Technically I should have included this in the last post, because this is being delivered to Office 365 users, but the reason why I have separated it out is because recently the Microsoft Intune team have assumed responsibility for delivering MDM capabilities to Office 365 users, without an Intune license being required. It’s important to note that Office 365 only offers a subset of what Intune provides, but for those with basic requirements it’s a great place to start before investing what Intune delivers over and above the basics.
In order to start working with the MDM capabilities, we need to have some mobile devices added, so here I’ve got iOS, Android, Windows Phone and Windows 8.1 clients leveraging the service. Yes, this is definitely not a Windows only experience, I had to resist the temptation to add my Surface 2 into the mix as well, as that is another mobile platform.
I’ve just gone into the properties for each of the devices so you can see what is exposed, which varies from device to device, but as you can see it does give you some useful information.
We can easily apply some basic settings for password complexity, automatic wipe and timeouts.
Advanced settings gives us more complexity in our policy, including the option to require encryption if the device supports it.
The access rules allow us to block certain device types. You may choose to do this when the devices that some users want to use don’t support the right security capabilities.
Here you can see the generic device families that can be blocked, pulled from the list that are currently accessing the service.
But this is where you get more granularity. You may use the model information to block device types that don’t support the latest version of the mobile OS, an example of this could be removing older iPhone and iPod Touch models because they can’t run recent versions of iOS, and therefore lack the security enhancements that have been made over the years.
We can also launch remote wipes, so that if a user misplaces their device, it will be wiped the next time it tries to synchronise. Obviously not a choice to make lightly, but it’s a good option to have.
And finally we could just choose to block a specific device, rather than all of the devices that are similar.
This is really just the tip of the iceberg in terms of Microsoft Intune can deliver as a Mobile Device Management solution, and it’s had some major updates over the last few months which will be the topic of some of the upcoming posts I make.