The Secret Security Wiki

Categories

Home > Wikis > Network Architecture > Mobile Device Management

Categories

Mobile Device Management

Mobile Device Management (MDM) is a category of technology solutions that helps organizations manage large numbers of diverse user devices connected to the corporate IT environment in a consistent, scalable and cost-effective way, giving users the flexibility to use the devices of their choice to get their work done. Using MDM, IT administrators can control, secure and enforce policies on smartphones, tablets and other endpoints. With the help of MDMs, companies can reduce support costs and business risks.

MDM is a core component of a larger category of solutions called enterprise mobility management (EMM), which also includes mobile application management, identity and access management and enterprise file sync and share. The intent of MDM is to optimize the functionality and security of mobile devices within the enterprise while simultaneously protecting the corporate network.

MDM was initially developed to help secure mobile device access to corporate networks, resources, and data. The basic idea was to provide secure container on the user’s mobile device using cryptographic techniques and ensure that corporate data is effectively segregated from user’s personal data. MDM ensured that corporate data such as email, documents, and enterprise applications are encrypted and processed inside the container. Once deployed, MDM can restrict the moving of data in and out of the secure container, so corporate data is always in a controlled environment.

More recently, MDMs began managing other classes of devices, including computers and IoT devices.

The bring your own device (BYOD) trend has been a significant driver for the adoption of MDM solutions, as MDM lets corporations provide employees with access to their networks using a device of their choice, whilst managing these devices remotely with minimal disruption.

MDM solutions are typically deployed as a combination of an on-device application component to enforce policies and a backend component for managing devices and policies, and pushing out updates. The backend service component sends out the management commands to the mobile devices. The on-device application receives and implements the management commands. In some cases, a single vendor provides both the client and the server, while in other cases the client and server come from different sources.

  • What is the purpose of mobile device management (MDM)?

    Mobile Device Management (MDM) is a technology solution that helps organizations manage a large numbers of diverse user devices connected to the corporate IT environment in a consistent, scalable and cost-effective way, allowing users the flexibility to use the devices of their choice to get their work done.

  • What is Apple mobile device management?

    Apple Mobile Device Management (MDM) is a protocol that provides system administrators with a means to send device management commands to managed iOS devices running iOS 4 and later, macOS devices running macOS v10.7 and later, and Apple TV devices running iOS 7 (Apple TV software 6.0) and later. Through the MDM service, an IT administrator can inspect, install, or remove profiles; remove passcodes, and begin secure erase on a managed device.

    MDM uses the Apple Push Notification Service (APNS) to deliver a “wake up” message to a managed device. The device then connects to a predetermined web service to retrieve commands and return results.

  • What is Open Mobile Alliance (OMA)?

    The Open Mobile Alliance (OMA) is a body that develops open standards for the mobile phone industry with the purpose of facilitating mobile service interoperability worldwide. OMA membership includes approximately 200 organizations, including mobile operators, device/network suppliers, IT organizations and content providers.

  • What is OMA Client Provisioning?

    Open Mobile Alliance (OMA) Client Provisioning (CP) is the process by which a Wireless Application Protocol (WAP) client is configured with minimal user interaction. The term covers both over the air (OTA) provisioning and provisioning by means of, e.g., SIM cards. The WAP provisioning mechanism leverages the WAP technology whenever possible. This includes the use of the WAP stack as well as mechanisms such as WAP Push.

  • What are the main features of Mobile Device Management?

    Core functionality provided by MDM solutions includes:

    • Managing an inventory of devices.
    • Ensuring that diverse user devices are configured to a consistent set of standards and corporate policies and are running a supported set of applications.
    • Updating devices, applications, and policies in a scalable manner.
    • Ensuring that users use applications in a consistent and supportable manner.
    • Ensuring that devices perform consistently.
    • Monitoring and tracking devices (e.g. location, status, ownership, activity).
    • Being able to efficiently diagnose and troubleshoot devices remotely.
    • Remote wipe of corporate data; remote wipe of entire device; remote device locking.

  • Can Mobile Device Management solution be implemented on premise and in the cloud?

    MDM solutions can be deployed on premise or in the cloud. Their ability to interact with managed devices remotely, through mechanisms like OTA updates, mean that they can also work well when used as a SaaS solution.