Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Mobile Endpoint Security

Mobile Endpoint Security Contents

MES Console

Lookout Mobile Endpoint Security Console Multi-Tenancy Administration

Setting up Organization-Level Admin Access and Protection Policies

About Multi-Tenancy Permissions with AAD

Small and Medium Business Solutions (SMB)

MDMs

SIEM Integrations

MES APIs

About Multi-Tenancy Permissions with AAD

When using AAD User Groups to control access to your multi-tenancy environment, organization administrators must belong to two groups:

A user group for multi-tenancy administrators that grants access to the MT Admin Console.
A user group that grants either Full Access, Restricted, Read-Only, or Invite Only permissions.

An administrator on a single tenant likewise belongs to two groups: one of the permission level groups defined above, and one group to control access to that tenant.

The example below shows some sample users belonging to different AAD groups. Note that MT Admins retain permissions across all of an organization's tenants:

Last updated: November 20, 2024

lookout-footer

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.