Link to home
Start Free TrialLog in
Avatar of sunhux

asked on

PS script to automate adding new users into O365 MDM group

Need a PowerShell script to fulfill requirement below:

We are on various tiers E1, E3, E5 of O365 & would like to do remote wiping for staff
who read company emails on their phones (various Android models & iPhone).

Vendor told us we don't need inTune but MDM is part of our subscription which allows
us to manually 'enable'/'enforce' mobile users to use MDM but we want a script
to automate this for newly onboarded users.

o   Requirement: to set rule so that any newly added users will be automatically added into the MDM group
·         tested with MS engineer & confirmed that the only feature that can fulfil the requirement is Dynamic Group
          which only available in Azure AD Premium 1 license

·         Our goal is to enforce all members (new or existing users) to use MDM
Avatar of Jason Crawford
Jason Crawford
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sunhux


>You can configure MDM to require registration when the end-user attempts
> to sign-in using their mobile device but that's different.
Yes, that's the plan, when users attempt sign-in

> What MDM group are you referring to?  Are you in a hybrid configuration?
It's Exchange Online we're using  (with local Outlook client) while our MSWord,
Excel, Ppt are local softwares, if this refers to hybrid.  We're told by MS that
we need to replace all users' email clients (ie those native ones that come
built-in with iPhone IOS  etc) with MS Outlook client on the phones which we
have conveyed to all staff as the mandatory requirement
Avatar of sunhux


These are the steps we need to do as O365 admin gave me but I'll need
a PS script for the 1st step, thus posting in EE:

1.      Onboard every staff into 0365 “security group” for MDM enforcement. (either by bulk via powershell or individually added; we want a PS script, not manually)
2.      Once above script is implemented, every user will be locked out from their mailboxes progressively, for both android and iOS.
3.      Additional app “Intune Company Portal” for MDM enforcement to be installed. (user guides for both android and iOS prepared)