Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How do Intune and mobile threat defense tools integrate?

Mobile admins can use Microsoft Intune mobile threat defense integrations to provide deeper visibility into the threat level of mobile devices and additional security controls.

Some organizations need specific mobile security controls that aren't available with Microsoft Intune and other unified endpoint management platforms. In these cases, they should turn to Microsoft Intune mobile threat defense integrations.

Mobile threat defense tools, which IT can deploy alongside unified endpoint management (UEM) tools, allow IT professionals to prevent user access to malicious Wi-Fi or applications, flag suspicious links as potential phishing attacks and determine which devices need security updates.

Some of the mobile threat defense tools on the market today include Lookout, Symantec Endpoint Protection, Check Point Sandblast Mobile, Zimperium, Pradeo, Better Mobile Security, Sophos and Wandera. All of these tools can determine the threat level of the device, and Intune mobile threat defense integrations allow IT to use this threat level to calculate the compliance state of the device.

How to integrate mobile threat defense with Intune

Before IT pros can take advantage of any integrations with Intune and mobile threat defense tools, they must configure a mobile threat defense connector for each third-party vendor. Once IT configures the connector and Intune validates the tool, the mobile threat defense tool will be enabled (Figure 1).

Intune security tool integration
Figure 1. A successfully integrated mobile threat defense tool in Intune.

With the connection between Intune and the mobile threat defense tool in place, IT can detect a potentially malicious app on a user's mobile device. The mobile threat defense tool assesses the app and calculates a Device Threat Level, which appears in Intune (Figure 2).

Intune Device Threat Level
Figure 2. Device Threat Level status configurations.

Based on the compliance state of the flagged device, the mobile threat defense tool may automatically block a user's access to internal services that require Azure Active Directory's (AD) Conditional Access. IT can determine the threshold for blocking access in Intune's Compliance Policies. Device Threat Levels are:




No threat allowed


Only low threats allowed


Only low and medium threats allowed


All threat levels allowed

When the mobile threat defense tool detects a threat on a mobile device, Intune automatically blocks access based on the maximum Device Threat Level allowed in IT's preset compliance policy (Figure 3).

Intune access requirements
Figure 3. IT's requirements for Azure AD's Conditional Access services.

If there is some suspicious activity that the mobile threat defense tool didn't pick up, IT can manually block a device, require multifactor authentication for the next time the mobile users accesses services behind Azure's AD's Conditional Access or perform a number of other commands.

The Intune mobile threat defense integrations are great for organizations with legacy Android and iOS devices to check for the latest security updates. When IT pros use Android Enterprise for BYOD management, they may need to put in some extra work because the Work Profile is separated from the user's personal profile. IT should focus more on securing the personal side of the device because Intune already secures the Work Profile.

Dig Deeper on EMM tools | Enterprise mobility management technology