home

Mobile Endpoint Security

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Mobile Endpoint Security

Adding the iOS App Store Lookout for Work App to Intune and Assigning it to Users

Creating and Assigning Managed App Configuration for the iOS App

For iOS, Lookout for Work uses a Managed App Configuration file to uniquely identify devices and configure them for Entra ID authentication.

This procedure includes a parameter to enable zero touch activation.

  1. Log in to the Microsoft Intune admin center.
  2. In the left sidebar menu, click Apps.
  3. In the Apps blade, under Policy, click App configuration policies.
  4. Click + Add > Managed devices.
  5. Set the following:
    FieldValue
    Name 
    Lookout for Work iOS
    Description(Optionally enter a description)
    Device enrollment typeManaged devices
    PlatformiOS/iPadOS
    Targeted appSelect the app you defined earlier in Intune and click OK.
  6. Click Next.
  7. Set the Configuration settings format dropdown to Enter XML data.
  8. Paste the following XML:
    <dict>
<key>MDM</key>
<string>INTUNE</string>
<key>MDM_ID</key>
<string>{{aaddeviceid}}</string>
<key>DEVICE_UDID</key>
<string>{{udid}}</string>
<key>EMAIL</key>
<string>{{userprincipalname}}</string>
<key>ZeroTouchActivation</key>
<string>True</string>
<key>AAD_CLIENT_APP_ID</key>
    <string>REPLACE THIS WITH YOUR ENTRA ID CLIENT/APPLICATION ID</string>
<key>GLOBAL_ENROLLMENT_CODE</key>
<string>REPLACE THIS WITH YOUR GLOBAL ENROLLMENT CODE</string>
</dict>

    Android -

    https://login.microsoftonline.com/REPLACE-THIS-WITH-YOUR-AAD-TENANT-ID/adminConse nt?client_id=9d298878-c139-4270-8960-1d4e48ebf6db&redirect_uri=https://portal.azure.co m/TokenAuthorize

    iOS -

    https://login.microsoftonline.com/REPLACE-THIS-WITH-YOUR-AAD-TENANT-ID/adminConse nt?client_id=9be177ba-2734-4e33-9dfb-5ad76bdc0311&redirect_uri=https://portal.azure.co m/TokenAuthorize

  9. Replace the indicated text with your Azure Application ID and global enrollment code, for example:
    ...
<key>AAD_CLIENT_APP_ID</key>
<string>fa1a9d1e-<remaining ID></string>
<key>GLOBAL_ENROLLMENT_CODE</key>
<string>IOSDMOR</string>
</dict>

    Leave the other placeholders such as {{deviceid}} and {{userprincipalname}} as is. These are automatically interpreted by Intune and are replaced with the correct values when the configuration is deployed to a device.

  10. Click Next.
  11. On the 3. Assignment tab, under Included Groups, click + Select groups to include:


  12. Search for and click all groups that you want to assign.
    Use the same group(s) you used for initial enrollment.
  13. Click Select.
  14. Click Next, then click Create.

Last updated: November 20, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.