LOTS of recent announcements on Microsoft mobile device management strategy are worthy of an aggregated post.
EMM Game-Changing Announcement #1
Intune-managed Office mobile apps that enable your workforce to securely access corporate information using the apps they know and love while preventing data leakage. This is achieved by managing/restricting actions such as copy/cut/paste/save-as and interaction/”open in” between apps in your managed app ecosystem.
Mobile Application Management for iOS and Android devices that enable you to keep corporate apps and content separate from user’s personal apps and data. This feature empowers IT to apply policy to the corporate content while staying clear of the user’s personal content. Microsoft is building containers for Windows devices that will be released as a part of Windows 10, and we have worked to drive consistent APIs across the containers being delivered across Windows, iOS, and Android devices.
App wrapping capabilities that help secure your existing line-of-business applications and integrate them into your managed app ecosystem without further development or code changes. Using the Intune wrapper your line-of-business applications will be able to participate in the same managed app ecosystem as the Office mobile apps and securely share content and data with those Office mobile apps. No wrapper from any other EMM vendor can do this.
Managed browser, PDF viewer, AV player, and Image viewer apps for Intune that allow users to securely view content on their devices within the managed app ecosystem.
Grant conditional access to corporate resources, including access to Exchange e-mail and OneDrive for Business documents. This access is based on device enrollment and compliance policies set by the administrator. This is also something that no other EMM solution can deliver.
Bulk enrollment of devices using Apple Configurator or a service account, simplifying administration and enabling policies and applications to be deployed at a scale (you can read more about this here).
EMM Game-Changing Announcement #2
Device Settings Management Exchange administrators can define configuration policies that are applied to Windows, iOS and Android devices and regularly review compliance reports for all the devices accessing corporate e-mail. There are more than 100 additional settings that can be configured over and above EAS.
- Advanced passcode/pin settings
- Device encryption
- Jailbreak detection
Conditional Access to Office 365 Data Exchange administrators can define and apply conditional access policies for access to Exchange Online and SharePoint Online. Corporate e-mail and file-sync do not flow to the mobile device unless the policies required in the conditional access policy are met. If for any reason the device becomes non-compliant, e-mail and file sync are stopped until the device is compliant once again. This significantly increases the level of protection of corporate data on mobile devices.
Selective Wipe of Office 365 Data If a mobile device is lost/stolen, or if an individual leaves the organization, IT professionals can wipe the Office 365 corporate data from devices while keeping any personal data intact.
Integrated Administration within Office 365 Exchange administrators can set policies directly from within the Office 365 administration portal via an easy to use interface with wizard-based set up. Office 365 administrators will see a rich device compliance dashboard that shows exactly what devices are being managed and the settings that have been applied, as well as which devices are/not compliant
Introducing built-in mobile device management for Office 365
These new MDM capabilities, set to roll out in the first quarter of 2015, will help you manage access to Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices, so you can:
Help secure and manage corporate resources—Apply security policies on devices that connect to Office 365 to ensure that Office 365 corporate email and documents are synchronized only on phones and tablets that are managed by your company.
Apply mobile device settings—Set and manage security policies such as device level pin lock and jailbreak detection on devices to help prevent unauthorized users from accessing corporate email and data when a device is lost or stolen.
Perform a selective wipe of Office 365 data—Remove Office 365 corporate data from a device when an employee leaves your organization, while leaving their personal data, photos and apps intact.
Preserve Office 365 productivity experience—Unlike third-party MDM solutions that have replaced productivity apps with restrictive all-in-one apps for corporate email, calendars and documents, MDM for Office 365 is built directly into the productivity apps your employees know and love. You can set access policies to help secure company data while keeping employees productive.
Manage policies with ease—Administer mobile device policies directly from within the Office 365 administration portal, through an easy to use interface with wizard-based set up. View reports on which devices are connected to Office 365 and identify devices that have been blocked due to non-compliance.