Last month at Ignite we showcased new mobile device management (MDM) and mobile application management (MAM) capabilities in Outlook for iOS and Android. Today, we are happy to announce that customers using Outlook for iOS and Android can now use built-in MDM for Office 365 or Microsoft Intune to secure email data on mobile devices within their organization. Combined with our recent update to enable OAuth and add support for Multi-Factor Authentication, Outlook now offers the leading set of controls for protecting corporate email and calendaring data on mobile devices while preserving a rich and empowering experience for users.
Customers looking to manage Outlook for iOS and Android now have two great options—use core capabilities of the built-in MDM available in Office 365 or the full power of Microsoft Intune, which includes everything delivered in MDM for Office 365 plus additional mobile device and application management capabilities.
Let’s take a look at the capabilities each of these provides.
Managing Outlook with the built-in MDM in Office 365
Earlier this year, we delivered built-in MDM capabilities for Office 365 customers at no additional cost. These MDM capabilities help organizations to protect their data and manage all mobile devices that come into contact with it. Behind the scenes, these capabilities are powered by Microsoft Intune, providing a core set of controls in the Office 365 admin center for organizations that need the basics. Outlook now fully supports the capabilities provided by built-in MDM for Office 365.
Need a refresher on MDM for Office 365? Watch this short video overview.
Once set up, Outlook and Office 365’s MDM capabilities work together to keep data safe in three ways:
- Conditional Access—Outlook ensures that Office 365 email can be accessed only on phones and tablets that are managed by your company and are in a healthy state. During log in on an unmanaged device, Outlook prompts the user to enroll the device in Intune and validates that the device meets your organizations access rules regarding device health and security.
Outlook prompts the user to enroll their device in order to access email data from Office 365.
- Device management and reporting—The enrollment process allows organizations to set and manage security policies to enforce device-level pin lock, require data encryption, block jailbroken or rooted devices and more, to help prevent unauthorized users from accessing corporate email and data. Each enrolled device appears in the Office 365 admin center and rich reporting is available to provide details on devices accessing your corporate data.
Device management options available in Office 365.
- Selective wipe—Outlook will remove your Office 365 email data while leaving any personal email accounts intact. This is an increasingly important requirement as more businesses adopt a “bring your own device” (BYOD) approach to phones and tablets.
Managing Outlook with Microsoft Intune
If you are looking for broader protection capabilities beyond what’s included in Office 365, you can subscribe to Microsoft Intune, which is part of the Microsoft Enterprise Mobility Suite. Intune provides mobile application management (MAM) capabilities for Outlook and other Office mobile apps in addition to the conditional access and device management capabilities outlined above. With Intune MAM, you can restrict actions such as cut, copy, paste, and “save as” of corporate data between Intune-managed apps and apps that are not managed by Intune. Additionally, the Intune-managed Outlook apps include a new multi-identity management feature that enables users to access both their personal and work email accounts in the same Outlook app while only applying the Intune MAM policies to the user’s work account – this provides a much more seamless user experience.
For more detail about how the Microsoft Intune conditional access and mobile application management capabilities work, check out the Intune blog.
Thank you for your feedback!
Have a feature request? Share your ideas with us on our new Outlook UserVoice site. For any support requests or to report a bug, please contact us right from Outlook by navigating to Settings > Help > Contact Support.
Frequently asked questions
Q. Where can I find more technical resources about built-in MDM for Office 365?
A. For detailed technical information, check out this TechNet article.
Q. Where can I find more technical resources about Microsoft Intune?
Q. What capabilities come with Intune versus built-in MDM for Office 365?
A. Details for both Intune and MDM for Office 365 are outlined in this TechNet article.