Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Connect the BlackBerry Protect Mobile MTD connector to monitor and mitigate device risk levels on Intune-managed devices. BlackBerry Protect Mobile (powered by Cylance AI) works by reporting device risk levels to Microsoft Intune. Intune then uses that information to enforce the appropriate app configuration and risk assessment policies. For more information about BlackBerry Protect Mobile, see Key features of BlackBerry Protect Mobile (opens BlackBerry UES docs).
This article describes the requirements and steps to connect the MTD connector in your tenant.
Before you begin
The following subscriptions and accounts are required to integrate UES with Microsoft Intune.
- Microsoft Intune Plan 1 subscription 
- Microsoft Entra account with Global Administrator rights to grant the following permissions: - Sign in and read user profile 
- Access the directory as the signed-in user 
- Read directory data 
- Send device information to Intune 
 - Caution - The Global Administrator built-in role is a privileged Microsoft Entra role, and has more permissions than needed for Intune. To reduce risk, don't use the Global Administrator role to manage Intune. - Assign the least-privileged role that can complete the task. For more information on the built-in roles and what they can do, see Role-based access control (RBAC) with Intune and Built-in role permissions for Intune. 
- Admin sign-in credentials to access the UES management console 
App authorization
The following authorization process happens when you connect the BlackBerry Protect Mobile MTD connector:
- Allow BlackBerry UES to communicate information related to device health state back to Intune. To grant these permissions, you must use Global Administrator credentials. Granting permissions is a one-time operation. After the permissions are granted, the Global Administrator credentials aren't needed for day-to-day operation. 
- Allow BlackBerry UES to sync Microsoft Entra enrollment group membership to populate its device's database. 
- Allow BlackBerry UES management console to use Microsoft Entra single sign-on (SSO). 
- Allow BlackBerry Protect app to sign in using Microsoft Entra SSO. 
For more information about consent and Microsoft Entra applications, see Introduction to permissions and consent.
Set up BlackBerry Protect Mobile MTD connector
- Sign in to the Microsoft Intune admin center with an Intune administrator account.
- Go to Tenant administration.
- Select Connectors and tokens.
- Under Cross platform, select Mobile Threat Defense.
- Select Add.
- For Select the Mobile Threat Defense connector to setup, choose CylancePROTECT Mobile.
- Select Open the CylancePROTECT Mobile admin console. Keep the Microsoft Intune admin center tab open for later.
- Sign in with your Microsoft Entra account, and then follow the instructions in Integrating UES with Intune to respond to mobile threats (opens BlackBerry UES docs) to complete setup.
- After you finish setup in the UES management console, return to your tab in the Microsoft Intune admin center.
- Under MDM Compliance Policy Settings, turn on the following settings:
- Connect Android devices to BlackBerry Protect Mobile
- Connect iOS devices to BlackBerry Protect Mobile These settings allow BlackBerry Protect Mobile to evaluate the devices in your organization.
 
- Select Create to save your connector configurations.