7.8 Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

You should require your users to use encryption on their mobile devices.

Rationale:

Unencrypted devices can be stolen and their data extracted by an attacker very easily.

Impact:

This setting should have no user impact, provided the device supports the feature.

Solution

To set mobile device management profiles, use the Microsoft 365 Admin Center:

Under Admin Centers select Endpoint Management.

Select Devices and then under Policy select Configuration profiles

Select Create profile

Set a Name for the policy, choose Android as the Platform and select Device restrictions

In the Password section, ensure that Encryption is set to Require.

Default Value:

Device encryption is not required by the O365 platform by default, although some mobile platforms are encrypted by default.

See Also

https://workbench.cisecurity.org/files/3729