Microsoft Brings MDM Capabilities to Office 365

Microsoft announced this week that all Office 365 commercial customers are now getting access to basic mobile device management (MDM) functionality without having to pay for separate services like Intune, which is a core component of Microsoft’s Enterprise Mobility Suite. The functionality is free, but it can also be integrated with existing Intune and Azure Active Directory infrastructures.

“Today, we are pleased to offer the general availability of MDM capabilities for Office 365,” Office 365 technical product manager Shobhit Sahay announced. “With MDM for Office 365, you can manage access to Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices. And what makes today’s news even better: the built-in MDM features are included at no additional cost in all Office 365 commercial plans, including Business, Enterprise, EDU and Government plans.”

According to Microsoft, this functionality provides three key benefits:

Conditional access. Admins can require a user’s mobile device to meet the requirements of security policies before they are allowed to access Office 365-hosted data—like OneDrive for Business documents or email—on that device. Because these policies are applied at the user level, they are consistently required on whatever device the user tries to use. (You can also apply policy to user groups, of course.)

Device management. This is the interface for configuring the policies you will require on enrolled devices: password requirements, device-level PIN lock, and so on. Built-in compliance reporting will keep admins up to date on the device use—and blocked devices—in the environment.

Selective wipe. This feature makes BYOD (Bring Your Own Device) scenarios more viable, since an employee can uses their own device safely and not worry about losing personal data—like photographs or data stored in apps—if they leave the company. With selective wipe, only corporate data is remotely wiped from the device.

You can find a complete list of Office 365 device management tasks on the TechNet web site.

And if these basic MDM features aren’t enough, Microsoft of course recommends the most exhaustive capabilities in Intune and the wider Enterprise Mobility Suite offering. Intune offers more device management policies, can manage Windows (8 and higher) PCs, and it can also manage many mobile apps—including Microsoft Office on Windows PCs, plus Android and iOS—on devices. Intune and EMS are not free, of course, but like Office 365 they are licensed on a per-user basis: EMS is normally $12 per user per month, but when licensed through Microsoft’s enterprise volume licensing program there is a 30 percent discount.

Microsoft says that MDM capabilities will roll out to all Office 365 commercial customers over the next 4 to 6 weeks. Presumably, Windows 10 support—on PCs and phones—will be made available by the time that new system ships in late summer.