Setting up Microsoft Endpoint Manager (Intune) integration

Views:

Configure integration settings to quickly deploy the Mobile Security for Business app and app configuration to managed mobile devices.

Before starting the integration process, make sure that you have:

Microsoft Endpoint Manager admin credentials

Note

The administrator must have Intune Administrator and Application Administrator roles. For more information, see the Microsoft Entra ID documentation.

Trend Vision One console admin credentials

Procedure

On the Trend Vision One console, access the Intune integration configuration screen.

If this is the first time you set up Mobile Security, go to Mobile Security → Mobile Inventory to display the Mobile Security landing page.

Under I have an MDM solution, choose Use My MDM Solution → Microsoft Endpoint Manager (Intune).
If you have already set up an MDM integration or Mobile Device Director, go to Mobile Security → Mobile Inventory, click the settings icon (), and click Add MDM Solution.

Under I have an MDM solution, choose Use My MDM Solution → Microsoft Endpoint Manager (Intune).
Go to Workflow and Automation → Third-Party Integration, and click Microsoft Endpoint Manager (Intune) in the integration list.

The configuration screen appears.

Note

To edit your Intune integration settings, go to Workflow and Automation → Third-Party Integration, and click Microsoft Endpoint Manager (Intune) in the integration list.

Only administrators with the Master Administrator or Operator role can edit the integration settings.

In the Integration Settings section, do the following actions.
1. Click Grant Permission, and then click Accept on the Microsoft authorization screen.
  
  Intune assigns a token to Mobile Security, which will be used for authentication during automatic device enrollment later.
2. Select the platform of the mobile devices you are managing through Intune.
  - iOS/iPadOS
    
    To manage iOS/iPadOS devices with the Apple Volume Purchase Program (VPP), you must add the Mobile Security for Business app in Apple Business Manager and then click the refresh icon () before clicking Save.
    
    If you want to enforce Web Reputation protection across all iOS/iPadOS devices, select the Enable Web Reputation for iOS/iPadOS devices check box. Enabling this option disables your users from manually turning VPN off in their Mobile Security for Business app.
  - Android
    
    To manage Android Enterprise devices, you must manually approve the Mobile Security for Business in the managed Google Play store and then click the refresh icon () before clicking Save.
    
    If you want to enforce Web Reputation protection across all Android Enterprise devices, select the Enable Web Reputation for Android Enterprise devices check box. Enabling this option disables your users from manually turning VPN off in their Mobile Security for Business app.

In the Advanced Settings section, select the data sync frequency and whether to send device risk data to Microsoft Intune.

Note

The Sync user, device, and group data from Intune every field indicates the number of days between the attempts by Mobile Security to automatically synchronize user and device information from Intune.

Important

To integrate Microsoft Intune compliance policies and access all available features, including malware scanning for iOS and iPadOS, you must enable Send device risk level data to Microsoft Endpoint Manager (Intune).

Click Save.
Mobile Security adds the following device configuration profiles and app configuration policies into Intune.

Note

The specific configuration profiles or policies available depend on your settings in Step 2b.
- Device configuration profiles
  - Trend Micro Mobile Security Always-on VPN for Android Device Owner
  - Trend Micro Mobile Security Always-on VPN for Android Work Profile
  - Trend Micro Mobile Security Trusted Root Certificate for Android Device Owner
  - Trend Micro Mobile Security Trusted Root Certificate for Android Work Profile
  - Trend Micro Mobile Security Trusted Root Certificate for iOS
  The first two profiles are used to enforce Web Reputation protection across Android Enterprise devices. The last three profiles are used by Zero Trust Secure Access to secure access to external websites.
- App configuration policies containing platform-specific app configuration keys
  - Trend Micro Mobile Security Enrollment Configuration for iOS
  - Trend Micro Mobile Security Enrollment Configuration for iOS VPP
  - Trend Micro Mobile Security Enrollment Configuration for Android Device Administrator
  - Trend Micro Mobile Security Enrollment Configuration for Android Enterprise
  With the app configuration policies, you can easily enroll your managed iOS/iPadOS or Android devices to Mobile Security.
The following are examples of the app configuration keys:
- Token assigned to Mobile Security for Business
- User's company region
- Mobile Security's API server address

If automatically deploying Mobile Security for Business, confirm which groups to deploy to in the Deploy Mobile Agent to Devices window and click Deploy Now.

Note

This window appears only when Mobile Security detects that some mobile apps were previously assigned to mobile devices of the groups using Intune.

Mobile Security starts to install Mobile Security for Business on the specified group devices. When the installation is complete, end users need to launch the app for the devices to automatically enroll with Mobile Security. On first launch, end users must grant the required device permissions.

Note

End users cannot uninstall the Mobile Security for Business app on Android devices. On iOS devices,end users can uninstall the app, but Intune will automatically reinstall the app after some time.

Once enrolled, Mobile Security immediately performs a security scan on the devices without any user interference.

For further security, create Mobile Security device compliance policies in Microsoft Intune.

For more information, see the Microsoft Intune documentation.