home

Mobile Endpoint Security

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Set Application and Notifications Permissions

To allow 1-Click activation, permissions and notifications must be pre-granted. This procedure enables PCP (phishing and content protection services) on devices without prompting for user permission.

Create a CP-Notifications-LookoutForWork configuration profile.

  1. Click Mobile Device > Configuration Profiles, then click + New.
  2. Enter the profile name CP-Notifications-LookoutForWork.
  3. Click Notifications at the left, then click + Add.
  4. Enter these settings shown.
    Leave the defaults for remaining settings.


  5. Click Save.
    This screen shows the profile configuration:


    Lookout for Work for iOS will request to access "Device Location" and this permission can’t be pre-granted. Device Location is used to cross check Wifi SSIDs.

    Device Location permission can be disabled for the full tenant. Check with Lookout support for more information.

    Create a Lookout Safe Browsing VPN configuration profile if it’s not already created. To set up Safe Browsing and On-Device Threat Remediation, configure and deploy a VPN profile on the device. The VPN profile redirects network traffic to the Lookout for Work application.

  6. Click Mobile Device > Configuration Profiles, then click + New.
  7. Enter the profile name Lookout Safe Browsing VPN.
  8. Click VPN at the left, then click Configure to set up a VPN.
  9. Enter the settings shown in the next screen.
    Leave the defaults for remaining settings.
  10. Click Save when complete.


    1. Click Edit.
    2. Click Restrictions at the left, then click Functionality,
    3. Click Edit and choose restrictions as appropriate for your users.
    4. Click Save.
      Then click Edit to edit the profile again.
    5. Click Restrictions, then click Apps.
    6. Allow or restrict apps as appropriate for your users.
    7. Click Save.
      Then click Edit to edit the profile again.
    8. Click Restrictions, then click Media Content.
    9. Choose settings as appropriate for your users.
    10. Click Save when complete.

    Here is an example showing media selections:



  11. In the JAMF UI, assign the profile and the Lookout for Work application to the device group to include in the Lookout deployment.

    Users can now deploy Lookout for Work on their iOS devices, click on the app, accept the Device Location permission if needed and the notifications if they are using a non-supervised device. Lookout for Work will be activated and the device will appear in the Lookout MES console associated with the JAMF ID.