Configure integration settings to quickly deploy the Mobile Agent app and app configuration to managed mobile devices.
Before starting the integration process, make sure that you have:
-
Microsoft Endpoint Manager admin credentials
Note
The administrator must have Intune Administrator and Application Administrator roles. For more information, see the Microsoft Entra ID documentation. -
Trend Vision One console admin credentials
Procedure
- On the Trend Vision One
console, access the Intune integration configuration screen.
-
Go toto display the Mobile Security landing page.Under I have an MDM solution, choose.
-
Go to, and click Microsoft Endpoint Manager (Intune) in the integration list.
The configuration screen appears.Note
To edit your Intune integration settings, go to, and click Microsoft Endpoint Manager (Intune) in the integration list.Only administrators with the Master Administrator or Operator role can edit the integration settings. -
- In the Integration Settings
section, perform the following actions.
- Click Grant Permission, and then click
Accept on the Microsoft authorization
screen.Intune assigns a token to Mobile Security, which will be used for authentication during automatic device enrollment later.
- Select the platform of the mobile devices you are managing through
Intune.
-
iOS/iPadOSTo manage iOS/iPadOS devices with the Apple Volume Purchase Program (VPP), you must add the Mobile Security for Business app in Apple Business Manager and then click the refresh icon () before clicking Save.If you want to enforce Web Reputation protection across all iOS/iPadOS devices, select the Enable Web Reputation for iOS/iPadOS devices check box. Enabling this option disables your users from manually turning VPN off in their Mobile Agent app.
-
AndroidTo manage Android Enterprise devices, you must manually approve the Mobile Agent in the managed Google Play store and then click the refresh icon () before clicking Save.If you want to enforce Web Reputation protection across all Android Enterprise devices, select the Enable Web Reputation for Android Enterprise devices check box. Enabling this option disables your users from manually turning VPN off in their Mobile Agent app.
-
- Click Grant Permission, and then click
Accept on the Microsoft authorization
screen.
- In the Advanced Settings section,
select the data sync frequency and whether to send device risk data to Microsoft
Intune.
Note
The Sync user, device, and group data from Intune every field indicates the number of days between the attempts by Mobile Security to automatically synchronize user and device information from Intune.Important
To integrate Mobile Security with Microsoft Intune compliance policies and access all available integration features, including malware scanning for iOS and iPadOS, you must enable Send device risk level data to Microsoft Endpoint Manager (Intune). - Click Save.Mobile Security adds the following device configuration profiles and app configuration policies into Intune.
Note
The specific configuration profiles or policies available depend on your settings in Step 2b.-
Device configuration profiles
-
Trend Micro Mobile Security Always-on VPN for Android Device Owner
-
Trend Micro Mobile Security Always-on VPN for Android Work Profile
-
Trend Micro Mobile Security Trusted Root Certificate for Android Device Owner
-
Trend Micro Mobile Security Trusted Root Certificate for Android Work Profile
-
Trend Micro Mobile Security Trusted Root Certificate for iOS
The first two profiles are used to enforce Web Reputation protection across Android Enterprise devices. The last three profiles are used by Zero Trust Secure Access to secure access to external websites. -
-
App configuration policies containing platform-specific app configuration keys
-
Trend Micro Mobile Security Enrollment Configuration for iOS
-
Trend Micro Mobile Security Enrollment Configuration for iOS VPP
-
Trend Micro Mobile Security Enrollment Configuration for Android Device Administrator
-
Trend Micro Mobile Security Enrollment Configuration for Android Enterprise
With the app configuration policies, you can easily enroll your managed iOS/iPadOS or Android devices to Mobile Security. -
The following are examples of the app configuration keys:-
Token assigned to the Mobile Agent
-
User's company region
-
Mobile Security's API server address
-
- (Optional) On the Deploy Mobile Agent to
Devices window, confirm which groups will have Mobile Agent installed on their devices, and
click Deploy Now.
Note
This window appears only when Mobile Security detects that some mobile apps were previously assigned to mobile devices of the groups using Intune.Mobile Security starts to install the Mobile Agent on the specified groups' devices. When the installation is complete, end users need to launch the agent for the devices to auto-enroll with Mobile Security using the configuration keys in app configuration.Once enrolled, Mobile Security immediately performs a security scan on the devices without any user interference. - (Optional) In Microsoft Intune, create Mobile Security device compliance
policy.For more information, see the Microsoft Intune documentation.