MES Console Navigation
The Navigation Bar on the left side of the MES Console lists the available modules. Click any of the links in the left column to read about a module in detail, or see Appendix A: Core Modules.
Advanced MES features deemed are available in certain product levels. See Appendix C for details.
Module | Description |
---|---|
Dashboard | The landing module for the MES Console. The Dashboard provides an overview of Devices, Risks, and Active Issues across your fleet. It also features App Analysis information if you have purchased this Lookout advanced feature. |
Issues |
Lists both Active and Resolved Issues, as well as the affected device and the detection date. You can click an issue for additional information. You can also filter the list as described in Searching and Filtering Lists. |
Devices |
Lists Active, Inactive, and Disconnected devices. You can click a device for more information. You can also filter the list as described in Searching and Filtering Lists. |
Apps |
(Advanced feature) Lists apps detected on enrolled devices, including the app version, operating system, number and percentage of devices running the app, detection date, and detected security violations. You can click an app for more information. You can also filter the list as described in Searching and Filtering Lists. |
Vulnerabilities |
Lists active OS versions or security patches across your device fleet and shows what percentage of enrolled devices are on each. You can click a patch for more information. You can also filter the list as described in Searching and Filtering Lists. |
Research | (Premium feature) Investigate iOS and Android mobile apps and app-related analysis data that may expose your organization to unacceptable risk. You can take immediate action to protect your organization from risky apps and remote hosts by adding these elements to a denylist. |
Protections |
Review and set the policies for different issue classifications, including assigning a severity level (None, Advisory, Low, Medium, or High) and setting a Response (Alert or Don't Alert the user on the affected device). Review and configure On-Device Threat Remediation and Safe Browsing settings. (Advanced feature) Configure custom policies for apps, choose Secure DNS for Safe Browsing when VPN is impractical. Compliance actions, such as restricting an affected device from your network, are typically handled by an MDM based on the severity level information sent by Lookout. |
Intelligence |
View your mobile threat intel library to learn about the latest malware campaigns, zero-day exploits, nation-state surveillanceware activities, and phishing campaigns affecting the mobile ecosystem. (Premium feature) Download IOCs and MITRE ATT&CK® mappings for mobile malware campaigns and threat actors. |
Integrations | Review and configure MDM connectors. |
System | Replaces the Navigation Bar with the System bar. See below. |
Support | Opens the Lookout Enterprise Support Portal in a new browser tab. Use your Lookout MES Console login credentials to log in. From here, you can access product documentation or file a ticket with the Support team. |
System Modules
The System bar includes the modules below. Click any of the links in the left column to read about a module in detail, or see Appendix B: System Modules:
Module | Description |
---|---|
Account | Displays your company account information including organization, license usage, and the global enrollment code for manually adding devices to your Lookout MES tenant. |
Manage Admins |
Lists all MES Console Administrators. You can add new Administrators from here, or search the list by name or email. For Azure Active Directory integrations, you do not modify Admin users from this module. Instead, add new administrators directly to the AAD Groups specified in the Intune Connector. |
Manage Device Groups | Create, edit, or remove device groups in order to enforce different risk levels or policy responses across different groups. |
Manage Enrollment |
(Non-MDM deployments) If you are not using a Mobile Device Management (MDM) solution, you can enroll devices directly from the MES Console. If you are running Lookout alongside an MDM, you should send invitations from the MDM, as documented in the corresponding Deployment Guide. Review and set the maximum number of devices to enroll from a single Lookout for Work invitation email, as well as the expiration period before the invitation becomes invalid. You can also set the disconnection period before a device is considered unenrolled. You can also send Lookout for Work invitation emails by uploading a
|
Audit Trail | Review changes made by MES Console administrators. |
Application Keys | Review and generate application keys for communicating with Lookout from your SIEM application. |