The Role of Mobile Device Management (MDM)
Information technology (IT) teams and IT managed service providers (MSPs) have historically spent much of their time maintaining users’ devices, updating or patching software, and enforcing corporate policies to keep data secure.
When employees work remotely, however, the IT or MSP teams do not have the physical access needed for hands-on maintenance. Instead, they rely on mobile device management solutions that enable secure, reliable remote access via an internet connection.
Mobile devices must support the same tasks and applications as their desktop counterparts, but mobile devices operate in a variety of environments that are not controlled by IT.
As remote work continues to be more popular worldwide, MDM has become critically important for organizations of all sizes. Even the smallest business must find a way to maintain mobile device security and reliability, often without in-house IT support.
The demand for MDM is expected to grow. For example, a recent survey by the Pew Research Center found that 78 percent of US employees who worked from home due to the COVID-19 pandemic would prefer to continue that practice all or most of the time.1 Those remote workers will rely on mobile devices now and in the future.
How Does Mobile Device Management Work?
A range of MDM software-as-a-service (SaaS) products is available to help IT teams manage and secure a wide variety of devices through a single interface. In most cases, the MDM solution operates as a cloud-based SaaS.
Many of these MDM solutions can be further strengthened with hardware-enabled manageability and security features, such as those offered with the Intel vPro® platform.
Implementing MDM
The specific steps in the process to implement MDM solutions vary from one tool to another; however, the process generally begins with device enrollment in the MDM system.
Once enrolled, for new devices, there are commonly two distinct MDM setup options. With both options, the original equipment manufacturer (OEM) or reseller ships the new device directly to the user’s home to remove a device handling step for the IT team.
The first setup option is a “zero-touch” deployment, where the entire software stack can be installed over the wire along with the MDM. The MDM setup is automatically tied to and defined on the device. When the employee receives the device, they simply boot it up and the MDM software is automatically set up and configured.
With the other setup option, the device is still shipped directly to the employee, but once received, the user must go through the OEM and Windows initial onboarding before setting up the MDM manually.
Once the MDM software is installed, the IT team can then manage the device and any other registered, configured devices from a single interface, whether remote or on premises.
A Strong Platform for MDM
Software-based MDM solutions are effective, but only when those devices are powered on and the operating system is active. Starting with business-class devices based on a stable, reliable platform like the Intel vPro® platform helps to smooth fleet management right from initial purchase and deployment. Additionally, mobile devices based on the Intel vPro® platform come with hardware-based Intel® Active Management Technology (Intel® AMT) and supporting Intel® Endpoint Management Assistant (Intel® EMA) software to facilitate remote management of devices, whether they are on-premises or off-site, in a sleep mode, or stalled due to a malfunction in the operating system or applications.
Benefits of MDM
With MDM, IT staff can save time on many routine tasks. Cloud-based mobile device management and maintenance can eliminate the need to maintain an on-premises application server or to install, upgrade, or patch software on individual devices. Reducing time on these tasks frees up IT staff to focus on other value-add initiatives for their organization.
MDM can also help to improve employees’ experiences with technology and increase overall job satisfaction, which can boost recruitment and retention efforts. In one study by McKinsey, “people who report having a positive employee experience … are eight times more likely to want to stay with the company."2
Security
When employees work remotely, some of them may connect to the organization’s network through nonsecure shared Wi-Fi. Further, the employees or members of their households might attempt to use employer-provided devices in a way that compromises IT security.
As IT cannot control the users’ remote networks, the devices themselves must be managed to secure all the organization’s data, applications, networks, and servers from unauthorized use and potential cyberattacks. The IT team can implement security policies over the wire on an MDM-enabled device.
In case of an imminent threat, IT can control the mobile device directly to lock out intruders, wipe sensitive information, or clear and reset a compromised passcode.
Efficiency
MDM capabilities replace labor-intensive device management with fast, over-the-wire delivery and installation of applications, upgrades, and patches. MDM eliminates the need to collect and handle physical devices in a single location, which could be a challenge for IT and employees in a distributed workforce.
Compliance
IT teams can use MDM to manage device compliance by monitoring and updating certificates and restrictions. MDM also enables IT to establish and enforce usage policies centrally, so individual users can be prevented from violating regulations. When regulations change, the new measures and implementations can be distributed and installed quickly and efficiently through the MDM solution.
MDM Features
MDM solutions enable remote management, maintenance, and protection of applications and data, as well as user authorization and access to the devices themselves and to the network.
Device Tracking
MDM solutions can track and monitor the health and use of the hardware, firmware, OS, and employer-provided software and data.
Many MDM solutions can also track the physical location of the device, which can help to recover a misplaced or stolen device. Continuous location tracking is typically not enabled on mobile devices and in some cases may be illegal due to concerns for employees’ privacy. Location tracking should be evaluated in accordance with corporate policies and governmental regulations.
Password Enforcement
MDM solutions may include password enforcement features that enable IT to configure and maintain password policies and restrictions. For example, when users change their passwords, the MDM might not accept a reused password, or a new one could be required to include certain combinations of letters, numbers, or characters.
Application Management
MDM solutions include application management features to help IT control the enterprise software. Application management can be deployed on any mobile device, whether it is provided by the employer or owned by the employee.
Remote Management
IT can monitor mobile devices remotely through their MDM solution. Whether working in conjunction with a software-based MDM solution or deployed separately, the Intel vPro® platform helps to improve the remote monitoring and management of mobile devices with hardware-based Intel® AMT and Intel® EMA tools.
Out-of-Band Management
In order to connect to devices that are powered off, or where the OS is unresponsive, the best MDM solutions also include hardware-based out-of-band management functionality. Whether your selected MDM vendor directly supports out-of-band management or not, this capability can be available to you at the device level. With a fleet based on the Intel vPro® platform, IT administrators can use hardware-based Intel® AMT or Intel® EMA for cloud-based access to see and manage devices that are connected to a known Wi-Fi network or hotspot.
Out-of-band management is especially important for maintaining hard-to-reach devices such as industrial controllers, smart displays, or kiosks that operate without human intervention.
BYOD and Mobile Device Management
While business PCs are typically provided by the employer, it is common for employees to rely on their own smartphones or tablets for business as well as personal use.
In a “bring your own device” (BYOD) scenario, IT can provide MDM software to be loaded on the user’s own devices. When BYO PCs, personal phones, or tablets are connected to the corporate network, the MDM can be used safely and securely, in accordance with corporate policies and governmental regulations.
A Foundation for Business Success
A comprehensive MDM solution comprising both software and hardware-based tools can help IT teams provide secure, reliable remote access to applications and data and simplify overall fleet management—a critical need with today’s remote and hybrid workforce. With Intel vPro®-based mobile devices, IT gains hardware-based security features, robust manageability, and a stable platform, and employees gain the right tools with adaptable performance for focused productivity.