MDM and MS Exchange: There are many Mobile Device Management (MDM) software options available to companies looking to deploy work phones, tablets, or laptops to their employees. Whether you intend on handing out iOS or Android devices, you need to set up an integration with your Microsoft Exchange Server to roll out user profiles and company data.
Microsoft Exchange allows companies to utilise the features of the Microsoft application suite to empower their employees.
For remote and off-premises employees, Microsoft Exchange provides a simple email- and document-focused approach to creating shared business spaces. On its own, however, it does not offer the high levels of device controls that dedicated Mobile Device Management (MDM) software comes with. Best to integrate both.
The level of file sharing and remote work email access offered by MS Exchange or Exchange Online will be enough for many small businesses.
But, for a more complete MDM experience, businesses will opt for the Microsoft 365 Business Standard package.
MS Exchange and MDM – What’s the Difference?
Whether it’s a matter of security updates or locking a company cell phone in the event of loss, external access to the mobile devices in circulation among employees is necessary for security reasons alone.
Microsoft Exchange, ActiveSync, and the company’s mobile device management system work hand in hand to achieve this. But what does that mean exactly? Let’s take a closer look at this somewhat complicated-looking construct: Exchange ActiveSync is the protocol that connects mobile devices to the managing Exchange server.
Among other things, the Exchange server stores employee emails, tasks and calendars via the respective email account. Basically, this data can be accessed via ActiveSync, via IMAP or via POP. The company’s MDM software docks onto this and, based on these accesses, enables device distribution within the framework of COPE (corporate-owned, personally enabled) or COBO (corporate-owned, business only) allocation models.
Microsoft Exchange: On-Premise or Online Solution?
Exchange is a viable option for many companies. There are basically two options: using an on-premise Exchange server or the “Exchange Online” solution.
For businesses that require only on-premises device management, Exchange Online is not necessary. Instead, devices can connect directly to the Exchange Server and are managed via the Configuration Manager console.
While Exchange Online by itself does not provide complete control over an employee’s company-issued device, it does provide a secure pathway to the Exchange Server, on which company emails, documents, and shared spaces can be accessed.
Exchange Online includes:
- 100 GB mailbox per user
- 1.5 TB archive mailbox
- Hosted voicemail
- Data loss prevention
- Outlook for web
- Compare employee calendars to schedule appointments
- Share address books, contacts, groups, and delegation channels
Exchange Online also forms part of Microsoft 365 Business Standard, which provides a more complete suite of applications and features to further facilitate employee productivity and connectivity.
Microsoft 365 Business Standard includes:
- All Exchange Online features
- Full Microsoft Office mobile and desktop apps as standard
- Custom email address
- Video conferencing for up to 250 participants
- Access to Exchange, OneDrive, SharePoint, and Teams
- Licence covering up to 5 of each device type per user
- Chat-based workspace for teams
- Customers can book in with employees via Microsoft Bookings
- Coordinate projects and manage teams with Microsoft Planner
- Fast-track deployment support
- Licences for up to 300 users
Exchange ActiveSync is the means by which mobile devices can access information stored on your company’s Exchange Server, even when they’re offline. Any employee or manager with an Exchange mailbox can synchronise their account with their mobile devices using this tool, but IT heads have the ability to restrict individual users and devices as well as device types more broadly.
ActiveSync features include:
- Quick access to emails and conversation history
- SMS and email syncing
- Meeting management and task synchronisation
- Push notifications, automatic replies, and reply status viewing
- PIN resets and customisable password policies
- Standard encryption on device and storage cards plus SSL encryption option
Exchange MDM remote wipe
For businesses concerned about data security on company devices, ActiveSync offers another key capability: remote wipe. If a device is lost, stolen, or compromised, a command can be issued by the Exchange Server or the Outlook Web App to erase all data from the device.
Which mobile devices are available with Exchange MDM?
Exchange and ActiveSync can be enabled on most device types, including Android and Apple. As it operates using familiar, universal Microsoft apps, it integrates well with different operating systems. For this reason, it is a viable option for device fleets that are composed of a range of hardware that spans operating systems.
Integrating Exchange and MDM on your company devices
To manage devices and connect them to your Exchange Server (via ActiveSync or directly), you will need to install the Exchange Server connector. This allows remote devices to communicate with the server and then be integrated into the Configuration Manager console. For on-premise devices that form part of the company’s existing local network, the Exchange Server connector bridges the gap between the Exchange Server and the Configuration Manager directly.
The Configuration Manager console is where devices, applications, and security can be managed. Security policies can be implemented and rolled out from here, and access rules can be defined for remote devices.
For employees setting up Microsoft Exchange on their mobile devices, they will simply need their login details in order to connect.
If companies use an MDM software, which we highly recommend for security and usability reasons, the MDM will “dock” onto the Exchange server using ActiveSync and obtaining basic Exchange data such as the e-mail access, calendar sync or contacts. The MDM itself does not store any of this data, it merely accesses it.
Most MDMs can manage both Android and iOS devices.
For Android devices only, there are the Android Enterprise MDM software systems, which provide full operating system integration on each device and a central hub to monitor device usage and security. For Apple devices, there is also specialised Apple MDM software such as “Jamf”.
For Samsung devices more specifically, there is Samsung’s own Mobile Device Management solution: Knox. Samsung Knox MDM is best used together with Samsung Galaxy Enterprise Edition devices. Knox security features rival those offered by Android Enterprise, affording you extended security and administration features.
Summary: Exchange and MDM Software
Microsoft Exchange and MDM is a natural combination to be used in any company that rolls out work phones.
Whether you choose iOS or Android, use both operating systems or even let your employees choose for themselves (“Choose your own Device”) – everphone helps you to set up the company cell phones via Exchange ActiveSync and a suitable Mobile Device Management. Learn more in our MDM whitepaper.