Blog - Integrity Technology Solutions

Your Guide to Mobile Device Management (MDM) for Your Business

Written by Integrity Staff | November 12, 2024 at 2:00 PM

How are you managing your business' mobile devices that access sensitive organization data? 

Whether employees are using personal mobile devices for work purposes or company-owned mobile devices, it's important to understand and implement enterprise mobile device management (MDM).

Mobile devices have become ubiquitous in enterprise usage, and are now security threats.

In this article, we give a step-by-step process to set up mobile device management in Office 365.

 

What Is Mobile Device Management (MDM)?

Mobile device management (MDM) is a toolset software and methodology used to manage and monitor mobile devices accessing sensitive enterprise/business data. 

MDM, managed by IT admins, provides mobile productivity tools and apps while securing corporate data on mobile devices, such as phones, tablets, and other mobile endpoints. 

The elements of MDM extend to storing essential mobile devices' information, deciding which apps they can have, locating them, and securing them if they get lost or stolen. 

The common components of MDMs include:

  • Device inventory and tracking.
  • Identity and access management.
  • Password enforcement.
  • App whitelisting or blacklisting.
  • App distribution and enterprise app store.
  • Remote wipe.
  • Endpoint security.
  • Data encryption enforcement.

MDM has become a core component of EMM (enterprise mobility management), including mobile app management, access, and identity management, and enterprise file sync and share.

 

Why Is MDM Important for My Business?

The main goal of MDM is to optimize the security and functionality of mobile devices within the business while simultaneously safeguarding and protecting corporate data and networks.

An effective MDM software helps keep business devices secure while helping to keep staff and admins flexible and productive.

As mobile devices — smartphones, tablets, laptops, and other endpoints — continue to gain ubiquitous use in enterprises, businesses and staff are increasingly vulnerable to malicious attacks.  

Since enterprise mobile devices are often used to access critical business data, they can threaten the security of the business if hacked, lost, or stolen. 

Managing mobile devices is important to:

  • Enhance enterprise data security.
  • Ensure your business retains control over confidential enterprise information if a mobile device is hacked, lost, or stolen.
  • Automate repetitive tasks, such as Wi-Fi configuration on devices, operating system updates, and app installation.
  • Manage all company devices and other BYODs (bring your own device) and applications, resulting in reduced costs of operation.
  • Increased productivity by blocklisting non-enterprise apps during work hours to keep staff focused and productive.
  • Provide remote mobile device management without user intervention and affecting user productivity.

 

Personal Devices Used For Work vs. Company Devices

The use of personal devices for work is on the rise as working remotely continues to become essential. 

Many companies now allow BYOD policies to allow their employees to use personal devices for work rather than issue company devices. 

This compromise helps increase workers' productivity and satisfaction, and reduces company costs by eliminating the need to purchase extra hardware.

Company devices using MDM are often more secure than personal devices. 

They come with pre-installed or white-listed apps and can also be easily wiped out in case they're lost, hacked, or stolen without first asking for employee consent.

However, applying enterprise MDM security to a personal device is challenging. 

When businesses allow BYOD, they need the employee's consent to enroll the device into enterprise MDM.

Companies can instead issue employees COPE (or corporate-owned, personally enabled) devices or COBO (or corporate-owned, business-only) devices that use enterprise MDM. 

 

What Is The Difference Between Intune and Mobile Device Management for Office 365?

Microsoft offers two MDM solutions: Microsoft Intune and MDM for Office 365.

MDM for Office 365 is a built-in feature included in each Office 365 plan. 

Microsoft Intune is a standalone, subscription-based MDM platform with more security provisions and integrates effectively with Office 365. 

You can also buy Intune with Enterprise Mobility + Security (EMS) with a Microsoft 365 subscription. 

 

Capabilities of MDM for Office 365

In the MDM for Office 365, you get lightweight MDM without mobile application management (MAM) to control access to Microsoft 365 data for supported apps and mobile devices. 

It only offers remote wipes for stolen or lost devices to remove corporate data.

MDM for Office 365-supported platforms are:

  • Windows 8.1 (Exchange ActiveSync functionality)
  • Windows 10 (device should be Azure Active Directory joined)
  • Windows 11
  • iOS 10.0 or later
  • Android 4.4 or later

Supported policy settings in MDM for Office 365 are specific password, encryption, mail, and jailbroken settings. 

 

Microsoft Intune Capabilities

In addition to MDM, Microsoft Intune also offers mobile application management (MAM), which is especially vital for companies that support BYOD because it lets you deploy and manage apps.

The MDM and MAM settings and policies help organizations control access to corporate networks and data in Office 365 and apps exposed via Azure AD. 

Intune enables remote wipe of devices and apps to remove business data for lost or stolen devices. 

Intune gives organizations a strong method to manage and secure mobile devices, apps, and business data.

Intune-supported platforms are:

  • Mac OS X 10.0.12 or later
  • iOS and iPad OS 11.0 or later
  • Windows 8.1 (with Windows 8.1 RT included)
  • Windows 10 (with Windows Teams, Microsoft IoT, and Holographic for Business included)
  • Windows 11  (with Teams, IoT, and Holographic for Business included)
  • Android 5.0 or later (Android Enterprise included)

Intune supports policy settings for advanced configuration options, including VPN, Wi-Fi, and configuration certificates.

 

A Step-By-Step Process To Set Up Mobile Device Management in Office 365

To set up MDM in Office 365, follow the steps below:

 

Step 1: Enable the Mobile Device Management (MDM)

  1. Login to Office 365 Admin portal: https://portal.office.com/AdminPortal
  2. Go to the Center as a Global admin user.
  3. On the left pane, under Home, expand the Resources tab > then select Mobile Management.
  4. If you're setting up Mobile Management for the first time, you'll enter a setup wizard for Mobile Device Management for Office 365 > click on Let's get started.
  5. This will open a new window to get you started > Provide a security name for the group used to enable MDM for particular user accounts. After setup, you'll add users to this group to allow them to configure Office apps on their mobile devices.
  6. Next, click Start setup to continue with the setup process.
  7. Wait for the "Activating the MDM service" set up to run to completion. This can take  2-5 minutes.

 

Step 2: Configure your MDM Policy

  1. Got to Office 365 Admin portal > Security & Compliance
  2. Expand the Security and compliance button and go to Security policies > Device Security Policies. Here you'll find a default policy already set up requiring devices to have a password with at least four characters. 
  3. Under Device security policies on the right pane, click on the pen symbol to allow you to edit the policy.
  4. Next, click on Access Requirements. You'll see the available options, which can be enforced on the device before it's allowed to connect and synchronize. 
  5. Now, under "What requirements do you want to have on devices," set up the policy to comply with your company's security policies > and click Save.
  6. Next, click on the Configurations link. You'll see the remaining settings available under "what else do you want to configure."
  7. Tick the necessary boxes according to your company policy to set your options > then click Save.

Voila! 

You've set up MDM on Office 365.

 

Step 3: Allow Users Access 

You're not done until you add a user account to the MDM Security Group (Default) you've set up. 

  1. Go into the Office 365 Admin center
  2. Click on Groups > then click on Edit, the group > then add any users who will be using a mobile device into the list
  3. Click Save to save the addition. 

 

Conclusion

In general, MDM for Office 365 is one of the best starting points for businesses looking to achieve device compliance. 

But, it’s often not enough. 

To benefit from tighter security and increased mobile device management capabilities, businesses should look into Microsoft Intune in addition to MDM for Office 365.

And, if you're unsure of your organization's current security position, download this free data security checklist to see your strengths and areas in which you may need help.

Then, reach out to Integrity Technology Solutions to see how we can help you and your business.