"With MDM for Office 365, you can manage access to Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices," said Shobhit Sahay, a technical product manager with the Office 365 group, in a blog post Monday. "The built-in MDM features are included at no additional cost in all Office 365 commercial plans, including Business, Enterprise, EDU and Government plans."
Sahay's announcement fulfilled the pledge Microsoft made in October 2014, when the company said an MDM-specific upgrade would be released in the first quarter of 2015.
The free-of-charge tools now available allow Office 365 administrators to limit access to Office 365 corporate email and documents to company-managed devices; set device-level PIN locking; and wipe Office 365-related data from an employee's device, such as when they leave the organization and take their personal device with them.
Sahay steered enterprises that require additional features toward Microsoft Intune, a subset of the even more comprehensive Enterprise Mobility Suite. Intune adds support for Windows-powered PCs; covers other mobile apps, including line-of-business apps developed in-house, not just Office 365; and allows administrators to provision devices with additional security configurations like VPN.
An outline of the feature differences between the free MDM for Office 365 and Intune can be found on Microsoft's website. Intune costs $6 per user per month; Enterprise Mobility Suite runs $7.60 per user per month.
Microsoft's some-free-some-not approach to MDM meshes nicely with the broader "freemium" strategy that company executives have talked up recently, said Wes Miller, an analyst at Directions on Microsoft. "If your life revolves around Office 365, this is most definitely a freemium play," said Miller. "But this works only with Office 365 apps."
To assemble a comprehensive Microsoft-made MDM solution, then, organizations with non-Office 365 apps on their employees' devices -- whether home grown or purchased from other developers -- or who want to deal with PCs at the same time, will need to pony up for Intune.
Miller said Microsoft's goal is two-fold: First, to answer customers' requests for a way to manage the explosion of mobile apps that the firm has released in the last year for Android and iOS, and second, to give away "a taste of [MDM]" as a way to upsell enterprises on Intune.
"If you want to integrate [Office 365] with the rest of an infrastructure, you're also going to need to go to Intune," said Miller. "Once you buy into the whole Microsoft story [of things like OneDrive for Business, Azure App Service and Azure Active Directory], Intune starts to be more appealing."
Although the new MDM tools for Office 365 began rolling out today, it will be approximately four to six weeks before they reach all customers, said Sahay.