Office 365

Microsoft Brings MDM Capabilities to Office 365

Microsoft announced this week that all Office 365 commercial customers are now getting access to basic mobile device management (MDM) functionality without having to pay for separate services like Intune, which is a core component of Microsoft’s Enterprise Mobility Suite. The functionality is free, but it can also be integrated with existing Intune and Azure Active Directory infrastructures.

“Today, we are pleased to offer the general availability of MDM capabilities for Office 365,” Office 365 technical product manager Shobhit Sahay announced. “With MDM for Office 365, you can manage access to Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices. And what makes today’s news even better: the built-in MDM features are included at no additional cost in all Office 365 commercial plans, including Business, Enterprise, EDU and Government plans.”

According to Microsoft, this functionality provides three key benefits:

Conditional access. Admins can require a user’s mobile device to meet the requirements of security policies before they are allowed to access Office 365-hosted data—like OneDrive for Business documents or email—on that device. Because these policies are applied at the user level, they are consistently required on whatever device the user tries to use. (You can also apply policy to user groups, of course.)

Sponsored Content

Devolutions Remote Desktop Manager

Devolutions RDM centralizes all remote connections on a single platform that is securely shared between users and across the entire team. With support for hundreds of integrated technologies — including multiple protocols and VPNs — along with built-in enterprise-grade password management tools, global and granular-level access controls, and robust mobile apps to complement desktop clients.

Device management. This is the interface for configuring the policies you will require on enrolled devices: password requirements, device-level PIN lock, and so on. Built-in compliance reporting will keep admins up to date on the device use—and blocked devices—in the environment.

Selective wipe. This feature makes BYOD (Bring Your Own Device) scenarios more viable, since an employee can uses their own device safely and not worry about losing personal data—like photographs or data stored in apps—if they leave the company. With selective wipe, only corporate data is remotely wiped from the device.

You can find a complete list of Office 365 device management tasks on the TechNet web site.

And if these basic MDM features aren’t enough, Microsoft of course recommends the most exhaustive capabilities in Intune and the wider Enterprise Mobility Suite offering. Intune offers more device management policies, can manage Windows (8 and higher) PCs, and it can also manage many mobile apps—including Microsoft Office on Windows PCs, plus Android and iOS—on devices. Intune and EMS are not free, of course, but like Office 365 they are licensed on a per-user basis: EMS is normally $12 per user per month, but when licensed through Microsoft’s enterprise volume licensing program there is a 30 percent discount.

Microsoft says that MDM capabilities will roll out to all Office 365 commercial customers over the next 4 to 6 weeks. Presumably, Windows 10 support—on PCs and phones—will be made available by the time that new system ships in late summer.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at, and the co-host of three tech podcasts: Windows Weekly with Leo Laporte and Mary Jo Foley, What the Tech with Andrew Zarian, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows.