What is mobile device management? MDM explained

September 23, 2020  |  Mark Stone

This blog was written by a third party author.

Not too long ago, the desktop computer was the primary computing device for enterprise employees. With the rise of mobile endpoints like smartphones, laptops and tablets, employees are connecting to corporate networks from a wide variety of places and devices. Today, especially with the popularity of the WFH (work from home) model, managing the multitude of mobile devices is more complicated than ever before.

The statistics tell a sobering tale. For example, 70% of breaches originate on the endpoint, making it the number one target for attacks. Even more concerning, according to a recent study, 60% of breaches were linked to a vulnerability where a patch was available, but not applied.

The moral of the story: mobile device management is critical for any corporate network.

What is mobile device management?

Mobile device management (MDM) is a software tool for IT departments and administrators that allows management of all mobile endpoints, including smartphones, laptops, tablets, and IoT devices. Endpoints can be owned by either the company or the employee, and the MDM solution can be hosted onsite or in the cloud. The goal of an MDM is to find the right balance between management, productivity and policy compliance.

As personal devices proliferate onto enterprise networks, MDM plays a vital role in securing corporate networks while allowing employees to continue to work more efficiently.

Mobile Device Management software relies on the client/server model to function. Using a management console, the server component allows IT administrators to configure and assign policies. The client component resides on each mobile device and receives whatever directives have been assigned from the management console.

MDM is now a mature platform that has seen significant advances. Client-initiated updates are a thing of the past, as modern MDM software can instantly discover any new endpoint making a connection to the network. Today’s MDM is much more streamlined.

Managing BYOD with MDM

The line between a mobile user and an on-premise employee has blurred as almost everyone brings some type of personal device into the workplace. The BYOD (bring your own device) movement in many organizations is no longer a movement but more of a norm.

The need to monitor and manage these endpoints has never been greater.

While the benefits of BYOD are clear — lower equipment costs and more time available for IT personnel come to mind — if endpoints are not actively managed and monitored, the security risks are significant. Mobile device management is a critical component of any BYOD policy, as it allows the business to maintain control of their company data and how it is accessed.  

Tablets and smartphones can be difficult enough to manage in the BYOD era. After all, they’re arguably less secure than laptops and desktops due to a lack of pre-installed malware protection. But when IoT is added to the mix, especially if employees aren’t aware of the security threat it poses, the importance of the MDM multiplies. According to a recent Infoblox report, a staggering 80% of IT professionals surveyed discovered shadow (unreported to the IT department) IoT devices connected to their network, and 29% of them discovered more than 20.

These devices could be smart TVs, kitchen devices, cameras, or personal health monitors. We’ve discussed IoT security before; by default, devices are inherently insecure, and the risks are often overlooked.

If any of these IoT endpoints are breached, the impact to the corporate network can be catastrophic. Whether the employee knows better or not, their decisions may sabotage security initiatives.

Unified Endpoint Management Solution

Helps organizations harness the power of highly secure mobility and improved device compliance.

Learn more


Securing access for all these apps and data can get in the way of business needs. To meet these new demands, MDM evolved into a more streamlined version — enterprise mobility management (EMM). Going one step further is Unified Endpoint Management (UEM), which not only manages smartphones, tablets, laptops, desktops, IoT devices, but adds capabilities to oversee documents, applications, content, and access and identity management. Thus, the transformation to the “unified” name for managing endpoints versus only mobile devices. 

Think of UEM as a supercharged version of MDM that builds upon the functionalities. While MDM can manage devices through rules and policies, UEM takes things further by adding a unique set of features.

UEM’s diverse capabilities allow IT and security teams to find a better balance between productivity and security.

Unlike MDMs, which require direct network connectivity, UEM solutions enable over-the-air device registration to reduce IT involvement. Whether your organization prefers Apple, Microsoft, or Google, UEM supports all three enrolment programs (Apple’s Business Manager, Microsoft’s Windows 10 AutoPilot, Samsung’s Knox Mobile Enrollment, and Google’s Zero-Touch).

Plus, UEM can integrate with existing Microsoft Active Directory/Lightweight Directory Access Protocol (AD/LDAP) infrastructure and saves time by allowing AD/LDAP records and groups to be imported directly into the UEM.

With UEM, employees can access encrypted content repositories and safely use third-party sharing solutions like Google Drive, Sharepoint, and Box. Compared to basic MDMs, this deeper integration allows employees to be both productive and secure.

The importance of UEM in securing mobile devices

Managing all the devices in your environment is an extremely important step for securing them. However, mobile devices are often overlooked when it comes to protecting them against key threat vectors such as device, application, network, and social engineering attacks such as phishing.

For example, according to a Lookout report, 56% of mobile users have received and tapped on a URL that bypassed existing layers of phishing defense. And this one may surprise you: on average, a user will click on approximately six phishing links from their mobile device during the course of one year.

Mobile Threat Defense (MTD) solutions are a necessary component of protecting against these types of threat vectors. And, many of today’s UEM solutions integrate with MTD services to provide automated remediation on the device if a threat occurs.

What to look for in a UEM solution

Whether it’s MDM, EMM or UEM, the software is only as good as how you choose to deploy it. If not implemented correctly, the chances of success can drastically diminish.

When evaluating a UEM solution, it’s critical to take the time for due diligence to ensure synchronicity with your organization’s specific business goals and security policies. One example might be how an employee termination is managed. What happens to their smartphone under your BYOD policy? Will access to corporate networks be automatically revoked? Can any corporate data (either saved or cached) be instantly wiped? Is their personal data separated from corporate data? How are malicious attacks detected and remediated? Before choosing any MDM or UEM solution, these policies must be set in place to decide what is specifically needed and continuously reviewed to ensure best practices are maintained.

The best MDM or UEM solutions should provide a single pane of glass type visibility into the status of your entire fleet of endpoints and integrates with MTD solutions to take automated remediation when threats arise on mobile devices. Because as the saying goes, “You can’t secure what you can’t manage, and you can’t manage what you can’t see.”

Share this with others