Forum Discussion

cbraafhart's avatar
cbraafhart
Brass Contributor
Feb 08, 2020
Solved

MDM License requirements.

Dear Community,   I have been tasked with researching MDM deployment and enrollment.   Our current situation: We currently have a hybrid environment synchronizing with AAD but have O365 for our ...
Licenses
microsoft intune
office 365
  • Cian Allner's avatar
    Cian Allner
    Feb 08, 2020

    cbraafhart Hi, there are various options, the first to check out is the following:

     

    https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android#leveraging-mobile-device-management-for-office-365

     

    Note the limitations mentioned but however this is available with Office 365 Business Essentials license at no extra cost:

     

    "Because this is a device management solution, there is no native capability to control which apps can be used even after a device is enrolled. If you want to limit access to Outlook for iOS and Android, you will need to obtain Azure Active Directory Premium licenses and leverage the conditional access policies."

     

    Microsoft 365 Business (at extra expense) would be the best option which includes Microsoft Intune and Azure AD Premium (which can be also bought separately as an add-on), this opens up much more control:

     

    https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android#block-all-email-apps-except-outlook-for-ios-and-android-using-conditional-access

     

    You can also Intune app protection policies for additional security too, including for personal devices that aren't enrolled:

     

    http:// https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android#protect-corporate-data-in-outlook-for-ios-and-android-using-intune-app-protection-policies

     

    Selective app-based wipe is also available as outlined https://docs.microsoft.com/en-us/intune/apps/apps-selective-wipe. 

     

    This can also similarly be applied not only to email but SharePoint, OneDrive, Teams etc.  If you are new to Conditional Access this is a https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview!

Cian Allner's avatar
Cian Allner
Silver Contributor
Feb 08, 2020

cbraafhart Hi, there are various options, the first to check out is the following:

 

https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android#leveraging-mobile-device-management-for-office-365

 

Note the limitations mentioned but however this is available with Office 365 Business Essentials license at no extra cost:

 

"Because this is a device management solution, there is no native capability to control which apps can be used even after a device is enrolled. If you want to limit access to Outlook for iOS and Android, you will need to obtain Azure Active Directory Premium licenses and leverage the conditional access policies."

 

Microsoft 365 Business (at extra expense) would be the best option which includes Microsoft Intune and Azure AD Premium (which can be also bought separately as an add-on), this opens up much more control:

 

https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android#block-all-email-apps-except-outlook-for-ios-and-android-using-conditional-access

 

You can also Intune app protection policies for additional security too, including for personal devices that aren't enrolled:

 

http:// https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android#protect-corporate-data-in-outlook-for-ios-and-android-using-intune-app-protection-policies

 

Selective app-based wipe is also available as outlined https://docs.microsoft.com/en-us/intune/apps/apps-selective-wipe. 

 

This can also similarly be applied not only to email but SharePoint, OneDrive, Teams etc.  If you are new to Conditional Access this is a https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview!

  • David Johnson's avatar
    David Johnson
    Copper Contributor
    Apr 01, 2022

    Cian Allner  the proper link is https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android#protect-corporate-data-in-outlook-for-ios-and-android-using-intune-app-protection-policies 

  • cbraafhart's avatar
    cbraafhart
    Brass Contributor
    Feb 08, 2020
    @CianAllner

    I have read the supplied links. What i would like to achieve is not possible with just Mobile device Management for Office 365. It will give me the opportunity to set policies and secure wipe the phones but i can't control which app they use to synchronise their email. I have to set up a test pilot and try to configure mdm for O365 using specific policies to achieve the minimum i would to achieve. But your information was very helpfull. But for now i know enough.
    • DanielNguyen's avatar
      DanielNguyen
      Copper Contributor
      Jun 08, 2020

      Hi cbraafhart 

       

      We have a mix of M365 Business licensing (Basic and Standard). Do you mind advising me that MDM for M365 is available for Basic licenses (I believed its previous name is O365 Business Essentials).

       

      Thanks,

Resources