home

Mobile Endpoint Security

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Setting up your Intune Connector

These steps assume you have already created a user group in Entra ID for testing your Lookout deployment. The best practice is to start with a small group of users to allow your Lookout/ admins to

become familiar with the product integrations. Once they are familiar, they may extend the enrollment to additional groups of users.

  1. Log in to the Lookout MES Console at https://aad.lookout.com.
  2. In the left sidebar, click Integrations.
  3. Under Choose a product to set up, click the Microsoft Intune tile.
    The Intune connector page opens.
  4. Under Connector Settings, enter the following:
    FieldValue
    Label for this MDM connection(Optional) A user friendly name for the connector.
    Heartbeat FrequencyLookout recommends using the default 10 minute interval.
  5. Click Create Integration in the top right corner.

    If creation is successful, a banner notification appears and additional sections become enabled. If you get a certificate error, click Certificate Details. Otherwise continue with Step 6.

    1. Look for errors on the certificate details screen.
      Typical errors include expired or broken certificates as shown here:
      ErrorHow to Fix the Error
      Expired certificate The certificate expiration date is in the past.Replace the MDM certificate with a new certificate.
      Broken certificate. One or more intermediate certificates do not validate correctly.Replace the MDM certificate with a valid certificate.
    2. Retry entering all required information into the Integration connector.
  6. Scroll down to Enrollment Management and enter the following:
    FieldValue
    How often should Lookout check for new devices?Lookout recommends using the default 5 minute interval.
    Use the following Azure AD security groups to identify devices that should be enrolled in Lookout for Work:

    Click + Add Entry and add an Entra ID group you wish to enroll in Lookout for Work, then click Save.

    After adding a security group, scroll up and click Save Changes in the top right corner before adding more groups.

    Delete device on unenrollmentON

    The listed Entra ID groups define the set of users whose devices will be enrolled with Lookout. When a user is in one of the groups, their devices in Entra ID are enrolled and eligible for activation in Lookout MES.

  7. Scroll down to State Sync and enable Synchronize device status to Intune.
  8. Set Synchronize disconnected status to Intune to either of the following:
    1. Set to ON (enabled) if only using Android devices in your fleet.
    2. Set to OFF (disabled) when iOS devices are in your fleet.

    Disabling Synchronize Disconnected Status to Intune prevents Intune from incorrectly marking Lookout for Work status (on iOS devices only) as disconnected and out of compliance.

    when users have not interacted with this app. This status can lead to denial of access to organization resources.

  9. Scroll down to Error Management and enter an email address for error reporting.
  10. Scroll up and click Save Changes in the top right corner.

    You can review connector settings from the Integrations module at any time.