Home»Microsoft 365»How Secure is Microsoft Office 365 Mobile Device Management?

How Secure is Microsoft Office 365 Mobile Device Management?

Businesses actively use Microsoft Office 365 mobile device management for their employees. In this article, we provide its overview and assess its security.

What is Mobile Device Management?

The extensive use of mobile devices in daily business operations has created a new gateway for cybercrimes. The opportunities to damage business are numerous from obtaining employees’ credentials to stealing (and selling) sensitive information to corrupting data and ransom requests.

The entry points for criminals include unsafe internet connections, applications (including those sold on seemingly safe marketplaces), emails, SMS with unsafe links, etc.

The size and the very nature of a touchscreen increase the chances of clicking the wrong link by mistake. The unintended unblocking of the phone (e.g., while carrying it in a pocket) can also wreak havoc.

Finally, because we carry mobile devices all the time, there’s always a risk of leaving them behind somewhere. As a result, a phone can get into the wrong hands with all the sensitive data on it.

Mobile Device Management (MDM for short) is a tool that enables businesses (i.e., IT Admins) to successfully control smartphones and tablets and prevent the security breaches listed above.

Microsoft MDM Solutions

Microsoft has created multiple tools that help businesses build a safe digital environment for essential business processes, such as communication, collaboration on content, project management, etc.

There are two solutions that provide mobile device management for Office 365:

  • Basic Mobility & Security
  • Microsoft Intune

The former is the built-in functionality of most plans except for Microsoft Intune, Enterprise Mobility & Security E3, and E5. It includes fewer features and applies to fewer devices compared to Intune. The latter has more capabilities, however, it only comes with certain plans like Microsoft Business Premium, Enterprise E3, and E5, etc.

To start using this feature, a super administrator should enable MDM Office 365 on the Setup page. Keep in mind though that it usually takes a few hours to complete. Afterward, you can add mobile devices and policies in the Admin Center.

Once you’ve set up mobile device management for Office 365, you need to make sure that every person in your company adds their smartphone, tablet, or Windows 10 PC to the system. 

Luckily, the system enables you to remind the users to do so and notify you of non-compliance. Otherwise, you can restrict access to those who have failed to abide by the rules. 

The functionality of Basic Mobility & Security

In this article, we’ll take a short overview of Microsoft Office 365 mobile device management, including Basic Mobility & Security and Intune mobile device management. Please keep in mind that not all the functions work on every declared device.

  1. Device compatibility

iOS 11.0 and later versions; Windows 8.1 & 8.1 RT, 10 and 10 Mobile, Android 5.0 and later versions

  • Apps

Exchange, OneDrive for Business, Office 

  • Policies
  1. Enforce encryption on devices
  2. Prevent jailbreak and rooting
  3. Wipe the corporate data from a mobile remotely
  4. Configures password requirements
  5. Disable manually created email profile on a device
  6. Control cloud, app, system, and some other settings as well as the configurations of device capabilities
  • Remote control of Windows 10 devices

You can add devices with installed Windows 10 to your system.

The functionality of Microsoft Intune

You can think of Intune as an “upgrade” of Basic Mobility and Security. It has all the features of the latter. And in addition to that, Intune MDM works on more devices and provides bigger functionality.

Check out some of the features that are unique to Intune

Microsoft Office 365 Mobile Device ManagementScreenshot from Microsoft Support Center

Microsoft Office 365 MDM
Data from Microsoft Support Center

How Secure is Mobile Device Management for Microsoft?

Admins who consider O365 MDM would naturally want to know if it provides the declared level of security to your business digital environment. This issue is especially topical in 2020 now that remote work is on the rise.

Let’s take a quick look at this year’s findings on this topic:

  1. As of March 2020, 88% of organizations enforced remote work (Gartner).
  2. As of May 2020, 75% of employees would welcome WFH from time to time and 54% would be glad if they could do it 100% full-time (IBM)
  3. Interestingly, as of July 2020, 82% of employers were going to let their employees work remotely for a certain period of time after COVID-19 (Gartner). 
  4. This is supported by the study by McKinsey claiming that 34% of IT execs would let 10% of their employees work remotely for at least 2 days a week after the pandemic.

McKinsey named security one of the key challenges of remote work.

remote work

What are those technology-related security threats? According to IBM research, about 80% of people who shifted to the WFH model have no experience in remote working. Another research on the company has even more troubling findings:

Microsoft Office 365 Mobile Device Management

To sum up, around 22% of respondents use tablets and mobile phones for work. These are connected to the home Internet network. However, policies around mobile device management remain unclear to more than half of the employees. Furthermore, 53% use personal devices in their work too. Meanwhile, employers don’t administer personal devices that belong to 53% of respondents. Finally, 45% never received special training on-device protection.

Now, add to that the hardships of forced work from home most of us have already experienced this year. We weren’t prepared for that despite the fact that the world was slowly shifting to a remote model and many propagators claimed the rise in productivity (up to 41% to be exact). See Unilever and Stanford economist Nicholas Bloom’s report.

In opposition to these findings, 55% of remote workers experienced a loss of productivity and engagement during the COVID-19 lockdown according to S&P Global Market Intelligence. Vox has a well-written long-read explaining why it’s so hard to focus at home.

Finally, in July 2020, 53% of US citizens felt that the pandemic was taking a toll on their mental health according to KFF.

Let’s sum up the above. We have a workforce locked in their homes often with kids and pets. For most of them, it’s their first remote work experience. As the crisis revolves around them, they experience fear and anxiety wishing to get distracted from it.

At the same time, they often lack clear cybersecurity guidelines and struggle to ensure the safety of their work.

Under such circumstances, social engineering turned out to be the most successful strategy for cybercriminals. Recently Security Boulevard published their top 5 cyberattacks 2020. Four of them were ransomware, and one used spoofing technology, which is again human cheating rather than a computer.

Protect your corporate data, get Office 365 backup solutions.

Sergiy Sergiy Balynsky VP of Engineering
About Author

Sergiy Balynsky is the VP of Engineering at Spin.AI, responsible for guiding the company's technological vision and overseeing engineering teams.

He played a key role in launching a modern, scalable platform that has become the market leader, serving millions of users.

Before joining Spin.AI, Sergiy contributed to AI/ML projects, fintech startups, and banking domains, where he successfully managed teams of over 100 engineers and analysts. With 15 years of experience in building world-class engineering teams and developing innovative cloud products, Sergiy holds a Master's degree in Computer Science.

His primary focus lies in team management, cybersecurity, AI/ML, and the development and scaling of innovative cloud products.

Frequently Asked Questions

Ho do I turn off mobile device management in Microsoft 365?

To turn off Basic Mobility and Security, you can either (1) remove groups of people (devices) defined by security groups from the device management policies, or (2) remove the policies themselves.

1. To remove user security groups type https://compliance.microsoft.com/basicmobilityandsecurity in your browser > select a device policy, and select Edit policy > on the Deployment page, select Remove >  under Groups, select a security group > select Remove, then Save.

2. To remove Basic Mobility and Security device policies type https://compliance.microsoft.com/basicmobilityandsecurity in your browser > select a device policy, and then select Delete policy > select Yes in the Warning dialog box.

How to remove my device from Microsoft Intune?

Do the following steps to remove your devices from Microsoft intune:

For Windows 10/11, open the Settings app > go to Accounts > Access work or school > Select the account > select Disconnect, then Yes.

For Windows 8.1 PC go to PC Settings > Network > Workplace > Under Workplace Join, select Leave > select Turn off > conform the turn off on the popup window.

Does Microsoft 365 have mobile device management?

Yes, Microsoft 365 offers two mobile device management solutions – Microsoft Intune and Microsoft Basic Mobility & Security. Microsoft Intune is a standalone product included with certain Microsoft 365 plans, while Microsoft Basic Mobility & Security is part of the Microsoft 365 plans.