MDM FAQ: How IT can learn to stop worrying and love BYOD

Enterprise MDM systems help admins monitor and secure consumer devices, but it can be tricky to keep track of all the different technologies and strategies available.

Mobile device management (MDM)

    Requires Free Membership to View

features vary widely among different systems, for example. And some features only apply to Apple iOS or Android devices.  Here are the basics of what makes a good enterprise MDM system and a look at the new features in iOS 5 and Android 4.0 Ice Cream Sandwich.

What should IT consider when choosing an enterprise MDM system?

MDM programs can have many features, so it's important that admins pick ones that are right for their company. First decide if the enterprise MDM system will be on-site or if it'll be a service from a third party. Next, decide which mobile devices and operating systems the system will support, with an emphasis on security. Any enterprise MDM system should include virus checks and updates, firewall, encryption, authentication, remote lock and wipe and virtual private network (VPN) setup and configuration controls.

Other features that IT might consider are provisioning to get users on the network, configuration management that detects unauthorized changes and inventory management for devices and apps. An enterprise MDM system also needs a centralized console and a way to manage apps, such as blacklisting and whitelisting capabilities.

How can IT use the enterprise MDM features in iOS 5?

Apple adds new enterprise MDM features, such as the iPhone Configuration Utility and application program interfaces (APIs), to every new version of iOS. Apple iOS 5 has the most features yet, giving IT the ability to initiate updates over the air, which breaks the desktop dependency that the iPhone and iPad once had. IT can enroll devices based on user identity, enforce passcodes, manage email and Exchange accounts and control VPN and Wi-Fi access. Admins can use iOS MDM to install, update and remove enterprise apps and keep track of devices. IT cannot, however, remove employee-installed apps.  Similarly, admins can enforce encrypted back up but can’t configure iCloud backup settings.

How can IT use the enterprise MDM features in Android 4.0?

More on BYOD management

Using desktop virtualization for BYOD security and management

The Android management features in Ice Cream Sandwich include support for complex passwords and hardware encryption. The OS offers admins API control over facial-recognition software and other camera features. It also gives IT the choice between using native Internet Protocol Security and Layer Two Tunneling Protocol clients or third-party clients for VPN security. With third-party apps, admins can access all that the Device Administration APIs have to offer. IT can authorize devices, enforce policies and restrictions, configure VPN and Wi-Fi connections, monitor devices and their applications and lock, find or remotely wipe devices. IT pros can't use Android MDM features to remove apps from users' devices, but they can use MDM to disable or unenroll noncompliant devices.

It’s worth noting that the fragmentation of Android’s operating system creates some issues for enterprise MDM: Management tools that came before Ice Cream Sandwich operated differently (and still do) on different devices, and the Ice Cream Sandwich update isn’t ready for all devices yet.

Like SearchConsumerization.com on Facebook.

This was first published in May 2012

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.