title | titleSuffix | description | keywords | author | ms.author | manager | ms.date | ms.topic | ms.service | ms.subservice | ms.localizationpriority | ms.assetid | ms.reviewer | ms.suite | search.appverid | ms.custom | ms.collection | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Set up Symantec Endpoint Protection Mobile integration with Intune |
Microsoft Intune |
How to set up the Symantec Endpoint Protection Mobile solution with Microsoft Intune to control mobile device access to your corporate resources. |
brenduns |
brenduns |
dougeby |
11/17/2023 |
how-to |
microsoft-intune |
protect |
high |
359448d9-2384-42ac-a21c-a25148c20a7b |
aanavath |
ems |
MET150 |
intune-azure |
|
Complete the following steps to integrate the Symantec Endpoint Protection Mobile (SEP Mobile) solution with Intune. You need to add SEP Mobile apps into Microsoft Entra ID P1 to have single sign-on capabilities.
Note
This Mobile Threat Defense vendor is not supported for unenrolled devices.
- Make sure you have the Microsoft Entra account properly configured in the Symantec Endpoint Protection Mobile Management console before starting the SEP Mobile Basic setup process.
- The Microsoft Entra account must be a global administrator account to perform the integration.
You can make sure your network is properly configured for integration with SEP Mobile setup by referring to the Symantec article Configuring SEP Manager after installation.
SEP Mobile supports two modes of integration with Intune:
- Read-only integration (Basic setup): Only inventories devices from Microsoft Entra ID and populates them in the Symantec Endpoint Protection Mobile Management console.
- If both the Report the health and risk of devices to Intune and Also report security incidents to Intune boxes aren't selected in the Symantec Endpoint Protection Mobile Management console, the integration is read-only and therefore will never change a device's state (compliant or noncompliant) in Intune.
- Full integration: Allows SEP Mobile to report devices on risk and security incident details to Intune, which creates a bi-directional communication between both cloud services.
-
iOS app: Allows end-users to sign in to Microsoft Entra ID using an iOS/iPadOS app.
-
Android app: Allows end-users to sign in to Microsoft Entra ID using an Android app.
-
Management app: This is the SEP Mobile Microsoft Entra multi-tenant app, which enables service-to-service communication with Intune.
Important
The SEP Mobile admin credentials must consist of an e-mail account that belongs to a valid user in the Microsoft Entra, otherwise the login will fail. SEP Mobile uses Microsoft Entra ID to authenticate its admin using single sign-on (SSO).
-
Go to Symantec Endpoint Protection Mobile Management Console.
-
Enter your SEP Mobile admin credentials, and then choose Continue.
-
Go to Settings, and under Intune Integration, choose Basic Setup.
-
Next to iOS App, choose Entra ID.
-
When the sign in page opens, enter your Intune credentials, and then choose Accept.
-
After the app is added to Microsoft Entra, you'll see an indication that the app was added successfully.
-
Repeat these steps for the SEP Mobile Android and Management apps.
You need to add a Microsoft Entra security group that contains all devices running SEP Mobile.
-
Enter and select all the security groups of devices that are running SEP Mobile, and then save the changes.
SEP Mobile syncs the devices running its Mobile Threat Defense service with the Microsoft Entra security groups.
-
Sign in to the Azure portal.
-
Select Microsoft Entra ID.
-
Choose the Properties tab.
-
Next to the Tenant ID, choose the copy icon, and then paste it to a safe location. You need this identifier in a later step.
:::image type="content" source="./media/skycure-mtd-connector-integration/symantec-azure-portal-directory-ID.png" alt-text="Image showing Tenant ID in the Azure portal":::
-
In the Azure portal, under Manage, choose Users and groups, and then choose All groups.
-
Choose the Add button. Type a group Name. Under Membership type, choose Assigned.
-
In the Members blade, select the group members, and then choose the Select button.
-
In the Group blade, choose Create.
-
Go to Symantec Endpoint Protection Mobile Management Console.
-
Enter your SEP Mobile admin credentials, then choose Continue.
-
Go to the Settings > Integrations > Intune > EMM Integration Selection section.
-
In the Directory ID box, paste the Tenant ID you copied from Microsoft Entra ID in the previous section and save the settings.
-
Go to the Settings > Integrations > Intune > Basic Setup section.
-
Next to iOS App, choose the Add to Microsoft Entra button.
-
Sign in using the Microsoft Entra credentials for the Microsoft 365 account that manages the directory.
-
Choose the Accept button to add the SEP Mobile iOS/iPadOS app to Microsoft Entra.
-
Repeat the same process for the Android app and the Management App.
-
Select all user groups that need to run the SEP Mobile apps, for example, the security group you created earlier.
-
SEP Mobile syncs the devices in the selected groups and starts reporting information to Intune. You can view this data in the Full Integration section. Go to the Settings > Integrations > Intune > Full Integration section.