Add Mobile Threat Defense apps to unenrolled devices
By default, when using Intune app protection policies with Mobile Threat Defense, Intune does the work to guide the end user on their device to install and sign in to all required apps to enable the connections with the relevant services.
End users need the Microsoft Authenticator (iOS) to register their device, and the Mobile Threat Defense (both Android and iOS) to receive notifications when a threat is identified in their mobile devices, and to receive guidance to remediate the threats.
Optionally, you can use Intune to add and deploy the Microsoft Authenticator, and Mobile Threat Defense (MTD) apps as well.
Note
This article applies to all Mobile Threat Defense partners that support app protection policies:
- Better Mobile (Android, iOS/iPadOS)
- BlackBerry Mobile (CylancePROTECT for Android, iOS/iPadOS)
- Check Point Harmony Mobile (Android, iOS/iPadOS)
- Jamf (Android, iOS/iPadOS)
- Lookout for Work (Android, iOS/iPadOS)
- Microsoft Defender for Endpoint (Android, iOS/iPadOS, Windows)
- SentinelOne (Android, iOS/iPadOS)
- Symantec Endpoint Security (Android, iOS/iPadOS)
- Trellix Mobile Security (Android, iOS/iPadOS)
- Windows Security Center (Windows) - For information about the Windows versions that support this connector, see Data protection for Windows MAM.
- Zimperium (Android, iOS/iPadOS)
For unenrolled devices, you do not need an iOS app configuration policy that sets up the Mobile Threat Defense for iOS app you use with Intune. This is a key difference compared to Intune enrolled devices.
Configure Microsoft Authenticator for iOS via Intune (optional)
When using Intune app protection policies with Mobile Threat Defense, Intune guides the end user to install, sign in to, and register their device with the Microsoft Authenticator (iOS).
However, should you wish to make the app available to end users via the Intune Company Portal, see the instructions for adding iOS store apps to Microsoft Intune. Use this Microsoft Authenticator - iOS App Store URL when completing the Configure app information section. Don't forget to assigning app to groups with Intune as the final step.
Note
For iOS devices, you need the Microsoft Authenticator so users can have their identities checked by Microsoft Entra. The Intune Company Portal works as the broker on Android devices so users can have their identities checked by Microsoft Entra.
Making Mobile Threat Defense apps available via Intune (optional)
When you use Intune app protection policies with Mobile Threat Defense, Intune guides the end user to install and sign in to the required Mobile Threat Defense client app.
However, should you wish to make the app available to end users via the Intune Company Portal, you can follow the steps provided in the following sections. Make sure you're familiar with the process of:
Making Better Mobile available to end users
Android
- See the instructions for adding Android store apps to Microsoft Intune.
iOS
- See the instructions for adding iOS store apps to Microsoft Intune. Use this ActiveShield - App Store URL when completing the Configure app information section.
Making CylancePROTECT available to end users
Android
- See the instructions for adding Android store apps to Microsoft Intune. Use this CylancePROTECT - Play Store URL when completing the Configure app information section.
iOS
- See the instructions for adding iOS store apps to Microsoft Intune. Use this CylancePROTECT - App Store URL when completing the Configure app information section.
Making Check Point Harmony Mobile Protect available to end users
Android
- See the instructions for adding Android store apps to Microsoft Intune. Use this Harmony Mobile Protect - Play Store URL when completing the Configure app information section.
iOS
- See the instructions for adding iOS store apps to Microsoft Intune. Use this Harmony Mobile Protect - App Store URL when completing the Configure app information section.
Making Jamf available to end users
Android
- See the instructions for adding Android store apps to Microsoft Intune. Use this Jamf Trust - Play Store URL when completing the Configure app information section.
iOS
- See the instructions for adding iOS store apps to Microsoft Intune. Use this Jamf Trust - App Store URL when completing the Configure app information section.
Making Lookout for Work available to end users
Android
- See the instructions for adding Android store apps to Microsoft Intune. Use this Lookout for Work - Play Store URL when completing the Configure app information section.
iOS
- See the instructions for adding iOS store apps to Microsoft Intune. Use this Lookout for Work - iOS App Store URL when completing the Configure app information section.
Making SentinelOne available to end users
- Android
- See the instructions for adding Android store apps to Microsoft Intune. Use this SentinelOne - Play Store URL when completing the Configure app information section.
- iOS
- See the instructions for adding iOS store apps to Microsoft Intune. Use this SentinelOne - App Store URL when completing the Configure app information section.
Making Symantec Endpoint Protection Mobile available to end users
Android
- See the instructions for adding Android store apps to Microsoft Intune. When completing the Configure app information section, use this SEP Mobile app store URL. For Minimum operating system, select Android 4.0 (Ice Cream Sandwich).
iOS
- See the instructions for adding iOS store apps to Microsoft Intune. Use this SEP Mobile - App Store URL when completing the Configure app information section.
Making Trellix Mobile Security available to end users
- Android
- See the instructions for adding Android store apps to Microsoft Intune. Use this Trellix Mobile Security - Play Store URL when completing the Configure app information section.
- iOS
- See the instructions for adding iOS store apps to Microsoft Intune. Use this Trellix Mobile Security - App Store URL when completing the Configure app information section.
Making Zimperium available to end users
- Android
- See the instructions for adding Android store apps to Microsoft Intune. Use this Zimperium - Play Store URL when completing the Configure app information section.
- iOS
- See the instructions for adding iOS store apps to Microsoft Intune. Use this Zimperium - App Store URL when completing the Configure app information section.