What is Mobile Device Management?
Mobile Device Management (MDM) refers to the centralized administration and control of mobile devices, such as smartphones, tablets, and laptops, within an organization. It involves deploying, securing, monitoring, integrating and managing mobile devices, applications, and data.
MDM enables organizations to enforce security policies, configure settings, distribute applications, and ensure compliance across a fleet of mobile devices, optimizing their functionality, security, and productivity.
Device management has always been an important part of any IT department, whether this has been to configure company owned devices or trying to manage company data on user’s personal phones and laptops.
With the current trend of remote working, it has become a necessity to have a solution in place that minimises the time it takes to configure new and existing devices whilst also being confident that in the case of devices being lost or stolen that your company data is not only secured but can be easily removed.
Microsoft Intune Device Management
Microsoft Intune is a cloud-based offering that incorporates mobile device management and mobile application management. This allows your organisation to have complete control on how your users access company resources whilst providing streamlined deployment options of corporate devices.
Intune mobile device management (MDM) and mobile application management (MAM) handle how devices, security and application data is handled. MDM and MAM are not exclusive of each other and in most cases work together to provide a safe and secure device management solution.
Depending on whether you provide a managed device to your users or allow personal devices to access your data, Intune allows you to cover each scenario with a solution that works for everyone.
Enrolling Devices
Enrolling devices into Microsoft Company Portal allows you to have full control over its settings, features and security. With this approach you can control how the devices are configured via policies set within Intune and once a device is enrolled it will automatically pull its configuration from the cloud, thus allowing your users to have a seamless experience without needing to visit the office to collect their hardware.
Devices can be allocated as corporately owned or personal. Depending on this selection will determine what visibility your IT department has into the device. Users can get an overview of what your IT department can see by accessing the company portal app on their device.
Example device privacy
Some examples of how a device can be configured include:
- System update policies including feature updates to Windows 11
- Disk encryption – BitLocker on Windows and FileVault on macOS
- Set PIN and password requirements
- Enable Windows Hello for Business
- Configure Wi-Fi and VPN connections
- Deploy security baselines
- Configure apps to automatically deploy based on users and groups.
- Provide a store and whitelisted apps that can be additionally installed based on user needs.
- Easily reset or refresh devices to repurposes devices. Or to lock devices that have been lost.
- Conditional access policies – automatically limit device access to company resources should the device fail to be compliant with your policies.
- Autopilot – allow devices to be sent directly from suppliers and allow users to have a seamless out of box experience with all the apps and settings required without needing assistance from IT support.
Mobile Application Management
MAM policies allow you to protect your organisation’s data at the application level. This includes apps installed from Microsoft and app stores as well as custom apps you may have created for your team.
In this scenario a user may not want their personal device to be managed by your company and in this case, it is imperative that your company data is protected. This can be achieved through app protection policies.
Some examples of how MAM can protect your data:
- Isolate organisation data from personal data
- Configure apps to operate with specific settings enabled
- Require managed apps to be secured with a password
- Prevent copy and paste to apps outside of your control
- Prevent saving of documents to unmanaged apps
Although MDM and MAM should be used in conjunction with each other to provide the highest level of security it might not always be the right solution. Mobile application management allows the use of personal devices to securely access company resources.
Microsoft Intune Licencing
Intune Is included with the following licences:
- Microsoft 365 E5
- Microsoft 365 E3
- Enterprise Mobility + Security E5
- Enterprise Mobility + Security E3
- Microsoft 365 Business Premium
- Microsoft 365 F1
- Microsoft 365 F3
- Microsoft 365 Government G5
- Microsoft 365 Government G3
- Intune for Education
If you are looking for mobile device management to help improve the performance and efficiency of your business, or for specialist IT consultancy to make recommendations on how you can fully utilise your businesses current mobile device management please get in touch.