使用 Intune 集成 Lookout 的故障排除Troubleshoot Lookout Integration with Intune

适用于:经典控制台中的 IntuneApplies to: Intune in the classic console
正在查找有关 Azure 中的 Intune 的文档?Looking for documentation about Intune on Azure? 请转到此处Go here.

本主题介绍设置 Lookout 移动威胁保护 (MTP) 时可能遇到的一些常见问题。This topic describes some common issues you may encounter with your Lookout mobile threat protection (MTP) setup.

登录错误Login errors

403 错误403 errors

登录 Lookout MTP 控制台时可能出现 403 错误:你无权访问此服务 当指定用户名不属于配置以访问 Lookout MTP 的 Azure Active Directory (AD) 组时,可能出现此错误。When you log in to the Lookout MTP console you see a 403 error: you are not authorized to access the service This can happen when the specified username is not a member of the Azure Active Directory (AD) group configured to access Lookout MTP.

Lookout MTP 只允许已配置 Azure AD 组中的用户访问服务。Lookout MTP only allows users from a configured Azure AD group to access the service. 要确定配置了 Lookout MTP 访问权限的组,请联系 Lookout 支持:To determine which group is configured with access to Lookout MTP, contact Lookout Support:

无法登陆Unable to sign in

Azure AD 全局管理员用户未接受初始 Lookout 设置时,会出现以下错误。You see the following error when the Azure AD global admin user has not accepted the initial Lookout setup.

Lookout 登录屏幕的屏幕截图显示登录出错

若要解决此问题,全局管理员用户必须登录 https://aad.lookout.com/les?action=consent,然后接受初始设置提示。To resolve this issue, the global admin user must login to https://aad.lookout.com/les?action=consent and accept the prompt to initiate the set up. 有关更详细的信息,请参阅使用 Lookout MTP 设置订阅主题More detailed information can be found in Set up your subscription with Lookout MTP topic

设备状态问题Device status issues

Lookout 设备列表中缺少设备Device missing from Lookout device list

以下任一情况都可能导致此问题:This could happen in either of the following scenarios:

  • 设备用户不属于“Lookout MTP 控制台”中指定的“注册组”。The device user is not in the Enrollment Group specified in the Lookout MTP Console. Lookout 控制台中,转到“系统” > “Intune 连接器” > “注册管理”。In the Lookout console, go System > Intune Connector > Enrollment Management. 查看为注册配置的 Azure AD 组,并验证设备用户是否属于 Azure AD 组。Review the Azure AD groups configured for enrollment and verify that the device user is part of one of the Azure AD groups. 将某用户添加到注册组后,最多需要在配置的轮训间隔后(默认为 5 分钟),设备才会显示在 Lookout MTP 控制台的“设备”模块中。Once a user is added to the enrollment group, it can take up to the configured polling interval, 5 minutes by default, for the device to appear in the Devices module of the Lookout MTP console.
  • 如果 Lookout MTP 不支持此设备。If the device is unsupported by Lookout MTP. 不受支持的设备将显示在 Lookout MTP 控制台上连接器设置的“托管设备”部分。Devices that are unsupported will appear in the Managed Devices section of the connector settings on the Lookout MTP Console.

报告为“挂起”的设备Device reported as pending

如果最终用户未打开 Lookout for Work 应用并点击“激活”按钮,设备显示为“挂起”。A device is shown as Pending if the end user has not opened the Lookout for work app and tapped the Activate button. 有关通过 Lookout for Work 应用激活设备的更多详细信息,请参阅系统提示在 Android 设备上安装 Lookout for Work系统提示在 iOS 设备上安装 Lookout for WorkFor more details on the device activation with Lookout for work app, see You are prompted to install Lookout for Work on your Android device or You are prompted to install Lookout for Work on your iOS device

设备处于活动状态,但没有设备 IDDevice whos active, but has no device ID

在 Lookout MTP 控制台中,如果活动设备没有设备 ID,则该设备用户不属于注册组。In the Lookout MTP console, if an active device has no device ID then the device user is not in the enrollment group. 如果设备用户已从注册组删除,或其所在注册组已被删除,设备会处于此状态。A device can get into this state is if the device user has been removed from the enrollment group or the enrollment group has been removed.

Lookout 控制台中,转到“系统” > “Intune 连接器” > “注册”查看设置。In the Lookout console, go System > Intune Connector > Enrollment and review the settings. 查看 Azure AD 组,并验证设备用户是否属于 Azure AD 组。Review the Azure AD groups and verify that the device useris part of one of the Azure AD groups.

设备处于此状态时,Lookout 会继续通知用户检测到的威胁,但不会向 Intune 发送任何威胁信息。While a device is in this state, Lookout will continue to notify the user of any threats detected, but will not send any threat information to Intune.

报告为“已断开连接”的设备Device reported as disconnected

“已断开连接”意味着该设备未在配置的时间间隔内(默认为 30 天,最少 7 天)与 Lookout MTP 同步。Disconnected means the device hasn't synced with Lookout MTP in the configured interval, 30 days by default with a minimum of 7 days. 设备缺少公司门户应用或 Lookout for Work 应用。Either the Company Portal app or the Lookout for Work app is missing from the device. 重新安装该应用可以解决此问题。Reinstalling the apps should resolve this issue. 用户打开 Lookout for Work 并激活该应用时,设备将重新同步到 Lookout MTP 和 Intune。When the user opens Lookout for Work and activates the app, the device resyncs with Lookout MTP and Intune.

强制设备同步Forcing a device sync

管理员从 Lookout MTP 控制台的“设备”模块选择和删除设备。From the Devices module of the Lookout MTP console, the administrator can select the device and choose to delete it. 设备所有者再次打开 Lookout for Work 应用并点击“激活”时,设备状态将彻底重新同步。The next time the device owner opens the Lookout for Work app and taps Activate, the device state will do a full resync.

设备有新用户Device has a new user

应擦除设备并要求新用户注册。You should wipe the device and ask the new user to enroll. Intune 管理员控制台选择设备,右键单击并选择“停用/擦除”,以删除对该设备的管理。From the Intune administrator console, select the device, right click, and choose Retire/Wipe to remove the device from management. 停用设备后可删除该设备。After retiring the device you can delete it.

Intune 管理员控制台“设备”模块的屏幕截图,其中显示了“停用/擦除”选项

还可转到 Lookout 控制台的“设备”模块,选择“删除”。You can also go to the Devices module of the Lookout console and choose Delete.

如果新用户属于 Lookout MTP 注册组,Azure AD 将设备与该新用户关联后即显示该设备。If the new user is in an Lookout MTP enrollment group, the device will appear once Azure AD associates the device with the new user.

合规性修正工作流Compliance remediation workflows

另请参阅See also

Set up you subscription with Lookout MTP(为订阅设置 Lookout MTP)Set up you subscription with Lookout MTP

要提交产品反馈,请访问 Intune Feedback