Why Distribute through MobileIron?
If a device is managed by MobileIron, it is recommended that you distribute the Lookout for Work iOS app to them via MobileIron. Distributing it in this way has a few advantage:
- You can automatically update the app on behalf of the user, to ensure they're always running the latest version.
- You can set Lookout for Work to be installed automatically when a new device is enrolled in MobileIron. This removes the friction of onboarding a new device or user.
- The app is treated as a managed app, which allows you to remove it if the device is offboarded in the future. In the future, this will also allows you to push a configuration file directly to the device to make the onboarding process even more seamless.
However, distributing the app via MDM also requires it to be configured carefully or you can accidentally introduce some undesirable behaviors. Specifically it is very important that you do not set "Remove app when device is quarantined or signed out" to "Yes". If Lookout marks a device as insecure and that causes MobileIron to quarantine the device, you want to keep Lookout installed on the device so it can detect if the device comes back into compliance.
Retiring Devices From Mobile Iron
When you choose to retire a device that uses Lookout from Mobile Iron it will take from four to twenty-four hours for the retirement to be reflected within Lookout. It could take up to four hours for a small number of retirements at a time and up to twenty-four hours for a large batch of retirements to process completely through to Lookout. This time lag is unfortunately due to limitations in the Mobile Iron API. Be sure to factor this time lag in when retiring devices since you will not be able to add the device back to Lookout until the retirement has been completely processed across both systems.
Additionally it is required that you upload an app icon in order to distribute an iOS app in MobileIron. The app icon you should use is attached here:
How should I upload the iOS Lookout for Work app to MobileIron?
To add an app in MobileIron for distribution, navigate to Apps -> App Distribution Library and then select the platform "iOS" and then click "Add App".
Here are the full set of recommended settings for distributing Lookout for Work through MobileIron. Not all properties are listed here, just the things that should be changed from the default values:
Step 1 of 5:
Just click "Next".
Step 2 of 5:
Distribution Type: In-house App
App Upload: Upload the latest version of the Lookout for Work IPA after you re-sign it with your enterprise certificate. This file will be named "LookoutForWork-resigned.ipa" in most cases. See iOS App Re-Signing Process for more information.
Remove app when device is quarantined or signed out: No
Send installation request on device registration or sign-in: Yes
Then click Next.
Step 3 of 5
App Name: Lookout for Work
If desired, you may include additional context in the app name. For example, you may want to say "Lookout for Work" so your employees are aware this app is for mobile security.
Display Version: Don't modify
Developer: Lookout, Inc.
Lookout offers the best protection against mobile threats to keep your device safe. When installed, Lookout for Work continuously protects your device from threats and will alert you, and your company administrator, if any are found.
You may need an activation code to activate Lookout. Please check your email for your activation code.
Hide in App Storefront: Show
Step 4 of 5
Upload the following App Icon (required):
Right click on the image above and click "Save Image As..." to download the app icon.
Step 5 of 5
Click "Finish" and you're done!
What happens now?
You'll need to apply a label to the Lookout for Work app in order to mark which devices it should be installed on. We recommend using the same label that you have configured in your MDM Connector inside the Lookout console. For more information about configuring MobileIron see Configuring a MobileIron Connector.
New MobileIron devices with the appropriate label will now automatically be prompted to install Lookout for Work as they're enrolled in MobileIron.
If you have Apps@Work (MobileIron's corporate app store) configured, then your users with the appropriate labels can now also download Lookout through the Apps@Work app on their iOS devices.
If you want to send a push notification to all devices in the attached labels that don't currently have Lookout for Work installed, you can select the app and click "Message".