Manage devices enrolled in Mobile Device Management in Microsoft 365

The built-in mobile device management for Microsoft 365 helps you secure and manage your users' mobile devices like iPhones, iPads, Androids, and Windows phones. The first step is to sign in to Microsoft 365 and set up Basic Mobility and Security.

After you've set it up, the people in your organization must enroll their devices in the service. Then you can use Basic Mobility and Security to help manage devices in your organization. For example, you can use device security policies to help limit email access or other services, view devices reports, and remotely wipe a device. You'll typically go to the Security & Compliance Center to do these tasks.

Device management tasks

To get to the device management panel, follow these steps.

  1. Go to the Microsoft 365 admin center.

  2. Type Mobile Device Management into the search field, and select Mobile Device Management from the list of results.

    Type Mobile Device Manager into the O365 search field
  3. Select Manage devices.

After you've got Basic Mobility and Security set up, here's how you can manage the mobile devices in your organization.

To do this…

Do this

Wipe a device

In the Device Management panel, select device name, then Full wipe to delete all information or Selective wipe to delete only organizational information on the device.

See Wipe a device in Microsoft 365.

Block unsupported devices from accessing Exchange email using Exchange ActiveSync

In the Device Management panel, select Block.

Set up device policies like password requirements and security settings

In the Device Management panel, click > Device security policies > Add + .

See Create and deploy device security policies.

View list of blocked devices

In the Device Management panel, under Select a view select Blocked.

Unblock noncompliant or unsupported device for a user or group of users

You can unblock noncompliant devices several ways depending on your situation. Pick one of the following:

  • Remove the user or users from the security group the policy has been applied to. Go to Microsoft 365 admin center > Groups, and then select group name. Click Edit members and admins.

  • Remove the security group the users are a member of from the device policy. Go to Security & Compliance Center> Security policies > Device security policies. Select device policy name, then click Edit Edit icon > Deployment.

  • Unblock all noncompliant devices for a device policy. Go to Security & Compliance Center> Security policies > Device security policies. Select device policy name and then click Edit Edit icon > Access requirements. Select Allow access and report violation.

To unblock a noncompliant or unsupported device for a user or a group of users, go to Go to Security & Compliance Center> Security policies > Device management > Manage device access settings. Add a security group with the members you want to exclude from being blocked access to Microsoft 365. See Create, edit, or delete a security group.

Get details about the devices in your organization

To get details such as which devices are enrolled and compliant with device security policies, follow the steps outlined in Get details about devices managed by Basic Mobility and Security.

Remove users so their devices are no longer managed by Basic Mobility and Security

Edit the security group which has device management policies for Basic Mobility and Security to remove the user. See Create, edit, or delete a security group.

To remove Basic Mobility and Security from all your Microsoft 365 users, see Turn off Basic Mobility and Security in Microsoft 365.

Need more help?

Expand your Office skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×