In this series, we take a closer look at what it takes to support a successful Office 365 migration including the decisions, strategy, mobility, monitoring, and on-boarding aspects.
Part three of a series.
When migrating or deploying to Office 365, it’s important to consider mobility options. Because, if you don’t implement mobile use policies, then all devices will have access to all of Office 365 through mobile apps and browsers.
That means that with their credentials, any user can access their company’s Office 365 data with the use of any device and from anywhere that has a connection to the Internet. That also means users can move that data – files, email, or other types of data – to other locations. All this is even easier thanks to mobile apps.
But, with no protection, organizations face security risks. How can organizations properly manage this?
The Office 365 Security and Compliance Center’s Threat Management section includes some built-in mobile device management utilities (MDM). MDM uses Intune for device management and governs any device that attempts to connect to the corporate tenant, forcing the devices to enroll in MDM so they can be monitored. Note that Apple Devices cannot be enrolled until an APNs Certificate is configured for the Office 365 tenant.
Let’s take a deeper look at Office 365’s mobile device management and security policies.
Mobile device management allows an admin to perform the following:
- View device properties including username and device name
- View device Platform and OS versions
- Manage domain settings
- Wipe devices
Device Security Policies
It’s important to put security policies in place, so you can control the flow of information. Security policies can include blocking unsupported devices from connecting to Exchange and exempting individual groups from all policies.
Some device security policies include:
- Standard Active Directory account password restrictions
- Require data encryption
- Require managing email profile (for selective wipe)
- Allow devices to connect even if they don’t meet the above requirements
Governing Office 365 Mobility Options
The built-in MDM options in Office 365 answer the question: “Can users connect from their mobile devices and if so, what are the basic requirements for those connections?”
The idea with Office 365, of course, isn’t to disallow mobility as a whole, rather to govern and enforce policies in concert with data loss prevention (DLP) policies. Centric’s Modern Workplace Practice has led many governance and policy planning projects to help organizations govern Office 365 use.
There are also many third party identity and device management options. If the organization is federated using ADFS, then it’s possible to define access policies that will limit – among other restrictions – access by users using http(s) or users not on the network. This eliminates browser-based access by a device to Office 365 – another porthole through which the company’s vital and most confidential data could escape. Centric has teams dedicated to supporting the Windows server platform and can help with the more advanced ADFS policy topics.
Finally, Microsoft offers full protection and resolute device and policy management using Azure Active Directory Premium or Enterprise Mobility + Security. These are suites and a la carte options that can be customized to each organization’s particular needs. They require careful planning, however, like everything in Office 365, to balance between security and adoption.
Centric Consulting has conducted numerous workshops and planning sessions with various organizations to prepare them for a secure trip to the cloud. Call on us to assist in planning your move.