What is Mobile Device Management (MDM)?

Mobile Device Management Software (MDM) is primarily used in a corporate context. Using an MDM, mobile devices such as smartphones and tablets can be managed on one platform. Additionally, an MDM makes it possible to install comprehensive security policies on the devices. In the following article we explain how an MDM can be introduced in a company and what areas of application and functions it offers.

 

Using MDM in the company: How can I set up devices?

Mobile device management systems are mainly available for Android and Apple devices, but Windows computers are also sometimes managed with them. Different models can be used to set up Apple and Android devices with an MDM. 

MDM for Android

Bring Your Own Device (BYOD): The device belongs to the employee and the MDM client is subsequently installed on it. The device does not need to be reset for this. Two profiles are created on the device: one for work and one for private use. Using the MDM, the IT admin only has access to the work profile. The employee can delete the MDM from the device at any time.

Company Owned – Work Profile (CO-WP): The company provides the device for work, but it can also be used privately. In order to carry out a clean data separation, the device must first be reset and then set up as a CO-WP if it was previously a device owner device, for example. The user can add private email addresses, contact lists, etc. The MDM cannot be removed by the user. Restrictions can only be made on the work profile via MDM.

Device Owner: The device belongs entirely to the company and is only used for work. The MDM has full access to system settings, accounts and much more. For example, MDM can be used to prevent the user from resetting the device or making other system settings. Device owner devices can also be included in the KIOSK Mode be relocated.

Info: If you want to change the operating mode of the device, it must always be reset to factory settings first. Otherwise it is not possible to switch between BYOD, CO-WP and device owner operation. 

MDM for Apple devices

Unmanaged device installation (BYOD): The user can install the MDM client app via the app store. The profile is downloaded and the device is connected to the MDM. The device does not appear in the ABM and the MDM can be removed from the device by the user at any time. Suitable for e.g. existing devices during migration to an MDM. The user must first agree to an app installation via the MDM and can also install their own apps.

Apple DEP/ADE Installation (Supervised): When an Apple device is set up as a DEP device, the organization owns it. If the device is e.greset, the MDM profile will not be removed, but will be reinstalled as soon as an internet connection is available. In the MDM you can specify that the profile may not be deleted. The end user also cannot delete the MDM profile. Managed apps can be installed in the background via the MDM. The installation of private (unmanaged) apps can be controlled via policies.

Supervised Only mode: The device is a DEP device without a fixed profile. If the device is reset, it becomes BYOD. The end user can then remove the MDM profile. The device also appears in Apple Business Manager. Managed Apps can be installed in the background via the MDM. The installation of private (unmanaged) apps can be controlled via policies. A notice: This condition only occurs if the devices have subsequently been converted to DEP devices. After 30 days, the device automatically becomes a DEP device.

 

Areas of application of mobile device management software

MDMs can perform different functions depending on the focus of the company. The use of an MDM depends on the size of the company, the number of devices available and the security measures required. For certain companies, e.g. in the public sector, there are strict requirements that must be implemented using an MDM. 

MDM for managing mobile devices 

Every mobile device management system should provide the ability to quickly and clearly record all devices that are registered and therefore approved in the company. There should be an overview of all operating systems and their versions, as well as the ability to clearly assign devices to an employee. This prevents so-called “Shadow IT” and therefore unauthorized access to the corporate network, which can be a threat to security. With the help of MDM, operating systems can also be updated, which also increases security and ensures further functionality. The device and user overview can be used to record when devices are no longer functioning properly and, if necessary, to intervene via remote support. 

MDM to implement security guidelines 

Many companies, especially in the care sector or in the public sector, have to adhere particularly strictly to data protection and security guidelines. Not only should patient and client data be protected, but organizations must also be prevented from becoming victims of cyber security.The attack become. With the help of an MDM, the interfaces provided by Android or Apple can be used to implement comprehensive security policies on the devices. For example, certain apps or websites can be blocked, WLAN configurations can be specified, the device can be prevented from being reset by the user, and much more. The main aim is to prevent user errors from creating threats to the entire company. 

MDM to make work easier 

In addition to the clear representation of all devices on one platform, there are other MDM functions that save a lot of time for IT admins. For example, apps can be installed automatically on all devices contact lists on the devices be sent, the devices can be set up automatically as soon as an internet connection is available and much more. For employees, this also means that they no longer have to worry about whether the device is working properly and everything is set up correctly – a huge relief!

 

Key MDM features

Mobile device management systems have different applicable functions for different device types. The differences are naturally particularly large between Android and Apple devices. The advantage of Apple devices, however, is that they always have a uniform operating system. So you can be sure that an MDM function works as stated. With Android devices, however, the adoption of MDM functions depends on the individual operating system of the many providers, as Android providers modify the user interfaces. Not all Android devices support the “Android Enterprise” operating system, which is required to connect devices to the MDM in device owner mode. 

Policy allocation in MDM

One of the most important functions of the MDM is the issuing of guidelines. Guidelines are the settings that can be made in terms of specifications (e.g. allowed Wi-Fi connections), restrictions (e.g. Bluetooth not allowed) and authorizations (e.g. second email account can be added). These can be distributed to users on an individual level or assigned to groups. User groups in MDM Although users are registered individually, they can (and should) be grouped together for better clarity. Individual policies can now be assigned to these user groups. Apps are also installed via the groups. 

Configuration of the Play Store and App Store

In a corporate context, there are often certain apps that employees should use. The Google Play Store can be configured so that only these apps can be installed at all. This prevents apps that have nothing to do with work from ending up on the devices. Apple devices can also be restricted in this regard. For DEP devices, the apps must first be purchased via Apple VPP and then distributed via the MDM. Other apps cannot be downloaded. Due to the diverse areas of application and the large range of functions, an MDM represents an important addition to the company’s IT. An MDM is not only used to manage mobile devices, but also to secure them. This helps protect important company data.

 

For comprehensive, free advice on the subject of mobile device management systems, please contact us!

Contact us
Kontakt