Configuring Zero Touch Activation for Lookout for Work on Android Enterprise
Lookout for Work 6.4 and higher on Android supports a zero-click activation workflow for Android Enterprise (Android for Work) devices in Intune. To enable it, configure the Lookout for Work app to pre-grant permissions, then deploy a VPN profile from Intune. The always-on VPN opens Lookout for Work, and when the app detects the provided values for enrollment, it switches to the zero-click activation flow.
When you enable always-on VPN functionality for zero-click activation using Intune, the Android OS will not permit any other VPN to connect.
- Lookout for Work 6.4+
- Microsoft Intune configured for Android Enterprise.
-
Android Enterprise Fully Managed or Dedicated devices.
For additional information, see Android Enterprise device settings list to allow or restrict features on corporate-owned devices using Intune on the Microsoft Docs website.
- Log in to the Microsoft Intune admin center.
- In the left sidebar, click Devices.
- In the Devices blade, under Policy, click Configuration profiles.
- Click + Create profile.
- Set Platform to Android Enterprise and Profile type to Device restrictions, then click Create.
- Enter a name for the profile, such as
Lookout Zero Touch Activation. - Click Next.
- Click Connectivity.
-
Set the following:
Field Value Always-on VPN Enable VPN client Custom Package ID com.lookout.enterpriseLockdown mode Not configured Recommended global proxy Not configured - Click Next.
- Click + Select groups to include.
- Search for and click all groups that should use the always-on VPN for zero touch activation.
- Click Select.
- Click Next, then click Save.
