Friday, June 19, 2015

Mobile Device Management for Office 365 - Part 1

Microsoft provided built-in Mobile Device Management (MDM) feature for Office 365 commercial subscriptions, including Business, Enterprise, EDU and Government plans. This feature is no additional cost. The MDM of Office 365 supports to manage the following types of devices:

  • Windows Phone 8.1
  • iOS 7.1 or later versions
  • Android 4 or later versions
  • Windows 8.1
  • Windows 8.1 RT

The MDM of Office 365 is powered by Microsoft Intune and the Microsoft Azure Active Directory. In coming parts, I'm going to use MDM of Office 365 to enrol an apple device and Android. After that, I'll try apply settings and email profile to the devices.  

In this part, I'm going to enable MDM on Office 365.

1. On Office 365 admin center, log in as Global Administrator. You can find the "Mobile Devices".

2. Click "Get started". Then, you will see "We're setting things up for you. This may take a few hours, so check back again shortly" message. 

3. On "Mobile Device Management for Office 365",  click "Manage settings" to configure your environment.

4. On "Set up mobile device management" page, click "Set up" for "Configure domains for MDM".

The page will be jumped to "Manage domains" web page.

5. Click "Completed setup" to add "msoid", "EnterpriseEnrollment" and "EnterpriseRegistration" CNAME on your DNS server.

It depends on which hosting you are using. Please following the instruction from Office 365 to complete this setting.

6. Back to ""Set up mobile device management" page, click "Set up" for "Configure an APNs Certificate for iOS devices".

An APNs certificate is required to manage Apple Devices.

7. On "download certificate signing request" page, click "Download your CSR file" and then save the file to your local disk.

8. Click "Next".
9. On "create an apns certificate" page, click "Apple APNS Portal".

Before creating APNs certificate, make sure you had an Apple ID for company. Don't use the user Apple ID for APNs certificate registration.

10. Log in Apple ID for your company to create an APNs certificate.

11. On "upload apns certificate" page, upload the APNs certificate.

12. Click "Finish".

In this part, I enabled Mobile Device Management (MDM) feature on Office 365.

In next part, I'm going to configure the settings of MDM on Office 365.

Other parts in this series
Mobile Device Management for Office 365 - Part 2
Mobile Device Management for Office 365 - Part 3
Mobile Device Management for Office 365 - Part 4

More information
Capabilities of built-in Mobile Device Management for Office 365

This posting is provided “AS IS” with no warranties, and confers no rights!


  1. Hi Terry, great post. Do you know if it's possible to add Windows 10 devices to MDM yet, such as Surface Pro 3? You can download the company portal app from the Windows 10 app store, and this article advises how to enroll Windows 10 devices. I cannot get it to work though with my Surface Pro 3. Have you had any experience of this yet please? Many thanks

    1. Hi Peter,
      Sorry for late reply. Built-in MDM for Office 365 doesn't support Windows 10 pretty well at this moment. You can check for your information.

  2. Thanks Terry. That's really helpful. From digging around, it looks like you have to have full InTune in order to enroll a wider range of devices.