You can use MDM for Office 365 to secure and manage the following types of devices.
- Windows Phone 8.1
- iOS 6 or later versions
- Android 4 or later versions
- Windows 8.1
- Windows 8.1 RT
* MDM don’t support any version of Blackberry device
Access Control for Office 365 mail and documents:
The supported apps for the different types of mobile devices in the following table will prompt users to enroll in MDM for Office 365 where there is a new mobile device management policy that applies to a user’s device and the user hasn’t previously enrolled the device. If a user’s device doesn’t comply with a policy, depending on how you set the policy up, a user might be blocked from accessing Office 365 resources in these apps, or they might have access but Office 365 will report a policy violation
Apps on devices | Windows Phone 8.1 | iOS 6+ | Android 4+ |
---|---|---|---|
Exchange ActiveSync | ✔ | ✔ | ✔ |
OneDrive for Business | ✖ | ✔ | ✔ |
Office Mobile | ✖ | ✔ | ✔ On phones |
The following diagram shows what happens when a user with a new device signs in to an app that supports access control with MDM for Office 365. The user is blocked from accessing Office 365 resources in the app until they enroll their device.
Policy Setting for Mobile Devices:
the following diagram shows what happens when a user with an enrolled device isn’t compliant with a security setting in a mobile device management policy that applies to their device. The user signs in to an app that supports access control with MDM for Office 365. They are blocked from accessing Office 365 resources in the app until their device complies with the security setting.
The following sections list the policy settings you can use to help secure and manage mobile devices that connect to your organization’s Office 365 resources
1- Security Settings:
Setting name | Windows Phone 8.1 | iOS 6+ | Android 4+ |
---|---|---|---|
Require a password | ✔ | ✔ | ✔ |
Prevent simple password | ✔ | ✔ | ✖ |
Require an alphanumeric password | ✔ | ✔ | ✖ |
Minimum password length | ✔ | ✔ | ✔ |
Number of sign-in failures before device is wiped | ✔ | ✔ | ✔ |
Minutes of inactivity before device is locked | ✔ | ✔ | ✔ |
Password expiration (days) | ✔ | ✔ | ✔ |
Remember password history and prevent reuse | ✔ | ✔ | ✔ |
2- Encryption Settings:
Setting name | Windows Phone 8.1 | iOS 6+ | Android 4+ |
---|---|---|---|
Require data encryption on devices | Windows Phone 8.1 is already encrypted and cannot be unencrypted | ✖ | ✔ |
3- Jail Broken settings:
Setting name | Windows Phone 8.1 | iOS 6+ | Android 4+ |
---|---|---|---|
Device cannot be jail broken or rooted | ✖ | ✔ | ✔ |
4- Manage email profile :
Setting name | Windows Phone 8.1 | iOS 6+ | Android 4+ |
---|---|---|---|
Email profile is managed | ✔ | ✔ | ✔ |
5- Cloud Settings:
Setting name | Windows Phone 8.1 | iOS 6+ | Android 4+ |
---|---|---|---|
Require encrypted backup | ✖ | ✔ | ✖ |
Block cloud backup | ✖ | ✔ | ✖ |
Block document synchronization | ✖ | ✔ | ✖ |
Block photo synchronization | ✖ | ✔ | ✖ |
6- System Settings:
Setting name | Windows Phone 8.1 | iOS 6+ | Android 4+ |
---|---|---|---|
Block screen capture | ✔ | ✔ | ✖ |
Block sending diagnostic data from device | ✔ | ✔ | ✖ |
7- Application Settings:
Setting name | Windows Phone 8.1 | iOS 6+ | Android 4+ |
---|---|---|---|
Block video conferences on device | ✖ | ✔ | ✖ |
Block access to application store | ✔ | ✔ | ✖ |
Require password when accessing application store | ✖ | ✔ | ✖ |
8- Device Settings:
Setting name | Windows Phone 8.1 | iOS 6+ | Android 4+ |
---|---|---|---|
Block connection with removable storage | ✔ | ✖ | ✖ |
Block Bluetooth connection | ✔ | ✖ | ✖ |
9- Additional Settings:
Setting name | Windows Phone 8.1 | iOS 6+ | Android 4+ |
---|---|---|---|
CameraEnabled | ✔ | ✔ | ✔ |
RegionRatings | ✖ | ✔ | ✖ |
MoviesRatings | ✖ | ✔ | ✖ |
TVShowsRating | ✖ | ✔ | ✖ |
AppsRatings | ✖ | ✔ | ✖ |
AllowVoiceDialing | ✖ | ✔ | ✖ |
AllowVoiceAssistant | ✖ | ✔ | ✖ |
AllowAssistantWhileLocked | ✖ | ✔ | ✖ |
AllowPassbookWhileLocked | ✖ | ✔ | ✖ |
MaxPasswordGracePeriod | ✖ | ✔ | ✖ |
PasswordQuality | ✖ | ✖ | ✔ |
SystemSecurityTLS | ✖ | ✔ | ✖ |
WLANEnabled | ✔ | ✖ | ✖ |
10- Settings supported by windows 8.1 and windows 8.1 RT:
The following settings are supported for Windows 8.1 devices that are enrolled as mobile devices. These setting won’t block users from accessing Office 365 resources.
Security settings
- Require an alphanumeric password
- Minimum password length
- Number of sign-in failures before device is wiped
- Minutes of inactivity before device is locked
- Password expiration (days)
- Remember password history and prevent reuse
System settings
Block sending diagnostic data from device
Additional settings
You can set the following additional policy settings by using PowerShell cmdlets:
- AllowConvenienceLogon
- UserAccountControlStatus
- FirewallStatus
- AutoUpdateStatus
- AntiVirusStatus
- AntiVirusSignatureStatus
- SmartScreenEnabled
- WorkFoldersSyncUrl
Source and copied from : Office 365 Technet