This article contains frequently asked questions about Mobile Device Management (MDM) for Office 365, a feature that helps you manage and secure mobile devices in Office 365.
How can I get MDM for Office 365? I don't see it in the Microsoft 365 admin center
Activate Office 365 MDM by going to https://portal.office.com/EAdmin/Device/IntuneInventory.aspx
Go to Security and Compliance Center > Data loss prevention > Device management from the Microsoft 365 admin center.
From https://portal.microsoft.com search for Mobile Device Management
How can I get started with device management in Office 365 MDM
There are four steps to getting started with MDM for Office 365 (learn details in Set up Mobile Device Management (MDM) in Office 365):
Activate Office 365 MDM. Go to https://portal.office.com/EAdmin/Device/IntuneInventory.aspx to kick off the activation process.
Go to Security and Compliance Center > Data loss prevention > Device management
Complete configuration for MDM. To manage iOS devices, you are required to configure APNs certificate.
Create policies. Create device management policies, and apply them to groups of users that are set up in security groups. We recommend that you start by deploying the policies to a small test group.
Users enroll devices. Users who have had a policy applied to them are prompted to enroll their devices when they try to access Office 365 data.
I’m trying to set up MDM but it seems stuck. The Office 365 Service Health has been showing “provisioning” for a while. What can I do?
It may take some time to get the service ready for you. When provisioning is complete, you'll see the Mobile Device Management for Office 365 page. If you've waited 24 hours and the status is still Provisioning, please contact Support and we'll help figure out what the issue is.
What can I do if device enrollment fails?
If you're having trouble getting a device enrolled, first try checking the following:
Make sure that the device isn't already enrolled with another mobile device management provider, such as Intune.
Make sure that the device is set to the correct date and time.
Switch to a different Wi-Fi or cellular network on the device.
For Android or iOS devices, uninstall and reinstall the Intune Company Portal app on the device.
If enrollment still isn't working, try these additional troubleshooting steps.
What's the difference between Intune and MDM for Office 365?
MDM for Office 365 is hosted by the Intune service. It is a subset of Intune services provided as an added benefit to Office 365 and is a built-in cloud-based solution for managing devices in your organization. Use this side-by-side comparison of the two services to help you decide if using Intune or MDM for Office 365 is the best fit for you.
How do policies work for MDM? How do I set them up? Disable them?
After you complete initial setup for MDM for Office 365, you create policies and apply them to groups of users in the Security & Compliance Center. For the users that the policies apply to, the policies require users to enroll their devices in MDM for Office 365 before the device can be used to access Office 365 data. The policies that you set up determine settings for mobile devices, for example, how often passwords must be reset or whether data encryption is required.
We provide step by step instructions for creating and deploying device policies. You create the policies in the Security & Compliance Center, and you can disable one or more policies by returning to the Security & Compliance Center and editing the policy to remove the applied group. Or you can choose to remove the policy altogether.
If you want to exclude a specific group of users from being affected by policies, then you can add a group to the exclusion group.
Can I switch from Exchange ActiveSync device management to MDM for Office 365?
If you’re already using Exchange ActiveSync policies to manage mobile devices, you can start using MDM for Office 365 by following the steps to set up Mobile Device Management (MDM) in Office 365.
When you apply the policies that you create in MDM for Office 365 to groups of users, these policies override Exchange ActiveSync mobile device mailbox policies and device access rules that you’ve previously created in the Exchange admin center for those users.
After a device is enrolled in MDM for Office 365, any Exchange ActiveSync mobile device mailbox policy or device access rule applied to the device will be ignored.
I set up MDM but now I want to remove it. What are the steps?
Unfortunately, you can't simply "unprovision" MDM for Office 365 after you've set it up. But you can remove it for groups of users by removing user security groups from the device policies you've created. Or, disable it for everyone by removing the device policies so they aren't in place and aren't enforced. See How to turn off Mobile Device Management in Office 365.