Learn how to set up mobile device mailbox policies in Exchange Online to enforce device security.
- [Instructor] We have seen how Active Sync can keep a mobile device fully up to date with email and calendar notifications and also how an organization can enforce its security requirements on a device. Let's now take a look at the mobile device mailbox policies available in Exchange Online. We need to access the admin portal so let's click the admin tile and then we'll open the Exchange admin center, click the admin centers, and the Exchange tile on the left-hand side.
The Exchange admin center dashboard appears. We need to select the mobile item on the left-hand side and then click the mobile device mailbox policies tab on the top. We can see that the default mobile device mailbox policy has been created for us. Select the default policy and then click the edit icon which is the small pencil or pen icon. There are only two sections available. These are the general and the security section.
On the general section, we can amend the name and declare if this policy is the default policy and accept whether all devices should be allowed to synchronize with this policy. This is enabled by default and it is an important decision since if you have a security setting in your default policy such as required data encryption and if you have mobile devices that do not support encryption, then normally those user's devices will be prevented from synchronizing with Exchange unless you select this checkbox.
On the other hand, you should be careful because allowing all devices to synchronize with a policy may give you the impression that all policy settings have been complied with which may not happen if some devices do not support a particular setting. That's something you'll need to review and consider. Let's now click the security section and here we can see the options for device security. These are the desired requirements that Exchange Server needs in place before it will allow email and data to be transferred and stored onto the device.
You can see that there is a master option for requiring a device password. Once this is set, you have additional settings relating to the password and also where the device should be encrypted. We can click save and exit here. Let's now create a new mobile device policy for users who own a Windows phone. I'll click the plus icon and then type the name of the policy. I will use Windows phone.
I'll enforce a password with four number length but not simple passwords and also device encryption. I'll then click save and the policy appears on the list. If we wanted to edit or delete the policy, we can use the icons on the top.
Instructor Andrew Bettany helps IT professionals responsible for their company's cloud master key skills related to managing Exchange Online, using antispam and antimalware resources, and configuring Endpoint Protection. Learn how to configure mailbox permissions and sharing, set up contacts and groups, configure antimalware filters in Office 365, and use Exchange Active Sync for mobile device management. Plus, learn how to use Intune Endpoint Protection, which allows you to control the security features on your Intune-enrolled devices and further protect them from malware and spam.
- Managing recipients and mailboxes
- Managing mailbox permissions and sharing
- Managing contacts and groups
- Exploring Exchange ActiveSync for mobile device management
- Leveraging antispam and antimalware features
- Using Microsoft Intune Endpoint Protection