If you have a work phone, you probably have mobile device management (MDM) software installed.
You may not know about it, but it’s there.
Intended for IT departments to manage installed software, usage, internet access, and tracking, MDM tools may seem to be a privacy infringement.
However, the main purpose is to protect the hardware asset, along with data stored and accessed via the device.
Want to know more about MDM? Here’s what you need to know about the tools that let your employer’s IT department manage your phone.
What Does MDM Mean?
MDM is an acronym of Mobile Device Management. This is a type of remote asset-management software that runs from a central server.
If you use a mobile phone, tablet, or other portable that has been assigned to you buy your employer, it will have MDM software preinstalled. This means that your employer can remotely administer the device, covering things like updates and tracking lost devices.
Meanwhile, if you don’t have a work phone but try to enroll your own phone on a workplace network, you may be required to install MDM client software.
MDM software has been in use for years, in various forms. For example, you may recall or have heard of the BlackBerry phone, popular in the workplace between 1999 and 2016.
BlackBerry system administrators used BlackBerry Enterprise Server, which pioneered various MDM features, most of which are still in use today.
Is MDM the Same as EMM and UEM?
Other acronyms are in use that cover similar purposes as MDM. Most prominent among these are EMM and UEM.
Enterprise Mobility Management (EMM) is an earlier incarnation of MDM, popular before the spread of Bring Your Own Device (BYOD) initiatives from 2010 onwards.
Meanwhile, Unified Endpoint Management (UEM) is different, focused on static devices. Think printers, desktop computers, IoT hardware, projectors, routers, network switches, displays, and anything else that is bolted down or fixed to a wall in your workplace.
What Is MDM For?
The main purpose of MDM is to ensure mobile devices—mainly phones—are secure and viable. This covers everything from ensuring only approved software is installed, to managing web access.
If you’ve noticed restrictions in how your work phone can be used, then MDM software is installed. Usually you can’t tell, but things like complicated passwords assigned by your IT department, apps specifically for your employer, splash screens with the organization logo, and instant messages from the IT administrator all indicate a phone with MDM software installed.
Who Uses MDM Software?
All the time you use your work phone, you use MDM software. But that is client software, over which you have little or no control.
The full Mobile Device Management software is being overseen by a system administrator. It is typically installed on a server, utilizing a protocol issued by the Open Mobile Alliance (OMA) to communicate with devices.
OMA Device Management is supported on current smartphone operating systems, and can also be used on PDAs (like those used by couriers), tablets, and laptops.
A named system administrator will be specifically responsible for managing MDM-connected devices and applying security and usage policies. In addition, lower pay grade colleagues will typically interact with the MDM administration software on a day-to-day basis.
7 Common Features of MDM Software
Hopefully you’ve recognized that there is MDM software on your phone. But what does it actually do? Here are seven things you can expect MDM software to facilitate:
- Easy enrollment: this typically uses an onboarding portal, automating sign-up and reducing involvement by IT technicians
- Pre-defined profiles for quicker onboarding: this streamlines email account creation, internet access, file server access, etc.
- Mobile security framework support: Samsung Knox and Android Enterprise ZTE for Android hardware, Apple DEP for iOS
- App management: administrators will be able to control access to apps based on an organization’s security policy
- Device feature control: hardware can be restricted, such as device cameras, or even connections to insecure Wi-Fi networks
- Kiosk mode: ability to limit the device so only one or two predefined applications may run
- Device location management (GPS) and remote wipe: lost or stolen hardware can be remotely wiped
Administration is usually performed using the MDM platform’s admin software user interface. However, browser-based administration is increasingly common, enabling remote management for work-from-home IT agents.
5 Mobile Device Management Systems You Might Have Encountered
Various MDM systems are in use, although most businesses will use only one (unless they have legacy reasons, such as a department having been recently acquired).
Here are five MDM systems your employer might be using on your work phone.
Suitable for Android, Apple, and Windows device management, is primarily designed for securing devices and data. Confidential data can be encrypted, personal and business use separated, and unwanted applications blocked. Statistics and reports on device usage can also be viewed.
2. Microsoft Intune
A unified endpoint management system, Microsoft Intune (formerly part of Microsoft Endpoint Manager) can be used to manage hardware connected to a corporate network.
This is suitable for any mobile, desktop, cloud, and virtualized devices running any OS you can think of.
3. Citrix Endpoint Management
Capable of handling Android, iOS, Windows, Chrome OS, Raspberry Pi, and even Alexa for Business devices, Citrix Endpoint Manager provides system administrators an overview of every connected device.
4. SOTI Mobicontrol
Preferring the description of an EMM rather than MDM, SOTI Mobicontrol covers everything from easy enrollment and provisioning to app and content management, and geolocation features. SOTI Mobicontrol also supports installation on BYOD hardware.
5. Cisco Meraki MDM
Suitable for mobile, laptop, and desktop endpoints, Cisco Meraki MDM supports Android, iOS, and Windows. This software is optimized to enable dynamic network security compliance, simplified device management, and intelligent application access control.
Mobile Device Management Keeps Your Work Phone Secure
As corporate IT budgets for phones and computers increase, it is important to know where devices are, and be able to remotely wipe them if they are considered lost or stolen.
Each of the MDM platforms listed offers the same general level of control and oversight of company assets. They can also be installed on personal devices for as long as necessary, although note that most MDM systems charge per device license.
MDM software might seem like a personal intrusion, but it is required on employer-owned devices to ensure data security, organizational integrity, and to avoid network misuse. It is an uncomfortable truth that your employer would not look favorably on some of your personal mobile phone activities.
While MDM software installing on personal devices is far less attractive, it can at least be reliably reversed when necessary.