Views:

Configure integration settings to quickly deploy the Mobile Security for Business app and app configuration to managed mobile devices.

Before starting the integration process, make sure that you have:
  • Microsoft Endpoint Manager admin credentials
    Note
    Note
    The administrator must have Intune Administrator and Application Administrator roles. For more information, see the Microsoft Entra ID documentation.
  • Trend Vision One console admin credentials

Procedure

  1. On the Trend Vision One console, access the Intune integration configuration screen.
    • Go to Mobile SecurityMobile Inventory to display the Mobile Security landing page.
      Under I have an MDM solution, choose Integrate with Mobile SecurityMicrosoft Endpoint Manager (Intune).
    • Go to Workflow and AutomationThird-Party Integration, and click Microsoft Endpoint Manager (Intune) in the integration list.
    The configuration screen appears.
    Note
    Note
    To edit your Intune integration settings, go to Workflow and AutomationThird-Party Integration, and click Microsoft Endpoint Manager (Intune) in the integration list.
    Only administrators with the Master Administrator or Operator role can edit the integration settings.
  2. In the Integration Settings section, perform the following actions.
    1. Click Grant Permission, and then click Accept on the Microsoft authorization screen.
      Intune assigns a token to Mobile Security, which will be used for authentication during automatic device enrollment later.
    2. Select the platform of the mobile devices you are managing through Intune.
      • iOS/iPadOS
        To manage iOS/iPadOS devices with the Apple Volume Purchase Program (VPP), you must add the Mobile Security for Business app in Apple Business Manager and then click the refresh icon (Refresh_icon=GUID-B55739E8-3C9C-4511-9D93-A22BEA066D27=1=en-us=Low.png) before clicking Save.
        If you want to enforce Web Reputation protection across all iOS/iPadOS devices, select the Enable Web Reputation for iOS/iPadOS devices check box. Enabling this option disables your users from manually turning VPN off in their Mobile Security for Business app.
      • Android
        To manage Android Enterprise devices, you must manually approve the Mobile Security for Business in the managed Google Play store and then click the refresh icon (Refresh_icon=GUID-B55739E8-3C9C-4511-9D93-A22BEA066D27=1=en-us=Low.png) before clicking Save.
        If you want to enforce Web Reputation protection across all Android Enterprise devices, select the Enable Web Reputation for Android Enterprise devices check box. Enabling this option disables your users from manually turning VPN off in their Mobile Security for Business app.
  3. In the Advanced Settings section, select the data sync frequency and whether to send device risk data to Microsoft Intune.
    Note
    Note
    The Sync user, device, and group data from Intune every field indicates the number of days between the attempts by Mobile Security to automatically synchronize user and device information from Intune.
    Important
    Important
    To integrate Mobile Security with Microsoft Intune compliance policies and access all available integration features, including malware scanning for iOS and iPadOS, you must enable Send device risk level data to Microsoft Endpoint Manager (Intune).
  4. Click Save.
    Mobile Security adds the following device configuration profiles and app configuration policies into Intune.
    Note
    Note
    The specific configuration profiles or policies available depend on your settings in Step 2b.
    • Device configuration profiles
      • Trend Micro Mobile Security Always-on VPN for Android Device Owner
      • Trend Micro Mobile Security Always-on VPN for Android Work Profile
      • Trend Micro Mobile Security Trusted Root Certificate for Android Device Owner
      • Trend Micro Mobile Security Trusted Root Certificate for Android Work Profile
      • Trend Micro Mobile Security Trusted Root Certificate for iOS
      The first two profiles are used to enforce Web Reputation protection across Android Enterprise devices. The last three profiles are used by Zero Trust Secure Access to secure access to external websites.
    • App configuration policies containing platform-specific app configuration keys
      • Trend Micro Mobile Security Enrollment Configuration for iOS
      • Trend Micro Mobile Security Enrollment Configuration for iOS VPP
      • Trend Micro Mobile Security Enrollment Configuration for Android Device Administrator
      • Trend Micro Mobile Security Enrollment Configuration for Android Enterprise
      With the app configuration policies, you can easily enroll your managed iOS/iPadOS or Android devices to Mobile Security.
    The following are examples of the app configuration keys:
    • Token assigned to Mobile Security for Business
    • User's company region
    • Mobile Security's API server address
  5. (Optional) On the Deploy Mobile Agent to Devices window, confirm which groups will have Mobile Security for Business installed on their devices, and click Deploy Now.
    Note
    Note
    This window appears only when Mobile Security detects that some mobile apps were previously assigned to mobile devices of the groups using Intune.
    Mobile Security starts to install Mobile Security for Business on the specified groups' devices. When the installation is complete, end users need to launch the agent for the devices to auto-enroll with Mobile Security using the configuration keys in app configuration.
    Once enrolled, Mobile Security immediately performs a security scan on the devices without any user interference.
  6. (Optional) In Microsoft Intune, create Mobile Security device compliance policy.
    For more information, see the Microsoft Intune documentation.