sunhux
asked on
PS script to automate adding new users into O365 MDM group
Need a PowerShell script to fulfill requirement below:
We are on various tiers E1, E3, E5 of O365 & would like to do remote wiping for staff
who read company emails on their phones (various Android models & iPhone).
Vendor told us we don't need inTune but MDM is part of our subscription which allows
us to manually 'enable'/'enforce' mobile users to use MDM but we want a script
to automate this for newly onboarded users.
o Requirement: to set rule so that any newly added users will be automatically added into the MDM group
· tested with MS engineer & confirmed that the only feature that can fulfil the requirement is Dynamic Group
which only available in Azure AD Premium 1 license
· Our goal is to enforce all members (new or existing users) to use MDM
We are on various tiers E1, E3, E5 of O365 & would like to do remote wiping for staff
who read company emails on their phones (various Android models & iPhone).
Vendor told us we don't need inTune but MDM is part of our subscription which allows
us to manually 'enable'/'enforce' mobile users to use MDM but we want a script
to automate this for newly onboarded users.
o Requirement: to set rule so that any newly added users will be automatically added into the MDM group
· tested with MS engineer & confirmed that the only feature that can fulfil the requirement is Dynamic Group
which only available in Azure AD Premium 1 license
· Our goal is to enforce all members (new or existing users) to use MDM
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
These are the steps we need to do as O365 admin gave me but I'll need
a PS script for the 1st step, thus posting in EE:
1. Onboard every staff into 0365 “security group” for MDM enforcement. (either by bulk via powershell or individually added; we want a PS script, not manually)
2. Once above script is implemented, every user will be locked out from their mailboxes progressively, for both android and iOS.
3. Additional app “Intune Company Portal” for MDM enforcement to be installed. (user guides for both android and iOS prepared)
a PS script for the 1st step, thus posting in EE:
1. Onboard every staff into 0365 “security group” for MDM enforcement. (either by bulk via powershell or individually added; we want a PS script, not manually)
2. Once above script is implemented, every user will be locked out from their mailboxes progressively, for both android and iOS.
3. Additional app “Intune Company Portal” for MDM enforcement to be installed. (user guides for both android and iOS prepared)
ASKER
> to sign-in using their mobile device but that's different.
Yes, that's the plan, when users attempt sign-in
> What MDM group are you referring to? Are you in a hybrid configuration?
It's Exchange Online we're using (with local Outlook client) while our MSWord,
Excel, Ppt are local softwares, if this refers to hybrid. We're told by MS that
we need to replace all users' email clients (ie those native ones that come
built-in with iPhone IOS etc) with MS Outlook client on the phones which we
have conveyed to all staff as the mandatory requirement