Pete Saloutos - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Microsoft rolls out new MDM for Office 365

Microsoft's entry-level mobile device management option for Office 365 could kick things up a notch for BYOD shops.

Mobile device management is an increasingly important issue within this bring your own device world. On-premises Exchange includes some basic mobile device management features through Exchange ActiveSync policies, but it was never a full-blown mobile device management option. As mobile devices have become more sophisticated, enterprises require more robust mobile device management options.

Microsoft has Intune as its add-on mobile device management offering, but it has promised additional mobile device management features in Office 365 for quite some time now -- and the wait is nearly over. Microsoft will soon deliver mobile device management (MDM) capabilities with management policies capable of covering Office 365 data across iOS, Android and Windows Phone devices. This option will be no additional cost to customers with business, enterprise, education or government commercial plans, the company added.

The features offered are actually a subset of what Intune provides. Admins who want a side-by-side comparison of MDM for Office 365 and Intune can use this TechNet guide to start.

Conditional access. These security policies allow admins to determine the types of devices that can connect based on Intune and Azure AD. The policies apply to Office apps on devices, which could actually make for a unique MDM experience because Microsoft currently doesn't allow third parties to access or control its apps.

Device management. Exchange admins can establish security policy features such as PIN lock and jailbreak detection, along with improved reporting so admins can gain what Microsoft describes as "critical insights about devices accessing your corporate data."

Selective wipe. This expression varies with different MDM options, but in the case of MDM for Office 365, the selective wipe is actually selective. If a device is lost or stolen, admins can choose to remove corporate data that's from Office 365. This is an improvement over Exchange ActiveSync, in which the entire device is wiped, including personal data. Because it only wipes Office 365 data, admins may require additional features beyond this. Look to Intune or third-party options to add a layer of MDM.

Customers who selected First Release for their Office 365 portals should soon see features roll out. To enable First Release, admins can go to their Office 365 Admin Center, expand the Service Settings and then select Updates. Turn the slider to "On" (Figure 1).

Turn on new Office 365 features
Figure 1

Once the option is active in the portal, admins will see a setting called Mobile Devices within the Office 365 Admin Center. Admins can get started from there (Figure 2). To learn more about creating device policies, to enroll end users' devices or to manage devices, admins can visit the step-by-step instructions that TechNet provides.

Set up MDM in Office 365 portal
Figure 2

MDM for Office 365 is a bit of a balancing act. It's not the straw house we have with Exchange ActiveSync, and it isn't the brick house we have with Intune or a third-party options. It's that middle of the road structure that may be perfect for small to medium-sized organizations that require more bring your own device help on a budget. Admins will have to do some testing with it to see if it adequately meets the needs of their particular environment. If it doesn't, consider Intune or a third-party option to bolt-on to Office 365 and layer MDM.

About the author:
J. Peter Bruzzese is a Microsoft Office 365 MVP, as a five-time awardee with previous technical expertise in Exchange, a Triple-MCSE, an MCT and an MCITP: Enterprise Messaging. He is the co-founder of an end-user training solution called and is a strategic technical consultant for Mimecast. He is an internationally published author with more than a dozen titles to his name. He is a technical speaker for a number of conferences, including Techmentor, IT/Dev Connections and Microsoft TechEd. He writes for online and in-print tech and has written InfoWorld's Enterprise Windows column for more than five years. More recently, he focused his attention on new users in the Exchange/Office 365 community and wrote a short book (in 10 days) titled Conversational Exchange to help them learn Exchange's conceptual side. In his spare time -- well, let's face it, folks, with all that, JPB has no spare time.

Next Steps

What you can (and can't) do with ActiveSync for MDM

Will Exchange 2013 work as an MDM platform?

Exchange vs. MDM pros and cons

Dig Deeper on Office 365 and Microsoft SaaS setup and management