Lookout 移动威胁防御连接器与 IntuneLookout Mobile Threat Defense connector with Intune

适用于:经典控制台中的 IntuneApplies to: Intune in the classic console
正在查找有关 Azure 中的 Intune 的文档?Looking for documentation about Intune on Azure? 请转到此处Go here.

可根据 Lookout 给出的风险评估,控制移动设备对公司资源的访问,Lookout 是与 Microsoft Intune 集成的移动威胁防御解决方案。You can control mobile device access to corporate resources based on risk assessment conducted by Lookout, a Mobile Threat Defense solution integrated with Microsoft Intune. 基于通过 Lookout 服务从设备收集的遥测评估风险,包括:Risk is assessed based on telemetry collected from devices by the Lookout service including:

  • 操作系统漏洞Operating system vulnerabilities
  • 安装的恶意应用Malicious apps installed
  • 恶意网络配置文件Malicious network profiles

可基于通过 Intune 符合性策略启用的 Lookout 风险评估配置条件性访问策略。You can configure conditional access policies based on Lookout's risk assessment enabled through Intune compliance policies. 基于检测到的威胁,通过设置允许或阻止不符合要求的设备。Settings let you allow or block non-compliant devices based on detected threats.

Intune 和 Lookout 移动威胁防御如何帮助保护公司资源?How do Intune and Lookout Mobile Threat Defense help protect company resources?

在移动设备上安装并运行 Lookout 移动应用 Lookout for workLookout’s mobile app, Lookout for work, is installed and run on mobile devices. 此应用可捕获文件系统、网络堆栈以及设备和应用程序遥测(如果有),然后将其发送到 Lookout 云服务,评估设备的移动威胁风险。This app captures file system, network stack, and device and application telemetry where available, then sends it to the Lookout cloud service to assess the device's risk for mobile threats. 可在 Lookout 控制台中更改威胁的风险等级分类以满足你的需求。You can change risk level classifications for threats in the Lookout console to suit your requirements.

Intune 中的符合性策略包括用于 Lookout 移动威胁防御的新规则,该规则以 Lookout 风险评估为基础。The compliance policy in Intune includes a rule for Lookout Mobile Threat Defense based on Lookout risk assessment. 启用此规则后,Intune 将评估设备是否符合已启用的策略。When this rule is enabled, Intune evaluates device compliance with the policy that you enabled.

如果发现设备不符合,将阻止对 Exchange Online 和 SharePoint Online 等资源的访问。If the device is found non-compliant, access to resources like Exchange Online and SharePoint Online can blocked. 被阻止的设备上的用户会收到相关步骤来解决此问题,重新获得访问权限。Users on blocked devices receive a steps to resolve the issue and regain access. 从 Lookout for Work 应用启动指南。Guidance is launched from the Lookout for work app.

受支持的平台:Supported platforms:

在 Intune 中注册时,Lookout 支持以下平台:The following platforms are supported for Lookout when enrolled in Intune:

  • Android 4.1 及更高版本Android 4.1 and later
  • iOS 8 及更高版本 有关平台和语言支持的其他相关信息,请访问 Lookout 网站iOS 8 and later For additional information about platform and language support, visit the Lookout website.

先决条件:Prerequisites:

  • Microsoft Intune 订阅Microsoft Intune subscription
  • Azure Active DirectoryAzure Active Directory
  • Lookout Mobile EndPoint Security 企业订阅Lookout Mobile Endpoint Security enterprise subscription

有关详细信息,请参阅 Lookout Mobile Endpoint SecurityFor more information, see Lookout Mobile Endpoint Security

示例方案Sample scenarios

以下是一些常见方案:Following are some common scenarios:

基于来自恶意应用的威胁来控制访问Control access based on threats from malicious apps

在设备上检测到恶意应用(如恶意软件)时,可阻止进行以下操作,直到解决威胁:When malicious apps such as malware are detected on devices, you can block devices from the following until the threat is resolved:

  • 连接到公司电子邮件Connecting to corporate e-mail
  • 使用 OneDrive for Work 应用同步企业文件Syncing corporate files with the OneDrive for Work app
  • 访问公司应用Accessing company apps

检测到恶意应用时阻止: 显示条件访问策略在设备上检测到恶意软件,而将其确定为不合规时阻止访问的图示Block when malicious apps are detected: diagram showing conditional access policy blocking access when device is determined to be non-compliant due to malicious apps on the device

威胁解除后授予访问权限:Access granted on remediation:

显示条件访问策略在解除威胁后将设备确定为合规时授予访问权限的图示

基于对网络的威胁来控制访问Control access based on threat to network

检测中间人攻击等网络威胁,并基于设备风险保护对 WiFi 网络的访问。Detect threats to your network such as Man-in-the-middle attacks and protect access to WiFi networks based on the device risk.

阻止通过 WiFi 的网络访问: 基于网络威胁阻止 WiFi 访问的条件访问图示Block network access through WiFi: diagram showing conditional access blocking WiFi access based on network threats

威胁解除后授予访问权限:Access granted on remediation:

条件访问在解除威胁后允许访问的图示

基于对网络的威胁来控制对 SharePoint Online 的访问Control access to SharePoint Online based on threat to network

基于设备风险检测对网络的威胁,如中间人攻击和阻止同步企业文件。Detect threats to your network such as Man-in-the-middle attacks, and prevent synchronization of corporate files based on the device risk.

检测到网络威胁时阻止 SharePoint Online:Block SharePoint Online when network threats are detected:

条件访问基于检测到的威胁阻止设备访问 SharePoint Online 的图示

威胁解除后授予访问权限:Access granted on remediation:

条件访问在解除网络威胁后允许访问的图示

后续步骤Next steps

要实施此解决方案,必须执行以下几个主要步骤:Here are the main steps you must do to implement this solution:

  1. 设置 Lookout 订阅Set up your Lookout subscription
  2. 在 Intune 中启用 Lookout 移动威胁防御Enable Lookout Mobile Threat Defense in Intune
  3. 配置和部署 Lookout 移动威胁防御应用Configure and deploy Lookout Mobile Threat Defense app
  4. 配置 Lookout 设备符合性策略Configure Lookout device compliance policy
  5. Lookout 移动威胁防御集成故障排除Troubleshoot Lookout Mobile Threat Defense integration
要提交产品反馈,请访问 Intune Feedback