The System Center Mobile Device Manager is Microsoft's first attempt at bridging the gap between Windows networks and Windows mobile devices. The management software doesn't let you manage mobile devices in the same way that you manage desktops and laptops on your network, but it does make some significant improvements.
For a long time, options for managing mobile devices were limited -- the device capabilities were restricted and lacked network support. Mobile Device Manager lets devices that are running Windows Mobile 6.1, or higher, to join an Active Directory domain. There are several reasons why this is such an important capability.
Joining mobile devices to Windows domains makes it possible to manage Windows mobile devices through group policy settings. You won't be able to apply the same group policy settings that you are using for the computers on your network to mobile devices, but there are just over 130 mobile device specific policies that can be applied. You can use these policy settings to enforce passwords, disable individual device functions, require device encryption, and more.
The ability to centrally manage mobile device security through group policies is convenient, but this capability is really just the beginning. Almost all of the software that is designed to run on Windows Server is tied into the Active Directory. Once it becomes more commonplace for mobile devices to be directory members,
Of course Mobile Device Manager is a first generation product, and having ubiquitous mobile device support in server management software is probably still a few years away. That being the case, you may be wondering what else Active Directory connectivity for mobile devices is good for today.
Mobile Device Manager exploits the Active Directory membership for mobile devices in a number of ways. Mobile Device Manager is designed to compile inventory information for mobile devices, and it is capable of generating several different related reports.
Mobile Device Manager is also intended to make application management for mobile devices easier. The product can be used to distribute applications to mobile devices, and you can use some of the built-in security policies to control which applications users are and are not allowed to run. One caveat is that Mobile Device Manager's software deployment capabilities require you to have a server that's running the Windows Server Update Services (WSUS). You are also going to need a backend SQL database.
Another major feature of Mobile Device Manager is a VPN gateway that is specifically designed for use with mobile devices. Although VPNs are commonplace, the VPN built into Mobile Device Manager allows mobile device users to run mobile versions of network applications. This capability already exists at a lower level, but I expect to see more and more network application vendors building mobile support into their products in the not too distant future.
Some administrators may be reluctant to deploy Mobile Device Manager. After all, once it becomes possible to manage mobile devices, the administrator's workload increases. Thankfully, Mobile Device Manager comes with a help desk console. This software is designed so that various administrative tasks can be delegated to the help desk, ensuring that administrators don't have to take on the full burden of mobile device management by themselves.
ABOUT THE AUTHOR:
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft's MVP award for Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.
This was first published in June 2009