How are you managing your business' mobile devices that access sensitive organization data?
Whether employees are using personal mobile devices for work purposes or company-owned mobile devices, it's important to understand and implement enterprise mobile device management (MDM).
Mobile devices have become ubiquitous in enterprise usage, and are now security threats.
In this article, we give a step-by-step process to set up mobile device management in Office 365.
Mobile device management (MDM) is a toolset software and methodology used to manage and monitor mobile devices accessing sensitive enterprise/business data.
MDM, managed by IT admins, provides mobile productivity tools and apps while securing corporate data on mobile devices, such as phones, tablets, and other mobile endpoints.
The elements of MDM extend to storing essential mobile devices' information, deciding which apps they can have, locating them, and securing them if they get lost or stolen.
The common components of MDMs include:
MDM has become a core component of EMM (enterprise mobility management), including mobile app management, access, and identity management, and enterprise file sync and share.
The main goal of MDM is to optimize the security and functionality of mobile devices within the business while simultaneously safeguarding and protecting corporate data and networks.
An effective MDM software helps keep business devices secure while helping to keep staff and admins flexible and productive.
As mobile devices — smartphones, tablets, laptops, and other endpoints — continue to gain ubiquitous use in enterprises, businesses and staff are increasingly vulnerable to malicious attacks.
Since enterprise mobile devices are often used to access critical business data, they can threaten the security of the business if hacked, lost, or stolen.
Managing mobile devices is important to:
The use of personal devices for work is on the rise as working remotely continues to become essential.
Many companies now allow BYOD policies to allow their employees to use personal devices for work rather than issue company devices.
This compromise helps increase workers' productivity and satisfaction, and reduces company costs by eliminating the need to purchase extra hardware.
Company devices using MDM are often more secure than personal devices.
They come with pre-installed or white-listed apps and can also be easily wiped out in case they're lost, hacked, or stolen without first asking for employee consent.
However, applying enterprise MDM security to a personal device is challenging.
When businesses allow BYOD, they need the employee's consent to enroll the device into enterprise MDM.
Companies can instead issue employees COPE (or corporate-owned, personally enabled) devices or COBO (or corporate-owned, business-only) devices that use enterprise MDM.
Microsoft offers two methods of mobile device management: Microsoft Intune and MDM for Office 365.
MDM for Office 365 is a built-in feature included in each Office 365 plan.
Microsoft Intune is a standalone, subscription-based MDM platform with more security provisions and integrates effectively with Office 365.
You can also buy Intune with Enterprise Mobility + Security (EMS) with a Microsoft 365 subscription.
In the MDM for Office 365, you get lightweight MDM without mobile application management (MAM) to control access to Microsoft 365 data for supported apps and mobile devices.
It only offers remote wipes for stolen or lost devices to remove corporate data.
MDM for Office 365 supported platforms are:
Supported policy settings in MDM for Office 365 are specific password, encryption, mail, and jailbroken settings.
In addition to MDM, Microsoft Intune also offers mobile application management (MAM), which is especially vital for companies that support BYOD because it lets you deploy and manage apps.
The MDM and MAM settings and policies help organizations control access to corporate networks and data in Office 365 and apps exposed via Azure AD.
Intune enables remote wipe of devices and apps to remove business data for lost or stolen devices.
Intune gives organizations a strong method to manage and secure mobile devices, apps, and business data.
Intune-supported platforms are:
Intune supports policy settings for advanced configuration options, including VPN, Wi-Fi, and configuration certificates.
To set up MDM in Office 365, follow the steps below:
You've set up MDM on Office 365.
You're not done until you add a user account to the MDM Security Group (Default) you've set up.
In general, MDM for Office 365 is one of the best starting points for businesses beginning to implement MDM.
But, it’s often not enough.
To benefit from tighter security and increased mobile device management capabilities, businesses should look into Microsoft Intune in addition to MDM for Office 365.
And, if you're unsure of your organization's current security position, download this free data security checklist to see your strengths and areas in which you may need help.
Then, reach out to Integrity Technology Solutions to see how we can help you and your business.