Chapter 1: What is MDM software?
MDM stands for Mobile Device Management — a category of software tools that organizations of all sizes use to monitor and protect their devices. For some, it could mean managing employee devices on a company network. For others, it could mean managing business-critical devices like kiosks or point-of-sale. There’s no such thing as a one-size-fits-all MDM solution, and each device management scenario needs to be evaluated individually.
And that’s an important distinction: MDM is not the same as “managing devices.” One is a software tool (MDM), and the other is an action (device management) that can be done using an MDM tool. It’s no longer just about mobile phones — MDM software has become a blanket term for all different kinds of device management.
Mobile device management explained
In the modern sense, mobile device management is generally one part software and one part hardware. The MDM software is used to manage the hardware — you can’t have one without the other in scenarios with managed devices. Mobile device management software utilizes security policies to protect crucial data and other content, as well as protect devices from malicious software (malware), ransomware, or other attacks. This is mobile device management as a service, which uses a cloud-based SaaS (software as a service) model as opposed to the more outdated on-premises model.
MDM services commonly support a variety of operating systems, including Android, iOS, Windows, macOS, and (in some cases) Linux. There are also OS-specific solutions that may integrate more tightly into the platform in which they’re designed to work. The first MDM offerings were specifically for mobile devices (i.e., not desktop computers), which led to the creation of other types of management software, like MAM (Mobile Application Management), EMM (Enterprise Mobility Management, and UEM (Unified Endpoint Management).
Types of MDM software: MAM, EMM, and UEM
As more types of devices are adopted by organizations, the need for more advanced management tools was born. Here’s a quick breakdown:
- MAM: Mobile Application Management. This is used to secure, update, and monitor applications on devices.
- EMM: Enterprise Mobility Management. This is a more robust MDM designed for enterprise users. Think of it as MDM + MAM.
- UEM: Unified Endpoint Management: This was originally designed to manage computers and company networks. Today, most UEMs also support mobile devices.
That is years of evolution distilled down to just a few bullets. Modern MDM usually covers all of these subcategories, and you’ll often hear them used interchangeably.
* – only basic functionality is supported
Features of MDM software
By now, you have a general understanding of what MDM software is designed for. And while MDM technologies will vary in complexity, there’s still a general set of features you can expect to find across most solutions.
- Device tracking: Keeping track of company assets is important, especially when those assets contain critical information. Geolocation is a core part of an MDM solution, and some also offer geofencing (a feature that can send alerts, lock down devices, or even reset them if they leave a specific geographical area).
- Remote configuration and compliance policies: Setting specific security policies and device configurations are cornerstone features of MDM software. Organizations should not only be able to apply these configurations when setting up devices, but they should also be able to modify and update these settings remotely.
- Application and content management: In order to protect important company information, application control is important. That might mean setting a safelist for app installs, a blocklist of apps that users can’t install, the ability to remotely remove applications in case of a data breach, or any combination of the above. The same applies to content management — files and whatnot.
- Data security: With certain policies, MDM software can enforce VPN connections, hard drive encryption, require secure passwords, or even disable certain login methods (like PIN, for example).
- Remote diagnostics and basic health monitoring: For off-site devices, remote diagnostics are crucial. Many MDM companies offer remote maintenance tools to update software, troubleshoot problems, reboot devices, and more.
Where MDM starts to fall short
While knowing what you can do with an MDM solution is a good starting point, knowing what you can’t do with most MDMs is probably even more crucial. Here are a few things that the vast majority of MDM providers don’t offer.
- Advanced troubleshooting and debugging: Most MDM platforms offer basic troubleshooting and health monitoring, but they lack advanced troubleshooting, telemetry, and debugging. You’ll need someone onsite for anything more than the most basic diagnostics.
- Granular app version control: If you need multiple versions of the same applications running across a variety of devices, you’re out of luck with most MDMs. For example, suppose you have older devices that aren’t compatible with a newer version of an application. In that case, you can’t simply keep the older app on those devices while upgrading the others to a more recent version.
- Dynamic grouping and custom configurations: Not all corporate devices are the same or used in the same way, but most MDMs don’t allow you to categorize devices in ways that make sense. This makes it hard to manage a variety of devices for different purposes.
- Remote deployment: With many MDMs, you have to prepare the device before deploying it to the remote location, which can dramatically slow the deployment process.
Going beyond MDM software
While it’s easy to describe the Esper platform as MDM (given the ever-evolving definition of the term), it’s also not entirely accurate. We offer a full suite of MDM features, but our platform was designed from the ground up to do things MDMs usually don’t. Things like:
- APIs and SDK: Sure, we have a console with a friendly and easy-to-use interface, but we also offer access to APIs that allow you to do even more. For example, if you need pipelines with more than three stages, you can do that with our APIs — limitless pipelines, in fact. And that’s just the tip of the iceberg.
- Automation: A core part of DevOps platforms is automation, which normally stops with software rollouts. That didn’t make much sense to us, so we invented DevOps for devices. Automation is a cornerstone of device deployment with Esper — from remote deployment to automated app rollouts, we can do it.
- Full device software stack: When you need to do more than just push a few apps or files to devices, you need a full stack solution. We offer full control, including remote access, geofencing, app version control, and much more.
- Integration with developer tools: We rely on the power of Android for many reasons, but the robust and ubiquitous developer tools is one of the big ones. Whether you’re looking to build specific features in your custom AOSP operating system or just want to use ADB remotely (and securely!), we can do it.
- Remote configuration and deployment: No one wants to fly halfway across the country just to configure new devices, and configuring at HQ and shipping to the deployment location isn’t much better. That’s why we offer fully remote deployment and configuration of dedicated devices. You’ll never have to leave home again (OK, maybe not never).
- Secure remote diagnostic and debugging tools: When things go wrong, you’ll be able to manage exceptions with our diagnostic and debugging tools — all remote and completely secure.
- Advanced telemetry: If you want to know what’s going on with any device in your fleet, you can with our telemetry tools.
- Granular grouping: Making blanket changes to your device fleet doesn’t make sense without proper testing, which is why we offer powerful device grouping. You can start with a test group, then push into larger groups by device type, location, operating system version, and more. Grouping is completely customizable, and you can have as many groups as you need.
There are a specific set of devices that benefit from this type of management and level of control. They’re called dedicated devices, and it’s what Esper specializes in.