Setting Up Intune Integration

Configure integration settings to quickly deploy the Mobile Agent app and app configuration to managed mobile devices.

Before starting the process of the integration, make sure that you have:

  1. On the Trend Micro Vision One console, access the Intune integration configuration screen.
    • Go to Inventory Management > Mobile Inventory to display the Mobile Security landing page.

      Select I have an MDM solution, select Microsoft Endpoint Manager (Intune), and click Next.

    • Go to Administration > Third-Party Integration, and click Microsoft Endpoint Manager (Intune) in the integration list.

    The configuration screen appears.


    To edit your Intune integration settings, go to Administration > Third-Party Integration, and click Microsoft Endpoint Manager (Intune) in the integration list.

    Only administrators with the Master Administrator or Operator role can edit the integration settings.

  2. In the Integration Settings section, perform the following actions.
    1. Click Grant Permission, and then click Accept on the Microsoft authorization screen.

      Intune assigns a token to Mobile Security, which will be used for authentication during automatic device enrollment later.

    2. Select the platform of the mobile devices you are managing through Intune.
      • iOS/iPadOS

        If you select Use the Apple Volume Purchase Program (VPP), click Go to Apple Business Manager and add the Mobile Agent app in Apple Business Manager. Wait for a while, and click the refresh icon to verify that Apple Business Manager has synchronized the app with Intune.

      • Android

        If you have an Android Enterprise account, you must manually approve the Mobile Agent app in the managed Google Play store.

        If you want to enforce Web Reputation protection across all Android Enterprise devices, select the Enable Web Reputation for Android Enterprise devices check box. Enabling this option disables users from manually turning VPN off in their Mobile Agent app.

  3. In the Other Settings section, select the data sync frequency from the Sync data every drop-down list.

    The Sync data every field indicates the number of days between the attempts by Mobile Security to automatically synchronize user and device information from Intune.

  4. Click Save.

    Mobile Security adds Mobile Agent and platform-specific app configuration keys to Intune. The following are examples of app configuration keys:

    • Token assigned to the Mobile Agent

    • User's company region

    • Mobile Security's API server address

  5. (Optional) On the Deploy Mobile Agent to Devices window, confirm which groups will have Mobile Agent installed on their devices, and click Deploy Now.

    This window appears only when Mobile Security detects that some mobile apps were previously assigned to mobile devices of the groups using Intune.

    Mobile Security starts to install the Mobile Agent on the specified groups' devices. When the installation is complete, end users need to launch the agent for the devices to auto-enroll with Mobile Security using the configuration keys in app configuration.

    Once enrolled, Mobile Security immediately performs a security scan on the devices without any user interference.