Configure Phishing and Content Protection
These procedures are for new customers enabling Phishing and Content Protection for the first time. Existing customers with Phishing and Content Protection refer to Migrating Existing Users to Secure DNS to enable Secure DNS for their users.
- Navigate to the Protections module and click the Phishing and Content Protection tab.
- In the Manage settings for: dropdown, select the device group you will apply the settings to.
Phishing and Content Protection settings are per-group, facilitating a controlled rollout to the organization.
- Enable the Enable Phishing and Content Protection toggle:
- Existing customers with advanced features (see Appendix C for details) can configure the
Deployment Type option as Secure DNS or On-Device VPN or both.
On IOS 14 or above, selecting the Secure DNS deployment type shows only the DNS setup instructions to the user. Selecting the On-Device VPN shows only the VPN setup instructions to the user. Selecting both shows both DNS and VPN instructions to the user.
- Optionally, enable Phishing and Content Protection enforcement by setting the Make Phishing and Content Protection mandatory toggle to ON.This prevents end users from disabling the feature on their Lookout for Work app.
- Customers with advanced features (see Appendix C for details) can configure Secure DNS Corporate Domain Skip List. Admins can specify a list of domains that should not be resolved by Lookout DNS resolver.Those domains will be resolved by the default DNS resolver of the network to which the device is connected.
- Typically admins can configure their internal domains using this option. When the device is connected to a corporate network, those internal domains will be resolved by the corporate DNS resolver.
- You can also add ‘in-flight’ airline Wi-Fi domains so users using Secure DNS can connect to airline Wi-Fi. Otherwise, Lookout for Work will wait for Secure DNS resolution of the Wi-Fi domain which never comes because no other internet connections exist in-flight. See Using a Skip List to Allow In-Flight Wi-Fi Connection.
- Optionally, configure Allowlisted Content. Such domains will always be trusted and never be blocked.
- Optionally, configure Denylisted Content. Such domains in the Denylist will not be trusted and always enable policy action on.
- Click Save changes.
- Navigate to the Policies tab directly or by clicking Configure content policies in the Phishing and Content Protection tab.
- Find the Unauthorized Content classification.
When Lookout detects unauthorized content (for example, a site known to distribute spyware), it either alerts the user or blocks access to the URL based on the responses you configure.
- Choose a Risk Level of None, Advisory, Low, Medium, or High.
Risk Level Possible Response None Lookout does not detect a threat or notify or block the users from accessing the content. Advisory Lookout alerts the user but does not log a threat in the console. Low, Medium, High Lookout alerts the user and may also block the users depending on the response settings. - Click the gear icon next to the Risk Level dropdown.
The Configure Unauthorized Content Protection dialog appears.
- Select the checkboxes of unauthorized content you want to respond to.
Content subcategories are described here: Reference: Unauthorized Content Policy Categories.
- Click Save Changes.
- Choose the response from the Response dropdown.
- Click Save Changes on the Policies tab.
- Set a severity and response for the Phishing and Content Protection Disabled classification.This classification indicates that the end user has disabled the PCP feature in their Lookout for Work app.
- Set a severity and response for the VPN Permission Not Accepted issue types.
This classification indicates that the end user has not accepted VPN permissions, so Lookout cannot create a local VPN for PCP or On-Device Threat Remediation.
