In the Intune admin center, navigate to Tenant Administration > Connectors and tokens > Mobile Threat Defense and select Create to add a new MTD connector
In the MTD vendor console (e.g., Zimperium zConsole), configure Microsoft Intune as the MDM provider and authorize the MDM connector app registrations in Microsoft Entra ID via the vendor's OAuth flow
Synchronize the Microsoft Entra security groups from the MTD console to scope which users' unenrolled devices the MTD solution will monitor
In Intune, create an app protection policy for iOS and Android and configure the MTD partner integration setting to block access when the MTD risk level meets or exceeds the defined threshold
Deploy the MTD app (e.g., Zimperium zIPS) to users via Intune managed apps; the app registers the device risk posture with Intune on detection of threats
Verify the integration by simulating a threat on a test device; confirm that the app protection policy blocks access to the MAM-managed app and that the risk level surfaces in the Intune admin center
Known gotchas
App protection policy-based MTD integration (MAM-only path) applies only to apps protected by the Intune App SDK or wrapped with the App Wrapping Tool; unprotected apps will not enforce MTD-driven blocking
The MTD connector requires that the MTD vendor's apps be deployed as managed apps through Intune; if users sideload the MTD app outside of Intune, the risk signal cannot be correlated to the Intune policy
Multiple MTD connectors can be active simultaneously but only one MTD partner per platform can provide compliance data for enrolled devices; ensure the connector priority is configured correctly if more than one MTD vendor is deployed
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp