ThinkstockMobile device settings
Most of your users will probably want to use their own mobile devices to access company email. This benefits the user in that they will only need to carry one device, and it benefits the company in that it doesn't have to purchase and manage devices and contracts for its users. Those mobile devices, however, are now portable access points into your mail system or, if you use line-of-business applications or have a mobile VPN, your entire network.
If your users will be accessing Office 365 or email from their own devices, setting up Office 365 MDM is essential.
Office 365 now offers mobile device management (MDM) as part of your subscription, and you should take full advantage of this. To activate your MDM subscription, click on Mobile Devices and accept the licensing agreement and privacy policy.
Once you have completed MDM setup, click on "Manage device security policies and access rules." Click on the + sign to create a new policy, providing it with a name and optional description. There are a number of options available to you here. You can enforce PIN locking (or more complex passwords), sign-in failure counts, inactivity locks, device encryption, and preventing "rooted" or "jailbroken" devices from connecting.
You should at least configure a six-digit PIN, wipe after 10 tries, force data encryption, and disallow hacked devices. This should prevent the largest number of basic attacks against your devices without greatly inconveniencing your users.