The built-in security feature for Microsoft 365 you must enable right now for your remote workforce

In the aftermath of the 2020 pandemic, every IT organization is grappling with maintaining both remote worker productivity and security. From small-to-midsized businesses (SMBs) to large enterprises, an integrated cyber-security strategy that is purpose-built for mobile devices is crucial. That’s because cybercriminals are exploiting how remote employees rely more than ever on mobile devices to stay productive. Amaxra’s cyber-security experts have worked with both SMBs and enterprises to develop effective mobile security strategies based around Microsoft cloud solutions.

For any IT leaders who have deployed Microsoft 365 for their employees, there is a built-in feature called Basic Mobility and Security. The idea is that corporate IT departments can use Basic Mobility and Security as a centralized method to create mobile device management (MDM) policies that are integrated with Microsoft 365. As more companies enable “work from anywhere” IT strategies designed around real-time collaboration with apps like Microsoft Teams running on employee-owned iPhones, iPads, and Google Android-based devices, the more important MDM will become to CIOs (and the corporate boards to which they report).

Amaxra consultants recommend all organizations with any version of Microsoft 365 For Business enable Basic Mobility and Security features for their employees’ devices. The feature is available at no extra charge on Microsoft 365 For Business Basic, Standard, and Premium solutions. Enabling this feature is a high-value way to help secure your organization’s Microsoft 365 email and documents on mobile devices. Using the MDM capabilities of Basic Mobility and Security is what allows corporate IT managers to remotely delete sensitive organizational information off even employee-owned mobile devices without touching personal data and apps—an extremely useful feature to have in cases of accidental device loss, theft, or even when an employee quits.

How to get started with Basic Mobility and Security in Microsoft 365

To activate Basic Mobility and Security for your employees:

  1. Sign into the Microsoft 365 Admin Center using an authorized admin account
  2. In the left-nav, click on the Office 365 Security and Compliance option then follow the onscreen instructions

One thing that IT managers should note during the activation process is that it is often not instantaneous. Amaxra consultants have found that it can take up to 24 hours to activate Basic Mobility and Security on some Microsoft 365 For Business deployments. But when the activation process finishes, you’ll receive an email that explains the next steps to take.

Once activated, you can set up policies for your employees connecting remotely to Microsoft 365 cloud-based resources (e.g., Microsoft Outlook email/calendars, Excel spreadsheets stored in OneDrive, and anything shared using Microsoft Teams) by going to Data loss prevention > Device management > Device policies.

Setting up effective Basic Mobility and Security MDM policies

You can choose from a default MDM policy templates that you can use as a starting point or create a new policy from scratch. For these security policies to be effective, your employees’ devices must first be enrolled into Basic Mobility and Security. A policy that Amaxra users for our employees and business clients is to have employee devices enrolled the first time the user accesses their corporate email on a mobile device. Amaxra recommends using the Microsoft Outlook mobile apps on a smartphone or tablet for the enhanced integration Outlook has with all other Microsoft 365 apps, and we have an MDM policy where the new users are prompted to enroll their mobile device with Basic Mobility and Security before accessing company email on that device. And even if employees choose to get their work email on their iPhone’s Apple Mail or Android phone’s Gmail app, enrolling the device with Basic Mobility and Security can still protect the specific company emails received in those non-Microsoft apps.

Beyond emails and calendars, IT managers can also use Basic Mobility and Security to create a policy that requires complex passwords, data encryption, and multi-factor authentication. But one of the most useful MDM policies you can set in Basic Mobility and Security is blocking access to corporate resources with certain device settings turned on. For example, you can block iOS users from accessing any Microsoft 365-related apps and documents if the screen capture feature is running to prevent sensitive corporate data from leaking. You also have control over what happens if a user’s device doesn’t comply with a policy—such as allowing users to access data with a policy violation warning that is logged and tracked in the Microsoft 365 Admin Center’s security panel. However, Amaxra recommends MDM policies that block users from accessing Microsoft 365 resources if any apps or devices fall outside of the security policies.

Getting more advanced with Basic Mobility and Security

Don’t let the “basic” in the name fool you: Businesses using Basic Mobility and Security in Microsoft 365 can set up some advanced cyber-security protections for their remote workforces. This blog has only scratched the surface of what you can do with Basic Mobility and Security without mentioning the added cyber-security capabilities such as secure web browsing, restricting common data leakage activities like copy, cut, and paste commands to only corporate-approved apps, and full management of Windows 10 devices by adding Microsoft Intune.

When it comes to securing devices used by remote workers in your organization for use with Microsoft 365, you can’t go wrong asking for help from a Microsoft Partner. Amaxra is a Microsoft Gold Partner with extensive expertise and real-world experience in cyber-security for remote workforces. Our consultants can help you set up Basic Mobility and Security policies that match the needs of your workforce or can go deeper to provide a comprehensive cyber-security plan for your organization.

Contact me at technology@amaxra.com or call 425 708 8841 if you have any questions or comments on this blog.

about the author

Mike Arntzen

Mike is an experienced Technology expert who is skilled in Enterprise Software and Security and Cloud Implementation. He has a strong engineering background graduated from the Royal Australian Air Force School of Radio, with postgraduate studies in Fibre Optics from Royal Melbourne Institute of Technology. Known at Amaxra as "Mr FixIt" there isn't much Mike can't resolve. He has recently implemented Amaxra's switch to Skype for Business within the Amaxra office.

Limited time offer: Let Amaxra manage your Office 365 licensing and we will configure security such as multi-factor authentication at no additional cost. Email technology@amaxra.com or chat with us on this website to find out more.

Special Offers

25% Off Business Voice for 1 Year
25% Off Business Voice for 1 Year

Expire - June 30, 2021


Microsoft Business Voice system delivers all of the must-have “standard” calling features that businesses rely on such as Caller ID, three-way calling, voicemail (with automatic transcription of the call sent to your email), music on hold, and the ability to intelligently route incoming calls by time zone, language, or availability.All existing business phone numbers can be migrated from the Microsoft Teams admin panel. Once the numbers are ported, employees can make phone calls from a Windows laptop, a Mac, and any iPhone or Android device using the Microsoft Teams app.

Learn More

How can we help you?

get in touch