home

Mobile Endpoint Security

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Mobile Endpoint Security

Initial Actions and Concepts

MES Console Navigation

The Navigation Bar on the left side of the MES Console lists the available modules. Click any of the links in the left column to read about a module in detail, or see Appendix A: Core Modules.

Advanced MES features deemed are available in certain product levels. See Appendix C for details.

ModuleDescription
DashboardThe landing module for the MES Console. The Dashboard provides an overview of Devices, Risks, and Active Issues across your fleet. It also features App Analysis information if you have purchased this Lookout advanced feature.
Issues

Lists both Active and Resolved Issues, as well as the affected device and the detection date.

You can click an issue for additional information. You can also filter the list as described in Searching and Filtering Lists.

Devices

Lists Active, Inactive, and Disconnected devices.

You can click a device for more information. You can also filter the list as described in Searching and Filtering Lists.

Apps

(Advanced feature) Lists apps detected on enrolled devices, including the app version, operating system, number and percentage of devices running the app, detection date, and detected security violations.

You can click an app for more information. You can also filter the list as described in Searching and Filtering Lists.

Vulnerabilities

Lists active OS versions or security patches across your device fleet and shows what percentage of enrolled devices are on each.

You can click a patch for more information. You can also filter the list as described in Searching and Filtering Lists.

Research(Premium feature) Investigate iOS and Android mobile apps and app-related analysis data that may expose your organization to unacceptable risk. You can take immediate action to protect your organization from risky apps and remote hosts by adding these elements to a denylist.
Protections

Review and set the policies for different issue classifications, including assigning a severity level (None, Advisory, Low, Medium, or High) and setting a Response (Alert or Don't Alert the user on the affected device). Review and configure On-Device Threat Remediation and Safe Browsing settings.

(Advanced feature) Configure custom policies for apps, choose Secure DNS for Safe Browsing when VPN is impractical.

Compliance actions, such as restricting an affected device from your network, are typically handled by an MDM based on the severity level information sent by Lookout.

Intelligence

View your mobile threat intel library to learn about the latest malware campaigns, zero-day exploits, nation-state surveillanceware activities, and phishing campaigns affecting the mobile ecosystem.

(Premium feature) Download IOCs and MITRE ATT&CK® mappings for mobile malware campaigns and threat actors.

IntegrationsReview and configure MDM connectors.
SystemReplaces the Navigation Bar with the System bar. See below.
SupportOpens the Lookout Enterprise Support Portal in a new browser tab. Use your Lookout MES Console login credentials to log in. From here, you can access product documentation or file a ticket with the Support team.

System Modules

The System bar includes the modules below. Click any of the links in the left column to read about a module in detail, or see Appendix B: System Modules:

ModuleDescription
AccountDisplays your company account information including organization, license usage, and the global enrollment code for manually adding devices to your Lookout MES tenant.
Manage Admins

Lists all MES Console Administrators. You can add new Administrators from here, or search the list by name or email.

For Azure Active Directory integrations, you do not modify Admin users from this module. Instead, add new administrators directly to the AAD Groups specified in the Intune Connector.

Manage Device GroupsCreate, edit, or remove device groups in order to enforce different risk levels or policy responses across different groups.
Manage Enrollment

(Non-MDM deployments) If you are not using a Mobile Device Management (MDM) solution, you can enroll devices directly from the MES Console. If you are running Lookout alongside an MDM, you should send invitations from the MDM, as documented in the corresponding Deployment Guide.

Review and set the maximum number of devices to enroll from a single Lookout for Work invitation email, as well as the expiration period before the invitation becomes invalid. You can also set the disconnection period before a device is considered unenrolled.

You can also send Lookout for Work invitation emails by uploading a .csv file or by manually entering a list of email addresses, and review any outstanding invitations.

Audit TrailReview changes made by MES Console administrators.
Application KeysReview and generate application keys for communicating with Lookout from your SIEM application.

Last updated: September 30, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.