7.8 Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data

Information

You should require your users to use encryption on their mobile devices.

Rationale:

Unencrypted devices can be stolen and their data extracted by an attacker very easily.

Impact:

This setting should have no user impact, provided the device supports the feature.

Solution

To set mobile device management profiles, use the Microsoft 365 Admin Center:

Under Admin Centers select Endpoint Management.

Select Devices and then under Policy select Configuration profiles

Select Create profile

Set a Name for the policy, choose Android as the Platform and select Device restrictions

In the Password section, ensure that Encryption is set to Require.

Default Value:

Device encryption is not required by the O365 platform by default, although some mobile platforms are encrypted by default.

See Also

https://workbench.cisecurity.org/files/4073

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-28, CSCv7|5, CSCv7|13.6

Plugin: microsoft_azure

Control ID: 944d919d7e6e0aaba34c2b07698d9d0634f297bb35d4f6fe5dcafc133f41d732