NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Using Microsoft Defender VPN Still Allows Me to Set DNS Server at the Router?
We have a base router and one satellite in our home. One year ago I went into Orbi's settings and changed the DNS servers to be 1.1.1.3 and 1.0.0.3 from Cloudflare because our young kids had just st...
CrimpOnI tried those two experiments.
In Safari on the iPhone I entered http://orbilogin.net both with the MS Defender VPN turned on and then with it turned off. In both cases, I was using WiFi going through my Orbi with the DNS set to Cloudflare's kid friendly 1.1.1.3. In both cases I was able to get to the Orbi's login.
Then, with both MS Defender's VPN turned on and then with it turned off, I attempted to go to a non-PG website with Safari. In both cases, the site would not load. Just as a control, I turned off the WiFi and successfully got the same non-PG website to load on my iPhone.
Lastly, I went into Orbi's settings and set the DNS to be whatever my ISP uses, which has no restrictions. Then using Safari with Defender's VPN I again attempt to access the non-PG website and it did in fact work.
So it looks like MS Defender is still letting all the traffic go through whatever DNS is specified in Orbi's settings. If Orbi is set to use Cloudflare's 1.1.1.3, then the non-PG site does not work with Defender's VPN enabled. If Orbi is set to use the ISP's DNS, then the non-PG site does work, even with Defender's VPN enabled.
If Defender's VPN had its own DNS, then I would have expected:
1. I would not have been able to get to my Orbi's settings by typing orbilogin.net into Safari with Defender's VPN enabled
2. Cloudflare would not have blocked the non-PG site when Defender's VPN was enabled (I confirmed Defender was not also set to block the same website by leaving Defender's VPN enabled while changing Orbi's settings to use my ISP's DNS)
I see some articles here and there referring to Defender's VPN as looping and its not being a true VPN. So really, it sounds like the Defender app on my iPhone is just using an iPhone functionality to force all internet traffic through Defender, but Defender's VPN provides no encryption to any data leaving the phone. Isn't encryption of data from device to DNS a key benefit of a VPN?
I do see Defender has an additional option, beyond the "VPN", called "Privacy Protection". And that has a data limit and this article seems to be saying the privacy connection encrypts data. https://support.microsoft.com/en-au/topic/microsoft-defender-privacy-protection-faq-65b514b4-be3f-49bb-ae15-982bfc023854 I'll try going to the non-PG site sometime today with that turned on, and I'll see what happens. If MS is going to encrypt the data, this sounds more like an actual VPN and I assume it will bypass the Cloudflare DNS I've specified in Orbi.
Have spotted this "fine print" note on the referred page above?
"Privacy Protection is currently available in the US only and only currently supported on Defender for Android."
SparkyNuts Thanks for taking the time to run the tests. Very clear now that in the context of Microsoft Endpoint Defender, "VPN" refers only to the mechanism they have chosen to be able to examine every data packet on the way into and out of the device. Would be fascinating (from an intellectual curiosity viewpoint) to know what Microsoft is doing internally. I would expect to see a connection opened to cloud servers somewhere. When testing anti-virus software, researchers load up computers with known viruses and then count how many the various anti-virus packages detect. I suppose it would be possible to run a script attempting to connect to known phishing sites and verify that they are all blocked.
The emphasis on Organization might lead one to infer that a major intent is to protect organizations from penetration attempts, such as those that have embarrassed so many in recent years where employees fall for phishing attempts and reveal sensitive information.
From what little is known at this point, it would not appear to be harmful to run Defender.
