Integration Microsoft Intune and Lookout Mobile Threat Protection is there

In June Microsoft and Lookout announced their partnership and bath also announced the integration of Microsoft Intune and Lookout Mobile Threat Protection. In the last couple of months I was able to test and implement this first release of the integration between those two products at my customer in close corporation with the engineers of Lookout and Microsoft.


So in the next couple of blogs I will be describing what the current version of the integration is capable of, how we need to configure it, what the administrator experience is and what the user experience is. Looking at the current integration of both services is a nice addition to the complete Enterprise Mobility +Security proposition of Microsoft and allows you to secure your apps and data to the next level! But first look at why we actually want to integrate Microsoft Intune and Lookout Mobile Threat Protection.

Why Lookout Mobile Threat Protection?

Billions of devices are daily connecting to corporate environments and downloading mail without being actually being managed by the company via a Mobile Device Management solution like Intune. Those devices can be rooted, jailbroken and numerous of malicious mobile applications can be installed from the different app stores or directly side loaded to the device. Even if a device is managed through an MDM solution, administrators cannot really control what apps are installed or not. What they can check if a device is rooted, jailbroken or when some security settings are not compliant.

Looking at the figure below from McAfee Labs, you see how much malware on mobile devices is detected per hour in 2016 (see the complete whitepaper here).


So as you see the time that only computers were attacked with Ransomware, Trojans, Remote Access Tools (RATs) and other malware belongs already to the past for years and years. A couple of weeks ago Lookout and Citizen Lab uncovered a very nasty threat using three critical iOS vulnerabilities. Read all about Pegasus and Trident here and here.

Who isn’t accessing their back account or corporate documents from their mobile device? I am, so time to act if you ask me!

What is Lookout Mobile Threat Protection?

A solution like Lookout MTP is able to identify apps with malicious code, protect devices from man-in-the-middle attacks, or leaks in the operating systems.  Lookout MTP is a cloud service and is able to identify the following categories of malicious apps on Android and iOS operating systems;

Adware Root / Jailbreak
App Dropper Root Enabler
Backdoor Sideloaded App
Bot Spam
Chargeware Spyware
Click Fraud Surveillanceware
Data Leak Toll Fraud
Exploit Trojan
Man-in-the-Middle Attack Virus
Riskware Worm

This cloud service manages and secures millions of personal devices via their free Lookout Security & Antivirus app on Android and iOS. For years and years Lookout is analyzing apps that are available in the stores and are available on the devices that use the free Lookout version. Through out the years Lookout analyzed more than 30 million different apps via over 100 million sensors (mobile sensors, web crawlers, app store APIs). Per day more than 90.000 new apps arrive per day. So this big bunch of (big) data related to apps is used analyze and protect the devices.

For the enterprise market Lookout MTP uses the Lookout for Work app on Android and iOS, for iOS you need to download the ipa version of Lookout for Work and sign it with your Apple Distribution certificate. This needs to be done since a store app does not have the permissions to access information about state of the operating and the other apps that are installed.

The Lookout MTP Dashboard

The Enterprise versions of the client (Lookout for Work) are managed via the Lookout MTP console like shown above. In this console rich information can be gathered about the state of the  devices that are managed and protected via Lookout for Work.

Where do Intune and Lookout find each other?

Lookout did already integrate with other vendors like MobileIron and Airwatch, as the third major vendor Microsoft Intune is been added to the list. In short the integration between Intune and Lookout MTP will bring us conditional access based on if a threat has been found and what severity the thread is. Lookout integrates with both Azure AD and Microsoft Intune, more on this in the next blog about the architecture of the solution.

Compliance policy with Device Threat Protection (Lookout) enabled

As from last week the integration is available in all Microsoft Intune tenants, but to get access to Lookout a separate license is needed, Lookout is currently not part of any license pack of Microsoft.

It's in the admin workspace
It’s in the admin workspace

I will dig deeper into the architecture of integration in my next blog in this series.

Want to see the integration in action?


Tomorrow at Ignite my good friend Kent Agerlund will be showing the integration between Microsoft Intune and Lookout during his “BYOD program that employees and security teams will love with Microsoft Intune (BRK3281)” session at 12:30 eastern time (EDT) in the Georgia ballroom.



At IT/Dev Connections (10/10 10/13)  I will show the same during at our full day Microsoft Enterprise Mobility +Security workshop ; How You Can Digitally Transform Any Organization on Monday! Be sure to join Kenny Buntinx, Tim De Keukelaere and me in Las Vegas, there are still tickets available!

Other blogs in this series:


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Google is removing passcode reset for MDM vendors on Android 7.0 devices + workaround

Next Post

Intune and Lookout: the architecture of the integration

Related Posts