Mobile device management (MDM) is the management and monitoring of virtually any mobile device type, including notebooks, tablets, smartphones, and other mobile devices, often using a third-party dedicated management platform. Despite the misleading name, many MDM platforms, particularly those in the Apple ecosystem, also manage desktops. Mobile device management software ensures users can access company resources, such as corporate data and authorized applications, while protecting sensitive data from mobile security threats.
The term mobile device management has been floating around the IT sector for a long time. However, newer terms, such as enterprise mobility management (EMM) and unified endpoint management (UEM), have also gained traction in recent years.
While MDM focuses on managing the device, EMM also incorporates mobile app management (MAM), mobile content management (MCM), and mobile information management (MIM). UEM is similar to EMM but extends to additional endpoints, including IoT devices. Regardless of which acronym you favor, all three include the MDM functionality of supporting and managing remote devices, securing organizational assets, and enhancing overall asset management.
We’ll break down everything you should know about MDM, including its history, benefits, functionality, and more.
The rise of mobile devices
If you think about it, computers haven’t changed much in the past 30 years. Sure, most of our applications are cloud driven these days, but the functionality remains the same. We check our email, browse the web, utilize applications, and so forth. What has drastically changed, though, is the form of our endpoint devices.
Each year, hardware manufacturers and talented engineers devise new ways to cram more power into smaller components. Smaller components mean smaller devices, such as ultrathin notebooks, tablets, and smartphones. Now, the workforce has become saturated with these ultraportable devices.
According to Statista, smartphone sales have increased by over 1,000% since 2007. Notebooks have outsold desktops worldwide since 2009, while desktop sales have declined year over year. Affordable Chromebooks have dominated the education industry, with a massive sales jump in 2020 and 2021 primarily attributed to the transition to at-home learning. With so many mobile devices flooding the market, sysadmins are left scrambling to manage both personal and corporate devices. That’s where mobile device management comes in.
What does mobile device management do?
Mobile device management helps sysadmins configure, inventory, monitor, and update mobile devices at scale.
Mobile devices present unique challenges for IT departments. First and foremost, they tend to wander, unlike their nonmobile counterparts, which are almost always connected to the corporate network. One minute, a mobile device is connected to a home network; the next, it’s connected to the Wi-Fi network of a coffee shop on the other side of the country. Regardless of where these devices end up, MDM software allows sysadmins to manage them.
Common features of mobile device management
While no two MDM software solutions offer identical features, most share similar attributes while striving to achieve a common objective. Here are some of the standard advantages of a mobile device management platform.
Remote management is the primary focus of all mobile management platforms, including mobile device management, enterprise mobility management, and unified endpoint management platforms.
For years, organizations have moved away from the standard in-office work environment to support a more mobile workforce. The pandemic kicked this transition into overdrive, making remote and work-from-home arrangements the new normal. It’s become increasingly common for companies to ship new devices straight from distributors to new hires without IT departments ever getting their hands on them.
Maintaining administrative control over devices that may be thousands of miles away is essential, and it’s a significant component of mobile device management.
Powerful security controls
Cyberattacks are among the biggest threats organizations face. Phishing campaigns continue to be very successful, while unpatched vulnerabilities gain popularity as a convenient entry point for cybercriminals. Additionally, the skill ceiling required to deploy devastating cyberattacks has lowered, and the payouts for successful attacks have increased, drawing in more bad actors than ever.
MDM solutions feature robust security controls to help protect corporate data and assets while meeting compliance certifications, such as SOC 2. Security functionality includes deployment and configuration of security applications, settings, password management, device encryption, device tracking, policy changes, remote locking, and more.
While effective mobile device management is critical to your overall posture, don’t neglect other aspects of cybersecurity. A detailed security policy and comprehensive cybersecurity training program can be game changers in reducing security risk.
Bring your own device (BYOD) support
Bring your own device (BYOD) is a major trend. This practice allows users to access company resources through a personal device, such as a mobile phone or tablet. As you might imagine, BYOD devices present unique security challenges for IT teams.
MDM software provides the functionality necessary for organizations to allow employee devices access to corporate data and systems while ensuring company resources remain secure. MDM tools also separate company and personal information to protect both corporate data and employee privacy.
Mobile app deployment
Remote application deployment is among the most widely used MDM solution features. Remote deployments can often be configured according to schedules and policies, although you can also initiate them manually. Additionally, some solutions provide a self-service portal that allows users to download the applications they need while restricting access to applications not relevant to their responsibilities.
Because of the mobile nature of portable devices, they have an unfortunate tendency to disappear. Poof. Theft and loss are much more common with mobile devices. The smaller the device, the easier it is to misplace.
Tracking a device’s location is a valuable MDM feature. However, there’s no guarantee that a lost or stolen device can be recovered, which leads us to our next benefit of a mobile device management tool: remotely locking and wiping a managed mobile device.
Remote lock and wipe
Many mobile device management solutions provide remote locking and wiping functionality for managed devices that have disappeared for good. While losing a device is frustrating, an unauthorized user accessing company data is much more problematic than the cost of replacing a physical device. Remotely locking and wiping a missing device ensures data security by preventing unauthorized access.
Staying on top of patch deployments can be difficult for IT teams. Without the right resources, the sheer volume of regular updates and patches can easily overwhelm sysadmins.
MDM solutions give administrators the tools to patch operating systems and applications quickly, even to remote devices. MDM solutions also control when patches are applied, allowing IT time to test and ensure compatibility before distributing patches to their general user base.
Apple MDM vs. Android MDM
Apple devices and Android devices have always had fundamental differences when it comes to design philosophy. Apple has established a well-controlled (locked-down) device ecosystem with its iOS devices. Because MDM functionality is integrated into Apple operating system, you generally don't need an MDM app installed on each endpoint to maintain oversight.
On the other hand, Google gives device manufacturers a lot of flexibility on both hardware and software design decisions, including MDM implementation protocols. This freedom allows for greater user choice and flexibility Android devices, though it could also lead to ecosystem fragmentation.
Here’s how the two stack up in some key areas:
• Apple Business Manager (ABM) connected to Azure Active Directory
• Zero-touch enrollment
• Near-field communication (NFC) tag
• Unique EMM token
• QR code
• Work email address through Google Workspace
• ID-free management
• Android Enterprise work profile
• App Store
• ABM Apps and Books Store
• Apple Configurator
• Managed Google Play
Which ecosystem is right for your organization is not a decision to take lightly. Often, it’s a combination of both to ensure your users have the tools they need to do the job.
Is MDM important?
A dedicated mobile device management solution may not be essential if you’re a small organization with only a handful of mobile devices. However, even a small organization can have a pretty distributed workforce. And it doesn’t take many mobile devices to overwhelm an under-resourced IT department.
Mobile devices are particularly susceptible to both physical and cyber risks. While malware, ransomware, and vulnerabilities are inherent risks to both mobile and nonmobile systems, mobile devices are much more likely to be lost or stolen.
Additionally, mobile devices also risk connecting to compromised networks while off premises. Considering the devastating impact of a cyberattack or data leak, it’s critical to ensure your IT department has the resources to secure mobile devices properly.
What can MDMs access?
Sysadmins require detailed system information to manage remote devices, including hardware, software, and user data. Serial numbers, hardware makes and models, storage details, app data, versioning information, applied policies, settings, and more are all data points you can expect an MDM platform to automatically access and store.
It’s important to note that an MDM system doesn’t provide this level of detailed information on devices enrolled via BYOD or User Enrollment, so it shouldn't infringe on user privacy on a personal mobile device. Devices enrolled via these methods often provide access only to data granted to the device by the organization, such as authorized apps and corporate data. That means MDM solutions can’t access the employee’s personal data.
Can MDMs track browsing history?
The short answer is no; MDMs cannot track browsing history. The longer answer is still no, but with some things to consider.
It may surprise some, but manufacturers take user privacy pretty seriously — at least more seriously than some social media platforms that shall not be named.
Simply put, MDM platforms aren’t designed to track browsing history, and device manufacturers strive to protect user privacy. However, that doesn’t mean your IT department can’t find other means to collect this kind of data.
It’s also important to remember that if you use your company’s network or VPN to access the web, it’s safe to assume they can track all the traffic that flows through their network.
How do you set up mobile device management for your company?
Configuring an MDM tool for your organization depends on the platform you choose. Some solutions are entirely cloud based, and you can set up basic MDM functionality in minutes. Others call for a dedicated MDM server, requiring a bit more configuration.
Regardless of your chosen solution, you should test the product thoroughly before deploying it to your production environment. When you’re ready to enroll devices, begin with a small test group and expand from there. In no time, you’ll be managing your entire fleet from a centralized console, effortlessly distributing apps and policies to devices worldwide.
Which MDM solution is right for your organization?
There are many robust mobile device management solutions on the market today. However, consider your requirements before deciding which MDM provider suits your environment.
What devices do you support?
What functionality do you need?
How many resources do you have to support the platform?
What security measures are important to you and your users?
Is automation important?
What is your budget?
These are just a few questions to consider before comparing MDM solutions. Once you’ve narrowed down your choices, demo a few different products. Most vendors offer free trials, which are a great way to get to know the ins and outs of a platform.
How does mobile device management work?
The Apple ecosystem has a built-in Apple device management framework that allows MDM solutions to install an enrollment profile on a target device during initial enrollment. From there, the endpoint receives communication from the MDM via Apple Push Notification service (APNs), connecting to the MDM server when instructed to do so.
Declarative device management — the latest and greatest version — simplifies the process by enabling devices to be more autonomous, applying set logic asynchronously without prompting from the MDM and reporting state updates directly to the MDM server without polling.
Outside of the Apple ecosystem, many MDM solutions rely on an MDM agent installed on the target mobile device to communicate with the MDM server. An administrator configures policies via the server's management console, and the server pushes them out.
Ultimately, you must decide which platform is right for you and your environment. But if you’re looking for a feature-rich macOS and iOS device MDM solution with an easy-to-use interface, SimpleMDM has you covered.
With a hosted Munki integration, User Enrollment support, prebuilt and custom profiles, two-factor authentication, device tracking with remote lock and wipe functionality, SAML integration, forceful device unlocking, automated device enrollment, and much more, SimpleMDM offers the perfect balance of simplicity and robust configuration profiles for Apple devices. Go ahead and see for yourself. With a 30-day free trial, you’ll have plenty of time to discover why IT teams around the world are joining the SimpleMDM family.