Merge pull request #8408 from Brenduns/11017779-mtd-trend-micro

2209 - 11017779 - Core docs for Trend Micro as new MTD partner.

Author: v-stsavell

memdocs/intune/protect/media/trend-micro-mobile-threat-defense-connector/trend-micro-malicious-apps-blocked.png

@@ -109,5 +109,6 @@ Learn how to protect access to company resource based on device, network, and ap
 - [Pradeo](pradeo-mobile-threat-defense-connector.md)
 - [Sophos Mobile](sophos-mtd-connector.md)
 - [Symantec Endpoint Protection Mobile](skycure-mobile-threat-defense-connector.md)
+- [Trend Micro Mobile Security](trend-micro-mobile-threat-defense-connector.md)
 - [Wandera Mobile Threat Defense](wandera-mtd-connector.md)
 - [Zimperium](zimperium-mobile-threat-defense-connector.md)

memdocs/intune/protect/media/trend-micro-mobile-threat-defense-connector/trend-micro-malicious-apps-unblocked.png

@@ -157,6 +157,10 @@ Use the same Azure AD account previously configured in the [Symantec Endpoint Pr
 
 Create the iOS app configuration policy as described in the [using iOS app configuration policy](../apps/app-configuration-policies-use-ios.md) article. For more information, see [Sophos Intercept X for Mobile iOS - Available managed settings](https://community.sophos.com/kb/133963) in the Sophos knowledge base.
 
+### Trend Micro Mobile Security app configuration policy
+
+See the instructions for [using Microsoft Intune app configuration policies for iOS](../apps/app-configuration-policies-use-ios.md) to add the Trend Micro Mobile Security app configuration policy.
+
 ### Wandera app configuration policy
 
 > [!NOTE]

memdocs/intune/protect/media/trend-micro-mobile-threat-defense-connector/trend-micro-network-spo-blocked.png

@@ -0,0 +1,113 @@
+---
+# required metadata
+
+title: Trend Micro Mobile connector with Intune
+titleSuffix: Intune on Azure
+description: Set up the Trend Micro Mobile Threat Defense connector with Intune.
+keywords:
+author: brenduns
+ms.author: brenduns
+manager: dougeby
+ms.date: 09/20/2022
+ms.topic: how-to
+ms.service: microsoft-intune
+ms.subservice: protect
+ms.localizationpriority: high
+ms.technology:
+ms.assetid: 
+
+# optional metadata
+
+#ROBOTS:
+#audience:
+#ms.devlang:
+ms.reviewer: aanavath
+#ms.suite: ems
+search.appverid: MET150
+#ms.tgt_pltfrm:
+#ms.custom:
+ms.collection: M365-identity-device-management
+---
+
+# Use Trend Micro Mobile Security with Intune
+
+Control mobile device access to corporate resources using Conditional Access based on risk assessment conducted by Trend Micro Mobile Security, a mobile threat defense (MTD) solution that integrates with Microsoft Intune. Risk is assessed based on telemetry collected from devices running the Trend Micro Mobile Agent app.
+
+You can configure Conditional Access policies based on a Trend Micro risk assessment, enabled through Intune device compliance policies for enrolled devices. You can set up your policies to allow or block noncompliant devices from accessing corporate resources based on detected threats.
+
+For more information about how to integrate Trend Micro with Microsoft Intune, see [Integration with Microsoft Endpoint Manager (Intune)](http://docs.trendmicro.com/en-us/enterprise/trend-micro-vision-one/mobile-security/getting-started-with_003/integration-with-int.aspx) in the [Trend Micro Mobile Security documentation](https://docs.trendmicro.com/en-us/enterprise/trend-micro-vision-one/mobile-security.aspx).
+
+> [!NOTE]
+> This Mobile Threat Defense vendor is not supported for unenrolled devices.
+
+## Supported platforms
+
+- **Android 7.0 and later**
+- **iOS 11.0 and later**
+
+## Prerequisites
+
+- Azure Active Directory Premium
+- Microsoft Intune subscription
+- Trend Micro account with administrative access to the Trend Micro Vision One console
+
+## How do Intune and the Trend Micro MTD connector help protect your company resources?
+
+The Trend Micro Mobile Agent app for Android and iOS/iPadOS captures file system, network stack, device, and application telemetry where available, then sends the telemetry data to the *Mobile Security* cloud service to assess the device's risk for mobile threats.
+
+- **Support for enrolled devices** - Intune device compliance policy includes a rule for MTD, which can use risk assessment information from Trend Micro. When the MTD rule is enabled, Intune evaluates device compliance with the policy that you enabled. If the device is found noncompliant, users are blocked access to corporate resources, such as Exchange Online and SharePoint Online. Users also receive guidance from the Trend Micro Mobile Agent app installed on their devices to resolve the issue and regain access to corporate resources. To support using Trend Micro with enrolled devices:
+
+  - [Add MTD apps to devices](../protect/mtd-apps-ios-app-configuration-policy-add-assign.md)
+  - [Create a device compliance policy that supports MTD](../protect/mtd-device-compliance-policy-create.md)
+  - [Enable the MTD connector in Intune](../protect/mtd-connector-enable.md)
+
+## Sample scenarios
+
+The following scenarios demonstrate the use of Trend Micro MTD when integrated with Intune:
+
+### Control access based on threats from malicious apps
+
+When malicious apps such as malware are detected on devices, you can block devices until the threat is resolved:
+
+- Connecting to corporate e-mail
+- Syncing corporate files with the OneDrive for Work app
+- Accessing company apps
+
+*Block when malicious apps are detected:*
+
+:::image type="content" source="./media/trend-micro-mobile-threat-defense-connector/trend-micro-malicious-apps-blocked.png" alt-text="Product flow for blocking access due to malicious apps.":::
+
+*Access granted on remediation:*
+
+:::image type="content" source="./media/trend-micro-mobile-threat-defense-connector/trend-micro-malicious-apps-unblocked.png" alt-text="Product flow for granting access when malicious apps are remediated.":::
+
+### Control access based on threat to network
+
+Detect threats like **Man-in-the-middle** in network, and protect access to Wi-Fi networks based on the device risk.
+
+*Block network access through Wi-Fi:*
+
+:::image type="content" source="./media/trend-micro-mobile-threat-defense-connector/trend-micro-network-wifi-blocked.png" alt-text="Product flow for blocking access through Wi-Fi due to an alert.":::
+
+*Access granted on remediation:*
+
+:::image type="content" source="./media/trend-micro-mobile-threat-defense-connector/trend-micro-network-wifi-unblocked.png" alt-text=" Product flow for granting access through Wi-Fi after the alert is remediated. ":::
+
+### Control access to SharePoint Online based on threat to network
+
+Detect threats like **Man-in-the-middle** in network and prevent synchronization of corporate files based on the device risk.
+
+*Block SharePoint Online when network threats are detected:*
+
+:::image type="content" source="./media/trend-micro-mobile-threat-defense-connector/trend-micro-network-spo-blocked.png" alt-text="Product flow for blocking access to the organizations files due to an alert.":::
+
+*Access granted on remediation:*
+
+:::image type="content" source="./media/trend-micro-mobile-threat-defense-connector/trend-micro-network-spo-unblocked.png" alt-text="Product flow for granting access to the organizations files after the alert is remediated.":::
+
+## Next steps
+
+- [Integrate Trend Micro with Intune](../protect/trend-micro-mtd-connector-integration.md)
+- [Set up Trend Micro Mobile Agent app](../protect/mtd-apps-ios-app-configuration-policy-add-assign.md)
+- [Create Trend Micro device compliance policy](../protect/mtd-device-compliance-policy-create.md)
+- [Enable Trend Micro Mobile Security MTD connector](../protect/mtd-connector-enable.md)

memdocs/intune/protect/media/trend-micro-mobile-threat-defense-connector/trend-micro-network-spo-unblocked.png

@@ -0,0 +1,85 @@
+---
+# required metadata
+
+title: Set up Trend Micro MTD integration with Intune
+titleSuffix: Intune on Azure
+description: "Trend Micro Mobile Security connector integration with Intune"
+keywords:
+author: brenduns
+ms.author: brenduns
+manager: dougeby
+ms.date: 09/20/2022
+ms.topic: how-to
+ms.service: microsoft-intune
+ms.subservice: protect
+ms.localizationpriority: high
+ms.technology:
+ms.assetid: 
+
+# optional metadata
+
+#ROBOTS:
+#audience:
+
+ms.reviewer: aanavath
+#ms.suite: ems
+search.appverid: MET150
+#ms.tgt_pltfrm:
+#ms.custom:
+ms.collection: M365-identity-device-management
+---
+
+# Connect Trend Micro Mobile Security with Microsoft Intune
+
+Connect the Trend Micro MTD connector to monitor and mitigate device risk levels on Intune-managed devices. Trend Micro Mobile Security works by reporting device risk levels to Microsoft Intune. Intune then uses that information to enforce the appropriate app configuration and risk assessment policies. For more information about Trend Micro Mobile Security, see [Getting Started with Mobile Security](https://docs.trendmicro.com/en-us/enterprise/trend-micro-vision-one/mobile-security/getting-started-with_003.aspx) in the Trend Micro documentation.
+
+This article describes the requirements and steps to connect the MTD connector in your tenant.
+
+## Before you begin
+
+The following subscriptions and accounts are required to integrate Trend Micro Mobile Security with Microsoft Intune.
+
+- Microsoft Intune subscription
+- Azure Active Directory (Azure AD) account with Global Administrator rights to grant the following permissions:
+  - Sign in and read user profile
+  - Access the directory as the signed-in user
+  - Read directory data
+  - Send device information to Intune
+- Admin sign-in credentials to access the Trend Micro Vision One management console
+
+### App authorization
+
+The following authorization process happens when you connect the Trend Micro Mobile Security MTD connector:
+
+- Allow Trend Micro Mobile Security to communicate information related to device health state back to Intune. To grant these permissions, you must use Global Administrator credentials. Granting permissions is a one-time operation. After the permissions are granted, the Global Administrator credentials aren't needed for day-to-day operation.
+- Allow Trend Micro Mobile Security to sync Azure AD enrollment group membership to populate its device's database.
+- Allow Trend Micro Vision One management console to use Azure AD Single Sign On (SSO).
+- Allow Trend Micro Mobile Agent app to sign in using Azure AD SSO.
+
+For more information about consent and Azure AD applications, see [Request the permissions from a directory admin](/azure/active-directory/develop/v2-permissions-and-consent#request-the-permissions-from-a-directory-admin).
+
+## Set up Trend Micro MTD connector
+
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) with an Intune administrator account.
+2. Go to **All services** > **Tenant administration**.
+3. Select **Connectors and tokens**.
+4. Under **Cross platform**, select **Mobile Threat Defense**.
+5. Select **Add**.
+6. For **Select the Mobile Threat Defense connector to setup**, choose **Trend Micro**.
+7. Select Open the Trend Micro admin console. Keep the Microsoft Endpoint Manager tab open for later.
+8. Sign in with your Azure AD account, and then follow the instructions in [Setting up Intune Integration](https://docs.trendmicro.com/en-us/enterprise/trend-micro-vision-one/mobile-security/getting-started-with_003/integration-with-int/setting-up-intune-in.aspx) (opens Trend Micro Mobile Security documentation) to complete setup.
+9. After you finish setup in the Trend Micro Vision One console, return to your tab in the Microsoft Endpoint Manager admin center.
+10. Under **Compliance policy evaluation**, turn on the following settings:
+
+    - **Connect Android devices version 7.0 and above to Trend Micro**
+    - **Connect iOS/iPadOS devices version 11.0 and above to Trend Micro**
+
+These settings allow Trend Micro Mobile Security to evaluate the devices in your organization.
+
+Configure additional settings to meet your organization’s requirements.  
+
+11. Select **Create** to save your connector configurations.
+
+## Next steps
+
+- [Set up Trend Micro Mobile Agent app for enrolled devices](../protect/mtd-apps-ios-app-configuration-policy-add-assign.md)