Microsoft Office 365 MDM: Hits And Misses
Microsoft is offering free mobile device management (MDM) features for all commercial users of its Office 365 cloud-based services. Here we break down what it can and can't do for your organization.
![](https://eu-images.contentstack.com/v3/assets/blt69509c9116440be8/blt84374c10973fc260/64cb58145a2f173ca49f2eed/PPT365.jpg?width=700&auto=webp&quality=80&disable=upscale)
Are the new mobile device management (MDM) features included free with Microsoft's cloud-based Office 365 sufficient enough for your organization? The answer depends on the number and variety of mobile devices you need to manage, the size of your organization, and the primary applications you're running.
Microsoft announced last month that all Office 365 commercial plans, including Enterprise, Business, Education, and Government, will get built-in MDM features. This is a potential game-changer for Microsoft, because it could provide a smooth transition for customers to step up to buy its cloud-based Intune MDM offerings, eventually.
In addition, there is a wide range of third-party MDM solutions available, some of which have been on the market for nearly a decade. There are also several decent "freemium" MDM options available that may be especially attractive to small and medium-sized businesses and emerging enterprises. For example, wireless network provider Meraki offers a feature-rich cloud-based MDM solution for free, provided you are using Meraki wireless access points for your network.
However, some IT organizations may find that the free Office 365 MDM features are exactly what they need.
On the following pages, we'll explore the primary features that are included in the free version of the Office 365 MDM solution -- and discuss which features it's missing. From there, you should have a clear picture of whether or not the new freemium MDM service is right for your organization.
After you read through the following pages, tell us whether you think that Microsoft's two-tier MDM strategy -- giving you a free sample in hopes of upselling you to the Intune MDM -- will be a big hit. Or are the Office 365 MDM features missing so many key elements that SMBs and emerging companies will have look elsewhere. We want to hear all about it in the comments section below.
Technically speaking, there is MDM support for Windows 8.1 and Windows 8.1 RT within Office 365, but that support is limited only to Exchange ActiveSync services. Other than that, there is no MDM support in Office 365 for any Windows desktop, notebook, or server operating systems, or for any Mac OS or Linux devices.
Office 365 content, such as email or documents, can only be accessed and synchronized by authorized devices that are approved by the company. That gives IT administrators a substantial level of control over which devices can access Outlook, Word, Excel, PowerPoint, OneNote, and OneDrive content via Office 365.
While the Office 365 MDM features can curb access to that service's cloud content, it can't stop the issue of data moving between apps. If users have access to Office 365 on an approved device, there's nothing to stop them from freely copying and saving data or files and moving them in and out of other apps.
If desired, access to Office 365 can be set to require users to provide an in-app passcode for authentication. This passcode can be enforced regardless of end-user preference.
Those hoping to use Office 365 MDM features to push certificates or corporate applications out to registered devices will be disappointed. The free version has neither of these features. If you have a large number of devices to manage, you will sorely miss these tools.
Users jailbreaking or rooting a device can create major security holes for an organization. The likelihood of the device being compromised increases dramatically. Because of this, Microsoft has included jailbreak detection to identify and then block access to Office 365 content until the device can be restored to its factory OS.
Being able to control corporate WiFi and VPN profiles can be a huge time saver for many IT departments. Making changes or updates to profiles becomes easy if they can be pushed out to client endpoints that store the profiles locally. Unfortunately, Microsoft's free solution offers none of these capabilities.
One policy issue that companies and employees grapple with in regards to MDM is how to handle remotely wiping a device if it is lost or stolen. Many MDM services offer the ability to wipe the entire phone and all of its contents, which is an issue for employees who stand to lose personal data, such as family photos, in the process. Microsoft's Office 365 MDM compartmentalizes the data wipe to only Office 365 cloud data such as email, documents, and OneDrive files.
If your organization is small enough, or if you have enough tech-savvy users, than you probably can get by with manually enrolling devices onto the Office 365 MDM solution. If not, then you should allocate a significant number of hours for enrolling each device, since no bulk enrollment tool is provided.
In the end, the usefulness of Microsoft's freemium boils down to how you're using the Office 365 suite in your organization. If all your email and your data reside within the Office 365 cloud, than it's definitely worth a look. But if you have several different BYOD repositories that house critical data, then you might want to explore other free or paid options with more robust features.
-
About the Author(s)
You May Also Like