Table of Contents
What is MDM and what do companies use it for?
MDM, EMM or UEM – what is the difference?
- Mobile Device Management (MDM)
- Enterprise Mobility Management (EMM)
- Unified Endpoint Management (UEM)
- Mobile Application Management (MAM)
- Mobile Content Management (MCM)
- On-Premise vs. Cloud Service
- Lifecycle Management
- Registration of users and devices
- Administrator
- Device management – Management of active mobile devices, BYOD, Inventory list.
- App management
- Email management
- Content management
- Device and data security
- Service and maintenance
- Automation
- Hybrid Work
- IT Services
- Warehouse, transport and logistics
- Health and care
- School and education
- Retail
- MDM for small and medium-sized enterprises (SMEs)
Management of different end devices / operating systems
- Apple
- Android
- Windows
- Other operating systems
What matters when choosing an MDM solution?
- Operating systems
- Application scenario
- Operating model
- Ease of use
- Price-performance
- MDM solutions
Mobile Device Management with AppTec
- Architecture
- Management console and setup
- Mobile device, app and content management
- Inventory and monitoring
- Security management
- Connection management
- Automation
What is MDM and what do companies use it for?
Mobile working is gaining popularity worldwide and will establish itself as an integral part of a hybrid working model: Many people will work on a variable number of days either in the office, in the home office or on the train or at the customer’s – in short: remotely. This is a statement we can all confirm from our own experience, but it is also supported by numerous experts (for example by Ifo Institute, by Shift Collective or ZEW Mannheim).
Mobile devices – essentially smartphones, tablets and laptops – will help employees stay in touch with colleagues, keep customers informed, access relevant company data and coordinate with business partners. The more diverse the working models, the wider the range of mobile devices that will be used in the hybrid working world – and the more important it will be for companies to be able to configure and manage devices from anywhere at any time. Mobile Device Management (MDM) solutions can take over this task.
Mobile Device Management is a software solution for the central administration of mobile devices. It gives administrators full control over mobile devices, apps and content, regardless of the operating system. One of the great advantages of MDM is that functions such as configuring emails or rolling out apps can be automated and thus performed much faster and more efficiently than with manual setup.
In this guide, we have compiled what MDM is, what it can do and what companies should look out for when introducing MDM. We hope to offer guidance to all who are looking for reliable information in the jungle of numerous terms, functions and not least the many solutions available on the market.
If you would like to learn more about MDM or about AppTec360 Unified Endpoint Manager, simply email to sales@apptec360.com or contact us on Tel. +41 (0) 61 – 511 – 32 10.
MDM, EMM or UEM – what is the difference?
The abbreviations EMM or UEM are often used in connection with MDM. Although the management of mobile devices plays a role in each of the three terms, they differ in the scope of functions. This can cause confusion for users, so here is a brief explanation of how the three terms differ:
The origin of the conceptual diversity lies in the development history of MDM: Until around 2012, mobile device management (MDM) was used exclusively to manage mobile devices. In the following years, manufacturers developed their solutions further and added functions such as the management of mobile apps, mobile content and mobile security features under the name Enterprise Mobility Management (EMM).
The latest functional enhancements relate to the management of stationary devices such as PCs and Macs. Today, the current term Unified Endpoint Management (UEM) stands for this. The terms Mobile Application Management (MAM) and Mobile Content Management (MCM) are also used rather rarely. However, they only stand for a sub-function of MDM.
MDM system operation
Basically, there are two ways for companies to operate a MDM solution: either on-premises, on servers in their own data centre, or as a cloud service via servers of a provider – usually this is the manufacturer itself. Access to the MDM application is then browser-based via an admin console on the internet.
Special offers such as lifecycle management, where the MDM is purchased directly with the device, make the use of such a solution even more convenient, especially for companies that want to use MDM primarily for the management of devices.
In order to start managing mobile or stationary devices, users and their devices must first be registered in the system. This can be done individually or as a mass operation. End users then receive a request to enrol their device in device management system. The enrolment process can be accelerated considerably via automated programmes, for example auto-enrolment, NFC, QR code, e-mail or SMS.
Now the administrator can view and control devices, apps and content from his console. He can have apps and device settings, as well as email or Wi-Fi settings, automatically updated remotely.
MDM advantages
Mobile working is gaining popularity worldwide. Currently, a hybrid model is gaining ground, with many people working partly in the office, partly in the home office and partly on the road – something on the way to the customer. Mobile devices create the necessary flexibility for this location- and time-independent work.
But as the number of mobile devices grows, so do the challenges and risks associated with their use. Without systematic control of mobile devices, companies lack an overview of how many and which smartphones and tablets are even in use – this makes controlled use impossible. The management of individual devices is inefficient when, for example, apps need to be updated or installed or mobile phone contracts need to be concluded. This not only leads to high costs, but also to a proliferation of applications and devices that may be used to access sensitive company data – and thus to dangerous security vulnerabilities.
The main advantage of a mobile device management solution is that IT can centrally manage and control devices, apps and content. The management tool can be used to restrict functions, set usage limits and monitor data access. With MDM, companies can gain an overview of all mobile devices, apps and data accesses in use. This not only enables them to manage more efficiently, but also to work more cost-effectively, for example by consolidating and optimising mobile contracts. Last but not least, the central control of mobile devices is a decisive security factor, because only in this way can compliance requirements be effectively enforced.
The main MDM deployment areas
Mobile device management solutions offer IT managers the advantage of centrally managing mobile devices, apps and content while ensuring the security of corporate data and the protection of personal data. The most important functions of an MDM solution are the following:
Device Management
- Centralized management of active mobile devices is the most original task of MDM. It is controlled via a web-based or app console, through which functions (such as device configuration) and, with many solutions, reports (such as frequency of data access) can be executed or retrieved.
- The managed devices can be – apart from company-owned – also private devices of the employees (keyword BYOD). These usually come from different manufacturers and are equipped with different operating systems and apps. With the help of MDM, the variety of BYOD devices can also be securely integrated and managed.
- When the mobile devices are enrolled into the MDM, all important device data is recorded. From this, an inventory list can be created via MDM, which provides an overview of all mobile devices in use in the company.
App Management
For companies, it is not only important to control the devices, but also their apps. That is why most MDM solutions also enable the control of apps throughout their entire lifecycle. This includes securing and configuring apps, usage restrictions and ideally the separation of private and professional apps.
E-Mail Management
Communication via email is one of the most important mobile applications in companies. Employees often exchange sensitive company information via email. MDM systems therefore have functions to secure (encrypt) emails and configure apps automatically.
Content Management
The ability to access certain content – such as documents or images – from outside is also playing an increasingly important role in mobile working. In this way, content can be shared or synchronized. In this context, MDM ensures that sensitive data is centrally available and stored securely. In this way, IT can prevent employees from using public servers to share company data and retains control over it.
Device and Data Security
The central management functions of an MDM make it easier for the IT department to reliably secure mobile company data and personal data. Many security features can be automatically assigned to devices and are part of a forward-looking security architecture. Device and data security features include:
- Configurations, such as browser settings or default WLAN access.
- Restrictions, such as blocking certain websites or gaming apps.
- Compliance and guidelines, such as guidelines for browser or app use or adherence to password guidelines.
Service and Maintenance
Mobile devices can also have malfunctions or defects; in any case, they require updates and upgrades at certain intervals. Using MDM, IT administrators can easily access mobile devices registered in the system remotely ag01nd carry out all necessary interventions from software updates to the installation of apps to the complete deletion of all data (in the event of a device loss).
Automation
With MDM, many administrative tasks can be easily automated. Automated functions include, for example, the configuration of device settings, the roll-out of apps, the separate storage of business data, the configuration of email and WLAN, but also the security of the devices and many others.
Areas of use of MDM
Hybrid Work
After several profound changes in the world of work in recent times, the classic on-site working model is now only one of several. Depending on the individual requirements of an organisation, employees will in future work in the office, on the production floor, at customer’s premises, while travelling or in a home office. In order for employees to continue to work productively in this hybrid work model, mobile devices and data will play an increasingly important role. For companies, this increases the requirements to create a secure and efficient working environment. MDM solutions will support significantly in this.
IT-Services
Mobile lifecycle management providers support their customers in controlling and managing their mobile devices throughout their entire lifecycle. For these service providers, MDM systems are the technical basis for providing customers with their services reliably and securely. The integration and configuration of new devices is highly automated, which relieves the IT department on both, provider and customer side, allowing them to concentrate on fulfilling their core tasks.
Warehouse, Transport and Logistics
When it comes to transporting goods of all kinds, mobile devices can make all the difference when it comes to reliable and punctual delivery. Mobile devices are not only used to communicate with colleagues, customers and partners. They also simplify receiving and tracking shipments as they move from point A to point B. MDM solutions make the supply chain more efficient: with MDM, mobile devices can be quickly integrated, easily controlled and automatically configured to comply with legal and corporate regulations. MDM solutions that include digital signage software also turn the smartphone into a product scanner. For this purpose, the applications on the mobile device can be reduced to one or few apps (single or multi-app kiosk) that the end user in the warehouse or in the transport vehicle needs for work, which makes smartphone use simple and secure.
Health and Care
Smartphones and tablets are also being used more and more frequently in the field of health care and nursing in order to have important information directly available to the patient or to plan mobile nursing missions. MDM systems enable medical staff of care institutions to have a constant overview of mobile devices and apps in use. Digital signage systems are also helpful in this environment. They make it possible to set up a dedicated work mode in which users can only access activated applications (multi-app kiosk). In this way, access to company data can be limited and makes it easier for less tech-savvy employees to use the device.
School and Education
With digital media, learning content can be conveyed in an exciting way and optimally tailored. Last but not least, learning with tablets promotes know-how in the use of this forward-looking medium. MDM solutions support teachers in schools and other educational institutions in managing the devices and content used simply and securely. The web-based Apple School Manager (ASM) is the central point of contact for the administration of Apple devices and the corresponding access to apps and content. Access to the ASM is particularly easy via an MDM. But Android devices can also be easily managed and controlled centrally via an MDM.
Retail
Informative and entertaining videos are well received by consumers in retail. Many shop operators therefore use digital displays on their sales floors to present this content attractively. To do this, they use mobile screens whose task is essentially to play moving images via software. With MDM solutions equipped with digital signage, digital advertising can be implemented easily and securely. As a rule, only one app is required for operation, to which access is restricted for the end user. As in the logistics sector, digital signage can also greatly simplify the receipt of goods in the retail sector as “scanning software”.
MDM for small and medium-sized enterprises (SMEs)
Small and medium-sized enterprises benefit particularly from the use of an MDM solution. This is because the size of the company is not the decisive factor in determining whether the use of an MDM solution is worthwhile. Rather, the purpose of use is decisive: In a small company with a handful of employees who each use a mobile device, the purchase of a device management software may not make much sense. However, if one of the employees uses the device to access highly sensitive data, the use of an MDM is almost mandatory. As a guideline for the decision, the higher the degree of use of the mobile devices and the more sensitive the data accessed, the more urgent the use of an MDM solution.
Management of different end devices / operating systems
With MDM, IT administrators can reliably control, manage and secure mobile devices of different operating systems in the most diverse usage scenarios. The scope of MDM functionalities depends on the product and manufacturer. The most important functions of an MDM include securing corporate e-mails, certificate-based security, automatic configuration, separation of private and corporate data, selective deletion (especially in the event of device loss) and many more.
Which operating systems an MDM supports also depends on the product and manufacturer. There are special MDMs for the management of Apple or Android devices, but also cross-platform solutions that also support Windows, for example.
Apple
To enable companies to deploy and configure iOS or macOS devices via MDM, Apple has developed the Device Enrollment Program (DEP). The programme enables the enrolment of Apple devices during setup via MDM without the need for a setup service or physical access to the device. In the supervised mode of the DEP, certain restrictions can be centrally stored during configuration. For this purpose, a DEP server is defined in the MDM, which legitimises itself via an Apple certificate. If the MDM also supports Apple User Enrollment, it is easier to manage BYOD devices and better protect the privacy of users.
Android
Google’s operating system also has a mobile device integration feature: Zero Touch Enrollment includes similar functionalities to Apple’s DEP. Multiple mobile devices can be provisioned, configured and managed simultaneously without physical contact, so that employees can use them immediately upon receipt.
Windows
In addition to mobile devices, many MDM systems can also manage PCs and laptops with the Microsoft Windows 10 operating system. Ideally, the manufacturer’s Windows 10 interfaces are used. Device integration takes place either via multi-enrolment using a CSV file or via Microsoft Auto Pilot. Once users and devices are registered in the system, Windows devices in a heterogeneous environment can be controlled centrally via a uniform management console.
Other operating systems
The operating systems from Apple and Android together cover 97.5 per cent of all smartphones. This means that all other operating systems – such as Windows, Ubuntu, openSUSE and others – are only of secondary importance in terms of numbers. In individual companies, however, these exotics may play an important role because the devices on which they are installed serve a special purpose: for example, in humid or dusty outdoor or production environments. Some MDMs also support these less common operating systems.
What matters when choosing an MDM solution?
There are many reasons for using MDM solution in a company. Mobile scenarios – and thus the purpose for using MDM – are different in every company, so each organisation must determine the advantages of MDM for itself.
Companies considering the introduction of MDM should first determine the status quo in the area of mobile devices and applications. Then it must be considered which functions should be restricted and for what purpose. The following criteria provide an initial orientation as to what is important:
Operating systems
Which mobile devices are to be managed by the MDM? Are they smartphones with Apple or Android systems? Then most MDM systems on the market are eligible. Or are you planning to use Windows devices? Check whether the MDM of your choice can be used for this system.
Deployment scenario
What is the mobile scenario for which MDM is to be used? Is it primarily about the administration of a large number of devices or about securing mobile data? Who uses or manages the devices, and with how much IT experience? Above all, these and other key data of the deployment scenario determine how the mobile device is to be configured and how functions are to be restricted.
User-friendliness
The acceptance of software stands and falls with its user-friendliness, and this is no difference to MDM. The user experience should not be affected by MDM and the application should only run in the background (as long as no restricted functions are controlled). The solution should also be deployable without training and easy and intuitive for users to use. Therefore, take the time and have the MDM tested for usability by test users from different areas in your company.
Price-performance
The costs are one of the most important criteria for or against the purchase of a MDM solution. The actual fees for a MDM software licence are determined by the manufacturer’s pricing model. Billing is usually based on the subscription model, for example payment per month and device. It is important to consider all costs incurred and to compare all purchased or booked services.
MDM solutions
There are now numerous manufacturers offering MDM solutions under different names, depending on the focus of the software – from simple device management to comprehensive endpoint management solutions.
Mobile Device Management with AppTec
With the AppTec360 Unified Endpoint Manager, you have a modern UEM solution with which you can manage mobile devices, apps and content, but also stationary devices such as PCs and laptops, centrally, efficiently and securely. AppTec360 also covers complex MDM scenarios, but is simple and extremely user-friendly. The functionalities of AppTec360 Unified Endpoint Manager go far beyond the scope of conventional MDM software, as the following feature descriptions show:
Architecture
As a multi-tenant solution, the AppTec360 Unified Endpoint Manager allows the independent, parallel management of devices, for example in several subsidiaries. For cloud use, only a registration is required, the on-premises implementation is carried out via a supplied appliance. To create large user groups, own directory structures can be easily read out via LDAP. Software and configurations can be installed by the IT administrator in the background “over the air” (push), or the user can request the installation of a specific app (pull).
Management console and setup
Administrators operate the AppTec360 Unified Endpoint Manager via web-based management console or via app. When designing the dashboard, emphasis was placed on intuitive usability and easy handling of the console, which also and especially proves its worth in complex MDM scenarios. The solution can be used without any school effort and the setup is also easy to perform – either in the cloud by simply registering or, for the on-premises version, via an appliance for which only the virtual machine needs to be downloaded and installed.
Inventory and monitoring
Thanks to the inventory and monitoring function, AppTec360 Unified Endpoint Manager gives you a better overview of devices and applications as well as their use: both, device and app data can be retrieved and managed as an inventory list. Additional reports – for example, on the devices added or the mobile network providers used – enable the monitoring and optimisation of devices and apps, but also of contract conditions.
Security Management
Mobile email management incl. PIM
The AppTec360 Unified Endpoint Manager includes comprehensive security functions, such as encryption of e-mails and communication between client and server, white- and blacklisting of websites and apps, separation of private and business data on the device, central access for deletion of data or locking of the device in case of theft or loss. In addition, functions for backing up and restoring data and configurations are available. The option to set policies – for configurations, passwords, etc. – creates additional security.
Connection Management
With AppTec360 Unified Endpoint Manager, you not only define which network connections users are allowed to use to access corporate data; you can also configure additional policies for WiFi, VPN and APN (for example, password or user name defaults). With the AppTec VPN data traffic can be protected and controlled very easily. Hurdles – such as firewalls, complex VPN servers or compatibility problems – that often occur when using external VPN solutions – are eliminated.
Automation
To ensure that processes run reliably, consistently and, above all, faster, numerous functions can be automated with AppTec360 Unified Endpoint Manager, such as the configuration of e-mail, separation, company and private data, integration of company structure (via LDAP), complete or selective deletion of data, certificate-based security, sending of push notifications and many more … The entire enrolment process can also be automated and triggered, for example, via SMS (included in the AppTec SMS Device Enrollment Package) or with methods such as auto-enrolment (via CSV), NFC, QR code or email.
If you would like to learn more about MDM or about AppTec360 Unified Endpoint Manager, simply write to us at sales@apptec360.com or contact us on Tel. +41 (0) 61 – 511 – 32 10.