News

Microsoft Defender for Endpoint Gets VPN Tunnel Support for Android Devices

• By Kurt Mackie
• 06/14/2021

Microsoft announced a couple of "general availability" milestones on Monday for organizations using Microsoft Defender for Endpoint to protect Android devices.

First, the Microsoft Defender for Endpoint service, used for threat detection and post-breach analyses, now has Microsoft Tunnel support for Android devices. iOS device support was expected to arrive this quarter, but support will "remain in public preview for the time being." Second, the Microsoft Tunnel Gateway has also reached the general availability stage, signifying commercial release.

Microsoft Defender for Endpoint was previously called "Microsoft Defender Advanced Threat Protection," but it underwent rebranding last year.

Microsoft Tunnel Service
The Microsoft Tunnel service is used to connect mobile devices to an organization's network resources. It supports virtual private networks, split tunneling and the use of Microsoft's Conditional Access compliance service.

The Microsoft Tunnel Gateway apparently is a component of the Microsoft Tunnel service, which itself is a virtual private network (VPN) gateway solution.

Here's how a Microsoft document described the Microsoft Tunnel service:

Microsoft Tunnel is a VPN gateway solution for Microsoft Intune that runs in a Docker container on Linux and allows access to on-premises resources from iOS/iPadOS and Android Enterprise devices using modern authentication and Conditional Access.

Microsoft Intune is Microsoft's mobile management solution that comes with Microsoft Endpoint Manager (formerly known as "System Center Configuration Manager").

Microsoft conceives of the combination of Microsoft Defender for Endpoint with Microsoft Tunnel as simplifying the security of mobile devices, per this announcement in March:

By combining Microsoft Tunnel VPN capabilities with the Microsoft Defender for Endpoint app on iOS and Android, your users enjoy a simpler mobile experience with just one app, and your organization gains a more holistic mobile threat defense solution that enables secure and productive remote work. 

Microsoft's last notable Microsoft Tunnel update came in March, when Microsoft Endpoint Manager version 2103 added performance and health checks for Microsoft Tunnel. At that time, Microsoft Tunnel was just available in Microsoft Defender for Endpoint at the preview level.

Microsoft Ending Tunnel Android 'Standalone' Client
Microsoft wants organizations to use the Microsoft Defender for Endpoint client with Microsoft Tunnel to protect Android devices. A "standalone" Microsoft Tunnel Android client app exists, but Microsoft is planning to end it next month:

The existing Microsoft Tunnel standalone client app for Android will be removed from the [Microsoft] store after August 16, 2021, so if you're previewing Tunnel today, be sure to move your users to the new Microsoft Defender for Endpoint client ahead of this date.

Microsoft's announcement also included complex advice for organizations currently using app configuration policies with Microsoft Defender for Endpoint app for Android Enterprise, along with Microsoft Tunnel. They will need to change those Microsoft Defender for Endpoint settings into custom settings in the "Microsoft Tunnel VPN profile" and they'll need to "remove the app configuration policy," as well.