1 What is Mobile Device Management

You should know the following terms:

• Endpoints
• Enterprise Mobility Management (EMM)
• Mobile Application Management (MAM)
• Mobile Device Management (MDM)
• MDM Agent
• MDM Management Console
• Unified Endpoint Management (UEM)

Mobile Device Management (MDM) refers to the policies, practices and specialized software used for managing and securing mobile devices within an organization or school system. Effective MDM ensures the smooth operation and security of smartphones, tablets, and laptops used by employees or students, whether those devices are provided by the district or consist of personal devices (such as in a bring-your-own-device setting).

The goal of Mobile Device Management is to manage multiple types of devices from a central platform while maintaining a high level of data security. Using MDM ensures that security policies like strong passwords and encryption are enforced, applications are widely and equally distributed, and data can be wiped from devices safely. 

Related to MDM is Mobile Application Management (MAM), which can manage and protect the approved mobile apps and their data on mobile devices that are granted access to your network. You may be able to use MAM to install or update approved apps through your district’s app catalog as well as remove unauthorized apps. MAM software can be included in MDM or more sophisticated management software (see UEM). 

Why use MDM?

Mobile devices are basically tiny, powerful computers, and many people now rely on their mobile devices for a variety of uses throughout the day every day. Staff may access your network resources from multiple campuses or from remote locations and use their mobile devices to do so. Mobile devices have made remote work commonplace, including in education.

Having all of these different devices access your network poses a threat, however. Your staff may use them to access critical data that should be kept secure, and the devices themselves are subject to hacking, theft, or simply being lost. Managing mobile devices has become a critical part of IT management.

Perhaps the main reason to use MDM is because it makes your job much easier! Having a single console that can manage users, devices, and applications, and help identify and mitigate security threats means you will save time, be more efficient and productive, and do so through a single, integrated solution. With your MDM, you should be able to automate the running of reports that include information from all devices and users on your network. It should also be easy to search and access all devices, integrations, reports, and secure documents.

How does MDM work?

Policies are configured through the MDM management console, and the server pushes them over the air to the MDM agent on the user device. The MDM agent applies the policies to the device by communicating with application programming interfaces (APIs) built into the device’s operating system. 

What are the Components of MDM?

• Device tracking. You may be able to configure GPS tracking of devices for identifying the location of devices and perhaps even locking or wiping a device if it is lost or stolen. Once tracked, you may be able to update and troubleshoot devices from a distance in real time. Device tracking also allows you to identify devices that pose a threat or are non-compliant to your district’s policies.
• Mobile management. Your district will identify preferred operating systems and applications for mobile devices. Your district may or may not allow multiple operating systems. Mobile management refers to the ability to deploy, manage, and support approved mobile devices.
• Application deployment and security. Your department may configure security or management features to applications it deploys and supports. Some configurations may apply to the types of authentication measures required to open the app, whether data from the app can be copied, and whether users can share files from the app.
• Identity and access management (IAM). Your district will determine whether users can sign into mobile devices on your network through single sign-on (SSO), multi-factor authentication (MFA) or whether permissions will be governed through role-based access.
• Endpoint security. Any mobile device that is granted access to your network should follow your district’s security policies and practices, which may require antivirus software or other means to prevent attacks from malware or cybercriminals. Every device on the network, otherwise known as endpoints, is a potential security threat and endpoint security systems are designed to quickly detect, analyze, block and contain attacks in progress.

Addressing the Challenges of MDM

The various mobile devices (endpoints) that can be granted access to your network pose a challenge, especially since the number and type of devices, operating systems, and applications that are supported continues to grow. This challenge is complicated further if your district allows personal devices to connect through a Bring-Your-Own-Device (BYOD) program. At any one time you may have tablets, smart phones, smart watches, printers, IoT (Internet of Things) devices like smart speakers, security devices, wearable devices, and others on your network. All must be managed to ensure your network, people, and data resources are kept secure.

Enterprise Mobility Management (EMM) extends beyond managing devices, users, and their data to include application management, endpoint management, and support to manage BYOD. EMM makes it easier for staff and possibly students to use their own devices to access the network resources your district provides. Not every district will provide this level of access and support to users on their network. While EMM is a solution many IT Departments deploy, know whether your own district supports this level of management and the technology solutions it uses to do so, if it does.

Some districts may have taken the next step in device management to incorporate a unified endpoint management (UEM) solution. UEM solutions have the capacity to secure and control an entire environment and its endpoints, including all those personal devices, smart devices, and IoT devices that you may or may not realize are being used on your campuses. While MDM is helpful, it can be rather basic in terms of capacity compared to a UEM solution. UEM can cover multiple operating systems, including mobile OS, and various applications they support. In this way, UEM adds the capacity of Mobile Application Management (MAM) on approved devices. Some UEM incorporate artificial intelligence (AI) to help support real-time data capture and analytics to support your team’s security decisions. Know your system, and even if it is not a UEM solution, know that they are available and a potential system you may interface with in the future.

Examples of Mobile Device Management Platforms and Tools

The following are some examples of mobile device management platforms and tools:

• Jamf Pro - https://www.jamf.com/  
• Microsoft Intune - https://www.microsoft.com/en-us/security/business/microsoft-intune 
• VMware AirWatch - https://www.vmware.com/ 
• Cisco Meraki Systems Manager – https://meraki.cisco.com   
• Lightspeed Systems Mobile Manager - https://www.lightspeedsystems.com/ 
• FileWave - https://www.filewave.com/   
• Mosyle Manager - https://mosyle.com/ 
• Hexnode MDM - https://www.hexnode.com/ 
• Absolute Manage - https://www.absolute.com/ 
• Apple Configurator (for Apple devices) - https://developer.apple.com/videos/play/wwdc2021/10297/

Here are additional resources you may find useful:

• “What is Mobile Device Management?” (IBM)
• “What is Mobile Device Management (MDM)?” (vmware)
• Office of Educational Technology, “Future Ready Schools: Building Technology for Learning” (US Department of Education)

Complete the following task or self-assessment:

Determine the MDM platform being used in your district and find its supporting documentation and policies. 

• Does it include Mobile Application Management (MAM)? 
• Can it be considered a UEM (Unified Endpoint Management) solution? 
• How are personal devices included, if at all? 
• Determine which devices your MDM/UEM solution supports, the applications supported for mobile devices, and those that are not currently supported on your network. 

Try searching your MDM for reports on devices, integrations, and applications. 

• Are the reports automated? 
  • If not, consider which reports might be useful and automated for your use or that of your team.
• Are the reports easy to read? 
• Work with others to ensure you understand the reports that are generated by your MDM.