A few months ago at TechEd Europe we announced that built-in mobile device management (MDM) capabilities were coming to Office 365. Today, we are pleased to offer the general availability of MDM capabilities for Office 365. With MDM for Office 365, you can manage access to Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices. And what makes today’s news even better: the built-in MDM features are included at no additional cost in all Office 365 commercial plans, including Business, Enterprise, EDU and Government plans.
This short video explains the key MDM features included in Office 365:
Office 365’s MDM capabilities work to keep your data safe in three ways:
- Conditional Access—You can set up security policies on devices that connect to Office 365 to ensure that Office 365 corporate email and documents can be accessed only on phones and tablets that are managed by your company and are compliant. Behind the scenes, Office 365 leverages Microsoft Intune and the Microsoft Azure Active Directory to deliver this capability. The Conditional Access policies apply to Office applications such as Word, Excel, PowerPoint and other business applications—making management easier for admins while ensuring users can securely work with their preferred productivity applications.
- Device management—You can set and manage security policies such as device-level pin lock and jailbreak detection to help prevent unauthorized users from accessing corporate email and data on a device when it is lost or stolen. Additional settings and rich reporting are also available within the Office 365 admin center so you can gain critical insights about devices accessing your corporate data.
- Selective wipe—You can easily remove Office 365 company data from an employee’s device while leaving their personal data in place. This is an increasingly important requirement as more businesses adopt a “bring your own device” (BYOD) approach to phones and tablets.
If you are looking for protection beyond what’s included in Office 365, you can subscribe to Microsoft Intune, part of the Microsoft Enterprise Mobility Suite, and receive additional device and application management capabilities for phones, tablets and PCs. This includes the ability to restrict actions such as cut, copy, paste and save as to applications managed by Intune—helping keep corporate information even more secure.
These new capabilities help you better manage and protect access to Office 365 data while enabling people to be mobile and productive from anywhere. We hope you will love these new capabilities and we look forward to providing more enhanced capabilities in Office 365.
Frequently asked questions
Q. Where can I find more technical resources about built-in MDM for Office 365?
A. For detailed technical information, check out this TechNet article.
Q. What capabilities come with Intune versus built-in MDM for Office 365?
A. Details for both Intune and MDM for Office 365 are outlined in this TechNet article.
Q. When can I see these capabilities in my tenant?
A. We are starting the rollout for these capabilities today and will be completed worldwide in another 4-6 weeks.
A. MDM capabilities will be included with all Office 365 commercial subscriptions, including Business, Enterprise, EDU and Government plans.
Q. How does Office 365 provide these built-in MDM capabilities?
A. The MDM capabilities built-in to Office 365 are powered by Microsoft Intune and the Microsoft Azure Active Directory.
Q. How can I get additional protection capabilities such as mobile application management?
A. Organizations that need protection beyond what’s included in Office 365 can subscribe to Intune for additional capabilities, including more extensive mobile device and application management as well as PC management.
Q. What applications are supported by MDM for Office 365?
A. The complete list of supported applications can be found on TechNet.
Q. What about Windows devices?
A. We provide ActiveSync support for device policy, conditional access and selective wipe for Windows Phone and tablets. We will extend these capabilities to Windows Phone Office apps in the future.
An Example of the following diagram shows what happens when a user with a new device signs in to an app that supports access control with MDM for Office 365. The user is blocked from accessing Office 365 resources in the app until they enroll their device.