Built-in Mobile Device Management (MDM) for Microsoft 365 helps you secure and manage your users' mobile devices such as iPhones, iPads, Android and Windows Phone.
You can create and manage device security policies, remotely wipe a device, and view detailed device reports.
Device management is part of the Security and Compliance Center, so you need to go there to turn off the MDM setup.
To set up Mobile Device Management for Microsoft 365 Business Standard you will need Activate mobile device management service
Sign in to Microsoft 365 with your global administrator account.
Click this link: Activate Mobile Device Management.
Go to Device Policies and choose Manage organization-wide device access settings
It may take some time to activate mobile device management for Microsoft 365 Business Standard. When it is completed, you will receive an email detailing how to take the next step. Set up mobile device management.
When the service is ready, complete the following four steps to finish the setup.
Step 1: Configure the domain for MDM (required)
If you do not have a custom domain associated with Microsoft 365 or if you are not managing Windows devices, you can skip this section. Otherwise, you must add DNS records for the domain on your DNS host.
If you have already added the records, to set up your domain with Microsoft 365, you are all set. After you add your record, Microsoft 365 users in your organization who sign in with their email domain on their Windows device, which uses your custom domain, enroll in Mobile Device Management for Microsoft 365 Business Standard Is redirected.
Need help setting a record? Find your domain registrar in the list provided in Create DNS Record at any DNS hosting provider for Microsoft 365 and select the registrar name to go to step-by-step help to create DNS records. Use the instructions to add the following two CNAME records:
Host name: EnterpriseEnrollment
Record type: CNAME
Address: EnterpriseEnrollment.manage.microsoft.com
TTL: 3600
Host name: EnterpriseRegistration
Record type: CNAME
Address: EnterpriseRegistration.windows.net
TTL: 3600
After you add the two CNAME records on the DNS panel then go back to the Security and Compliance Center and navigate to Device Management> Manage Settings to complete the next step.
Step 2: Configure an APNs certificate for iOS devices (required)
To manage iOS devices such as iPads and iPhones, you need to create APNs certificate.
Sign in to Microsoft 365 with your global administrator account. In your browser type: https://protection.office.com
Select the Data Loss Prevention => Device Management section, and choose APNs certificate for iOS devices.
On the Apple Push Notification Certificate Settings page, Click on Next.
Select download your CSR file and save the certificate signing request somewhere on your computer that you will remember. Choose Next
Create APNs certificate page:
Select the Apple APNS portal to open the Apple Push Certificate Portal.
Sign in with an Apple ID.
Important: Use a company Apple ID associated with an email account that will remain with your organization regardless of the user leaving the account. Save this ID because you must use the same ID to renew the certificate.
Create a certificate and accept the terms of use.
Browse to the Certificate Signature Request downloaded from Microsoft 365 to your computer and choose Upload.
Download the APN certificate created by the Apple Push Certificate Portal to your computer.
After you create and deploy the mobile device management policy to each licensed Microsoft 365 user in your mobile organization, the device policy will receive an enrollment message the next time they sign in to Microsoft 365 from their mobile device.
They must complete the enrollment and activation steps before accessing Microsoft 365 email and documents.
Users with Android or iOS devices are required to install the Company Portal app as part of the enrollment process.
๐๐Thank you for reading the blog, please do like, share & share your thoughts in the comment section.
Comments
Post a Comment