Get started Bring yourself up to speed with our introductory content.

MDM FAQ: How IT can learn to stop worrying and love BYOD

As smartphones and tablets take over the enterprise, IT must find a way to manage them. There’s no shortage of enterprise MDM systems out there, but their features vary widely.

Enterprise MDM systems help admins monitor and secure consumer devices, but it can be tricky to keep track of all the different technologies and strategies available.

Mobile device management (MDM) features vary widely among different systems, for example. And some features only apply to Apple iOS or Android devices.  Here are the basics of what makes a good enterprise MDM system and a look at the new features in iOS 5 and Android 4.0 Ice Cream Sandwich.

What should IT consider when choosing an enterprise MDM system?

MDM programs can have many features, so it's important that admins pick ones that are right for their company. First decide if the enterprise MDM system will be on-site or if it'll be a service from a third party. Next, decide which mobile devices and operating systems the system will support, with an emphasis on security. Any enterprise MDM system should include virus checks and updates, firewall, encryption, authentication, remote lock and wipe and virtual private network (VPN) setup and configuration controls.

Other features that IT might consider are provisioning to get users on the network, configuration management that detects unauthorized changes and inventory management for devices and apps. An enterprise MDM system also needs a centralized console and a way to manage apps, such as blacklisting and whitelisting capabilities.

How can IT use the enterprise MDM features in iOS 5?

Apple adds new enterprise MDM features, such as the iPhone Configuration Utility and application program interfaces (APIs), to every new version of iOS. Apple iOS 5 has the most features yet, giving IT the ability to initiate updates over the air, which breaks the desktop dependency that the iPhone and iPad once had. IT can enroll devices based on user identity, enforce passcodes, manage email and Exchange accounts and control VPN and Wi-Fi access. Admins can use iOS MDM to install, update and remove enterprise apps and keep track of devices. IT cannot, however, remove employee-installed apps.  Similarly, admins can enforce encrypted back up but can’t configure iCloud backup settings.

How can IT use the enterprise MDM features in Android 4.0?

More on BYOD management

Using desktop virtualization for BYOD security and management

The Android management features in Ice Cream Sandwich include support for complex passwords and hardware encryption. The OS offers admins API control over facial-recognition software and other camera features. It also gives IT the choice between using native Internet Protocol Security and Layer Two Tunneling Protocol clients or third-party clients for VPN security. With third-party apps, admins can access all that the Device Administration APIs have to offer. IT can authorize devices, enforce policies and restrictions, configure VPN and Wi-Fi connections, monitor devices and their applications and lock, find or remotely wipe devices. IT pros can't use Android MDM features to remove apps from users' devices, but they can use MDM to disable or unenroll noncompliant devices.

It’s worth noting that the fragmentation of Android’s operating system creates some issues for enterprise MDM: Management tools that came before Ice Cream Sandwich operated differently (and still do) on different devices, and the Ice Cream Sandwich update isn’t ready for all devices yet.

Like on Facebook.

Dig Deeper on EMM tools | Enterprise mobility management technology

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.