For delivering a more secure and integrated experience for access to corporate applications and services, across all sorts of mobile devices, the MDM for Office 365 and Microsoft Intune solutions provide excellent tools to manage the challenge many organizations face when they intentionally or unofficially adopt a “bring-your-own-device” (BYOD) approach.
To get access tools for Mobile Device Management (MDM), Identity and Access Management and Information Protection, an approach could be to look at the Enterprise Mobility Suite (EMS).
EMS is a suite of cloud services that manage devices, controls access and protect corporate data on devices, both within the applications and when the data is in transit. The EMS subscription includes Azure AD Premium (for Identity/Access Management), Azure Rights Management (for Information Protection and Rights Management) and Microsoft Intune (for MDM and Mobile Application Management).
Basic Mobile Device Management (MDM) capabilities are built-in to a range of Office 365 subscriptions, and these features can help secure and manage mobile devices like iPhones, iPads, Androids, and Windows Phones used by licensed Office 365 users in the organization.
MDM for Office 365 can be used for securing and management of the following types of devices.
- Windows Phone 8.1
- iOS 7.1 or later versions
- Android 4 or later versions
- Windows 8.1*
- Windows 8.1 RT*
* Access control for Windows 8.1 and Windows 8.1 RT devices is limited to Exchange ActiveSync.
Currently, the supported apps for Office 365 MDM are:
- Exchange Online
- SharePoint Online
- OneDrive for Business.
The following diagram shows the process when a user with a new device signs in to an app that supports access control with MDM for Office 365.
The user is blocked from accessing Office 365 resources in the app until the device is enrolled.
With MDM for Office 365, the Office 365 administrator can create policy settings to help secure and manage mobile devices that connect to the organization’s Office 365 resources.
The MDM policy settings that can block users from accessing Office 365 resources are divided into these sections:
- Security
- Encryption
- Jail broken
- Managed email profile
To complete the few steps for configuring the built-in Mobile Device Management for Office 365, follow this four-step guide: Manage mobile devices in Office 365
Guide on how to set up your mobile device with MDM for Office 365: Enroll your mobile device in Office 365
For more advanced capabilities, such as the ability to manage a wider range of mobile devices and computers, and the option to integrate with an on-premise System Center 2012 Configuration Manager, Microsoft Intune provides a powerful solution with more features and more security options.
Signup for a trial of Microsoft Intune, at the Intune Signup page.
Comparing the features in Microsoft Intune and MDM for Office 365, look here for an overview of the capabilities in each solution: Choose between Microsoft Intune and Built-in MDM for Office 365
References:
Overview built-in Mobile Device Management for Office 365
Microsoft Intune features
Capabilities of built-in Mobile Device Management for Office 365