home

Mobile Endpoint Security

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Configure App Protection Policies in Intune

  1. Log in to the Azure Management Portal.
  2. In the left pane, click Intune.
  3. In the Microsoft Intune blade, under Manage, click Client Apps.
  4. In the Client apps blade, under Manage, click App protection policies:
  5. Create a policy for apps you wish to restrict:

    For more information, see Create a Mobile Threat Defense app protection policy with Intune on the Microsoft Docs portal.

    1. Click + Create policy > Android for Android, or + Create policy > iOS/iPadOS for iOS.
    2. Enter a name and an optional description, then click Next.
    3. Select the Apps you wish to manage access to, then click Next.

      For example, you may wish to restrict access to Outlook or your corporate email client, along with SharePoint or other collaboration platforms.

    4. Configure data transfer, encryption, and other settings according to your organization's security needs, then click Next.
    5. Configure PIN and credential requirements as needed, then click Next.
    6. Under Device Conditions, click the Select one dropdown and select Max allowed device threat level, then configure the desired maximum threat level and response:


      • Secured: The most secure and most restrictive setting. A device is compliant only if no threats are present.
      • Low: A device is compliant if low risk threats are present. A device is noncompliant if a medium or high risk threat is present.
      • Medium: A device is compliant if low or medium risk threats are present. A device is noncompliant if a high risk threat is present.
      • High: The least secure and least restrictive setting. A device can always access company resources. Lookout is used for reporting purposes only, although users must activate Lookout for Work on their devices to be considered compliant.
    7. Optionally, remove or modify any of the other default App Conditions or Device Conditions.
    8. Click Next.
  6. Specify the user group that this policy will apply to.
    1. In the Assignments blade click Add groups.
    2. Select checkboxes for the Groups that this policy will apply to and click Select.
    3. Click Edit Filter to add the unmanaged device filter to ensure that the policy only applies to unmanaged devices of the selected user groups.
    4. In the Filters blade, select Include filtered devices in assignment, select the unmanaged device filter created previously and click Select.
    5. Click Next once all groups have been managed in the Assignments blade.
      The policy will be created.
  7. Create a second policy using the steps above if you wish to enable Mobile Application Management for both Android and iOS devices.