Manage devices enrolled in Mobile Device Management in Microsoft 365
The built-in mobile device management for Microsoft 365 helps you secure and manage your users' mobile devices like iPhones, iPads, Androids, and Windows phones. The first step is to sign in to Microsoft 365 and set up Basic Mobility and Security. For more info, see Set up Basic Mobility and Security.
After you've set it up, the people in your organization must enroll their devices in the service. For more info, see Enroll your mobile device using Basic Mobility and Security. Then you can use Basic Mobility and Security to help manage devices in your organization. For example, you can use device security policies to help limit email access or other services, view devices reports, and remotely wipe a device. You'll typically go to the Security & Compliance Center to do these tasks. For more info, see Microsoft Purview compliance portal.
Device management tasks
To get to the device management panel, follow these steps:
Sign in to the Microsoft 365 admin center, and go to the Mobile Device Management page.
Select Let's get started.
Manage mobile devices
After you've got Basic Mobility and Security set up, here are some ways you can manage the mobile devices in your organization.
| To do this | Do this |
|---|---|
| Wipe a device | In the Device Management panel, select device name, then Full wipe to delete all information or Selective wipe to delete only organizational information on the device. For more info, see Wipe a mobile device in Basic Mobility and Security. |
| Block unsupported devices from accessing Exchange email using Exchange ActiveSync | In the Device Management panel, select Block. |
| Set up device policies like password requirements and security settings | In the Device Management panel, select Device security policies > Add +. For more info, see Create device security policies in Basic Mobility and Security. |
| View list of blocked devices | In the Device Management panel, under Select a view select Blocked. |
| Unblock noncompliant or unsupported device for a user or group of users | Pick one of the following to unblock devices: - Remove the user or users from the security group the policy has been applied to. Go to Microsoft 365 admin center > Groups, and then select group name. Select Edit members and admins. - Remove the security group the users are a member of from the device policy. Go to Security & Compliance Center > Security policies > Device security policies. Select device policy name, and then select Edit > Deployment. - Unblock all noncompliant devices for a device policy. Go to Security & Compliance Center > Security policies > Device security policies. Select device policy name and then select Edit > Access requirements. Select Allow access and report violation. - To unblock a noncompliant or unsupported device for a user or a group of users, go to Security & Compliance Center > Security policies > Device management > Manage device access settings. Add a security group with the members you want to exclude from being blocked access to Microsoft 365. For more info, see Create, edit, or delete a security group in the Microsoft 365 admin center. |
| Remove users so their devices are no longer managed by Basic Mobility and Security | To remove the user, edit the security group that has device management policies for Basic Mobility and Security. For more info, see Create, edit, or delete a security group in the Microsoft 365 admin center. To remove Basic Mobility and Security from all your Microsoft 365 users, see Turn off Basic Mobility and Security. |
Live (v14)
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for