Protecting Mobile Devices and Application Data with Microsoft 365

Microsoft 365 includes two options for mobile device management, a strategy designed to help protect devices and control application data. One is “Basic Mobility and Security,” the provided option in the core versions of Microsoft 365—Business Basic, Apps for Business, Business Standard, Business Premium, Microsoft 365 E3, and Microsoft 365 E5.

The second is Microsoft Intune, which offers more security features and is recommended for business scenarios where security is paramount. It is the included security option in Microsoft 365 Enterprise Mobility + Security E3 and Microsoft 365 Enterprise Mobility + Security E5.

Security Best Practices Tip: It is possible to use both offerings simultaneously, provided Basic Mobility and Security is set up first. However, we recommend an evaluation of your firm’s overall security needs in advance to ensure business assets will be sufficiently protected.

Seeking Just the Basics?

Basic Mobility and Security enables authorized personnel to manage a variety of mobile devices, including those running Android or Mac OS (e.g., iPhone and iPad). Users and any individuals who manage the devices must have an applicable Microsoft 365 license, and their devices must be enrolled in Basic Mobility and Security. Authorized personnel can manage devices by blocking access to them or wiping them, as well as using device security policies to limit email, view device reports, and more.

Why Your Business Might Need the Intune Upgrade

For companies seeking more stringent security—perhaps to meet compliance mandates or secure corporate data traveling outside the firm’s network (e.g., work-from-home personnel)—we recommend Microsoft Intune. Intune includes most of the features technology leaders consider critical for security in the current threat-laden landscape. Following are key highlights:

• Multiple OS versions: Send custom notifications remotely that format correctly for each system (Android, iOS, etc.).
• Remove devices from the Intune portal: Intended to prevent unauthorized use after a termination or resignation, this option deletes company data from the device and removes the device from the console at the next device check-in.
• Compliance-based conditional access: Prevent devices that do not meet corporate security standards from accessing company email and data from Exchange Online, SharePoint Online, and Outlook (not supported on Windows 10).
• Provision profiles: Set up a native profile (WiFi or VPN) on the device so personnel can use the organization’s wireless or virtual private networks.
• Mobile application management: Deploy (to users) internal line-of-business applications and applications from app stores.
• Mobile application protection: Enable users to securely access corporate data using their mobile and line-of-business applications while restricting specific actions (copy, save as, etc.) to ensure data security.

In addition to these features, there are many more possibilities with Intune, including preventing corporate data from leaving the firm’s control. At IT Solutions, we focus on security, mobility, and productivity to help our clients in all industries achieve their goals. To discuss the solutions mentioned here or explore what we can do to help your firm, contact your Strategic Advisor or call 866.PICK.ITS (866.742.5487).