What is MDM: Everything You Need to Know About Mobile Device Management
Digital devices are everywhere in modern businesses — everything from customer-facing devices like kiosks and digital signage to critical management tools like tablets, smartphones, and laptops. Tech-first companies need a way to manage and track these devices, but they also need to scale and grow quickly. That’s where MDM comes in.
What is MDM?
MDM stands for Mobile Device Management — a category of software tools that organizations of all sizes use to monitor and protect their devices. For some, it could mean managing employee devices on a company network. For others, it could mean managing business-critical devices like kiosks or point-of-sale. There’s no one-size-fits-all MDM solution, and each device management scenario needs to be evaluated individually.
And that’s an important distinction: MDM is not the same as “managing devices.” One is a software tool (MDM), and the other is an action (device management) done using an MDM tool. It’s no longer just about mobile phones — MDM software has become a blanket term for all different kinds of device management.
Overview and Key Features of Mobile Device Management Tools
In the modern sense, mobile device management is generally one part software and one part hardware. MDM software manages the hardware — you can’t have one without the other in scenarios with managed devices. Mobile device management software utilizes security policies to protect crucial data and other content, as well as protect devices from malicious software (malware), ransomware, or other attacks. This is mobile device management as a service, which uses a cloud-based SaaS (software as a service) model instead of the more outdated on-premises model.
Modern MDM features include a number of core tools for remote management, asset tracking, and more. Some common examples include:
- Remote configuration, control, and troubleshooting: On-prem management options don’t work for modern organizations, so remote tools are commonplace among MDM software providers. The level at which these tools are available will vary between vendors, but at the bare minimum, you should expect a way to remotely configure and monitor devices.
- Device tracking: Nearly all modern digital devices have a location-based feature, which is crucial for asset management and tracking. With a good MDM, you can pinpoint where any device in your fleet is at any given moment.
- Application and content management: As the needs we place on devices grow, managing on-device content is crucial. App distribution and content management tools are paramount — and we’re not just talking about slapping an always-on app store on the device. Granular tools to protect devices from unauthorized installations and downloads are part of the package, too.
- Health monitoring: Asset tracking is just one part of the picture when it comes to monitoring devices — you also need insight into how those devices perform. Detailed telemetry data can give insight into device health, including performance, battery, and more. This allows you to spot potential issues before they become problems and optimize your devices based on usage stats.
- Operating system (OS) update and security patch management: Similar to app and content management tools, a way to granularly control system updates and security patches is important. This allows you to schedule updates for off-peak hours, ensure your devices are always running the latest security patches, and more.
While this is far from an exhaustive list, it’s a great starting point when evaluating MDM providers. But, as with most things, it’s far from the only consideration you need to make. MDM services commonly support various operating systems, including Android, iOS, iPadOS, Windows, macOS, and (in some cases) Linux. OS-specific solutions may integrate more tightly into the platform in which they’re designed to work.
It’s important to consider your specific device management needs and explore options that encompass the many facets of MDM as a whole.
Types of Device Management Tools: MDM, MAM, EMM, and UEM
The first MDM offerings were specifically for mobile devices (i.e., not desktop computers), which led to the creation of other types of management software, like MAM (Mobile Application Management), EMM (Enterprise Mobility Management), and UEM (Unified Endpoint Management). As organizations adopt more types of devices, the need for more advanced management tools was born. Here’s a quick breakdown:
- MAM: Mobile Application Management. This is used to secure, update, and monitor applications on devices.
- EMM: Enterprise Mobility Management. This is a more robust MDM designed for enterprise users. Think of it as MDM + MAM.
- UEM: Unified Endpoint Management: This was originally designed to manage computers and company networks. Today, most UEMs also support mobile devices.
- MDM: Mobile Device Management. This was originally designed for employee smartphones on company networks but has since branched out to cover nearly all types of digital devices, like tablets, computers, and more. The term “MDM” is often used as a blanket term to cover all other types of management software, like MAM, EMM, and UEM.
Here’s a chart that breaks down MDM, MAM, EMM, and UEM. When looking at it, keep in mind that we’re focusing on the traditional aspect of MDM here. Modern MDM encompasses nearly all of these components, but it’s still important to note the historical distinctions!
* - only basic functionality is supported
Common Components of MDM Software
Not all MDM software is created equal, but there are some foundational components you should find across every device management provider worth its salt. Technology stacks will vary across different providers and software tools, and the depth of each feature could also change from service to service, but this is the “if they don’t have it, run away” list. Ya feel me?
- Device provisioning: It’s impossible to provide MDM tools without proper provisioning. In the simplest terms, device provisioning is defined as “setting up a device to work in a specific manner.” The depth in which you go to achieve said status can be as shallow as tweaking a few settings or as intricate as replacing the entire operating system. Either way, every MDM service out there will offer a way to provision and onboard (or enroll) the device to its platform.
- Policy management: In MDM terms, policy management is the ability to define, enforce, and manage rules and configurations across mobile devices. This means you can set policies and enforce them according to organizational standards and security hygiene.
- Mobile security: This goes hand in hand with policy management but deserves its own point because robust mobile security is about more than just policy enforcement. Strong device security starts with your MDM and the security practices it adheres to, so ensure you thoroughly audit key considerations when evaluating providers.
- RBAC: Role Based Access Control (RBAC) is a crucial feature that allows your MDM provider to scale with your business, as it allows for simpler account management by granting users customizable access according to their role. Specific roles will vary according to each service, but even pre-set roles are table stakes.
- Reporting and analytics: Despite the name, device management is about more than just managing devices. It’s also about getting proper information about those devices — usage statistics, health info, geolocation, and all that good stuff are part of the package, too. This type of information is vital to a healthy, scalable device fleet.
That’s yet another starting point – the types of devices you’re managing and what they’re used for will play a big part in determining what features you need from your MDM. For example, the needs of BYOD (Bring Your Own Device) and COPE (Corporate Owned, Personally Enabled) organizations will vary dramatically from the needs of COBO (Company Owned, Business Only) and COSU (Company Owned, Single Use) devices. And that’s where we get into the nitty gritty of MDM intricacies.
Types of Devices MDM is Designed For
When managing mobile devices, there’s no shortage of options. But it all starts with what type of devices you need to manage according to your business model. And in many cases, your needs may overlap. Here’s a quick breakdown of each before we dive into the specifics:
- BYOD: Bring Your Own Device. This is for organizations that allow employees to use their own devices but still need a way to protect corporate data. BYOD is most commonly used on smartphones, tablets, and laptops.
- COPE: Corporate Owned, Personally Enabled. The company officially owns these devices but allows employees to also use them for personal use. You’ll commonly see COPE uses on employer-issued smartphones and laptops.
- COBO: Corporate Owned, Business Only. This is for company-owned hardware that is exclusively used for business purposes. You’ll find this on things like office computers.
- COSU: Corporate Owned, Single Use. This class is also called “dedicated devices” — these are similar to COBO devices, but they have a single, distinct function and never deviate from that functionality. Think POS systems or smart barcode scanners here.
The last two types of device management are also called “fully managed,” meaning the organization owns, operates, and manages these devices.
BYOD and COPE: The Backbone of Device Management Software
As mentioned earlier, MDM software started as a way for organizations to manage smartphones — namely in a BYOD scenario. This was when portable devices started to take off, and people were using them more and more for work (remember Blackberry?), so companies needed a way to protect their sensitive data. Traditional MDM was born out of the need for a way to control that data on BYOD devices.
As digital devices started to proliferate across businesses, COPE was also born. The company owns these devices, but they’re not locked down or heavily restricted, so employees can use them for personal and business use. Company-issued smartphones and laptops are ideal candidates for COPE environments, but tablets also fit the bill.
COBO and COSU: Modern Devices Require Modern Tools
There will always be a need for MDM providers that service BYOD and COPE organizations, but this type of device management software simply isn’t ideal for business-critical devices. The always-on, business-first hardware that many modern organizations rely on requires a different approach to management than BYOD or COPE. Thus, MDM providers that service COBO and COSU devices were born.
These devices transcend traditional MDM services because they’re owned by the business, used by the business, and focused on the business. They’re never personally enabled and typically only run a single or small number of applications. Interestingly, there can be dramatic overlap between the types of devices found across all four device management categories.
For example, smartphones are increasingly common in COBO and COSU environments, as they’re incredibly versatile. Laptops and tablets also fall into both of these categories as well. Where you start to see more deviation is hyper-specific hardware that is purpose-built and business-critical. We’re talking about things like POS systems, digital kiosks, digital signage, and more. These are all perfect examples of COBO and COSU devices.
This is the type of device management that Esper specializes in. The always-on, hyper-connected devices that businesses rely on.
As mentioned above, many businesses rely on multiple types of device management services, as they have BYOD or COPE needs and COBO and COSU. They have employee devices and business devices. Never the two shall meet. Because why would they? They have dramatically different purposes.
This is exactly why different types of device management exist. And the benefits across all of them are pretty easy to pinpoint.
Benefits of Mobile Device Management Software
It’s hard to overstate the importance of Implementing a cohesive device strategy with a strong device management partner. There are a multitude of benefits here, especially in an age where digital devices are everywhere (and spreading). Here are some top reasons to adopt an aligned device management strategy.
- Centralized management tools: When everything is in one place, it makes life easier. With the right device management service, you can monitor every aspect of your device fleet from a single pane of glass — everything from usage metrics to remote diagnostics. Boom, baby.
- Enhanced security: Full control means just that — control. Not just over the devices themselves but the update strategy, patch management, and more. All these things collectively make for a more secure system, which is more important than ever.
- Remote monitoring, configuration, and troubleshooting: Seeing what your devices are doing from afar is one thing, but reacting to those things is a different story altogether. A strong MDM solution will allow you to address both aspects — monitoring first and troubleshooting second. All without leaving your desk.
- App and content management: In the modern device scene, apps and content make the world go ‘round. Because of that, you need control of those apps and the content. The ability to change or modify content on the fly and control app distribution — even down to specific app versions — is more important than ever.
- Compliance and reporting:A proper device strategy is the opposite of set-and-forget. You also need a way to gather reports about device activity, gain real-time alerts when things exceed set parameters, and do deep audits of device health. And when things are askew, quickly getting them back into compliance with drift management is a must.
Having a device strategy that doesn’t involve robust, reliable management simply doesn’t work — you need both to utilize your hardware most effectively. Of course, there are two sides to every coin.
Challenges of Mobile Device Management Software
For all its benefits, several challenges are associated with implementing an MDM solution. Often, you can mitigate these with the proper approach, but you need to consider and adjust for it on the front side. With that, here are a few things to chew on before you dive in.
- Device diversity and scalability: The more device types you have, the more flexible your MDM solution needs to be. Managing a fleet of 100 tablets is pretty straightforward, but that can quickly change if you try to implement a new device type (or, in some cases, even a different brand of tablet!). Having a solution that fits your needs now and in five years can be challenging.
- Migration from other MDMs: This goes hand-in-hand with the above point — if your current device management solution is lacking, you’ll need to switch to another. This is often laborious and time-consuming.
- Implementation and adoption: Onboarding a new device management tool can be tough on its own, and that’s before you even get to the user adoption aspect. As with anything new and seemingly different, there will always be resistance from users. You’ll need to decide on a way to encourage adoption ahead of time in order to maximize the ease of transition. Good MDM providers usually offer onboarding and enablement to help with the transition.
- Integration: Again, MDM goes beyond just your device and the users. Third-party software and peripherals also need to play nicely with your chosen device management solution, which sometimes doesn’t even hit the radar until it’s too late. That’s why it’s a good idea to inventory all of your software and peripherals ahead of time. You can thank us later.
- Security compliance: That’s a double-edged sword, huh? On one hand, you get enhanced security from a strong MDM. On the other, this enhanced security can be problematic by hindering device capabilities or limiting access to resources. Sure, security is as tight as it can possibly be, but at what cost?
Good device management is a balancing act. You want tight security, but users also need to be able to do what the device was intended for. You want to scale easily, but don’t want to pay for more than you need. You need to quickly implement a reliable MDM solution, but don’t have to get it right the first time. We get it. It’s hard — and we’ve seen it a lot.