What is Mobile Threat Defense integration with Intune?

Intune Mobile Threat Defense connectors allow you to leverage your chosen Mobile Threat Defense vendor as a source of information for your compliance policies and conditional access rules. This allows IT administrators to add a layer of protection to their corporate resources such as Exchange and Sharepoint, specifically from compromised mobile devices.

What problem does this solve?

Companies need to protect sensitive data from emerging threats including physical, app-based, and network-based threats, as well as operating system vulnerabilities.

Historically, companies have been proactive when protecting PCs from attack, while mobile devices go unmonitored and unprotected. Mobile platforms have built-in protection such as app isolation and vetted consumer app stores, but these platforms remain vulnerable to sophisticated attacks. Today, more employees use devices for work and need access to sensitive information. Devices must be protected from increasingly sophisticated attacks.

How do the Intune Mobile Threat Defense connectors work?

The connector protects company resources by creating a channel of communication between Intune and your chosen Mobile Threat Defense vendor. Intune Mobile Threat Defense partners offer intuitive, easy to deploy applications for mobile devices, which actively scan and analyze threat information to share with Intune, for either reporting or enforcement purposes.

For example, if a connected Mobile Threat Defense app reports to the Mobile Threat Defense vendor that a phone on your network is currently connected to a network, which is vulnerable to Man in the Middle attacks, this information is shared with and categorized to an appropriate risk level (low/medium/high) – which can then be compared with your configured risk level allowances in Intune to determine if access to certain resources of your choice should be revoked while the device is compromised.

What data does Intune collect for Mobile Threat Defense?

If enabled, Intune collects app inventory information from both personal and corporate-owned devices and makes it available for Mobile Threat Defense (MTD) providers to fetch, such as Lookout for Work. You can collect an app inventory from the users of iOS devices.

This service is opt-in; no app inventory information is shared by default. An Intune administrator must enable App Sync for iOS devices in the service settings before any app inventory information is shared.

App inventory
If you enable App Sync for iOS devices, inventories from both corporate and personally owned iOS devices are sent to your MTD service provider. Data in the app inventory includes:

  • App ID
  • App Version
  • App Short Version
  • App Name
  • App Bundle Size
  • App Dynamic Size
  • Whether the app is validated or not
  • Whether the app is managed or not

Sample scenarios

When a device is considered infected by the Mobile Threat Defense solution:

Image showing a Mobile Threat Defense infected device

Access is granted when the device is remediated:

Image showing a Mobile Threat Defense Access granted


Using multiple Mobile Threat Defense vendors with Intune is not supported. Having multiple MTD tools enabled will force all MTD apps to be installed and scan across devices for threats.

Mobile Threat Defense partners

Learn how to protect access to company resource based on device, network, and application risk with: