Mobile Device Management (MDM) with Office 365 and Intune
The modern IT landscape is a lot different to where it was only 5 years ago. Almost everyone has a smartphone or a tablet that they run their lives from. So what about running their personal and work lives together on the same device? I am sure you’ve heard the term Bring Your Own Device (BYOD), this is going to be the next big step in helping employees manage their work/life balance.
So what is MDM or Mobile Device Management? And where does Office 365 come into this?
Mobile Device Management is just what it says on the tin, it is a service that allows a business to manage their mobile devices. This includes iOS, Android and Windows Phone based systems which is great news to the business as they are not tied into a particular make…the Blackberry days are way behind us. MDM allows us to apply compliance policies to devices to ensure that the company data on them is safe and secure.
This is great for company owned devices as we control them, but what about devices owned by your staff?
Welcome to the new generation of MDM, we can now segregate personal and business data on a personal device.
What does this mean for the owner of the device?
Remember I mentioned “compliance” in the previous paragraph. What this basically means is before company data is allowed onto the personal device it must conform to some basic rules. The most important of these would be that the device has a password and be encrypted. Of course if the user doesn’t currently have a password on their device this might be an inconvenience but hopefully having business information at their fingertips might persuade them to allow this.
So you’ve convinced your employee, what’s the next step. You have a couple of options within the Microsoft MDM offerings. The first is the built in Office 365 MDM and the second is a dedicated MDM product called Intune, I’ll come back to Intune.
Office 365 Mobile Device Management
With Office 365 MDM you have can enrol a device into your Office 365 subscription (no extra cost) and provide some basic management of it. As you can see from the screenshot below the features may be basic but they do cover the major areas of compliance.
All these options ensure that the device is secure and safe and should the worse happen you know your data won’t fall into the hands of the wrong people.
So I’ve enrolled a device into Office 365 MDM what’s next?
Once enrolled both email and SharePoint/OneDrive for Business become managed applications. What this means is you have control of that data on them and can remove them at any time should the need arise. This is where MDM has made huge strides in BYOD as we can now selectively wipe a device, this ensure that only the company data is removed from a device and any personal information or applications remain intact. Perfect for that personally owned device. We still have the ability to perform full device wipes as well but this would be aimed at company owned devices rather than personal.
Can I stop non-compliant devices connecting to Office 365?
Yes, Office 365 uses a feature called “conditional access” this feature blocks all devices connecting to Office 365 unless they are enrolled, and thus managed, by Office 365. This feature ensures that you always have control of your company data.
Want more control? Microsoft Intune
As mentioned the Office 365 MDM solution is a basic MDM, although considering it comes at no additional cost it has a number of great features and will most likely offer enough for some businesses. However, your business may need more control over devices, maybe you’re a cloud only business and don’t have an on premise infrastructure or you just want to have better control and understanding of your mobile device estate.
Intune is a subscription based product, this can be used in conjunction with your Office 365 subscription or standalone. It is a powerful MDM solution that allows very granular management of mobile devices. What to ensure that users can’t use Wi-Fi hotspots or maybe blacklisting apps in the application stores? Maybe you want to deploy company applications to devices? Add stronger control accessing SharePoint or Exchange (Online and On premise), control anti-virus software or just need to in-depth reporting on your device estate? Intune offers all this and more. With Intune you can also manage Windows desktop machines, ensure anti-virus, manage Windows Update and deploying applications.
Ok, up until now I have only been talking about “mobile” devices, these are devices that have mobile operating systems on them like Android, iOS and Windows Phone. Now Microsoft are starting to blurring the lines between what is a desktop OS and what is a mobile device OS with Windows 10. This change allows the business owner to manage these devices as a single entity untimely simplifying the management of devices running the Windows 10 operating system.
If you need advice on what solution is best for your business, need help implementing MDM in your organisation then please get in touch.