BYOD – Manage company data using Office 365 Mobile Management option (Without third party application).
Applicable to : Windows 8,8.1, 10 Mobile devices, Android, IOS smart phones.
Pre-requisites : Office 365 Enterprise tenant subscription.
Scenario: – Now a day’s most of the companies are offering BYOD (Bring Your Own Device) feature to employees, where they can configure the company email accounts on their own smart phones,
In this scenario, I will be guiding you how to put restrictions on those smartphones where company email account is configured, Restrictions means (Disabling the screenshots, Disable copy/paste.
Follow below steps to achieve the requirement.
Login to Office 365 Admin center and click on Mobile Management option.
Click on Mobile Device security policies and access rules,
Before creating policies, enable user for BYOD option, (Create a security group and add user to that group)
In my example, I have created a “Screenshot_Block_Sec Grp” Security group and added user to this group. Click on new policy
Give appropriate policy name (Based on their roles you can restrict the rights)
Select appropriate option based on your company requirement,
In this scenario, I am selecting Block Screen capture (it will restrict users to take the screenshots on that device).
Add the Security group which you have created for this policy, I have added Screenshot Block security group, and added user to this group. Click on Add and Close,
Verify the rules and click Finish to Enable the rule.
If user already enrolled device, They will get Pop-up like “Your administrator has updated the policy”
If prompts, type password and proceed,
For new enrollment,
Go to Settings –> Add Workplace or School Account under Email and Accounts (Win 10 Device) or Work Access
For Windows 8 / 8.1 Settings –> Workplace –> Click on Enroll –-> Provide Valid email ID,
Now your account is enrolled with MDM successfully, It may take some time to affect all policies.
Now this will prompt you to type your password, enter the valid password and click on Next
Once verification is done, it will take few minutes to sync the applied policies, If your device not configured with password, It will prompt you to set the password,
Also you can see that, Screenshot is disabled by company policy.
For some policies, you may get pop-up for Restart the mobile, and policies will apply after restart.
If User lost the device, Admin can wipe / partial wipe the device remotely.
Select the appropriate device, and click on Full Wipe ( This will be set to factory restore setting), Selective Wipe (This will erase company data and it will not erase any of your personal data).
If you forgot or mobile locks with bad password, Admin can Reset the password and which can be used for unlocking the device.
Hope this article is useful to explore few features of Office 365.