Back

Mobile Device Management with Office 365

In the last year Microsoft Office 365 has transformed into a solidly rooted Cloud software solution to help businesses solve common problems Busines...

5 min read
Published on Apr 11, 2014
Mobile Device Management with Office 365

In the last year Microsoft Office 365 has transformed into a solidly rooted Cloud software solution to help businesses solve common problems.  Businesses are often plagued by having to spend time and money on various software solutions for multiple devices.  In modern times where bring your own device and telecommuting seem to be the new trends, businesses need a solution to fit the needs of a mobile workforce.  With Office 365 users can save and access files and documents from the Cloud so company admins need to be able to maintain control over where the data is residing.

Exchange ActiveSync helps manage mobile devices

Mobile device management (MDM) can become an issue with so many tablets, smartphones, and other personal devices finding their way onto a network making it difficult to keep track and manage it all.  Office 365 provides a universal policy toolbox to handle multiple devices that are running multiple operating systems.  The use of Exchange ActiveSync (EAS)-based MDM helps to ensure devices connecting to the network resources are secure.  EAS is a standard to synchronize a combination of email, calendar, tasks, contacts, and notes from an Exchange server with a mobile device.  EAS delivers MDM through policies deployed at the time a user logs into their Office 365 account with their device.  Support may vary from one device to another so it is essential to understand which policies work best with different types of devices.  Network administrators will need to research and discover which policies to implement.  Guides are available through Microsoft to help determine which work best across mobile platforms in the online help guide for Office 365.  To find the MDM policies for enterprise versions of Office 365 sign in to the web interface as an administrator and click to Admin → Exchange → Mobile → Mobile Device Mailbox Policies, and then edit the Default or create a new policy.  A pop up window will appear with General and Security pages.  The security page has check boxes to set the policy to require a password, allow simple passwords, require certain criteria for a password, set minimum password lengths, restrict the number of allowed sign-in failures before a device is wiped, as well as require a re-sign in after a device has been idle for a certain amount of time and enforce password lifetime. EAS policies can be changed anytime, on the fly.  New requirements that come out will broadcast to a device upon the next connection and a user will be prompted to make the required change.  Enabling EAS controls and adding password policies will require a user who doesn’t have a password to add one before connecting to network resources again. EAS also allows users to sync mobile phones and wireless devices with Exchange mailboxes.  Administrators can manage which devices can be used to sync with Exchange and manage how those devices sync to control data charges and long distance usage.  This minimizes costs mobile users incur when traveling.

Wipe lost or stolen devices

Lost or stolen devices with connectivity to a network can be wiped remotely upon the next network connection attempt.  This is accomplished by signing into the Office 365 Admin Console, navigating to Microsoft Office 365: Exchange, and clicking on Manage.  In the navigation pane that appears click Users and Groups (typically already selected).  Next, click on the Mailboxes icon and a list of users will appear in the lower window.  Click on the user’s name with the lost or stolen device, click details, and scroll to the bottom of the options that appear.  Find and click Phone & Voice Features and choose Exchange ActiveSync and click Edit.  Once there select the phone or device to be wiped.  Be careful to select the correct device since make and model will appear but not number so if multiple instances of the same model exist, the correct one must be selected.  The final step is to click on the Wipe Device button, click and confirm, and the device will be wiped the next time an attempt to connect to the network is made.

Of course no solution comes without challenges and issues.  If EAS is used as the main MDM and security tool, some issues can present themselves.  One of the issues of the remote wipe out is that the device won’t get the command until the following time it syncs.  This becomes an issue when an employee quits or gets laid off and the wipe command may never be successful since the employee’s credentials will not be removed until the device is synced, leaving the employee with valid credentials after termination.  The employee will still have access to all company data but will not receive new data.  The wipe out is a great feature but still has some bugs to work out.

Overall, EAS based MDM technology provides a great way for mobile workers to sync with their company network and allow network administrators to push policies that occur when users reconnect to the network.  The universal policy simplifies the complexity of multiple devices through BYOD allowance and saves time and money and allows network administrators to free up their time for other network needs.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

Implementing Cybersecurity Policies for CMMC Compliance and Managing CUI

CMMC compliance requires well-documented cybersecurity policies. Learn how to implement security controls, create an SSP and POA&M, and manage Controlled Unclassified Information (CUI).

Apr 25, 2025
7 min read
CMMC compliance for DoD contractors

CMMC Compliance Requirements for DoD Contractors and Subcontractors in the Defense Industry

CMMC compliance is mandatory for DoD contractors and subcontractors. Learn about certification levels, requirements, and the consequences of failing to meet compliance.

Apr 24, 2025
6 min read
How to prepare for a CMMC compliance audit

CMMC Compliance Audit Preparation: A Complete Checklist for Small Businesses

Preparing for a CMMC compliance audit is critical for DoD contractors. Use this checklist to perform a gap analysis, assess CMMC readiness, and prepare for a Level 2 assessment.

Apr 23, 2025
8 min read
FAR CUI vs CMMC Understanding

FAR CUI vs CMMC Understanding the Differences and Overlaps

FAR CUI and CMMC both focus on protecting sensitive federal data, but they have key differences. Learn how they work together and whether FAR CUI compliance aligns with CMMC.

Apr 15, 2025
10 min read
What Is a POAM?

What Is a POAM?

Learn how a Plan of Action and Milestones (POAM) helps meet NIST 800-171 & DFARS compliance. Understand its role in FedRAMP, security categorization, and risk mitigation.

Apr 8, 2025
8 min read
Best Cybersecurity Practices for Achieving CMMC Compliance

Best Cybersecurity Practices for Achieving CMMC Compliance

Achieving CMMC cybersecurity compliance requires strong security controls. Learn best practices for securing your IT environment, protecting CUI, and implementing MFA.

Apr 7, 2025
6 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation