This article contains frequently asked questions about Mobile Device Management (MDM) for Office 365, a feature that helps you manage and secure mobile devices in Office 365.
How can I get MDM for Office 365? I don't see it in the Office 365 admin center
We’ve completed rolling out this feature to Office 365 customers. Look for the Device Management tab in the Security & Compliance Center. If you don't see it, please let us know by contacting Support, and we'll help you get started.
How can I get started with device management in MDM
There are four steps to getting started with MDM for Office 365 (learn details in Set up Mobile Device Management (MDM) in Office 365):
Activate MDM. Go to the Security & Compliance Center and select Device management. Click Let's get started to kick off the activation process.
Complete configuration for MDM. This might require APNs certificate configuration and updates to DNS records for your domain.
Create policies. Create device management policies, and apply them to groups of users that are set up in security groups. We recommend that you start by deploying the policies to a small test group. In the Security & Compliance Center, select Device security policies.
Users enroll devices. Users who have had a policy applied to them are prompted to enroll their devices when they try to access Office 365 data (by using their email client, for example).
I’m trying to set up MDM but it seems stuck. The Office 365 Service Health has been showing “provisioning” for a while. What can I do?
It may take some time to get the service ready for you. When provisioning is complete, you'll see the Mobile Device Management for Office 365 page. If you've waited 24 hours and the status is still Provisioning, please contact Support and we'll help figure out what the issue is.
What can I do if device enrollment fails?
If you're having trouble getting a device enrolled, first try checking the following:
Make sure that the device is not already enrolled with another mobile device management provider, such as Intune.
Make sure that the device is set to the correct date and time.
Switch to a different Wi-Fi or cellular network on the device.
For Android or iOS devices, uninstall and reinstall the Intune Company Portal app on the device.
If enrollment still isn't working, try these additional troubleshooting steps.
What's the difference between Intune and MDM for Office 365?
Both MDM for Office 365 and Intune provide cloud-based solutions for managing devices in your organization. Use this side-by-side comparison of the two services to help you decide if using Intune or MDM for Office 365 is the best fit for you.
How do policies work for MDM? How do I set them up? Disable them?
After you complete initial setup for MDM for Office 365, you create policies and apply them to groups of users in the Security & Compliance Center. For the users that the policies apply to, the policies require users to enroll their devices in MDM for Office 365 before the device can be used to access Office 365 data. The policies that you set up determine settings for mobile devices, for example, how often passwords must be reset or whether data encryption is required.
We provide step by step instructions for creating and deploying device security policies. You create the policies in the Security & Compliance Center, and you can disable one or more policies by returning to the Security & Compliance Center and editing the policy to remove the applied group. Or you can choose not to remove the policy altogether.
If you want to exclude a specific group of users from being affected by policies, then you can add a group to the exclusion group. In the Security & Compliance Center, on the Devices tab, select Manage device access settings, and then add the group to the Are there any security groups you want to exclude from access control? section.
Can I switch from Exchange ActiveSync device management to MDM for Office 365?
If you’re already using Exchange ActiveSync policies to manage mobile devices, you can start using MDM for Office 365 by following the steps to set up Mobile Device Management (MDM) in Office 365.
When you apply the policies that you create in MDM for Office 365 to groups of users, these policies override Exchange ActiveSync mobile device mailbox policies and device access rules that you’ve previously created in the Exchange admin center for those users.
After a device is enrolled in MDM for Office 365, any Exchange ActiveSync mobile device mailbox policy or device access rule applied to the device will be ignored.
I set up MDM but now I want to remove it. What are the steps?
Unfortunately, you can't simply "unprovision" MDM for Office 365 after you've set it up. But you can remove it for groups of users by removing user security groups from the device policies you've created. Or, disable it for everyone by removing the device policies so they aren't in place and aren't enforced. See How to turn off Mobile Device Management in Office 365.