Overview

This procedure will guide you through setting up Mobile Email Management in AirWatch MDM for Office 365. The end result will keep unmanaged devices from retrieving company email.

Configuring MEM deployment for use with Office 365

Office 365

You will need to create a global administrator account in Office 365 first, e.g. airwatchmdm@yourcompany.com. This account will only be used for Airwatch MDM to speak with O365. It will not need a license assigned to it.

AirWatch MDM

  1. Go to Email > Dashboard
  2. Click on Click here to configure MEM
  3. Click the blue Configure button 
  4. Under the section
    1. Set Deployment Model to Direct
    2. Set the Email Type to Exchange
    3. Set the Exchange Version to Exchange Office 365 and click Next
  5. Under the section
    1. Set the Friendly Name to something familiar, such as O365 MEM
    2. PowerShell URL to "https://outlook.office365.com/powershell"
    3. Ignore SSL errors between AirWatch and Exchange server: Disable
    4. VMware Enterprise Systems Connector configuration to use should be set to Current Organization Group
    5. Use Service Account Credentials to Disable
    6. Set Authentication Type: Basic
    7. Admin User Name: enter the Office 365 Global Administrator email address
    8. Admin Password: enter the Global Administrator password
    9. One-time sync after configuration: Disable
    10. Filter sync results: None
    11. Click Next
  6. Under the section
    1. Click Add to add the appropriate profiles. E.g. if the organization is comprised of both iPhones and Android devices, then you would add two profiles, one for iOS and one for Android.
    2. Mail Client: Native Mail Client
    3. Action: Create New Profile
    4. Click Next
  7. The screen will summarize the details. Click Finish
  8. Click the X to close the Settings screen

Profile

Now we have to correctly finish setting up the profiles.

  1. Go to Devices > Profiles
  2. Click the device profile name
  3. Click the button
  4. Click Exchange ActiveSync
  5. Change the User field to {EmailAddress} by clicking the plus icon
    1. There are additional settings that you can set, such as Restrictions on Attachments, Allowing email forwarding, etc.
  6. Click
  7. Repeat this process for additional Profiles

We have found that the device profiles do not push to the devices after clicking Save & Publish. If this happens you will need to manually push the profiles to those devices.

  1. Go to Devices > List View
  2. Click on the device name and click Profiles
  3. Click the radio button next to the profile name and click Install

Compliance Policy

The last step is to manage and run the compliance policy at Email > Compliance Policies

  1. Go to Email > Compliance Policies
  2. Make the changes that you require. For example, if you only want Managed Devices to receive company email, then click the toggle switch next to the Managed Device policy.
  3. After you have made your changes click Run Compliance
  4. Click on List View. The device should now show in this list.

You will need to Run Compliance whenever you make any changes to the compliance policy. If changes aren't taking you can also Sync Mailboxes by navigating List View, clicking the checkbox next to the device name, then selecting Actions/Sync Mailboxes.