Microsoft releases first public preview of its Defender antivirus on Android

UPDATE: Microsoft Defender ATP for Linux has also exited public preview and is now generally available for all users.

Microsoft Defender ATP for Android

Image: Microsoft

Starting today, customers of Microsoft's commercial antivirus product -- Defender Advanced Threat Protection (ATP) -- can install a first version of the product's Android port.

The product, named "Microsoft Defender ATP for Android," was announced at the RSA security conference in February this year, and has reached a first public preview today.

Companies that have contracted Microsoft Defender ATP protection have a new option in their dashboard where they can enable the feature and deploy an Android app to employees' devices.

This new Android app will work like a classic mobile antivirus product that can scan the phone for malicious apps and other malware, detect malicious and phishing sites while the user is browsing the web, and block users from accessing certain sites based on a predefined block-list.

defender-android-screens.png

Image: Microsoft

Microsoft says the Defender ATP for Android app also comes with hidden features, courtesy of its integration into the larger and more complex Defender ATP, Intune, and Configuration Manager platforms.

The app effectively works as a gatekeeper for a company's network, allowing IT staff to lock Android smartphones out of the corporate network or prevent users from accessing corporate apps.

"When Microsoft Defender ATP for Android finds that a device has malicious apps installed, it will classify the device as 'high risk' and will flag it in the Microsoft Defender Security Center," Kanishka Srivastava, Senior Program Manager at Microsoft, said today.

Using sets of predefined rules, Srivastava says a company's security staff can then block any device that has been added to the "high risk" list from accessing company resources, such as its Outlook server or OneDrive accounts.

defender-android-screens-blocking.png

Image: Microsoft

Microsoft hopes that this feature prevents potentially compromised Andriod devices from serving as entry points into larger corporate data repositories from where hackers can steal even more data than what's initially available to them on the compromised device.

Furthermore, similar to the Windows version of Defender ATP, any detections of suspicious events will also be logged and sent back to each customer's Microsoft Defender Security Center.

Here, IT staff can make informed decisions, such as dismissing the alert, locking the device out of the company's network, and initiating a more thorough incident response procedure.

Currently, Microsoft Defender ATP is only available for Windows, Mac and Linux devices. The Linux client exited its public preview and entered general availability earlier today.

Microsoft launched a Linux client in public preview in February, when it also announced future public previews for Android and iOS. While the Android app entered public preview today, Microsoft said the iOS public preview is still coming, but merely scheduled for "later this year."

Additional information about the Microsoft Defender ATP for Android public preview is available in Microsoft's official documentation page.

Article updated one hour after publication to add that Defender ATP for Linux has exited public preview and is now generally available.