Feb 08 2020 05:01 AM
Feb 08 2020 05:01 AM
I have been tasked with researching MDM deployment and enrollment.
Our current situation:
We currently have a hybrid environment synchronizing with AAD but have O365 for our mail exchange.
We only have Office 365 Business Essentials licenses and we would like to deploy MDM.
Where we want to go:
We would like to manage what applications can be used to synchronize company mail for example Company Portal. i preferably would like this to be enforce so the native mail applications are not able to be configured to synchronize mail. that said, if users don't enroll using the company portal app, configuring their email address is not possible. I would like to remotely wipe, at least mail access and content by the administration portal. If remotely wiping a device is also possible its a plus.
I don't know if this is feature based or License based. i know that the company portal application is related to intune, but upon login in to azure AD portal i see that i need a premium subscription to use intune. But is this also necesary to deploy specific policies and enforcing what i would like to achieve?
I will kindly wait for feedback and replies.
Feb 08 2020 05:48 AMSolution
@cbraafhart Hi, there are various options, the first to check out is the following:
Note the limitations mentioned but however this is available with Office 365 Business Essentials license at no extra cost:
"Because this is a device management solution, there is no native capability to control which apps can be used even after a device is enrolled. If you want to limit access to Outlook for iOS and Android, you will need to obtain Azure Active Directory Premium licenses and leverage the conditional access policies."
Microsoft 365 Business (at extra expense) would be the best option which includes Microsoft Intune and Azure AD Premium (which can be also bought separately as an add-on), this opens up much more control:
You can also Intune app protection policies for additional security too, including for personal devices that aren't enrolled:
Selective app-based wipe is also available as outlined here.
This can also similarly be applied not only to email but SharePoint, OneDrive, Teams etc. If you are new to Conditional Access this is a good place to start!
Feb 08 2020 02:15 PM