It has been announced some time ago, Microsoft has now delivered a first release of the mobile devices management for Office 365.
You can now define complete access rules for mobile devices to access your Office 365 resources.
This feature is currently being roll out on Office 365 for all Office 365 commercial plans (Business, Enterprise, EDU and government).
If you are interested in cloud mobile devices management, the first thing is to choose between Intune and Office 365 MDM – see for the comparison https://technet.microsoft.com/library/dn957912.aspx
Enable and configure Office 365 MDM
Then, if you want to use the Office 365 MDM, you have to activate the service by going to the Mobile Devices menu from the Office 365 admin portal to activating it; please note it may take some time to complete the activation
Then you will have to complete the configuration by:
- configuring the DNS records required – please note the interface may display your tenant has been already correctly configured for the DNS but this is a false positive state because you already have associated Internet domain. DNS entries required
- CNAME enterpriseenrollment pointing to enterpriseenrollment.manage.microsoft.com
- CNAME entepriseregistration pointing to enterpriseregistration.windows.net
Please note that the last entry may already exists and points to your ADFS end point or your Azure device registration as this entry is used for the Join Workspace feature.
- create the APN’s certificate to allow you to manage Apple devices (iPhone / iPad)
Setup MDM Access Rules
Once this has been done, you can also additionally configure multi factor authentication requirements and setup the access rules.
Access rules are managed from the Compliance Center – which has been available since few days now.
NOTE this access rules are overriding the Exchange mobile devices access rule you may have already setup
To setup an access rule, just hit the + sign and follow the wizard
As part of the settings available you can:
- request to setup a device password
- require device encryption
- block jail broker device
Then you have the choice to apply or not the rule after the creation – this may take few minutes to apply on devices
NOTE if you want to apply now the new access rule, you have to select existing security group and you have to search for the DL; the interface does not gather automatically existing DL for performance reasons
View devices list
From the Office 365 admin portal you can get compliance reports for registered devices
NOTE there is currently a defect as the user list returned contains sample Contoso data
From the Office 365 admin portal you can also have a quick look of these devices and perform a wipe operation – either FULL wipe which completely reset the device or a SELECTIVE wipe which removes ONLY your corporate data (OneDrive for Business, Mail…)
Setup Mobile Device
To enroll a device to for Office 365 MDM, you must use either:
- use the workplace feature of Windows Phone 8.1
- use the Company Portal application for Apple and Android devices