Selecting the Right Mobile Device Management (MDM) Software

Smartphones and tablets have made their way into the enterprise and they are here to stay. Whether it’s BYOD or company-owned devices, sysadmins struggle with managing these devices and controlling access to company data. If these mobile devices are not properly managed they can pose huge security risks to your company’s network and data.

Mobile Device Management (MDM) software can manage your devices, push down security policies, prevent access to resources, and basically secure your company’s assets as much as you need it to do. Like with everything else, mobile device management software can range from bare bones manageability to high-end, practically lined-with-gold software that has all the bells and whistles. For those already using Exchange Server 2010 or SCCM there is even the option of using the ActiveSync policies within Exchange or using the SCCM 2012 Mobile device polices to manage these devices.

Mobile Device Management: What to Consider

You have a small buffet of MDM software from which to choose, so it can be difficult to know where to start. That’s where I step in with my list of things to think about when considering an MDM solution.

1. Device standards – What type of devices will be allowed to access the company’s resources? Are you planning on only allowing idevices, such as the iPad & iPhone or allow a range of devices like Androids, Blackberry? Having a defined list of what you are planning to support will set the expectations up front on what you can and cannot support which can limit which MDM to choose from. Not all MDM software are created equally, some have limited support for Android devices, and this could impact your ability to support them if they are chosen.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

Mobile devices

2. Restrictions and protection – What restrictions do you need and what will you allow the devices to access? What do you want to protect on your network? This is an important question to ask yourself because it defines what your real intent is. Here are some other questions to consider:

  • Are you only concerned with company email residing on mobile phones?
  • Are you concerned about other data such as documents and photos being stored on devices or syncing to the cloud?
  • Are you concerned about screenshots of data from mobile phones?
  • What kind of resources will you allow access to? Allowing access to resources is just as important as preventing access.
  • Do you need a MDM solution that will allow or prevent company email from being sent from a personal account on a mobile device? If it’s a BYOD policy, will you still control access to downloading of apps or will you have a separate policy for company owned devices?
  • Will you require passwords or enforce screen lockouts?
  • Will you treat personal devices differently than company-owned devices?
  • Do you care what the devices access?

Bring Your Own Device (BYOD) or company-owned devices Allowing users to bring in their own devices or BYOD can be risky, not only from a security standpoint but also for supportability. If you plan on incorporating BYOD, is your support staff ready and able to help the users? Will BYOD users be under the same rules as your company owned devices? What happens when an employee that is BYOD leaves the company — do you wipe their device or perform a selective wipe, removing only company data and preserve their personal data? Having these questions answered can help narrow your selection of MDM software because some of them may not be able to do selective wipe.

Developing mobile applications If you are currently developing mobile applications you will need to consider how you want to deploy those apps to the devices. Choosing an MDM solution that has a built-in Enterprise Apps store can provide you with an easy way to deploy apps to your users’ devices.

Wireless LAN or VPN access – Just about every mobile device out in the market has the ability to connect and use WiFi. Allowing devices to connect to corporate WiFi can cause additional headaches for an administrator (as I have personally experienced). When connecting mobile devices to the corporate WiFi account, the devices can have access to internal network resources such as SharePoint. If your SharePoint sites are using any type of integrated Windows authentication, users maybe prompted for their username and password when accessing these sites. This can cause some user confusion and unwanted help desk tickets because users are not aware that is this “normal” on non-Windows devices. Another concern with accessing the corporate network is that the devices now have the ability to access the Internet through your network. If you’re company uses a web filter, those filters may not work on the mobile devices, hence allowing your users to access non-business sites or stream Internet radio.

Demos and Proof of Concept

Once you’re ready to start evaluating software, I would recommend doing demos or Proof of Concepts with multiple vendors. Going through a Proof of Concept will weed out what you want vs. what you really need. Most vendors will allow Proof of Concepts or demos. Some good ones to start with include the following:

Keep in mind that even after using particular MDM software there may be a point in which you will need to switch to different software based on changing business needs. There are dozens of solutions out in the market from which to choose, and they all have their pros and cons that you’ll need to review based on your company’s needs and requirements.



Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (2)

2 responses to “Selecting the Right Mobile Device Management (MDM) Software”

  1. <p>Great contribution. We also went the same way when we introduced an MDM software. It takes a lot of time to find the right provider. After a lot of research and testing, we decided on the UEM solution from APPTEC360 because it convinced us with its functions, simple operation of the console, price and quality. Furthermore, the location (Switzerland) of the company was an important factor, as the security of the company data is higher.</p>

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: