Mobile Device Management with Office 365

In the last year Microsoft Office 365 has transformed into a solidly rooted Cloud software solution to help businesses solve common problems.  Businesses are often plagued by having to spend time and money on various software solutions for multiple devices.  In modern times where bring your own device and telecommuting seem to be the new trends, businesses need a solution to fit the needs of a mobile workforce.  With Office 365 users can save and access files and documents from the Cloud so company admins need to be able to maintain control over where the data is residing.

Exchange ActiveSync helps manage mobile devices

Mobile device management (MDM) can become an issue with so many tablets, smartphones, and other personal devices finding their way onto a network making it difficult to keep track and manage it all.  Office 365 provides a universal policy toolbox to handle multiple devices that are running multiple operating systems.  The use of Exchange ActiveSync (EAS)-based MDM helps to ensure devices connecting to the network resources are secure.  EAS is a standard to synchronize a combination of email, calendar, tasks, contacts, and notes from an Exchange server with a mobile device.  EAS delivers MDM through policies deployed at the time a user logs into their Office 365 account with their device.  Support may vary from one device to another so it is essential to understand which policies work best with different types of devices.  Network administrators will need to research and discover which policies to implement.  Guides are available through Microsoft to help determine which work best across mobile platforms in the online help guide for Office 365.  To find the MDM policies for enterprise versions of Office 365 sign in to the web interface as an administrator and click to Admin → Exchange → Mobile → Mobile Device Mailbox Policies, and then edit the Default or create a new policy.  A pop up window will appear with General and Security pages.  The security page has check boxes to set the policy to require a password, allow simple passwords, require certain criteria for a password, set minimum password lengths, restrict the number of allowed sign-in failures before a device is wiped, as well as require a re-sign in after a device has been idle for a certain amount of time and enforce password lifetime. EAS policies can be changed anytime, on the fly.  New requirements that come out will broadcast to a device upon the next connection and a user will be prompted to make the required change.  Enabling EAS controls and adding password policies will require a user who doesn’t have a password to add one before connecting to network resources again. EAS also allows users to sync mobile phones and wireless devices with Exchange mailboxes.  Administrators can manage which devices can be used to sync with Exchange and manage how those devices sync to control data charges and long distance usage.  This minimizes costs mobile users incur when traveling.

Wipe lost or stolen devices

Lost or stolen devices with connectivity to a network can be wiped remotely upon the next network connection attempt.  This is accomplished by signing into the Office 365 Admin Console, navigating to Microsoft Office 365: Exchange, and clicking on Manage.  In the navigation pane that appears click Users and Groups (typically already selected).  Next, click on the Mailboxes icon and a list of users will appear in the lower window.  Click on the user’s name with the lost or stolen device, click details, and scroll to the bottom of the options that appear.  Find and click Phone & Voice Features and choose Exchange ActiveSync and click Edit.  Once there select the phone or device to be wiped.  Be careful to select the correct device since make and model will appear but not number so if multiple instances of the same model exist, the correct one must be selected.  The final step is to click on the Wipe Device button, click and confirm, and the device will be wiped the next time an attempt to connect to the network is made.

Of course no solution comes without challenges and issues.  If EAS is used as the main MDM and security tool, some issues can present themselves.  One of the issues of the remote wipe out is that the device won’t get the command until the following time it syncs.  This becomes an issue when an employee quits or gets laid off and the wipe command may never be successful since the employee’s credentials will not be removed until the device is synced, leaving the employee with valid credentials after termination.  The employee will still have access to all company data but will not receive new data.  The wipe out is a great feature but still has some bugs to work out.

Overall, EAS based MDM technology provides a great way for mobile workers to sync with their company network and allow network administrators to push policies that occur when users reconnect to the network.  The universal policy simplifies the complexity of multiple devices through BYOD allowance and saves time and money and allows network administrators to free up their time for other network needs.