In this article we'll answer some of the most common privacy questions about Microsoft Defender for Endpoint on Android and iOS mobile devices.

Why does Microsoft Defender for Endpoint use a VPN and is my browsing activity being tracked? 

Microsoft Defender for Endpoint uses a virtual private network (VPN) to provide Web Protection capabilities that protect you against phishing or web-based attacks. This is a local (or self-looping) VPN, and unlike traditional VPNs, it can't direct or redirect traffic off the device.

How does Microsoft Defender for Endpoint detect malicious websites while respecting my privacy?

To detect malicious websites, Microsoft Defender for Endpoint uses on-device capabilities, and in some cases, remote services. Your personal information is not sent while using the remote service to detect malicious websites.

Whether a website is flagged as "malicious" or "potentially unsafe" is based on various indicators—including sensitive information requests (such as phishing sites asking for credentials), site reputation, or the presence of malicious scripts—and is not based on the type or category of the website.

Your organization can only see information about phishing or potentially unsafe connections. Your personal data and browsing activity are never seen by your organization or Microsoft.

Can my organization or Microsoft access my personal data or view my browsing activity? 

Neither Microsoft nor your organization can see data from apps installed on your device, browsing content, or stored  browsing history. The only time your organization will see a website domain, URL, or your email address would be if you were to attempt to visit a site that has been flagged as malicious by Microsoft Defender for Endpoint for containing harmful programs that might steal your personal or financial information.  

What information will my organization be able to see?  

Your organization will be able to see the following information:

  • Antivirus alerts (only on Android): Details about malicious apps found on your device.

  • Web protection alerts: Details about malicious or unsafe websites blocked by Microsoft Defender for Endpoint on your device. Note that whether a website is flagged as "malicious" or "phish" is based on a few indicators—including sensitive information requests, site reputation, or the presence of malicious scripts—and is not based on the type or category of the website. 

  • Device information: Device identifier, tenant identifier, logged-on user, and device details like OS version, model, and CPU info.

Your organization does not have access to the following information on your device: 

  • Call and web browsing history

  • Your location history

  • Content of email and text messages

  • Your contacts

  • Your passwords

  • Your calendar

  • Your content stored on your device (e.g., photos, videos, data from other apps)

If you have further concerns, complaints, or questions about privacy, you can contact us by sending an email to

Where can I get more information about privacy?

Here are a few additional resources for learning more about your privacy when using our products and services:

See also

Microsoft security help and learning

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Any additional feedback? (Optional)

Thank you for your feedback!