Back

Mobile Device Management with Office 365

In the last year Microsoft Office 365 has transformed into a solidly rooted Cloud software solution to help businesses solve common problems Busines...

5 min read
Published on Apr 11, 2014
Mobile Device Management with Office 365

In the last year Microsoft Office 365 has transformed into a solidly rooted Cloud software solution to help businesses solve common problems.  Businesses are often plagued by having to spend time and money on various software solutions for multiple devices.  In modern times where bring your own device and telecommuting seem to be the new trends, businesses need a solution to fit the needs of a mobile workforce.  With Office 365 users can save and access files and documents from the Cloud so company admins need to be able to maintain control over where the data is residing.

Exchange ActiveSync helps manage mobile devices

Mobile device management (MDM) can become an issue with so many tablets, smartphones, and other personal devices finding their way onto a network making it difficult to keep track and manage it all.  Office 365 provides a universal policy toolbox to handle multiple devices that are running multiple operating systems.  The use of Exchange ActiveSync (EAS)-based MDM helps to ensure devices connecting to the network resources are secure.  EAS is a standard to synchronize a combination of email, calendar, tasks, contacts, and notes from an Exchange server with a mobile device.  EAS delivers MDM through policies deployed at the time a user logs into their Office 365 account with their device.  Support may vary from one device to another so it is essential to understand which policies work best with different types of devices.  Network administrators will need to research and discover which policies to implement.  Guides are available through Microsoft to help determine which work best across mobile platforms in the online help guide for Office 365.  To find the MDM policies for enterprise versions of Office 365 sign in to the web interface as an administrator and click to Admin → Exchange → Mobile → Mobile Device Mailbox Policies, and then edit the Default or create a new policy.  A pop up window will appear with General and Security pages.  The security page has check boxes to set the policy to require a password, allow simple passwords, require certain criteria for a password, set minimum password lengths, restrict the number of allowed sign-in failures before a device is wiped, as well as require a re-sign in after a device has been idle for a certain amount of time and enforce password lifetime. EAS policies can be changed anytime, on the fly.  New requirements that come out will broadcast to a device upon the next connection and a user will be prompted to make the required change.  Enabling EAS controls and adding password policies will require a user who doesn’t have a password to add one before connecting to network resources again. EAS also allows users to sync mobile phones and wireless devices with Exchange mailboxes.  Administrators can manage which devices can be used to sync with Exchange and manage how those devices sync to control data charges and long distance usage.  This minimizes costs mobile users incur when traveling.

Wipe lost or stolen devices

Lost or stolen devices with connectivity to a network can be wiped remotely upon the next network connection attempt.  This is accomplished by signing into the Office 365 Admin Console, navigating to Microsoft Office 365: Exchange, and clicking on Manage.  In the navigation pane that appears click Users and Groups (typically already selected).  Next, click on the Mailboxes icon and a list of users will appear in the lower window.  Click on the user’s name with the lost or stolen device, click details, and scroll to the bottom of the options that appear.  Find and click Phone & Voice Features and choose Exchange ActiveSync and click Edit.  Once there select the phone or device to be wiped.  Be careful to select the correct device since make and model will appear but not number so if multiple instances of the same model exist, the correct one must be selected.  The final step is to click on the Wipe Device button, click and confirm, and the device will be wiped the next time an attempt to connect to the network is made.

Of course no solution comes without challenges and issues.  If EAS is used as the main MDM and security tool, some issues can present themselves.  One of the issues of the remote wipe out is that the device won’t get the command until the following time it syncs.  This becomes an issue when an employee quits or gets laid off and the wipe command may never be successful since the employee’s credentials will not be removed until the device is synced, leaving the employee with valid credentials after termination.  The employee will still have access to all company data but will not receive new data.  The wipe out is a great feature but still has some bugs to work out.

Overall, EAS based MDM technology provides a great way for mobile workers to sync with their company network and allow network administrators to push policies that occur when users reconnect to the network.  The universal policy simplifies the complexity of multiple devices through BYOD allowance and saves time and money and allows network administrators to free up their time for other network needs.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Understanding the GCC High Validation Process

Understanding the GCC High Validation Process

Learn how Microsoft validates organizations for GCC High, including eligibility requirements, documentation, and approval timelines for secure cloud access.

Sep 3, 2025
8 min read
Azure Backup Features and Advantages | Data Protection Guide

Understanding Azure Backup: Features and Advantage

Explore the key features and benefits of Azure Backup, including secure cloud-based recovery, policy automation, and compliance-friendly storage.

Sep 2, 2025
6 min read
How to Obtain GCC High Licenses for Your Organization

How to Obtain GCC High Licenses for Your Organization

Learn how to obtain GCC High licenses for your organization. Understand eligibility, required documentation, and Microsoft’s validation process for secure government cloud use.

Sep 1, 2025
7 min read
Top CMMC Assessment Checklist Resources

Top 7 CMMC Assessment Checklist Resources

Explore the top CMMC assessment checklist resources to prepare for compliance. Learn what tools, templates, and guides can streamline your certification journey.

Aug 28, 2025
6 min read
Cloud Backup Solutions for Microsoft 365 | Benefits & Protection

Benefits of Implementing Cloud Backup Solutions for Microsoft 365

Learn the key benefits of cloud backup for Microsoft 365, including enhanced data protection, compliance support, and recovery from cyber threats.

Aug 27, 2025
6 min read
CMMC Level 3 Security Controls: Understanding NIST 800-172

Understanding NIST 800-172 Enhanced Security Controls for CMMC Level 3

Learn how NIST 800-172 enhances CMMC Level 3 compliance with advanced security controls for protecting CUI against sophisticated cyber threats.

Aug 27, 2025
7 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation