home

Mobile Endpoint Security

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Show Page Sections

Mobile Endpoint Security

Intune Mobile Application Management Without Enrollment for BYOD Users

Configuring an Intune Connector

Create an Intune Connector in the Lookout MES Console

If you do not already have an Intune connector configured in Lookout, you must create one. If you have an existing connector, skip to Step 7 and add the AAD user group that you use for BYOD users.

  1. Navigate to https://aad.lookout.com/les?action=consent, then log into AAD and click Accept.

    This step must be performed by an AAD Global Administrator upon enabling Intune MAM, even if you have previously granted consent. Until you accept the required permissions, you cannot save the changes to the Intune connector.

  2. Log in to the Lookout MES Console at https://aad.lookout.com.
  3. In the left sidebar, click Integrations.
  4. Under Choose a product to set up, click the Microsoft Intune tile.
    The Intune connector page opens.
  5. Under Connector Settings, enter the following:
    FieldValue
    Label for this MDM connection(Optional) A user friendly name for the connector, such as "Intune BYOD Devices"
    Heartbeat FrequencyLookout recommends using the default 10 minute interval.
  6. Click Create Integration in the top right corner.

    If creation is successful, a banner notification appears and additional sections become enabled.

  7. Scroll down to Enrollment Management and enter the following:
    FieldValue
    How often should Lookout check for new devices?Lookout recommends using the default 5 minute interval.
    Use the following Azure AD security groups to identify devices that should be enrolled in Lookout for Work:

    Click + Add Entry and add the AAD user group(s) that you use for BYOD users, then click Save.

    After adding a security group, scroll up and click Save Changes in the top right corner before adding more groups.

    Enable Intune MAMON
    Delete device on unenrollmentON
  8. Scroll down to State Sync and enable Synchronize device status to Intune and Synchronize issue status to Intune:
  9. Scroll down to Error Management and enter an email address for error reporting.
  10. Scroll up and click Save Changes in the top right corner.

    You can review connector settings from the Integrations module at any time.

Connect to Lookout Mobile Endpoint Security in Intune

After configuring the Intune Connector in the Lookout Console, set up a connection to it in Intune.

  1. Log in to the Azure Management Portal.
  2. In the left pane, click Intune.

    If Intune is not present as a favorite item, click All services > at the top of the sidebar and enter Intune in the search field.

  3. In the Microsoft Intune blade, under Manage, click Device Compliance.
  4. In the Device Compliance blade, under Setup, click Mobile Threat Defense, then click + Add.
  5. In Select a Mobile Threat Defense connector to setup, select Lookout for Work, then click Create:
  6. Click the newly created Lookout for Work connector.
  7. Under MDM Compliance Policy Settings, toggle Enable App Sync for iOS Devices to ON
  8. Scroll down to App Protection Policy Settings and toggle Connect <OS + version > to Lookout for Work for app protection policy evaluation to ON:


    Initially, the Connect <OS + version > to Lookout for Work toggles may be disabled. Once MES and Intune services begin communication, these toggles are automatically enabled.

  9. Click Save.

Last updated: September 30, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.