Lookout Mobile Endpoint Security. AirWatch Connector Guide

Similar documents
Deploying Lookout with IBM MaaS360

Lookout Mobile Endpoint Security. Deploying Lookout with BlackBerry Unified Endpoint Management

Oracle Hospitality OPERA Exchange Interface Cloud Authentication. October 2017

Lookout Mobile Endpoint Security Console Administrator s Guide

Microsoft Active Directory Plug-in User s Guide Release

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Creating vservers 12c Release 1 ( )

Oracle Enterprise Manager Ops Center

Oracle. Field Service Cloud Using Android and ios Mobile Applications 18B

Oracle Cloud. Using the Google Calendar Adapter Release 16.3 E

Security Guide Release 4.0

Microsoft Internet Information Services (IIS) Plug-in User s Guide Release

Copyright 1998, 2009, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud E

Oracle Cloud Using the Google Calendar Adapter with Oracle Integration

Oracle Hospitality Suite8 Export to Outlook User Manual Release 8.9. July 2015

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Installing and Updating Local Software Packages 12c Release

Oracle Cloud Using the Google Calendar Adapter. Release 17.3

What s New for Cloud at Customer What's New for the Cloud Services on Oracle Cloud at Customer New Documentation for Oracle Cloud at Customer

Oracle Communications Configuration Management

Oracle Cloud Using the Evernote Adapter. Release 17.3

What s New for Oracle Cloud Stack Manager. Topics: July Oracle Cloud. What's New for Oracle Cloud Stack Release

Microsoft.NET Framework Plug-in User s Guide Release

Oracle Linux. UEFI Secure Boot Signing Key Update Notice

Oracle Hospitality RES 3700 Server Setup Guide Release 5.5 E May 2016

Oracle Cloud Using the Trello Adapter. Release 17.3

Contents About Connecting the Content Repository... 5 Prerequisites for Configuring a Content Repository and Unifier... 5

Oracle Cloud Using the Eventbrite Adapter with Oracle Integration

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need

Oracle Fusion Middleware

Oracle Cloud E

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Hardware and Software Configuration

New Features in Primavera Professional 15.2

Oracle Cloud Using the Microsoft Adapter. Release 17.3

Oracle Hospitality Simphony First Edition Venue Management (SimVen) Installation Guide Release 3.8 Part Number: E

Oracle Endeca Web Acquisition Toolkit

Oracle Cloud Using Oracle E-Business Suite Adapter Endpoint Configuration Wizard. Release 17.3

Introduction to Auto Service Request

Oracle Utilities Customer Self Service

Oracle Cloud Using the UiPath Robotic Process Automation Adapter with Oracle Integration F

Release for Microsoft Windows

Oracle Payment Interface Installation and Reference Guide Release E April 2018

Oracle Endeca Commerce Compatibility Matrix

Oracle Endeca Guided Search Compatibility Matrix

Managing Zone Configuration

Oracle Cloud Getting Started with Oracle WebCenter Portal Cloud Service

Oracle Cloud. Oracle Cloud Adapters Postinstallation Configuration Guide E

Insbridge Enterprise Rating Portal Configuration Guide

Oracle Identity Manager Connector Guide for Dropbox. Release

EnterpriseTrack Reporting Data Model Configuration Guide Version 17

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need

Oracle Utilities Opower Custom URL Configuration

Oracle Utilities Work and Asset Management Integration to Primavera P6 Enterprise Project Portfolio Management

Defining Constants and Variables for Oracle Java CAPS Environments

Deploying Oracle FLEXCUBE Application on WebSphere Oracle FLEXCUBE Universal Banking Release [December] [2016]

Recipe Calculation Survey. Materials Control. Copyright by: MICROS-FIDELIO GmbH Europadamm 2-6 D Neuss Date: August 21 st 2007.

Oracle Hospitality Cruise Shipboard Property Management System Topaz Signature Device Installation Guide Release 8.00 E

Report Management and Editor!

Module Code Entries Utility Oracle FLEXCUBE Universal Banking Release [December] [2016]

Oracle Utilities Smart Grid Gateway Adapter Development Kit

Oracle Cloud Using the Eventbrite Adapter. Release 17.3

Oracle Cloud What's New for Oracle WebCenter Portal Cloud Service

Oracle Fusion Middleware Oracle Cloud Adapters Postinstallation Configuration Guide. 12c Release ( )

Oracle Cloud Using the Oracle Advanced Queuing (AQ) Adapter. Release 17.3

Oracle Simphony Venue Management (SimVen) Installation Guide Release Part Number: E

Oracle Cloud Using the Oracle Responsys Adapter. Release 17.3

Oracle Enterprise Manager

Oracle Banking Digital Experience

Oracle Utilities Advanced Spatial and Operational Analytics

Notification Template Limitations. Bridge Limitations

Opera Browser Settings Oracle FLEXCUBE Release [May] [2017]

Oracle Enterprise Single Sign-on Logon Manager How-To: Configuring ESSO-LM Event Logging with Microsoft SQL Server 2005 Release

Oracle Cloud Using the MailChimp Adapter. Release 17.3

Oracle Hospitality Cruise Meal Count System Security Guide Release 8.3 E

Oracle Banking Digital Experience

18B. Integrating Oracle Commerce Cloud and Oracle Responsys

Oracle Agile Product Lifecycle Management for Process Reporting User Guide Release E

Oracle Cloud Using the File Adapter. Release 17.4

Oracle Fusion Middleware

Oracle Cloud Known Issues for Trial and Paid Subscriptions. Release 18.1

Apple Safari Settings Oracle FLEXCUBE Release [May] [2017]

Oracle mymicros.net, icare, myinventory and mylabor Self Host Release Notes Release v April 2015

Oracle Agile Product Lifecycle Management for Process

New Features in Primavera P6 16.2

PeopleSoft Fluid Required Fields Standards

Oracle Fusion Middleware

Oracle Hospitality Simphony Cloud Services Post-Installation or Upgrade Guide Release 2.10 E July 2018

Known Issues for Oracle Oracle Autonomous API Platform Cloud Service. Topics: Oracle Cloud

Oracle Service Cloud. Release 18D. What s New

Oracle Cloud Using the Twilio Adapter. Release 17.3

Oracle Cloud. Using Oracle Eloqua Adapter Release E

Oracle Cloud Using the Adobe esign Adapter. Release 17.3

Prerequisites for Using Enterprise Manager with Your Primavera Applications

Oracle Enterprise Manager Ops Center. Introduction. Provisioning Oracle Solaris 10 Operating Systems 12c Release 2 ( )

Oracle Virtual Desktop Client for ipad. Release Notes for Release 1.2

Oracle Hospitality Query and Analysis Languages and Translation Configuration Guide. March 2016

Database Change Reference Release 6.3

Oracle Enterprise Manager Ops Center E Introduction

Oracle Banking Channels Bank User Base

Oracle NoSQL Database Integration with SQL Developer. Release 18.1

Oracle Enterprise Manager Ops Center

Transcription:

Lookout Mobile Endpoint Security AirWatch Connector Guide October 2017

1 Copyright and disclaimer Copyright 2017, Lookout, Inc. and/or its affiliates. All rights reserved. Lookout, Inc., Lookout, the Shield Logo, and Everything is OK are registered trademarks of Lookout, Inc. Android is a trademark of Google Inc. Apple, the Apple logo, and iphone are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. UNIX is a registered trademark of The Open Group. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT END USERS: Lookout, Inc. programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Lookout, Inc. and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. This software or hardware and documentation may provide access to or information on content, products and services from third parties. Lookout, Inc. and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Lookout, Inc. and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.

2 Table of contents Copyright and disclaimer Table of contents Preface About this guide Audience Conventions Typographic conventions Contacting Lookout Customer Support Introduction Requirements Getting your AirWatch instance ready Creating an API role and user Creating an API key Creating Smart Groups & Tags Configure the Lookout app for distribution Downloading the Android or ios apps Adding the Android app Internal method Public store method Adding the ios App Internal method ios example Using ios seamless activation Set up your AirWatch connector Enrollment management Defining device state sync Configuring risk response 1 2 4 4 4 4 4 5 6 6 6 6 9 10 14 14 14 14 16 18 18 21 22 26 27 28 29

3 Managed devices Pending and secured devices Deactivation in MES 32 32 33

4 Preface Lookout Mobile Endpoint Security (MES) provides comprehensive risk management across ios and Android devices to secure against app, device, and network-based threats while providing visibility and control over data leakage. With a seamless integration to your EMM solution, Lookout empowers your organization to adopt secure mobility without compromising productivity. About this guide This guide describes how to add the Lookout AirWatch Connector to your mobile threat defense environment. Doing so enables Lookout mobile threat and device events to flow into your AirWatch environment. Audience This guide is for administrators, business users, and mobile security engineers who administer and support Lookout in their AirWatch environment. Conventions The following conventions are used in this document. Typographic conventions The following table describes the typographic conventions used in this document. Typeface Meaning User interface elements This formatting is used for graphical user interface elements such as pages, dialog boxes, buttons, and field labels. Code sample This formatting is used for sample code segments within a paragraph. <Variable> This formatting is used for variable values. For variables within a code sample the formatting is < Variable>.

5 File/path This formatting is used for filenames and paths. > The right angle bracket, or greater-than sign, indicates menu item selections in a graphic user interface, e.g., File > New > Tag. Contacting Lookout Customer Support Lookout customers have access to support through the Lookout Enterprise Support portal. This includes important information regarding Lookout software, implementation questions, product documentation, FAQs, as well as overall news and updates from Lookout. You can contact Lookout Enterprise Support through the Support portal at: https://enterprise.support.lookout.com.

6 Introduction Installing the Lookout AirWatch Connector in your mobile device management environment enables Lookout mobile threat and device events to flow into your AirWatch instance. This allows the integration of mobile security threat and device events into your AirWatch security incident and event programs. Additionally, Lookout allows you to streamline the management of devices and drive enforcement when threats are detected, as well as identify policies with respective action. Requirements AirWatch core server version 8.0.x through 9.1.x in either a cloud or on- premise installation. Administrator access to the AirWatch management console. Note: All users and devices should be enrolled in your AirWatch instance prior to configuring the Lookout AirWatch connector. See the Lookout Mobile Endpoint Security Supported Platforms document for additional platform information. Getting your AirWatch instance ready This section describes the necessary steps to prepare your AirWatch instance for integrating the Lookout AirWatch connector. Refer to the VMware AirWatch documentation for the latest AirWatch product information. Note: Procedures in this guide are based on the AirWatch cloud application. Refer to the VMware AirWatch documentation for the latest product information for either the AirWatch cloud or on-premise applications. Creating an API role and user As a best practice, Lookout encourages customers to use an API administrator user that you create specifically for the integration between Lookout and AirWatch. This ensures transactions related to the integration are associated to a single user/password credential. Note: The field values in this procedure are examples. You can specify any value that makes sense to the deployment in your AirWatch instance. To create the user/role: 1. Login to the AirWatch console using your administrator account.

7 2. Use the left navigation pane and click Accounts > Administrators > Roles to list all administrator roles. 3. Click +Add Role. The Create Role page displays. 4. Enter the role name API_User_role and a description. 5. In the Categories pane, click API > REST and select the Edit Mode Edit. Click Save. Your new role displays in the Roles list. 6. Use the left navigation pane and click Accounts > Administrators > List View to list all administrator users.

8 7. Click +Add > Add Admin. The Add/Edit Admin page displays. 8. On the Basic tab, enter the Username API_User and values for all other required (*) fields for this Lookout admin user. Note: The Email Address you specify here receives notifications for all Lookout AirWatch connector events.

9 9. On the Roles tab, enter the Role, API_User_role that you created previously in this procedure. The Organization Group value completes after you enter the Role value. 10. Click Save. Your Lookout administrator role and user is complete. Creating an API key The AirWatch API requires a key for validated communications to the Lookout connector. To create the API key: 1. Login to the AirWatch console using your administrator account. 2. Use the left navigation pane and click Groups & Setting > All Settings > System > Advanced > API > REST API. The REST API configuration page displays.

10 3. Click Enabled for Enable API Access. 4. Click +Add and add a Service with the Name Lookout MES and an Account Type of Admin. 5. Click Save. You will use the API Key for the new Lookout MES service later when you configure the AirWatch MDM connection in the Lookout MES console. Creating Smart Groups & Tags Lookout uses an AirWatch Smart Group to identify devices that require enrollment in the MES console. Lookout uses Tags to synchronize the device state to AirWatch. Although you can choose the names and tags to use in this configuration, Lookout suggests using those in the table below during this procedure to map Smart Groups and tags to states and enrollment. Type Name State Usage Smart Group/Tag Smart Group Lookout for Work Enrollment Smart Group Device MES - Pending Pending Devices Tag Device MES - Secured Secured Devices Tag Device MES - Threats Present Compromised Devices Tag

11 Device MES - Deactivated Deactivated Devices Tag Device MES - Disconnected Disconnected Devices Tag Device (Risk Posture) MES - Low Risk Low Risk Devices Tag Device (Risk Posture) MES - Medium Risk Medium Risk Devices Tag Device (Risk Posture) MES - High Risk High Risk Devices Tag To create a Smart Group: 1. Login to the AirWatch console using your administrator account. 2. Use the left navigation pane and click Groups & Setting > Groups > Assignment Groups. The Assignment Groups page displays. 3. Click +Add Smart Group. The Create New Smart Group page displays.

12 4. Enter the Name Lookout for Work and click Save. To create the tags shown in the previous table: 1. Login to the AirWatch console using your administrator account. 2. Use the left navigation pane and click Groups & Setting > All Settings > Devices & Users > Advanced > Tags to display the Tags page.

13 3. Click +Add Tag. The Add Tag page displays. 4. Enter each tag names shown in the previous table with a Type of Device. Click Save to save each tag. You ll use these tags later in the Lookout MES console to configure the AirWatch connection.

14 Configure the Lookout app for distribution This section describes adding the Lookout for Work Android and ios applications to the AirWatch applications library. This lets your users easily access the appropriate app to download and install on their devices. Downloading the Android or ios apps You need to download the Lookout for Work Android and ios mobile client apps to load into your AirWatch application library. To download the latest Android and ios apps: 1. Login into the MES Console using your administrator account. 2. Download the latest Android and ios Lookout for Work mobile clients from the Lookout Enterprise Support portal s Lookout for Work mobile clients download area. Adding the Android app Your users can download and install the Lookout for Work Android app either internally from your AirWatch instance or publically from the Google Play store. Internal method To configure the Lookout for Work Android app for internal distribution: 1. Login to the AirWatch console using your administrator account. 2. Use the left navigation pane and click Apps & Books > Applications > List View to display the list of available applications.

15 3. On the Internal tab, click +Add Application to display the Add Application page. 4. Choose the Organization Group ID. This is typically the same Organization Group you used when creating your API role and user earlier. 5. Click Upload and use Choose File from the Add page to select the LookoutForWork x.x.apk file you downloaded earlier in this procedure, where x.x is the version number you downloaded. Click Save. 6. On the Add Application page, click Continue. An internal app assignment screen similar to below displays. 7. Enter a unique Name for this internal Android app. Click Save & Assign. The Update Assignment page displays. 8. If the internal app you just saved appears in the Update Assignment page, select its radio button and click Edit. If no app is listed, click +Add Assignment. The Add Assignment page displays.

16 9. Enter the Smart Group name you created earlier into Select Assignment Groups. This should be a Smart Group containing the Android devices you want to require the Lookout for Work App to be installed internally. 10. Click Save. You return to the Update Assignment page. 11. Click Save & Publish. You return to the Internal tab of the Applications List View page where your Lookout for Work Android app displays. Public store method To configure the Lookout for Work Android app for public distribution: 1. Login to the AirWatch console using your administrator account. 2. Use the left navigation pane and click Apps & Books > Applications > List View to display the list of available applications shown earlier in the Internal method section.

17 3. Select the Public tab and click +Add Application to display the Add Application page. 4. Select Android from the Platform dropdown and click Enter URL as the Source. 5. Copy https://play.google.com/store/apps/details?id=com.lookout.enterprise into Enter URL and click Next. The public Add Application page displays. 6. Enter a required Name for the public Lookout for Work Android app on the Details tab. 7. Click the Assignment tab to display its page.

18 8. Enter the Smart Group name you created earlier into Select Assignment Groups. This should be a Smart Group containing the Android devices you want to require the Lookout for Work App to be installed publically from the Google Play store. 9. Click Save & Publish. You return to the Update Assignment page. Adding the ios App Your users can download and install the Lookout for Work ios app internally from your AirWatch instance. Refer to the Downloading the Android or ios apps section for instructions to download the Lookout for Work ios app. Important: After you download the ios app, you will need to resign the.ipa file before you can distribute it from your AirWatch instance. See the ios App Re-Signing Process article on the Lookout Enterprise Support portal for instructions on resigning your ios app. Internal method To configure the Lookout for Work ios app for internal distribution: 1. Login to the AirWatch console using your administrator account. 2. Use the left navigation pane and click Apps & Books > Applications > List View to display the list of available applications.

19 3. On the Internal tab, click +Add Application to display the Add Application page. 4. Choose the Organization Group ID. This is typically the same Organization Group you used when creating your API role and user earlier. 5. Click Upload and use Choose File from the Add page to select the LookoutForWork x.x.x.ipa file you resigned earlier in this procedure, where x.x.x is the version number you downloaded. Click Save. Note: You must resign the original ipa file you downloaded earlier before uploading. See the ios App Re-Signing Process article for instructions on resigning the downloaded ipa file. 6. On the Add Application page, click Continue. An internal app assignment screen similar to below displays.

20 7. Enter a unique Name for this internal ios app. Click Save & Assign. The Update Assignment page displays. 8. If the internal app you just saved appears in the Update Assignment page, select its radio button and click Edit. If no app is listed, click +Add Assignment. The Add Assignment page displays. 9. Enter the Smart Group name you created earlier into Select Assignment Groups. This should be a Smart Group containing the ios devices you want to require the Lookout for Work App to be installed internally. 10. Click Save. You return to the Update Assignment page. 11. Click Save & Publish. You return to the Internal tab of the Applications List View page where your Lookout for Work ios app displays.

21 ios example This example shows how to push a specific version of the ios app to a specific device. It is required that the version of the app is tagged before you push it to the device. To tag and push a specific ios app to a device: 1. Login to the AirWatch console using your administrator account. 2. Use the left navigation pane and click Devices > List View to display the list of available devices. 3. Select the device (1), select More Actions (2), then click Add Tag (3). 4. Select an existing tag or create a new one by clicking +New Tag and entering your tag name, then click Save.

22 5. Verify that the tag was applied to the selected device by inspecting its Tag column status. Using ios seamless activation Seamless activation allows you to activate your ios devices without having to specify email addresses and activation codes. Note: Seamless activation is for ios devices only. To configure an ios app for seamless activation: 1. Login to the AirWatch console using your administrator account.

23 2. Use the left navigation pane and click Devices > List View to display the list of available devices. 3. Click on the ios app that you want to configure seamless activation. That app s Details View page displays.

24 4. Select Assign to display the Update Assignment page. 5. If an assignment exists, select it (1) and click Edit (2). If no assignment exists, click +Add Assignment to create one. See the Adding the ios app section for details. NOTE: For the MDM key, the Configuration Value must be AIRWATCH in all capital letters.

25 6. Scroll to the bottom of the page and set Application Configuration to Enabled. 7. Add the four key/value pairs as shown in the table below. Use +Add to add new rows with. Match the case of the Configuration Values as shown. 8. Click Save & Publish after defining your key/value pairs and return to the list of apps. The configuration is now attached to the app and devices are seamlessly activated when the app is downloaded from AirWatch. Configuration Key Value Type Configuration Value Notes DEVICE_UDID String {DeviceUID} Declares the ios UDID. AirWatch completes this field for each device s UDID it pushes the app to. MDM String AIRWATCH Defines the MDM type. EMAIL String {EmailAddress} Declares the user email address. AirWatch completes this field for each device user s email address it pushes the app to.

26 GLOBAL_ENROLLMENT_COD E String <your global enrollment code> Enter your actual global enrollment code from the Lookout MES console on the System>Account>Global Enrollment Code page.

27 Set up your AirWatch connector This section describes setting up your Lookout AirWatch connector using the Lookout Mobile Endpoint Security (MES) console. You should have completed configuring your AirWatch instance as described in the Get your AirWatch instance ready section of this guide. Connection settings To start setting up your Lookout AirWatch connector: 1. Login to the MES console using your administrator account. 2. Use the left navigation pane and click System > Connectors to start the AirWatch connector setup. 3. Click Add Connector and select AirWatch from the list of available MDM applications. The VMWare AirWatch Connection Settings page displays.

28 4. Complete the Connection Settings fields for your AirWatch instance: information for the following Enter the API user information and URL to connect to your AirWatch instance. In the fields provided, enter: AirWatch URL API Token Enter the URL to your AirWatch instance. Copy the API key from the AirWatch REST API page, you created in the Creating an API key section. Authentication Select Certificate Authentication and click Upload to use your certificate and passphrase. Or select Basic Authentication to enter the username and password of the API user you created in the Creating an API role and user section. 5. Click Create connector. If the connection is successful other tabs become enabled, indicating that the connector was saved. If not successful, correct the corresponding error message and click Save changes. Enrollment management After you configure your AirWatch connector you setup how Lookout enrolls and deactivates devices in the Lookout MES console. Some of the actions you ll specify include: How Lookout drives enrollment of devices. Whether Lookout automatically deactivates devices. To manage device enrollment: 1. Login to the MES console using your administrator account. 2. Use the left navigation pane and click System > Connectors, then select the Enrollment Management tab to display the Device Enrollment page.

29 3. Enter the Smart Group name you created earlier to drive enrollment. Note: If you turn on Automatically drive Lookout for Work enrollment on AirWatch managed devices, Lookout begins polling devices immediately. All managed devices in the smart group you specified begin to receive enrollment notifications. Defining device state sync After you specified your device enrollment you define the device states Lookout uses to synchronize back to your AirWatch instance. To define the device state sync: 1. Login to the MES console using your administrator account. 2. Use the left navigation pane and click System > Connectors, then select the State Sync tab to display the State Sync page.

30 3. In the Device Lifecycle section, turn on the Lookout states to synchronize back to AirWatch. 4. For each state you turn on specify the AirWatch tag you created previously from the map in the Creating Smart Groups & tags section. 5. Use Synchronize device status to AirWatch to toggle synchronizing your enrolled devices states back to your AirWatch instance. Configuring risk response Lookout security policies are aligned to AirWatch tags. When a security policy is applied to a device, because the device becomes associated with the corresponding risk tag. The tag places the device into a predetermined Smart Group where the correct profile actions are executed. This allows AirWatch to drive the appropriate response based on the security risk posture of the device provided by Lookout. When threats are remediated by users the device state returns to secured and the device is moved into the corresponding Smart Group to return the device to a trusted normal operation. You use Smart Groups and profiles to cover the risk states that require remediation for your enterprise. Profiles and their actions keep the data and device secure in the event of misconfiguration or threat detection. To create a profile: 1. Login to the MES console using your administrator account. 2. Use the left navigation pane and click Devices > Profiles & Resources > Profiles. The Profiles list page displays.

31 3. Click ADD > Add Profile. The Add Profile page displays. 4. Select the type of operating system platform to associate with the profile. The General tab for the operating system you select displays. Note: You must create a profile for each operating system you ll manage with your AirWatch instance.

32 5. Complete all fields on the General tab for the actions of this profile actions. There are several other tabs in the left navigation menu that you can configure to limit or secure a device. At minimum, you must complete the General tab of the profile. All other tabs are optional. 6. Specify the appropriate threat level Smart Group to Assigned Groups field, then click Save & Publish. The profile is applied to each device assigned to the associated Smart Group. Repeat this procedure to create a profile for each operating system you want to manage. Associate each profile to the respective Smart Group corresponding to the threat levels coming from Lookout MES.

33 Managed devices This section includes information about devices managed by both Lookout Mobile Endpoint Security (MES) and through the AirWatch connector. Pending and secured devices When the AirWatch connector polls a device into Lookout MES its state is set to Pending. MES is aware of Pending devices but it has not activated security. Additionally, you can see devices that are managed by AirWatch using the AirWatch indicator in the MDM column of the device list in the MES console. When Lookout for Work is activated on a device its state changes to Secured. You can see device states in both the MES console and the AirWatch console as a device tag.

34 Deactivation in MES When you deactivate a device using the Lookout MES console that deactivation is permanent. You cannot reactivate a device after you deactivate it using the MES console.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback