How to: Mobile Device Management in Office 365

There are many products that allow you to control and manage mobile devices connected to your Exchange environment. If you are starting fresh with Office 365, you can implement your mobile device management (MDM) rules from the start and control them, but if you have had Office 365 for a while, you will need to implement MDM rules while you have existing devices. This poses a problem of having to lock down devices you don’t want while keeping the ones you do without blocking the current ones. In order to lock down the mobile devices people already set up with their email, you will need to go through the users one by one and allow their devices to sync with Office 365. This will create an explicit rule to allow them to use active sync. Once that is done, we can create rules to block and quarantine devices, thus blocking unwanted devices and quarantining devices to allow a decision to be made whether or not to allow the device. This will allow for administration moving forward.

How to Set up Explicit Rules per User Device

  1. Log into the portal
  2. Go to EAC, Exchange admin center

3.   Search for a user with a mobile device

4.   Double click the mailbox to open properties and then open mailbox features

5.   Under Mobiles Devices, click on view details

6.   From here you can add the device that needs an explicit rule by clicking on the device and then allow.

a.   If you find any devices that are not allowed, you can highlight them and click Block.

7.   Now you have a rule allowing this device.

How to Set up Blocking Rules

  1. Log into the portal
  2. Go to EAC, Exchange admin center
  3. Click on “mobile”

4.   Click on the “+” next to Device Access Rules.

5.   Under Device family, click “browse” and choose your mobile device type and click “ok”

6.   Under only this model, pick a model or all types and click “ok”

7.   Click “block access” and save

8.   This rule should block all access for those model types you choose that do not have explicit access rules.

How to Set up the Quarantine Rules

1.   Log into the portal

2.   Go to EAC, Exchange admin center

3.   Click on “mobile”

4.   Click on the “+” next to Device Access Rules.

5.   Under Device family, click “browse” and choose your mobile device type and click “ok”

6.   Under only this model, pick a model or all types and click “ok”

7.   Click “Quarantine – Let me decide to block or allow later” and save

8.   This rule will list any devices in the Quarantine Devices view that connect with active sync that do not have an explicit allow rule setup.

9.   Once a device is in the Quarantine Devices view, you can highlight the device and allow or block it