Share via

Best Way To Setup MDM With O365 Portal

Anonymous
2018-02-15T14:14:02+00:00

We currently use MaaS 360 and it works well with little hassle and very organized. Six months ago we upgraded our environment to O365 and want to consider MDM. I have attempted to follow Microsoft's outdated guides from 2016, but MS is CONSTANTLY changing the portal which makes the guides almost useless.

With MaaS, we simply deploy a policy to allow an employee access to mobile email, contacts, calendar, and also give the admins (myself and 2 others) access to remotely wipe that device. We do not manage apps of restrict default device options like camera or buetooth.

With that said, what is the cleanest, simplest way to accomplish a MDM setup?

Can this be SOLELY done from the Exchange Admin Center and the default mobile device mailbox policy?

OR

Must I also leave that area and dive into Security & Compliance > Data Loss Prevention and create an almost identical policy and then create yet ANOTHER group to apply this policy to?

I have already done both the items addressed above and yet there are inconsistencies with the portal while users can still receive their mobile email.

Again, what is the cleanest, simplest way to accomplish a MDM setup?

Microsoft 365 and Office | Subscription, account, billing | For home | Windows

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

Vincent Choy 10,870 Reputation points Volunteer Moderator
2018-02-16T06:43:26+00:00

The first iteration of Office365 was BPOS (Business Productivity Online Suite) many years ago. Some of these features were built into the product then, accessed via Exchange Admin. It included features like device wipe. Over time these features got enhanced but remained in Exchange Admin.

However, Microsoft also has a more advanced MDM system in Intunes. 

Later versions of Office365 came with a Lite version of this MDM. There are more granular features, like selective wipe, but it required a user registering the device and downloading a client on their phones.  This is parked under Security & Compliance -> Data Loss Prevention -> Device Management / Device Security Policies.

You can compare the two approaches and see which one works best for you.

Was this answer helpful?

0 comments

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vincent Choy 10,870 Reputation points Volunteer Moderator
    2018-02-20T16:02:02+00:00

    If the features in Exchange Admin centre is good enough for your management objectives, then use that, since it doesn't require a user loading the Company Portal App and registering his device.

    The full wipe function in EAC (without using Office365 MDM) is in -

    EAC -> Recipients -> Mailboxes -> Select User -> Mobile Devices (View Details) -> Wipe Icon 

    You now get two choices - Account Only Remote Wipe, and Wipe Data

    Wipe Data is a full Wipe

    Account Only Remote wipe only wipes Exchange Data.

    Was this answer helpful?

    0 comments
  2. Anonymous
    2018-02-20T14:54:59+00:00

    So... with what we want to accomplish, what is your opinion of the best approach?

    I cannot seem to find any updated documentation that relates to the ever-changing portal.

    I have tested several scenarios including both Exchange Admin and Security & Compliance; then individually while disabling the other... it appears all work similarly and the devices show up in Device Management and when selected they offer a FULL or SELECTIVE wipe.

    You can see I am back at square one when attempting to managing devices in ONE particular area in the mess called Portal.

    Was this answer helpful?

    0 comments
  3. Anonymous
    2018-02-15T16:11:06+00:00

    We want employees to have access to their email, contacts, calendars, and tasks/reminders; all are iOS except 2 android users. From an IT standpoint, we want the ability to remotely wipe/selective wipe their devices. We also want to enforce encryption, passcode, and an inactivity lock. All of those items are within the Exchange Admin Center:

    With that said, I am not sure why anything must be entered within Security & Compliance.

    Was this answer helpful?

    0 comments
  4. Vincent Choy 10,870 Reputation points Volunteer Moderator
    2018-02-15T15:51:12+00:00

    Can I ask what is the end result you would like to achieve in terms of Mobile Management?

    How far have you gotten in achieving this with MDM?

    Was this answer helpful?

    0 comments