Top 11 Needs and Wants for MDM
Updated: Sep 9
Managing a mobile device ecosystem can be difficult, and only gets harder as you add more devices. According to the 2021 Verizon Mobile Security Index, 23% of companies suffered a mobile-related security compromise last year. As many companies transition to remote or hybrid work models, it is more important than ever to evaluate your mobile needs.
Most wants for managing and securing company mobile devices are resolved by implementing a new mobile device manager (MDM) or ramping up your current MDM, but some mobile needs are better served with other types of products. Before you decide on a solution(s), it’s important to understand what’s out there. Our Top 11 covers some of the main mobile device management capabilities that our clients ask for, and the recommended products that solve for them.
1. Simplified, consistent provisioning
Between enterprise sign in, application installations, passcode setup, and more, MDMs can streamline deployment to automate initial device configuration for your end user. Pair the MDM with a Zero-Touch Enrollment Program like Apple Business Manager, and the enrollment can occur right in the setup wizard when your end user turns on the phone, which forces users to complete enrollment.
2. Ensure policy compliance
It’s essential that the policies you care about are enforced on company-owned devices. MDMs can ensure that your devices are running the latest operating systems, lock out phones that have been modified with “root” privileges, enforce a complicated front screen passcode and more. With the right provider, compliance can also be leveraged for employee-owned devices. While they might not be able to tell employees who bring their own devices that they “must have a front screen passcode,” they can instead say “if you do not have a front screen passcode, then you cannot have access to any company resources.”
3. Consolidated device inventory
In order to manage any mobile ecosystem effectively, you must have a clear view of all devices across your organization. Your MDM should be able to provide insight into the total number of devices you own, along with the make, model, and software installed on each device. If the MDM you choose is a Unified Endpoint Manager (UEM), they may also be able to manage and consolidate non-mobile devices like computers, routers, and servers.
4. Remote wipe
If a device is ever lost or stolen, you need to ensure that company data is not compromised. The best way to do this is to remotely wipe the device to remove all sensitive information and company data. MDMs have a variety of device-level commands that can help your help desk manage and wipe your mobile devices remotely. In addition to remote wipe capabilities, providers can also reset front screen passcodes, push applications, and even selectively wipe off information distributed by the MDM (while preserving end user data).
5. Enhanced traffic and data monitoring
Curbing carrier expenses and managing productivity are common requests that unfortunately are not really possible with MDM. We can put in some draconian measures to try and address the issue, but in most cases, these work arounds will impact everyday work functions. For example, we could try to block every single application that could possibly be used for personal use, but most businesses cannot afford to block web browsers like Safari or Chrome. In other words, we could block the Netflix application with MDM, but there is nothing stopping the user from visiting Netflix on their web browser instead. There are other (DNS-based) genres of solutions out there, called Mobile Endpoint Protection, that can solve this issue better by monitoring carrier data usage and web traffic with granular scrutiny. Consider a product like Wandera or Asavie to managed web traffic and monitor data usage.
6. Remote view / remote support
Remote view and support allows you to offer technical support and even control devices from afar. However, it's important to note that iOS only allows remote view, while full remote control is only possible on Android. Both options can enable your help desk to take their support to the next level, offering a white glove experience for end users. Remote view/control is a great differentiator between MDMs. Some will support it natively, while others opt to build out integrations with third-party Remote Desktop Support products like TeamViewer. If this capability is important to you, check with potential providers to find out if they offer it and how it can be used.
7. Monitoring, alerting, and reporting
Don’t have time to check in on your devices routinely? Not a problem, many MDMs allow you to setup compliance-based alerts to notify you when something needs your attention. Reported data is also available for auditing or can be used to plan projects. Most MDMs will allow you to export your device inventory with different criteria displayed. Additionally, you can use device models to plan out a mass device refresh, or sort by user to see if any end users have more devices than they need.
8. Data leakage prevention (DLP)
Many MDMs have several features to help curb data leakage prevention, allowing you to: block screenshots, prevent copy/paste out of high security applications, and even block the use of risky third-party keyboards. If DLP is a major concern for your company (possibly for a specific certification), we recommend utilizing MDM in conjunction with a more dedicated DLP product like Endpoint Protector, or Symantec DLP. For use cases that are not compliance-driven, MDM will likely take care of most of your DLP needs.
Company data and applications issued by the MDM will even be grouped separately from their personal data and applications. This manifests in different ways. On Android, this is made obvious visually with a whole separate app tray for work apps. On iOS, they are presented together on the home page (despite the data still being stored compartmentally). Company data can be removed by the MDM at any time, without impacting the end user’s personal data.
10. Enhanced device security
Will MDM make my devices more secure? It can. Ensuring your devices have a front screen passcode is a great start, and data leakage protection options help as well. MDM will help secure your device, but it does not do a whole lot to secure against your end users’ actions on that device. Consider utilizing a Mobile Endpoint Protection product to prevent Phishing attacks, block risky network connections, block third-party application downloads, and more. Wandera or Asavie are two great options.
11. Location Tracking
Location Services is a feature protected by privacy policies, so an end user can turn off their location services at any time, preventing the MDM from tracking the device. If you desire to see where a device traveled over a given time period, Fleet Management Software like Emkay and Rhino are specifically dedicated to that function. That being said, most users keep Location Services switched on for their own GPS navigation, and as long as they do, the MDM will allow you to track a lost device or check in on a device in real time.
The Bottom Line
MDM is a versatile solution that acts as a baseline for managing mobile devices, as nearly every MDM product can support basic, if not intermediate device management needs. If you have a specific need for web traffic monitoring, carrier data management, DLP, enhanced device security, or location tracking – MDM will get you part of the way there. If any of those functions are highly important do your business needs, we recommend using another solution in addition to your MDM. LINQ is a managed service provider that specializes in corporate cellular, so don’t hesitate to reach out if you need help evaluating and selecting an MDM provider.