home

Mobile Endpoint Security

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Mobile Endpoint Security

Deploying Lookout with Ivanti EPMM

Configuring a Risk Response

To drive compliance based on Lookout MES risk levels, you must create security policies that trigger on always-on conditions, then map those policies to the MES risk level custom attributes or labels you created in Creating Custom Attributes or Labels for Device State Sync. This way, any device with the custom attribute or label is subject to the security policy. Whenever Lookout associates a device with a risk level custom attribute or label, such as "MES - Moderate Risk," Ivanti EPMM takes the corresponding compliance action. When a device is remediated, Lookout removes the risk level custom attribute or label and the compliance action ceases.

  1. Create an always-on trigger:
    1. In the top navigation tabs, click Apps > App Control > Add:

      The Add App Control Rule screen displays.

    2. Enter the following information:


      FieldValue
      NameThreats Present Trigger
      TypeRequired
      AppIdentifier Equals
      App Identifier / Nameapp does not exist
      Device PlatformAll
    3. Click Save.

      This rule always yields a non-compliant state, since a device never has the "app does not exist" app installed. This non-compliant state allows Ivanti EPMM to automatically evaluate and apply a response in a security policy based on alignment to a particular risk response custom attribute or label from Lookout (e.g. "MES - High Risk").

  2. Set up a Compliance Action for each MES risk level (Low, Moderate, and High):
    1. In the top navigation tabs, click Policies & Configs > Compliance Actions > Add+:

      The Add Compliance Action window appears.

    2. In the Name field, enter " MES <Low/Moderate/High> Risk".
    3. Configure the remaining options based on your organization’s requirements.
    4. Click Save.
    5. Repeat these steps to create new actions for Moderate and High risk levels.

      Lookout recommends checking Block Access and Quarantine as part of your High Risk response.

  3. Configure a Security Policy for each MES risk level:
    1. In the top navigation tabs, click Policies & Configs > Policies > Add New > Security:

      The New Security Policy window appears.

    2. Set the following:


      FieldValue
      Name 
      MES <Low/Moderate/High> Risk
      StatusActive
      Access Control > For All PlatformsMES <Low/Moderate/High > Risk when a device violates following App Control rules:
      Rule Type: Required

      Move Threats Present Trigger to the

      Enabled list.

    3. Scroll down to For iOS devices and specify the same MES <Low/Moderate/High > Risk Compliance Action "for the following disallowed devices", adding all devices to the Disallowed list:


      Marking all iOS devices Disallowed has the same effect as the always-on Threats Present Trigger. Because the requirement in Ivanti EPMM is always met, the threat response activates or deactivates based on the Lookout MES threat level custom attribute or label.

    4. Click Save.
    5. Repeat these steps to create new policies for Moderate and High risk levels.
  4. Associate each Security Policy with the corresponding custom attribute or label.

Last updated: November 20, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.