Setting Up Intune Integration

Configure integration settings to quickly deploy the Mobile Agent app and app configuration to managed mobile devices.

Before starting the process of the integration, make sure that you have:

  • Microsoft Endpoint Manager admin credentials

    Note:

    The administrator must have Intune Administrator and Application Administrator roles. For more information, see the Microsoft Azure AD documentation.

  • Trend Micro Vision One console admin credentials

  1. On the Trend Micro Vision One console, access the Intune integration configuration screen.
    • Go to Inventory Management > Mobile Inventory to display the Mobile Security landing page.

      Select I have an MDM solution, select Microsoft Endpoint Manager (Intune), and click Next.

    • Go to Administration > Third-Party Integration, and click Microsoft Endpoint Manager (Intune) in the integration list.

    The configuration screen appears.

    Note:

    To edit your Intune integration settings, go to Administration > Third-Party Integration, and click Microsoft Endpoint Manager (Intune) in the integration list.

    Only administrators with the Master Administrator or Operator role can edit the integration settings.

  2. In the Integration Settings section, perform the following actions.
    1. Click Grant Permission, and then click Accept on the Microsoft authorization screen.

      Intune assigns a token to Mobile Security, which will be used for authentication during automatic device enrollment later.

    2. Select the platform of the mobile devices you are managing through Intune.
      • iOS/iPadOS

        If you select Use the Apple Volume Purchase Program (VPP), click Go to Apple Business Manager and add the Mobile Agent app in Apple Business Manager. Wait for a while, and click the refresh icon to verify that Apple Business Manager has synchronized the app with Intune.

      • Android

        If you have an Android Enterprise account, you must manually approve the Mobile Agent app in the managed Google Play store.

        If you want to enforce Web Reputation protection across all Android Enterprise devices, select the Enable Web Reputation for Android Enterprise devices check box. Enabling this option disables users from manually turning VPN off in their Mobile Agent app.

  3. In the Advanced Settings section, select the data sync frequency and whether to send device risk data to Microsoft Intune.
    Note:

    The Sync user, device, and group data from Intune every:Sync user, device, and group data from Intune every field indicates the number of days between the attempts by Mobile Security to automatically synchronize user and device information from Intune.

    Important:

    To integrate Mobile Security with Microsoft Intune compliance policies and access all available integration features, including malware scanning for IOS and iPadOS, you must enable Send device risk level data to Microsoft Endpoint Manager (Intune).

  4. Click Save.

    Mobile Security adds the following device configuration profiles and app configuration policies into Intune.

    Note:

    The specific configuration profiles or policies available depend on your settings in Step 2b.

    • Device configuration profiles

      • Trend Micro Mobile Security Always-on VPN for Android Device Owner

      • Trend Micro Mobile Security Always-on VPN for Android Work Profile

      • Trend Micro Mobile Security Trusted Root Certificate for Android Device Owner

      • Trend Micro Mobile Security Trusted Root Certificate for Android Work Profile

      • Trend Micro Mobile Security Trusted Root Certificate for iOS

      The first two profiles are used to enforce Web Reputation protection across Android Enterprise devices. The last three profiles are used by Zero Trust Secure Access to secure access to external websites.

    • App configuration policies containing platform-specific app configuration keys

      • Trend Micro Mobile Security Enrollment Configuration for iOS

      • Trend Micro Mobile Security Enrollment Configuration for iOS VPP

      • Trend Micro Mobile Security Enrollment Configuration for Android Device Administrator

      • Trend Micro Mobile Security Enrollment Configuration for Android Enterprise

      With the app configuration policies, you can easily enroll your managed iOS/iPadOS or Android devices to Mobile Security.

    The following are examples of the app configuration keys:

    • Token assigned to the Mobile Agent

    • User's company region

    • Mobile Security's API server address

  5. (Optional) On the Deploy Mobile Agent to Devices window, confirm which groups will have Mobile Agent installed on their devices, and click Deploy Now.
    Note:

    This window appears only when Mobile Security detects that some mobile apps were previously assigned to mobile devices of the groups using Intune.

    Mobile Security starts to install the Mobile Agent on the specified groups' devices. When the installation is complete, end users need to launch the agent for the devices to auto-enroll with Mobile Security using the configuration keys in app configuration.

    Once enrolled, Mobile Security immediately performs a security scan on the devices without any user interference.

  6. (Optional) In Microsoft Intune, create Trend Micro Mobile Security as a Service device compliance policy.

    For more information, see the Microsoft Intune documentation.