additional risk and a higher probability of a breach to your organization,” Thota added.

Microsoft Defender for Endpoint iOS jailbreak alert
Image: Microsoft

With this update, Microsoft has also added mobile application management (MAM) support for non-Intune enrolled Android and iOS devices.

The company also simplified onboarding for iOS end users by allowing admins to push the VPN profile needed for enrollment during the setup configuration process.

These improvements add to previously available capabilities, including:

  • Protection against phishing coming from browsing, email, apps, and messaging platforms 
  • Scans for malware and potentially unwanted apps (on Android) 
  • Blocking of unsafe connections as well as access to sensitive data (on Android) 
  • A unified security experience for SecOps in Microsoft 365 Defender   

This is part of a broader effort to expand the security platform’s capabilities across all popular operating systems with the end goal of allowing security teams to defend all their endpoint users using a unified security solution.

In June 2020, the Microsoft enterprise antivirus expanded to support more non-Windows platforms reaching general availability for Linux customers and public preview for Android. One year later, Redmond added support for macOS as part of a limited preview.

Two months ago, Microsoft announced that Microsoft Defender for Endpoint also supports Windows 10 on Arm devices.


Source: BleepingComputer

Leave a Reply