Mobile Device Management (MDM) for Microsoft 365: Ultimate Guide
With MDM, your business gains central control over policies, applications, and additional functions; block unsafe websites and material from employees.
How do you manage your business's mobile devices that you or your employees use to access sensitive enterprise data?
Understanding and implementing mobile device management (MDM) is important, whether these are your or your employees' personal mobile devices or company-owned devices. Why?
As mobile devices become ubiquitous in enterprise usage, they're increasingly a security and data threat.
So, this article gives you a step-by-step guide to setting up mobile device management security in Microsoft 365.
First, What is Mobile Device Management (MDM)?
Shortened as MDM, Mobile device management is a toolset/software and methodology used to monitor and manage mobile devices accessing enterprise data.
It provides mobile productivity tools and apps while securing corporate data on mobile devices — phones, tablets, laptops, and other mobile endpoints.
MDM also extends its functionalities to other services like:
- storing vital mobile devices' information,
- deciding which apps the mobile devices can have,
- locating the devices,
- securing the devices if they get misplaced, lost, or stolen.
The common components of MDMs include:
- Device inventory and tracking;
- Identity and access management;
- Password enforcement;
- App whitelisting or blacklisting;
- App distribution and enterprise app store;
- Remote wipe;
- Endpoint security and data encryption enforcement.
In the modern enterprise, MDM is a core component of EMM (enterprise mobility management). This includes mobile app management, access and identity management, and enterprise file sync and share.
Why is MDM Important for Business?
Answer: MDM protects your business data and ensures your company retains control over confidential information. MDM can remotely lock and wipe all data if a mobile device is lost or stolen. Remote locking and wiping capabilities enable companies to keep devices and data secure. MDM optimizes the access, security, and functionality of company or personal mobile devices used to access enterprise data.
In doing so, MDM compounds this restriction with safeguarding and protecting enterprise data and networks.
An effective MDM solution helps keep business devices secure while maintaining staff and admins flexible and productive.
As mobile devices continuously gain ubiquitous use in enterprises, businesses and staff are increasingly vulnerable to malicious attacks. Why?
The personal or enterprise mobile devices are used to access critical business data, which threatens the business' security if it's hacked, lost, or stolen.
So, managing mobile devices is important to:
- Enhance enterprise data security
- Ensures your business retains control over confidential enterprise information if a mobile device is hacked, lost, or stolen.
- Time-saving automation by automating repetitive tasks such as Wi-Fi configuration on devices or app installation
- Allows management of all company devices, BYODs (Bring your own device), and applications.
- Increase enterprise productivity by blacklisting non-enterprise apps during work hours. This helps keep workers focused and productive.
- Allow remote mobile device management.
Personal Devices (BYOD) vs. Company Devices Used For Work
As remote and hybrid work models continue to gain traction, personal devices used for work are also on the rise. Many enterprises now allow BYOD work policies to allow employees flexibility in work and devices used to achieve company goals. This helps increase workers' productivity and satisfaction while reducing company costs as there's no need to purchase extra hardware.
But applying enterprise MDM security to a personal device is challenging. Businesses that allow BYOD need the employee's consent to enroll the device into enterprise MDM.
But companies also issue employees with COPE (or corporate-owned, personally enabled) devices or COBO (or corporate-owned, business-only) devices that use enterprise MDM. Why?
Company devices under MDM scrutiny are usually more secure than personal devices, thanks to their pre-installed or whitelisted software and apps. Because MDM can also be easily wiped out in case they're lost, hacked, or stolen without first asking for employee consent.
What is the Difference Between Microsoft InTune and Mobile Device Management for Microsoft 365?
Essentially, Microsoft offers two MDM methods: Microsoft Intune and MDM for Office 365:
- MDM for Microsoft (Office) 365 is a built-in feature included in each Office 365 plan.
- Microsoft InTune is a stand-alone, subscription-based, Microsoft-provided mobile device management platform. It has more security provisions and integrates well with Microsoft 365.
Note: You can also buy InTune with Enterprise Mobility + Security (EMS) on your Microsoft 365 subscription/plan.
Capabilities of MDM for Microsoft 365
MDM for Microsoft 365 (formerly MDM for Office 365) offers lightweight MDM without MAM (mobile application management). This provision controls company Microsoft 365 data access for supported devices and apps. It also offers remote wipes to remove enterprise data if devices are stolen or lost.
MDM for Microsoft 365 supported platforms include:
- Windows 8 and 8.1 (Exchange ActiveSync functionality)
- Windows 10 (all versions) - device should be Azure Active Directory joined
- Windows 11
- iOS 10.0 or later
- Android 4.4 or later
MDM for Microsoft 365 Supported policy settings are:
- specific password,
- mail, and,
- jailbroken settings.
These are what support mobile device management and identity verification functionalities.
Microsoft Intune capabilities
Microsoft Intune offers MDM and MAM, which is vital for enterprises that allow BYOD. Why?
MAM lets the enterprise, through IT Admin, deploy and manage mobile devices' apps and software.
MDM and MAM policies and settings help organizations control enterprise data, apps, and network access, especially those accessed through Microsoft 365 and Azure AD.
Also, InTune enables app and devices' remote wipe to remove enterprise data in case the devices are lost, misplaced, stolen, or damaged.
This gives organizations a strong way of managing and securing mobile devices, apps, and enterprise data.
Intune Supported platforms include:
- Windows 8 and 8.1 (including Windows 8.1 RT)
- Windows 10- all versions - with Teams, Microsoft IoT, and Holographic for Business
- Windows 11 - all versions - with Teams, IoT, and Holographic for Business
- iOS and iPadOS 11.0 or later
- Mac OS X 10.0.12 or later
- Android 5.0 or later (including Android Enterprise)
InTune-supported policy settings are advanced configuration options, including VPN, Wi-Fi, and configuration certificate.
How to Set Up Mobile Device Management in Microsoft 365 - A Step-By-Step Process
To set up MDM in Microsoft 365, follow these steps (accordingly):
Step 1: Enable Microsoft 365 Mobile Device Management (MDM) through your account.
- Log in to the Microsoft 365 admin portal. Link: https://portal.office.com/AdminPortal
- Choose to enter the Center as a Global admin user. Select the Global admin option.
- Navigate to the left pane, check under Home and expand the Resources tab. Once the tab is expanded, select Mobile Management.
- If it's the first time you're setting up the Microsoft 365 Mobile Management, enter a setup wizard for the Microsoft 365 Mobile Device Management. Select the 'Let's get started button.
- On the new window > Enter a security name. This is the group used to enable Microsoft 365 MDM for specific user accounts. After you finish the setup, you'll add users to this group to allow them to configure the Office apps on their mobile devices.
- Click the 'Start setup' > to continue the MDM setup process.
- You'll see a notification saying, "Activating the MDM service." Wait for this setup to run to completion (for about 2-5 minutes).
Step 2: Configure your MDM Policy
- Got to Microsoft 365 Admin portal > then Security & Compliance.
- Expand the button (Security and compliance) > and go to Security policies > Device Security Policies.
- You'll see a default policy that requires devices to have a security password (with four characters or more).
- On the right pane, click the pen symbol. This will allow you to edit the security password policy.
- Click on Access Requirements. See the available options to enforce on the device before it can connect to the company network and synchronize data.
- Set up your preferred policy under "What requirements do you want to have on devices." Make sure the policy complies with your company's security policies
- Click Save to ensure the policy you're set is implemented.
- Next, you'll click on the "what else do you want to configure" link to see any remaining settings you'd want to configure.
- Tick the necessary boxes according to your company policy to set your options > then click Save.
Voila! You've set up MDM on Office 365.
Step 3: Allow Users Access
You're not done until you add a user account to the MDM Security Group (Default) you've set up.
- Go into the Office 365 Admin center
- Click on Groups > then click on Edit, the group > then add any users who will be using a mobile device into the list
- Click Save to save the addition.
MDM for Microsoft 365 is a great starting point for businesses beginning to implement MDM.
But it's not enough.
Better security and mobile device management require the capabilities of the more advanced Microsoft InTune. Adding Intune to MDM for Microsoft 365 is a great way to manage mobile devices and ensure company and enterprise security.
One More Thing
Are you looking for more tips? Check out our other guides in our Blog or visit our Help Center for a wealth of information on how to troubleshoot various issues.
Sign up for our newsletter and access our blog posts, promotions, and discount codes early. Plus, you'll be the first to know about our latest guides, deals, and other exciting updates!
Does Office 365 have MDM?
Yes. Office 365 has the built-in Mobile Device Management (MDM) for Office 365. This application helps businesses and individuals secure and manage mobile devices — iPhones, iPads, Androids, Windows phones, etc. You can create and manage device security policies, remotely wipe a device, and view detailed device reports.
» How to Keep Your Data Safe When Using Microsoft Office 365
» Microsoft 365 Complete Review: A Review, Editions, and Prices
» Step by Step Guide to Set Up Office 365 Business eMail
» Differences Between Microsoft 365 vs. Google Workspace
» How To Change Your Office Product Key: Office 365
Feel free to reach out with questions or requests you’d like us to cover.