Skip Navigation

Integrating
Cylance Endpoint Security
with
Microsoft Intune
to respond to mobile threats

You can connect
Cylance Endpoint Security
to
Microsoft Intune
so that
Cylance Endpoint Security
can report the risk level of devices to
Intune
. The device risk level is calculated based on the detection of mobile threats by the
CylancePROTECT Mobile
app on
Intune
managed devices.
Intune
can execute mitigation actions based on the device risk level.
When you connect
Cylance Endpoint Security
to
Intune
, you create app configuration policies that define the device types and
Intune
groups that the integration applies to.
CylancePROTECT Mobile
policies map events detected by the
CylancePROTECT Mobile
app to the risk level of your choosing (high, medium, or low). When the
CylancePROTECT Mobile
app on an
Intune
managed device detects a threat (for example, a malicious app or sideloaded app), the risk level that is mapped to that threat is factored into an overall risk level that
Cylance Endpoint Security
calculates for the device.
Cylance Endpoint Security
reports the device risk level to
Intune
, and
Intune
carries out the mitigation actions that have been configured for that risk level.
Note that all
Intune
managed devices that you want to use this feature must be included in an app configuration policy in the
Cylance
console. This feature requires the
CylancePROTECT Mobile
app version 2.0.1.1099 or later.
Cylance Endpoint Security
also supports using
Microsoft Intune
app protection policies to allow or restrict access to specific
Microsoft
apps based on the device threat level reported by
CylancePROTECT Mobile
. To enable this functionality, see Use Intune app protection policies with CylancePROTECT Mobile.