Enterprise MDM systems help admins monitor and secure consumer devices, but it can be tricky to keep track of all
the different technologies and strategies available.
Mobile device management (MDM) features vary widely among different systems, for example. And some features only apply to Apple iOS or Android devices. Here are the basics of what makes a good enterprise MDM system and a look at the new features in iOS 5 and Android 4.0 Ice Cream Sandwich.
What should IT consider when choosing an enterprise MDM system?
MDM programs can have many features, so it's important that admins pick ones that are right for their company. First decide if the enterprise MDM system will be on-site or if it'll be a service from a third party. Next, decide which mobile devices and operating systems the system will support, with an emphasis on security. Any enterprise MDM system should include virus checks and updates, firewall, encryption, authentication, remote lock and wipe and virtual private network (VPN) setup and configuration controls.
Other features that IT might consider are provisioning to get users on the network, configuration management that detects unauthorized changes and inventory management for devices and apps. An enterprise MDM system also needs a centralized console and a way to manage apps, such as blacklisting and whitelisting capabilities.
How can IT use the enterprise MDM features in iOS 5?
Apple adds new enterprise MDM features, such as the iPhone Configuration Utility and application program interfaces (APIs), to every new version of iOS. Apple iOS 5 has the most features yet, giving IT the ability to initiate updates over the air, which breaks the desktop dependency that the iPhone and iPad once had. IT can enroll devices based on user identity, enforce passcodes, manage email and Exchange accounts and control VPN and Wi-Fi access. Admins can use iOS MDM to install, update and remove enterprise apps and keep track of devices. IT cannot, however, remove employee-installed apps. Similarly, admins can enforce encrypted back up but can’t configure iCloud backup settings.
How can IT use the enterprise MDM features in Android 4.0?
More on BYOD management
Using desktop virtualization for BYOD security and management
The Android management features in Ice Cream Sandwich include support for complex passwords and hardware encryption. The OS offers admins API control over facial-recognition software and other camera features. It also gives IT the choice between using native Internet Protocol Security and Layer Two Tunneling Protocol clients or third-party clients for VPN security. With third-party apps, admins can access all that the Device Administration APIs have to offer. IT can authorize devices, enforce policies and restrictions, configure VPN and Wi-Fi connections, monitor devices and their applications and lock, find or remotely wipe devices. IT pros can't use Android MDM features to remove apps from users' devices, but they can use MDM to disable or unenroll noncompliant devices.
It’s worth noting that the fragmentation of Android’s operating system creates some issues for enterprise MDM: Management tools that came before Ice Cream Sandwich operated differently (and still do) on different devices, and the Ice Cream Sandwich update isn’t ready for all devices yet.