MDM systems can have dozens of functions; one of the most important is configuration management: Making sure that local settings on devices are correct, secure and compliant with organizational policies is key.
When choosing configuration management functions, consider your organization's policies first.
Because MDM has its origins in information security and device and network integrity, it's not uncommon to see usage policies that are restrictive. Features and functions of devices, such as camera or screen capture features, are often locked down. Though restricting camera function is rarely an issue on enterprise devices, when it comes to employee-owned devices, MDM can become downright onerous. There is no absolute right and wrong here, just a need to carefully consider policies before embarking on implementations.
Once you're clear on the policies that need you need to follow and uphold, pick an MDM system with configuration management functions that let you do the following:
- deploy and manage security certificates on devices;
- make sure user passwords meet local policies and avoid common problems, such as dictionary attacks and not being changed regularly;
- configure proxies automatically where required;
- secure both local file encryption settings and virtual private network management in concert with the firm's security policy;
- make sure that email settings -- point-of-presence (POP), Internet Message Access Protocol (IMAP), and Simple Mail Transfer Protocol (SMTP) -- are correct; and
- enforce Wi-Fi security and manage other Wi-Fi configuration parameters, including preferred or required network selection.
More on configuration management functions
Virtualized configuration management processes
Exactly what IT will configure in any given case will be a function of local policies and the ability of the chosen MDM system to address them. Verifying that a system matches capabilities to requirements is the most important decision in selecting MDM configuration management functions.
Keep in mind that you need to be able to centrally manage all of your configuration management functions and possibly more, depending on your company's policies and your MDM product. Functions should be scalable for potentially huge numbers of mobile devices: The reporting, tracking and monitoring capabilities of the management console for your MDM product must emphasize ease of use and productivity on your end. One little mistake could have disastrous consequences, especially in organizations subject to industry or government regulations.
Configuration management is but one part of a complete MDM system, and MDM is but one element in an enterprise mobility strategy. The fact that there are hundreds of functions, competing products and strategies won't make the selection process easy. But getting the decision right can make all the difference in successful mobile operations and the firm itself.
This was first published in October 2012