Microsoft Defender for Android will end support for protecting personal profiles on enrolled devices by March 2026, focusing solely on securing corporate work profiles. This change enhances enterprise security and user privacy, requires no admin action, and does not affect work profiles or unenrolled devices.
Introduction
By the end of March 2026, Microsoft Defender for Android will no longer support protection of personal profiles on enrolled devices. This change aligns with our enterprise-first security strategy, ensuring resources are focused on protecting corporate data while maintaining user privacy.
When will this happen
Rollout will begin in mid-March 2026 and complete by late March 2026.
How this affects your organization
Who is affected: Organizations using Microsoft Defender for Endpoint (MDE) on Android in personal profiles on enrolled devices that are managed through mobile device management (MDM) configuration policies.
What’s changing:
We're ending support, monitoring, and feature development for protecting personal profiles on enrolled devices (personal profiles managed via MDM configuration policy). Our main objective is to safeguard corporate assets, with emphasis on identity and data contained within the work profile in enrolled environments. We rely on Android’s platform-level separation to ensure robust isolation. Current research indicates that the likelihood of cross-profile attacks compromising enterprise data remains minimal at present.
Current State:
Defender can be enrolled in the personal profile and managed through MDM configuration policies along with controlling work profile configuration (App Configuration policies targeted to managed devices).
Reference link: Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune
New State:
Deploying and managing Defender in personal profile on enrolled devices via MDM policies will be retired by the end of March 2026. Defender in work profile on enrolled devices and unenrolled mobile application management (MAM)-enabled devices remains unchanged.
Reference link: Configure Microsoft Defender for Endpoint on Android risk signals using App Protection Policies (MAM)
Benefits of the Change:
This update enhances our enterprise-focused strategy by providing more efficient and dependable protection for corporate data. It safeguards user privacy and ensures that Defender exclusively protects corporate assets, maintaining the integrity of personal information in accordance with privacy regulations and platform separation requirements.
What you can do to prepare
No compliance considerations identified, review as appropriate for your organization.