Mobile device management

Last updated March 19, 2024

Mobile device management (MDM) is the administration of mobile devices, such as smartphones, tablet computers, and laptops. MDM is usually implemented with the use of a third-party product that has management features for particular vendors of mobile devices. Though closely related to Enterprise Mobility Management and Unified Endpoint Management, MDM differs slightly from both: unlike MDM, EMM includes mobile information management, BYOD, mobile application management and mobile content management, whereas UEM provides device management for endpoints like desktops, printers, IoT devices, and wearables as well.^[1]

Overview

MDM is typically a deployment of a combination of on-device applications and configurations, corporate policies and certificates, and backend infrastructure, for the purpose of simplifying and enhancing the IT management of end user devices. In modern corporate IT environments, the sheer number and diversity of managed devices (and user behavior) has motivated MDM solutions that allow the management of devices and users in a consistent and scalable way. The overall role of MDM is to increase device supportability, security, and corporate functionality while maintaining some user flexibility.

Many organizations administer devices and applications using MDM products/services. MDM primarily deals with corporate data segregation, securing emails, securing corporate documents on devices, enforcing corporate policies, and integrating and managing mobile devices including laptops and handhelds of various categories. MDM implementations may be either on-premises or cloud-based.

Some of the core functions of MDM include:

Ensuring that diverse user equipment is configured to a consistent standard / supported set of applications, functions, or corporate policies
Updating equipment, applications, functions, or policies in a scalable manner
Ensuring that users use applications in a consistent and supportable manner
Ensuring that equipment performs consistently
Monitoring and tracking equipment (e.g. location, status, ownership, activity)
Being able to efficiently diagnose and troubleshoot equipment remotely

MDM functionality can include over-the-air distribution of applications, data and configuration settings for all types of mobile devices, including mobile phones, smartphones, tablet computers, ruggedized mobile computers, mobile printers, mobile POS devices, etc. Most recently laptops and desktops have been added to the list of systems supported as MDM becomes more about basic device management and less about the mobile platform itself. MDM tools are leveraged for both company-owned and employee-owned (BYOD) devices across the enterprise or mobile devices owned by consumers.^[2]^[3] Consumer Demand for BYOD is now requiring a greater effort for MDM and increased security for both the devices and the enterprise they connect to,^[4] especially since employers and employees have different expectations concerning the types of restrictions that should be applied to mobile devices.^[5]

By controlling and protecting the data and configuration settings of all mobile devices in a network, MDM can reduce support costs and business risks. The intent of MDM is to optimize the functionality and security of a mobile communications network while minimizing cost and downtime.^[6]

With mobile devices becoming ubiquitous and applications flooding the market, mobile monitoring is growing in importance.^[7] The use of mobile device management across continues to grow at a steady pace, and is likely to register a compound annual growth rate (CAGR) of nearly 23% through 2028. The US will continue to be the largest market for mobile device management globally.^[8] Numerous vendors help mobile device manufacturers, content portals and developers test and monitor the delivery of their mobile content, applications, and services. This testing of content is done in real time by simulating the actions of thousands of customers and detecting and correcting bugs in the applications.

Implementation

Typically solutions include a server component, which sends out the management commands to the mobile devices, and a client component, which runs on the managed device and receives and implements the management commands. In some cases, a single vendor provides both the client and the server, while in other cases the client and server come from different sources.

The management of mobile devices has evolved over time. At first, it was necessary to either connect to the handset or install a SIM in order to make changes and updates; scalability was a problem.

One of the next steps was to allow a client-initiated update, similar to when a user requests a Windows Update.

Central remote management, using commands sent over the air, is the next step. An administrator at the mobile operator, an enterprise IT data center, or a handset OEM can use an administrative console to update or configure any one handset, group, or groups of handsets. This provides scalability benefits particularly useful when the fleet of managed devices is large in size.

Device management software platforms ensure that end-users benefit from plug and play data services for whatever device they are using.^{[ citation needed ]} Such a platform can automatically detect devices in the network, sending them settings for immediate and continued usability. The process is fully automated, keeps a history of used devices, and sends settings only to subscriber devices which were not previously set, sometimes at speeds reaching 50 over-the-air settings update files per second.^{[ citation needed ]} The multiple application support requirements fulfilled through multi-app mode.^[9]

Device management specifications

The Open Mobile Alliance (OMA) specified a platform-independent device management protocol called OMA Device Management. The specification meets the common definitions of an open standard, meaning the specification is freely available and implementable. It is supported by several mobile devices, such as PDAs and mobile phones.^[10]
Smart message is a text SMS-based provisioning protocol (ringtones, calendar entries but service settings also supported like ftp, telnet, SMSC number, email settings, etc...)
OMA Client Provisioning is a binary SMS-based service settings provisioning protocol.
Nokia-Ericsson OTA is a binary SMS-based service settings provisioning protocol, designed mainly for older Nokia and Ericsson mobile phones.

Over-the-air programming (OTA) capabilities are considered the main component of mobile network operator and enterprise-grade mobile device management software. These include the ability to remotely configure a single mobile device, an entire fleet of mobile devices or any IT-defined set of mobile devices; send software and OS updates; remotely lock and wipe a device, which protects the data stored on the device when it is lost or stolen; and remote troubleshooting. OTA commands are sent as a binary SMS message. Binary SMS is a message including binary data.^[11]

Mobile device management software enables corporate IT departments to manage the many mobile devices used across the enterprise; consequently, over-the-air capabilities are in high demand. Enterprises using OTA SMS as part of their MDM infrastructure demand high quality in the sending of OTA messages, which imposes on SMS gateway providers a requirement to offer a high level of quality and reliability.

Use in enterprise

As the bring your own device (BYOD) approach becomes increasingly popular across mobile service providers, MDM lets corporations provide employees with access to the internal networks using a device of their choice, whilst these devices are managed remotely with minimal disruption to employees' schedules.

For mobile security

All MDM products are built with an idea of Containerization. The MDM Container is secured using the latest cryptographic techniques (AES-256 or more preferred^{[ citation needed ]}). Corporate data such as email, documents, and enterprise applications are encrypted and processed inside the container. This ensures that corporate data is separated from the user's personal data on the device. Additionally, encryption for the entire device and/or SD Card can be enforced depending on MDM product capability.

Secure email: MDM products allow organizations to integrate their existing email setup to be easily integrated with the MDM environment. Almost all MDM products support easy integration with Exchange Server (2003/2007/2010), Office365, Lotus Notes, BlackBerry Enterprise Server (BES), and others. This provides the flexibility of configuring email over the air.

Secure docs: Employees frequently copy attachments downloaded from corporate email to their personal devices and then misuse it. MDM can restrict or disable clipboard usage into or out of the secure container, restrict the forwarding of attachments to external domains, or prevent saving attachments on the SD card. This ensures corporate data is secure.

Secure browser: Using a secure browser can avoid many potential security risks. Every MDM solution comes with a built-in custom browser. An administrator can disable native browsers to force users to use the secure browser inside the MDM container. URL filtering can be enforced to add additional security measures.

Secure app catalog: Organizations can distribute, manage, and upgrade applications on an employee's device using an App Catalog. This allows applications to be pushed onto the user's device directly from the App Store or push an enterprise developed private application through the App Catalog. This provides an option for the organization to deploy devices in Kiosk Mode or Lock-Down Mode.

Additional MDM features

There are plenty of other features depending on which MDM product is chosen:

Policy Enforcing: There are multiple types of policies that can be enforced on MDM users.
1. Personal Policy: According to the corporate environment, highly customizable
2. Device Platform specific: policies for advanced management of Android, iOS, Windows, and Blackberry devices.
3. Compliance Policies/Rules
VPN configuration
Application Catalogue
Pre-defined Wi-Fi and Hotspot settings
Jailbreak/Root detection
Remote Wipe of corporate data
Remote Wipe of entire device
Device remote locking
Remote messaging/buzz
Disabling native apps on device
Some Kiosk software features^[12]

SaaS versus on-premises solutions

Present day MDM solutions offer both software as a service (SaaS) and on-premises models. In the rapidly evolving industry such as mobile, SaaS (cloud-based) systems are sometimes quicker to set up, offer easier updates with lower capital costs compared to on-premises solutions that require hardware or virtual machines, need regular software maintenance, and might incur higher capital costs.

For security in cloud computing, the US Government has compliance audits such as Federal Information Security Management Act of 2002 (FISMA) which cloud providers can go through to meet security standards.

The primary policy approach taken by Federal agencies to build relationships with cloud service providers is Federal Risk and Authorization Management Program (FedRAMP) accreditation and certification, designed in part to protect FISMA Low, Moderate, High and Li-SaaS systems.^[13]

Evolution of MDM

MDM is also about managing the device features, but its coupled with mobile content management (MCM) and Mobile Identity Management (MIM), Application management (MAM) is referred to as Enterprise Mobility Management (EMM). As EMM was specifically about managing the apps and content on mobile devices it was not able to manage older devices such as Windows laptops/desktops and new Macs, so EMM evolved into UEM (Unified Endpoint Management) with additional functionality to manage both mobile and traditional devices such as desktops and laptops.

Related Research Articles

An application server is a server that hosts applications or software that delivers a business application through a communication protocol. For a typical web application, the application server sits behind the web servers.

Enterprise feedback management (EFM) is a system of processes and software that enables organizations to centrally manage deployment of surveys while dispersing authoring and analysis throughout an organization. EFM systems typically provide different roles and permission levels for different types of users, such as novice survey authors, professional survey authors, survey reporters and translators. EFM can help an organization establish a dialogue with employees, partners, and customers regarding key issues and concerns and potentially make customer-specific real time interventions. EFM consists of data collection, analysis and reporting.

Kiosk software is the system and user interface software designed for an interactive kiosk or Internet kiosk enclosing the system in a way that prevents user interaction and activities on the device outside the scope of execution of the software. This way, the system replaces the look and feel of the system it runs over, allowing for customization and limited offering of ad-hoc services. KioskTotal Kiosk software locks down the application in order to protect the kiosk from users which is specially relevant under, but not only limited to, scenarios where the device is publicly accessed such libraries, vending machines or public transport. Kiosk software may offer remote monitoring to manage multiple kiosks from another location. An Email or text alert may be automatically sent from the kiosk for daily activity reports or generated in response to problems detected by the software. Other features allow for remote updates of the kiosk's content and the ability to upload data such as kiosk usage statistics. Kiosk software is used to manage a touchscreen, allowing users to touch the monitor screen to make selections. A virtual keyboard eliminates the need for a computer keyboard. Kiosk software enables digital signage devices to operate in a dedicated mode, ensuring that the devices run for a specified purpose, thus providing additional security compared to normal mode use.

BlackBerry Enterprise Server designates the middleware software package that is part of the BlackBerry wireless platform supplied by BlackBerry Limited. The software plus service connects to messaging and collaboration software on enterprise networks to redirect emails and synchronize contacts and calendaring information between servers, desktop workstations, as well as mobile devices. Some third-party connectors exist, including Scalix, Zarafa, Zimbra, and the Google Apps BES Connector, although these are not supported by BlackBerry Limited. As of June 2018, BlackBerry Enterprise Server has been renamed to BlackBerry Unified Endpoint Manager (UEM).

Sybase iAnywhere, is a subsidiary of Sybase specializing in mobile computing, management and security and enterprise database software. SQL Anywhere, formerly known as SQL Anywhere Studio or Adaptive Server Anywhere (ASA), is the company's flagship relational database management system (RDBMS). SQL Anywhere powers popular applications such as Intuit, Inc.'s QuickBooks, and the devices of 140,000 census workers during the 2010 United States Census. The product's customers include Brinks, Kodak, Pepsi Bottling Group (PBG), MICROS Systems, Inc. and the United States Navy. In August 2008.

Enterprise mobility management (EMM) is the set of people, processes and technology focused on managing mobile devices, wireless networks, and other mobile computing services in a business context. As more workers have bought smartphone and tablet computing devices and have sought support for using these devices in the workplace, EMM has become increasingly significant.

Exchange ActiveSync is a proprietary protocol designed for the synchronization of email, contacts, calendar, tasks, and notes from a messaging server to a smartphone or other mobile devices. The protocol also provides mobile device management and policy controls. The protocol is based on XML. The mobile device communicates over HTTP or HTTPS.

Mobile Business Intelligence is defined as “Mobile BI is a system comprising both technical and organizational elements that present historical and/or real-time information to its users for analysis on mobile devices such as smartphones and tablets, to enable effective decision-making and management support, for the overall purpose of increasing firm performance.”. Business intelligence (BI) refers to computer-based techniques used in spotting, digging-out, and analyzing business data, such as sales revenue by products and/or departments or associated costs and incomes.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

A mobile enterprise application platform (MEAP) is a suite of products and services that enable the development of mobile applications. The term was coined in a Gartner Magic Quadrant report in 2008 when they renamed their "multichannel access gateway market".

Hewlett Packard Enterprise Networking is the Networking Products division of Hewlett Packard Enterprise. HPE Networking and its predecessor entities have developed and sold networking products since 1979. Currently, it offers networking and switching products for small and medium sized businesses through its wholly owned subsidiary Aruba Networks. Prior to 2015, the entity within HP which offered networking products was called HP Networking.

Mobile application management (MAM) describes the software and services responsible for provisioning and controlling access to internally developed and commercially available mobile apps used in business settings, on both company-provided and 'bring your own' mobile operating systems as used on smartphones and tablet computers.

A mobile application or app is a computer program or software application designed to run on a mobile device such as a phone, tablet, or watch. Mobile applications often stand in contrast to desktop applications which are designed to run on desktop computers, and web applications which run in mobile web browsers rather than directly on the mobile device.

SAP Afaria is a mobile device management software product. It helps large organizations connect mobile devices such as smartphones and tablet computers to the company network, and to simplify the information technology (IT) tasks associated with buying, deploying, securing and maintaining such devices.

Bring your own device —also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own personal computer (BYOPC)—refers to being allowed to use one's personally owned device, rather than being required to use an officially provided device.

Samsung Knox is a proprietary security and management framework pre-installed on most Samsung mobile devices. Its primary purpose is to provide organizations with a toolset for managing work devices, such as employee mobile phones or interactive kiosks. Samsung Galaxy hardware, as well as software such as Secure Folder and Samsung Wallet, make use of the Knox framework.

Moki is a cloud-based mobile device management (MDM) platform and development company which specializes in single-purpose iOS, Android, and BrightSign devices. Moki's software allows companies to convert mobile devices like iPad, Android tablets, and BrightSign players into retail kiosks, mobile point of sale devices, digital signs, product displays, conference room schedulers, or retail sales terminals. Moki's cloud-based platform provides security, remote management and monitoring of the mobile devices and applications. Moki is headquartered in San Antonio, Texas.

Good Technology, owned by BlackBerry Limited, is a mobile security provider headquartered in Sunnyvale, California, United States. The company serves more than 5,000 organizations worldwide in industries such as financial services, healthcare, manufacturing, energy and utilities, legal, government, and technology. Good makes products for managing and securing mobile devices in a business environment. The company focuses on securing apps and data on mobile devices.

<span class="mw-page-title-main">MaaS 360</span> Unified endpoint management software

IBM MaaS360 is a SaaS Unified Endpoint Management (UEM) solution offered by IBM that manages and protects any existing endpoint including laptops, desktops, mobile devices and apps, wearables, IoT and purpose built devices and allow protected, low risk access to company resources. IBM Security MaaS360 with Watson integrates with current security platforms owned by different companies. It’s AI powered analytics removes friction by reducing actions required from the device user.

Unified endpoint management (UEM) is a class of software tools that provide a single management interface for mobile, PC and other devices. It is an evolution of, and replacement for, mobile device management (MDM) and enterprise mobility management (EMM) and client management tools.

References

↑ Mearian, Lucas (July 10, 2017). "What's the difference between MDM, MAM, EMM and UEM?". ComputerWorld. Retrieved September 29, 2020.
↑ What is mobile device management? - a definition from Whatis.com
↑ "A comprehensive article on mobile device management". Archived from the original on 2012-08-01. Retrieved 2008-02-04.
↑ Glenn Ford. "Cybersecurity HQ" . Retrieved 19 December 2014.
↑ Ellis, Lisa, Jeffrey Saret, and Peter Weed (2012). "BYOD: From company-issued to employee-owned devices" (PDF). Telecom, Media & High Tech Extranet: No. 20 Recall. Retrieved 15 May 2014.{{cite journal}}: CS1 maint: multiple names: authors list (link)
↑ "BYOD Requires Mobile Device Management". Information Week.
↑ "A Playbook for Fighting Apple and Google". Reuters. 15 March 2011.
↑ "Japan to Hold Notable Market Potential in Mobile Device Management Landscape". Abhishek Budholiya. 5 December 2018.
↑ Limited, Mobilinear Systems Private. "Limax lock kiosk lockdown Mode for your Android device | Limax Lockdown". Limax lock kiosk lockdown Mode for your Android device | Limax Lockdown. Retrieved 2022-12-25.
↑ "What Is OMA DM?" (PDF).
↑ "Binary SMS". Archived from the original on 2016-08-01. Retrieved 19 December 2014.
↑ "Mobile Device Management vs. Kiosk Software" in Kiosk Marketplace
↑ "FedRAMP - CIO Council". CIO Council. Retrieved 19 December 2014.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[:0-1] Mearian, Lucas (July 10, 2017). "What's the difference between MDM, MAM, EMM and UEM?". ComputerWorld. Retrieved September 29, 2020.

[2] What is mobile device management? - a definition from Whatis.com

[3] "A comprehensive article on mobile device management". Archived from the original on 2012-08-01. Retrieved 2008-02-04.

[4] Glenn Ford. "Cybersecurity HQ" . Retrieved 19 December 2014.

[BYOD-5] Ellis, Lisa, Jeffrey Saret, and Peter Weed (2012). "BYOD: From company-issued to employee-owned devices" (PDF). Telecom, Media & High Tech Extranet: No. 20 Recall. Retrieved 15 May 2014.{{cite journal}}: CS1 maint: multiple names: authors list (link)

[BYOD_Requires_Mobile_Device_Management-6] "BYOD Requires Mobile Device Management". Information Week.

[A_Playbook_for_Fighting_Apple_and_Google-7] "A Playbook for Fighting Apple and Google". Reuters. 15 March 2011.

[Japan_to_Hold_Notable_Market_Potential_in_Mobile_Device_Management_Landscape-8] "Japan to Hold Notable Market Potential in Mobile Device Management Landscape". Abhishek Budholiya. 5 December 2018.

[9] Limited, Mobilinear Systems Private. "Limax lock kiosk lockdown Mode for your Android device | Limax Lockdown". Limax lock kiosk lockdown Mode for your Android device | Limax Lockdown. Retrieved 2022-12-25.

[OMA_DM-10] "What Is OMA DM?" (PDF).

[11] "Binary SMS". Archived from the original on 2016-08-01. Retrieved 19 December 2014.

[12] "Mobile Device Management vs. Kiosk Software" in Kiosk Marketplace

[13] "FedRAMP - CIO Council". CIO Council. Retrieved 19 December 2014.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]