Mobile device management for Office 365

mdm for office 365

Microsoft is expanding its built-in mobile device management (MDM) features built for Office 365.

Small businesses tend to adopt a BYOD (bring your own device) policy to mobile devices when granting email and in-house business information to its employees. However, as this article explains, giving employees wider access to business IT networks poses serious data protection and security risks.

The new tools enable network administrators to selectively restrict senstitive business information so that in the event of, for instance, a temporary loss emails and Word docs can be wiped from a mobile device while leaving an end user’s personal data and apps in place.

Large businesses use applications like Microsoft Intune to automate deployments and management of large mobile device fleets. Office 365 includes provisions for basic device management in its business and enterprise Office 365 services. In early 2015, these tools are being expanded to include:

  • configurable security policies on devices that connect to Office 365 to ensure that Office 365 business email and documents are synchronized only on phones and tablets that are managed by your company. For instance, whereas employees could potentially connect multiple devices including home PCs to services, Office 365 administrators can manage which devices a user can authenticate.
  • configurable security policies such as device level pin lock and jailbreak detection on devices to help prevent unauthorized users from accessing corporate email and data when a device is misplaced, lost or stolen.
  • remove Office 365 corporate data from authenticated devices when an employee leaves an organization, while leaving their personal data, photos and apps intact.

MDM for Office 365 is built directly into the productivity apps like Word, Excel, Outlook, etc., and mobile device policies can be managed with MDM within the Office 365 administration portal using the Office 365 user interface and wizard-based workflows. MDM generates ueful management reports detailing information about connected devices, including automated Wi-Fi, VPN and email profiles. Intune also provides bulk tools for pre-configuring large scale application delpoyment and can provide users with a self-service portal where they can enroll their own devices and install corporate apps.

Data Loss Prevention Policies (DLP)

Exchange 2013  provides comprehensive capabilities to help organisations identify, monitor, and protect sensitive information from leaking to third parties.Microsoft provides standardised regional libraries of policies to cope with management of credit card and financial information, personal information, and a variety of other metrics to help organisations comply with data protection laws according to the countries in which users are situated.

Office 365 is the only “off the shelf” product acceptable to US Federal Government and EU Covernment purchasing departments, and Microsoft’s DLP provisioning i relied on overwhelmingly by instititions large and small to establish data protection policies with the minimum of additional cost.

In Exchange 2013 Micorosoft introduced Document Fingerprinting and Policy Tips in Outlook Web App (OWA) to enhance document control and user education. Document Fingerprinting enables you to match documents that are derived from the same template.

This can be useful for organizations that frequently use standard forms or templates, for instance a law firm that uses a standard template to draft patent applications that it files on behalf of its clients.

Policy tips are designed to notify users in your organization when they are sending sensitive information over email. Policy Tips are similar to MailTips, and you can use them in Outlook in several different ways to help users avoid sending sensitive information in email. For example, you can use Policy Tips to:

  • Inform users of the presence of sensitive information and optionally block the email from being sent.
  • Educate your users through a Notify Policy Tip when sensitive content is present in their emails.
  • Empower your users to make case by case decisions by allowing them to override the sensitive information policy—with the option of including a business justification for the override.

Office 365 delegated network administration

Delegated network administrators are certified Microsoft Cloud Partners who meet Microsoft standards for planning, deployment, and ongoing support of Microsoft Exchange, Office 365, and other Microsoft Cloud product lines. Delegated administrators are experienced engineers and consultants who are capable of managing large and small installations according to Microsoft’s benchmarks. ComStat is a Microsoft Cloud Partner and certified delegated administrator.

Delegated administrators perform tasks like liasing with Microsoft Support, setting up mailboxes, adding or removing users and groups, data migration, managing domain names and zone records, managing security policies, managing Exchange-connected mobile devices, managing transport, DLP, and other Exchange services, etc. Whereas small businesses are often faced with steep learning curves and under-utilized software, delegated administrators provide a reliable point of contact to advise business owners and implement application features that are beyond the scope of limited in-house resources.

Delegated administrators allow users to get the maximum resources from Microsoft applications.

A delegated administrator assumes the same rights as a global administrator, who is typically the owner of subscribed services. However, the owner/global administrator have the right to withdraw or reassign delegated administrator rights. Office 365 administrator rights extend to include the following privileges:

  • global administration
  • delegated administration
  • billing administration
  • password administration
  • services administration
  • user management administration
Open chat
1
Scan the code
👋Scan the QR code or click open Chat to talk to us on WhatsApp.