Understanding Mobile Device Management For Office 365

Securing Enterprise Data On Mobile Devices


Now more than ever, employees cutting across many industries now use mobile devices to perform some type of job function or another. Field based workers, as well as many office bound workers now prefer and require to have access to business-related data at the tip of their fingertips and smart phones are increasingly being used to fill in that gap. The question then is, as an organization what can you do to enhance security on mobile devices that carry around, in some cases, very sensitive enterprise data?

Mobile Device Management for Office 365 is a suite of services can help you secure and manage mobile devices like iPhones, iPads, Androids, and Windows Phones used by licensed Office 365 users in your organization.

Office 365’s MDM capabilities work to keep your data safe in three ways:



1) Conditional Access

You can set up security policies on devices that connect to Office 365 to ensure that Office 365 corporate email and documents can be accessed only on phones and tablets that are managed by your company and are compliant. The Conditional Access policies apply to Office applications such as Word, Excel, PowerPoint and other business applications—making management easier for admins while ensuring users can securely work with their preferred productivity applications.

The following diagram shows what happens when a user with a new device signs in to an app that supports access control with MDM for Office 365. The user is blocked from accessing Office 365 resources in the app until they enroll their device.


2) Device Management

Under Device Management, you can set and manage security policies such as device-level pin lock and jailbreak detection to help prevent unauthorized users from accessing corporate email and data on a device when it is lost or stolen. A few more device management policies that can be effected on the relevant mobile devices are:

System Settings

Setting name Windows Phone 8.1 iOS 7.1+ Android 4+
Block screen capture ✔ (Samsung Knox only)
Block sending diagnostic data from device

Application Settings

Setting name Windows Phone 8.1 iOS 7.1+ Android 4+
Block video conferences on device
Block access to application store
Require password when accessing application store

 Device Capabilities Settings

Setting name Windows Phone 8.1 iOS 7.1+ Android 4+
Block connection with removable storage
Block Bluetooth connection

2) Selective Wipe

You can easily remove Office 365 company data from an employee’s device while leaving their personal data in place. This may be required when a employee leaves the organization or when an employee loses their mobile device. You can do a selective wipe to remove only organizational data or a full wipe to delete all information from a device and restore it to its factory settings.

If you are looking for protection beyond what’s included in Office 365, you can subscribe to Microsoft Intune, part of the Microsoft Enterprise Mobility Suite, and receive additional device and application management capabilities for phones, tablets and PCs. I will cover Microsoft Intune in an upcoming blog post

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s