Posted on: September 22, 2017

The Bring Your Own Device (BYOD) concept has become a norm throughout corporate America. Allowing each of your team to conduct business from his or her own mobile device is extremely cost-effective and convenient, but it can also present its own unique set of security challenges. Fortunately, Mobile Device Management for Office 365 makes it possible for you to establish rock-solid security policies that will protect your enterprise’s information located on 365 from any unauthorized access. Here’s how:

First Things First

Before you can begin to create and deploy a mobile security plan, you’ll need to make sure that you have the right permissions. Only an Office 365 global admin can go through the process. Secondly, you need to double check that you’ve already activated and set up Mobile Device Management for Office 365. Next, spend a bit of time to educate yourself on the various devices, device apps, and security settings that Mobile Device Management supports. From here, you can create security groups or clearance levels in the event that there may be specific people within your organization that you wish to exclude from being blocked certain accesses within Office 365. Finally, be sure to inform your team about the policy that you plan to implement, as well as the effect that this new policy may have on enrolling a device.

Create and Test a Security Policy

Within Office 365, you can create a security policy by visiting the Security & Compliance Center > Security Policies > Device Security Policies. From here, you can add a new security protocol, name it, and create a description for it alongside the specific requirements and restrictions. Once you are satisfied with the policy, you can apply it to one or more of your security groups. We recommend first implementing security policies on a test group so that you can verify that your policy works exactly as expected prior to deploying it to your organization as a whole.

Organization-Wide Deployment

After you’ve confirmed that your newly created mobile device security policy works as planned, you’re ready for large-scale deployment. This is done by applying policy deployment to one or more security groups throughout your organization. Once the policy has been deployed, each affected user will have the policy applied to his or her device the next time they sign into 365 via their mobile device.

Block Exchange ActiveSync Email

Allowing access of the Exchange ActiveSync app to Office 365 email can create security problems between mobile devices that are and are not supported by Mobile Device Management for Office 365. To prevent potential hiccups and security breaches, it’s smart to go into the Security & Complicates Center, select Devices, followed by Manage Device Access Settings, and select Block.

Make Exceptions, Where Desired

If there are some people (i.e., owners and VIPs) you would like to exclude from conditional access checks and you have already created special security groups for these individuals, you can make exceptions to your policies. This means that these individuals will not be blocked from access to Office 365, even when they are trying to access Office 365 email from an unsupported device.

Final Thoughts

It’s important to be aware that your security policies can have a different impact on each device, depending on the device type. It’s in your best interest to make your employees aware of the importance of implementing security measures so that they are more cooperative and flexible, even as they encounter these potential impacts on daily usage.

Do you need some professional help as you create and deploy a mobile device management security policy for Office 365 within your organization? The team at Uncommon Solutions is ready to assist. Give us a call to get started today.