shutterstock_184473665.jpg

Summit 7 Team Blogs

Office 365 Mobile Device Management Policies

With many companies embracing bring-your-own-device (BYOD) in the workplace, owners and CEOs need a way to ensure that their company's data is protected. Mobile Device Management (MDM) within Office 365 provides these companies several security policies for mobile devices accessing their data. Even if the company provides a company phone, Office 365 MDM can provide the mobile device management that the company desires.

I have spent some time researching the policies that are available within Office 365 MDM. Many sites provide the available policies, but none really explain what the policy does/enforces. Therefore, I have created the table below, which lists the available policies within MDM, as well as a short description and the supported devices. You can download a PDF version of the table by clicking the link here. Please note, the "Additional PowerShell Policies" require the use of the Get-DevicePolicy PowerShell cmdlets.

 

Type of Policy Setting Name Description

Windows Phone 8.1

iOS 7.1+

Android 4+

Security Settings Require a password Require users to set a password on the device.

Security Settings Prevent simple password Disable users from using simple numeric passwords. A simple numeric password is defined as any PIN or password in which the offset between each character is uniform (i.e. 1111 or 1234).

X

Security Settings Require an alphanumeric password Require users to set a password using alphanumeric characters.

X

Security Settings Minimum password length Sets the minimum length a password must be.

Security Settings Number of sign-in failures before device is wiped Sets the number of incorrect password attempts to accept before the device wipes its data.

Security Settings Minutes of inactivity before device is locked Sets how long a device can be inactive before the device becomes locked.

Security Settings Password expiration (days) Sets how long before a password expires and the user must create a new one.

Security Settings Remember password history and prevent reuse Prevents users from reusing their previous password(s).

Encryption Settings Require data encryption on devices Requires the device data to be encrypted.

Windows Phone 8.1 comes encrypted and cannot be unencrypted

Jail broken Settings Device cannot be jail broken or rooted Require that the device is not jail broken or rooted. This is always enabled.

X

X

Managed Email Profile Settings Email profile is managed Prevents users from accessing their Office 365 email if they are using a manually created email profile.

X

X

Cloud Settings Require encrypted backup Requires the phone to perform an encrypted backup.

X

X

Cloud Settings Block cloud backup Prevents users from backing up data to a cloud service.

X

X

Cloud Settings Block document synchronization Prevents users from syncing documents.

X

X

Cloud Settings Block photo synchronization Prevents users from syncing photos.

X

X

System Settings Block screen capture Prevents users from taking screen captures (screenshots) on the device.

(Samsung Knox only)
System Settings Block sending diagnostic data from device Prevents the device can send diagnostic data.

X

Application Settings Block video conferences on device Prevents users from performing video conferences on the device.

X

X

Application Settings Block access to application store Prevents users from accessing the device's application store.

X

Application Settings Require password when accessing application store Requires a password/pin in order to access the application store.

X

X

Device Capability Settings Block connection with removable storage Prevents the use of removable storage on the device.

X

X

Device Capability Settings Block Bluetooth connection Prevents the use of Bluetooth on the device.

X

X

Additional PowerShell Policies CameraEnabled Prevents users from using the camera on the device.

Additional PowerShell Policies RegionRatings Sets the region (or country) to use for the ratings on the device.

X

X

Additional PowerShell Policies MoviesRatings Sets the max age rating of a Movies that will be permitted for download.

X

X

Additional PowerShell Policies TVShowsRating Sets the max age rating of a TV Shows that will be permitted for download.

X

X

Additional PowerShell Policies AppsRatings Sets the max age rating of an App that will be permitted for download.

X

X

Additional PowerShell Policies AllowVoiceDialing Prevents the use of voice dialing on the device.

X

X

Additional PowerShell Policies AllowVoiceAssistant Prevents the use of Voice Assistant on the device.

X

X

Additional PowerShell Policies AllowAssistantWhileLocked Prevents the use of Voice Assistant while the device is locked.

X

X

Additional PowerShell Policies MaxPasswordGracePeriod Sets the amount of time after a device was locked that a device can be unlocked without requiring the password.

X

X

Additional PowerShell Policies PasswordQuality Sets the password requirements for Android devices (such as alphanumeric)

X

X

Additional PowerShell Policies SystemSecurityTLS Prevents the device from connecting with untrusted TLS certificates.

X

X

Additional PowerShell Policies WLANEnabled Prevents the use of Wi-Fi on the device.

X

X

 

I hope this table better clarifies the policies and what they do. Below I have listed some useful links for additional information about Office 365 MDM.

 

SHARE THIS STORY | |
About Michael Wilke