Office 365: How to Setup Mobile Device Management for Android and Windows Devices Part 1
Step 1: Enable Mobile Device Management (MDM)
Mobile device management in Office 365 is improving all the time and it’s so easy to configure a policy which makes mobile devices such as mobile phones and tablets. Just to clarify mobile devices don’t include laptops so these policies wont apply to them. Also if you are supporting Apple devices there is an extra step required to get them working correctly which we will cover in a future blog post.
MDM in Office 365 gives us a variety of options for securing devices which includes enforcing a pin code to unlock them, force encryption to enable and even disable screen shots and wipe all data from the device. All valuable options to ensure our business data is protected while making it a painless experience for the users.
Lets jump in to the portal and start setting things up.
One you have logged into the Admin center using a global administrator account go to Resources then Mobile management.
The first time you enter Mobile management you will enter a setup wizard so click on Let’s get started.
You will now be asked to choose the name of a security group which is used to enable MDM for specific user accounts. You will later add users to this group so they can configure office applications on their mobile devices. Here we go with the default and tick the box to add the current user to the group. Click Start setup to continue.
Now you will need to wait for the setup to complete which can take 2-5 minutes so go grab a coffee.
Step 2: Configure MDM Policy
Now go into the Security & Compliance center then Security policies and Device security policies. Here you will see a default policy has been setup for us which requires devices to have a password configured with at least four characters. We can do a lot more than this so click on the pen symbol to edit the policy.
Click on Access Requirements to see all of the available options you can enforce on the device before it will be allowed to connect and synchronize. Here we setup the policy to comply with our companies security policies and click Save.
Next click Configurations to see the remainder of the settings available. Here you can block screen captures, block access to the application stores such as Goole Play and iTunes and even block access to remote storage. Set your options and click Save.
Step 4: Allow Access to Users
Now let’s add a user account to the Default MDM Security Group we setup during the wizard. Go into the Admin center click on Group then Groups again.
Edit the group and add any users which will be using a mobile device into the list and click Save.
Using MDM we can implement security policies which help protect our business data. Users emails and OneDrive folders are littered with valuable and personal information which needs protecting. Enforcing even the most basic protection such as pin codes which are changed regularly and having the ability to remotely wipe a device if it gets lost is vital.
In part 2 we will look at how to configure the mobile devices.