home

Mobile Endpoint Security

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

The Device Policy Groups Tab

View, create, edit, and delete Device Groups using this tab.

You can separate devices in the Lookout MES Console into groups if you want to enforce different security policies between groups.

Lookout supports a maximum of 40 device groups. A few suggestions for device groups include:

  • An "Executive" group that never alerts the device during threats, so that the security team can follow up before issuing recommendations.
  • A "Developer" group that sets the risk level to "None" for threats that are commonly encountered during development. These include Man-in-the-Middle attacks, Root/Jailbreak, Non-App Store Signer, OS Out-of-Date, and Patch Level Out-of-Date, to name a few.
  • A "Managed Devices" group with strict enforcement and generally high risk levels.
  • A "Bring Your Own Device" group with lower risk levels for selected issues, and less restrictive enforcement actions.
  • If you have multiple MDM connectors, you can create device groups and set a different default device group for each connector.

    Each group in the list includes the following information:

  • Name: The name of the group.
  • Description: A summary of the group purpose.
  • No. of Devices: The number of devices in the group.
  • Enrollment Code: Devices that activate using this group enrollment code will automatically enroll as part of this group. You can also use managed app configuration to automatically move devices between groups.
  • View Protections: Shown when hovering over a row, this is a shortcut to set protections for the device group.