The Lookout and Workspace ONE Risk Remediation Workflow
- A device is impacted by an active threat.
- Lookout for Work identifies the threat and communicates the device's status to the Lookout MES Console.
-
The Lookout MES Console categorizes the device according to the settings in the Protections module.
For example, by default, a device with an active issue classified as "Trojan" is considered High Risk.
- The Lookout MES Console communicates this device status by applying the "Lookout MES - High Risk" tag to the device in Workspace ONE.
-
Because it is tagged as "Lookout MES - High Risk," Workspace ONE dynamically adds the device to the "Lookout High Risk" Smart Group.
All policies that apply to the "Lookout High Risk" Smart Group are now in effect for the device.
- The device user remediates the threat by uninstalling the "Trojan" malware.
- Lookout for Work gives the all clear and communicates the device's new status to the Lookout MES Console.
- The Lookout MES Console no longer considers the device high risk, so it removes the "Lookout MES - High Risk" tag from the device in Workspace ONE.
-
Because it is no longer tagged as "Lookout MES - High Risk," Workspace ONE removes the device from the "Lookout High Risk" Smart Group.
The device user is no longer affected by the policies for that Smart Group.
