Workspace ONE distributes Lookout for Work as configured in the app's Assignments tab.

• Android: If you have pre-granted permissions for Android users and enabled Zero-Click activation as documented in Pre-Granting Permissions and Configuring Zero-Click Activation for Android Users, the VMWare Workspace ONE Intelligent Hub app installs and launches Lookout for Work. Lookout for Work activates and starts up without requiring user interaction.

  If you have pre-granted permissions but not enabled Zero-Click activation, the user must open Lookout for Work. Once they open the app, it activates and starts up.

  If you have not pre-granted permissions, the app prompts the user to accept them. If an Android user declines permissions, Lookout cannot provide security coverage, as it requires access to the corresponding information in order to detect threats.

• iOS: If you have configured Forced Activation for supervised iOS Devices as documented in Configuring Forced Activation for Lookout for Work on iOS, the on-device VPN blocks Web traffic when a device attempts to connect to a site via HTTP (HTTPS traffic is permitted). A notification alerts the user to activate Lookout for Work. The user must open Lookout for Work, which then prompts for the required permissions and then activates.

  If an iOS user declines permissions or closes the app, their device is still activated and secured in Lookout and in your MDM. Lookout cannot alert the user of issues without having device permissions, but it continues to report issues to the Lookout MES Console.

For additional information on end user permissions, see Lookout for Work Permissions on iOS and Lookout for Work Permissions on Android.