Everyone has a smartphone they use for work, and many have tablets, laptops, and more to help them do work on the go. If your company has a team of mobile workers, then you need Mobile Device Management (MDM) to keep your business safe.
Because mobile devices allow the user to be untethered from the core network, standard desktop management policies do not apply. A newer breed of management software is necessary that allows IT departments to effectively manage the hardware, software, and most importantly, precious data, protecting it from compromise, loss, and theft.
SEE: Reducing the risks of BYOD in the enterprise (TechRepublic download)
Disclosure: TechRepublic may earn a commission from some of the products featured on this page. TechRepublic and the author were not compensated for this independent review.
Look for these mobile security features
Security hardening: Enterprise-wide security policies and restrictions work to ensure devices, and their data remain secured from unauthorized access.
Patch management: Update devices (or limit updating capabilities) to maintain a stable mobile operating system environment at all times.
App deployment: Mass deployment of applications based on groups or granularly by serial number with centralized management of licensing. This also limits the cost of in-app purchases.
Centralized logging: Device inventory and reporting updates are maintained on a per-device level to provide holistic views of issues affecting device performance.
Administrative reporting: Granular reporting features that can identify devices that are out of compliance, necessitating support or verification.
Device provisioning: Zero-touch enrollment of devices based on profiles or integration of third-party services, such as Device Enrollment Program to facilitate handover to MDM services for managed, automated setup each time.
SEE: How to choose the best MDM partner: 5 key considerations (TechRepublic)
Here are some of the more mainstream solutions, how they fit in with certain industries, and what the practical application for these mean for IT moving forward.
Arguably the leader in MDM solutions when it comes to Apple device management, Jamf’s offerings are found in the corporate, healthcare, and educational sectors. Companies of all sizes rely on the MDM vendor’s solutions to manage their entire fleet of computers and mobile devices.
SEE: Jamf Now and Pro simplify Apple MDM for businesses of all sizes (TechRepublic)
Offering on-premise and cloud-hosted solutions, or a hybrid mix of both, Jamf is one of the few vendors that partners with Apple on support requests and offers zero-day support for the latest versions of Apple software updates for macOS and iOS. This means management features added to the latest OSes are supported on day one, along with updated documentation and administrative support.
Microsoft Intune uses the Azure platform to provide cloud-based management of devices with Microsoft and Apple OSes installed. It also features integration with Microsoft’s flagship SCCM suite to provide a holistic, on-premise management platform that keeps devices secured and updated, on and off network.
SEE: Managing Android devices with Intune (TechRepublic)
Geared more toward the corporate and education industries, Intune adoption is growing its market share steadily, especially with its ability to support non-Microsoft devices, which is a boon for organizations with an enterprise agreement because it’s already included with the support contract.
A caveat: Support for macOS/iOS is being added, but it doesn’t support the breadth of features that some of its competitors do. If you’re a predominantly Apple-focused shop, some features may not be available.
Workspace ONE from VMware
It was formerly known as AirWatch, but VMware purchased the company and rebranded it. The enterprise-focused solution offers support for Microsoft, Apple, Android, and Chrome operating systems and devices. Workspace ONE also includes feature-rich software to manage device security, data stores, managed access, and more. The cloud-based offering includes the Digital Workspace Platform, which is used to centrally manage all devices for full end-point management in a device’s lifecycle. This makes Workspace ONE a great choice for companies with many devices from different providers or a robust BYOD initiative to be able to compartmentalize access types and keep data separate from management policies.
SEE: Bring your own device (BYOD) policy (TechRepublic Premium)
Mosyle is a relative newcomer to the MDM marketspace for Apple devices. It offers some of the easiest-to-use management consoles for its business- and education-focused solutions. Add to that its zero-day promise that implements support for the latest macOS, iOS, and tvOS features on day one and an excellent support team that is knowledgeable and friendly, and you’ve got a product that excels at managing the company’s Apple-based fleet, while being affordable when compared with its direct competitors.
The education-focused Mosyle Manager works largely the same as its business counterpart, though it integrates seamlessly with Apple School Manager and DEP to not only provide zero-touch enrollment of computers, tablets, and smartphones, but also synchronize classroom data between devices and the cloud-based servers, providing a centralized management base for devices and classroom data, users, classes, and classroom enrollment.
SEE: iOS-based devices: Zero-touch management essentials (TechRepublic)
MobileIron is one of the original companies to focus on the EMM/MDM space and is aimed mainly at corporate device management for iOS and Android devices, with some offerings delving into unified endpoint management of Apple devices. Where MobileIron shines is in its security-focused implementations that work based on zero-trust of the mobile device, so all software and the data they contain are deployed, configured, updated, and maintained in a secure fashion to minimize data loss or exfiltration through unauthorized means.
With containerization, data is always verified before it is accessed by apps and users on each device, limiting what can be done with that data. In-line with the zero-trust methodology, MobileIron also offers single sign-on (SSO) capability and integration with third-party services. It eliminates the need for passwords, instead opting for device IDs to limit access. It can also be further bolstered with multi-factor authentication policies to prevent unauthorized access.