Configuring an Intune Connector
Create an Intune Connector in the Lookout MES Console
If you do not already have an Intune connector configured in Lookout, you must create one. If you have an existing connector, skip to Step 7 and add the AAD user group that you use for BYOD users.
- Navigate to https://aad.lookout.com/les?action=consent, then log into AAD and click Accept.
This step must be performed by an AAD Global Administrator upon enabling Intune MAM, even if you have previously granted consent. Until you accept the required permissions, you cannot save the changes to the Intune connector.
- Log in to the Lookout MES Console at https://aad.lookout.com.
- In the left sidebar, click Integrations.
- Under Choose a product to set up, click the Microsoft Intune tile.The Intune connector page opens.
- Under Connector Settings, enter the following:
Field Value Label for this MDM connection (Optional) A user friendly name for the connector, such as "Intune BYOD Devices" Heartbeat Frequency Lookout recommends using the default 10 minute interval. - Click Create Integration in the top right corner.
If creation is successful, a banner notification appears and additional sections become enabled.
- Scroll down to Enrollment Management and enter the following:
Field Value How often should Lookout check for new devices? Lookout recommends using the default 5 minute interval. Use the following Azure AD security groups to identify devices that should be enrolled in Lookout for Work: Click + Add Entry and add the AAD user group(s) that you use for BYOD users, then click Save.
After adding a security group, scroll up and click Save Changes in the top right corner before adding more groups.
Enable Intune MAM ON Delete device on unenrollment ON - Scroll down to State Sync and enable Synchronize device status to Intune and Synchronize issue status to Intune:
- Scroll down to Error Management and enter an email address for error reporting.
- Scroll up and click Save Changes in the top right corner.
You can review connector settings from the Integrations module at any time.
Connect to Lookout Mobile Endpoint Security in Intune
After configuring the Intune Connector in the Lookout Console, set up a connection to it in Intune.
- Log in to the Azure Management Portal.
- In the left pane, click Intune.
If Intune is not present as a favorite item, click All services > at the top of the sidebar and enter
Intune
in the search field. - In the Microsoft Intune blade, under Manage, click Device Compliance.
- In the Device Compliance blade, under Setup, click Mobile Threat Defense, then click + Add.
- In Select a Mobile Threat Defense connector to setup, select Lookout for Work, then click Create:
- Click the newly created Lookout for Work connector.
- Under MDM Compliance Policy Settings, toggle Enable App Sync for iOS Devices to ON
- Scroll down to App Protection Policy Settings and toggle Connect <OS + version > to Lookout for Work for app protection policy evaluation to ON:
Initially, the Connect <OS + version > to Lookout for Work toggles may be disabled. Once MES and Intune services begin communication, these toggles are automatically enabled.
- Click Save.