Configure Lookout Conditional Launch in Intune

Oct 18, 2021 3 min read
Configure Lookout Conditional Launch in Intune


Lookout Conditional Launch helps to secure corporate data on BYOD devices against app, network, phishing & device threats. And all this without enrolling the device into Intune. So, the acceptance from employee side will rise, due the not needed management of the device. Conditional Launch can be used on Android and iOS devices.

The Configuration

To use this feature, you need an already set up connection between Lookout & Intune. You can check this in your Microsoft Endpoint Manager Admin Center. There you browse to Tenant Administration -> Connectors and Tokens -> Mobile Threat Defense. If the Lookout for Work connector is present and marked as enabled, your environments should be connected correctly. Choose the connector to continue the configuration.

Within the connector you must enable the App Protection Policies by Operating Systems for the devices your company uses.

Proceed by switching to Apps -> App Protection Policies. Here choose an existing policy if you got one, otherwise create a new one. We will edit an existing policy now but with a new policy the steps are exactly the same.

Within the policy edit the Apps category.

Here, you can add all Office 365 Apps which you want to protect with Conditional Launch.

Save your Settings and edit the Conditional Launch policies.

Within the Conditional Launch settings scroll down to Device Conditions. Add a new condition for Max allowed device threat level. The Value depends on your security policies. But in general, this should be set to Secured, which means, if a threat appears on the device, doesn’t matter which level, access to Microsoft apps will be blocked. Set the action to Block Access.

Now, make sure to have assigned a group to your policy. The Conditional Launch should take effect after some minutes.

When entering one of the Microsoft apps, you now will be forced to download Lookout for Work & Authenticator/Company Portal to register your device. After this, the assigned devices are successfully protected by Lookout and the Microsoft apps with Conditional Launch.


We have just seen that with a simple configuration, Lookout is able to offer a first level of security for corporate resources, even on personal terminals.

The Conditional Launch simply addresses many of the modern challenges of mobile security in the enterprise.

Thank you for reading and stay tuned to our blog for more information on mobile OS security.

Great! Next, complete checkout for full access to Mobinergy Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Mobinergy Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.