Overview of Basic Mobility and Security for Microsoft 365

You can manage and secure mobile devices when they're connected to your Microsoft 365 organization by using Basic Mobility and Security. Mobile devices like smartphones and tablets that are used to access work email, calendar, contacts, and documents play a big part in making sure that employees get their work done anytime, from anywhere. So it’s critical that you help protect your organization's information when people use devices. You can use Basic Mobility and Security to set device security policies and access rules, and to wipe mobile devices if they’re lost or stolen.

MDM on Android phone

What types of devices can you manage?

You can use Basic Mobility and Security to manage many types of mobile devices like Windows Phone, Android, iPhone, and iPad. To manage mobile devices used by people in your organization, each person must have an applicable Microsoft 365 license and their device must be enrolled in Basic Mobility and Security.

To see what Basic Mobility and Security supports for each type of device, see Capabilities of Mobile Device Management for Microsoft 365.

Setup steps for Basic Mobility and Security

A Microsoft 365 global admin must complete the following steps to activate and set up Basic Mobility and Security. Follow the guidance in the topic on setting up Basic Mobility and Security to see detailed steps. Here's a quick summary:

Step 1: Activate Basic Mobility and Security by following steps in the Set up Basic Mobility and Security.

Step 2: Set up Basic Mobility and Security by, for example, creating an APNs certificate to manage iOS devices and adding a Domain Name System (DNS) record for your domain to support Windows phones.

Step 3: Create device policies and apply them to groups of users. When you do this, your users will get an enrollment message on their device. And when they've completed enrollment, their devices will be restricted by the policies you've set up for them.

Creating an MDN device policy under Device security policies

Device management tasks

After you've got Basic Mobility and Security set up and your users have enrolled their devices, you can manage the devices, block access, or wipe a device, if needed. Learn more about some common device management tasks, including where to complete the tasks.

Other ways to manage devices and apps

If you just need mobile app management (MAM), perhaps for people updating work projects on their own devices, Intune provides another option besides enrolling and managing devices. An Intune subscription allows you to set up MAM policies by using the Azure portal, even if people's devices aren't enrolled in Intune. See App protection policies.

See Also

Set up Basic Mobility and Security

Enroll mobile devices in Basic Mobility and Security

Manage devices enrolled in Basic Mobility and Security

Get details about devices managed by Basic Mobility and Security

Stay a step ahead with Microsoft 365

Need more help?

Expand your Office skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.