What is Mobile Device Management (MDM)?

Rapid innovations in mobile technology such as reliable access to WiFi and 5G have enabled today’s teams to be more connected yet distributed than ever. As organizations across industries continue to modernize their operations, mobile devices have become increasingly essential to employee safety and productivity, especially in physically remote and high-risk environments. 

However, deploying, troubleshooting, and managing devices at scale can be a challenge for dispersed teams. Setting up new mobile devices is time-consuming: on average, it takes 60 minutes to manually configure a single device. Once deployed, these smartphones and tablets can present many other challenges from troubleshooting issues to device loss or theft. All of this can negatively impact the bottom line: the average cost of resolving tech issues for remote workers is $4,500 annually per employee and losing a single device can cost organizations as much as $50,000 in decreased productivity, downtime, support, and management. Additionally, any resulting data loss can exponentially raise that cost to $5 million per incident. 

Mobile devices can also introduce new safety challenges, such as increased distractions, for employees who operate in physically demanding or dynamic environments. For example, driver distractions are a leading factor in 70% of large-truck crashes, and CMV drivers who text and drive are around 23 times more likely to be involved in an accident or near-miss. 

To ensure efficiency, safety, and cybersecurity at scale, organizations need solutions to protect their employees and devices. Mobile device management allows IT departments to remotely manage corporate and employee-owned devices to protect their data and assets without compromising productivity. 

The basics of mobile device management 

Mobile device management allows work to happen securely from anywhere by enabling organizations to remotely track, troubleshoot, and even remotely lock or wipe a device if theft, loss, or a data breach occurs. Managed devices can include smartphones, tablets, and laptops. MDM solutions begin with software installed on mobile devices used for work—either company-owned or personal devices. Once installed, MDMs manage device inventory, security, and access to business apps and content with minimal interruption to the end-user experience. 

The primary goal of MDM solutions is to protect corporate data, however, they can also protect employees’ personal data by preventing cross-pollination of personal and organizational information in “bring your own device” (BYOD) to work scenarios.

Other types of remote management solutions: MDM is sometimes referred to as unified endpoint management (UEM) but the two are slightly different. MDM is strictly mobile device-based while UEM covers a full range of endpoints, including PCs, desktops, and wearables on a corporate network. Additionally, MDM is a subset of enterprise mobility management (EMM) which includes additional functionality like containerization and content management. The bottom line: MDM, UEM, and EMM offer varying degrees of control to admins looking to manage their devices securely and efficiently. 

What key features do MDM solutions offer?

Mobile device management solutions are designed to help IT and security teams with app management automation and remote control. In general, MDM software includes these five features: 

Device enrollment: In order to manage smartphones and tablets remotely, organizations must first enroll their devices in their MDM. There are many different types of enrollment methods depending on device type, operating system, and device ownership. The most common methods include: 

• QR code: Admins or employees can scan a pre-generated QR code and follow the steps on the screen to complete enrollment in the MDM.

• Email link: Admins can send email invites to employees containing a link and instructions to enroll their devices.

• Zero-touch enrollment: The MDM provider or a reseller pre-configures devices with services provided by Apple or Google, so devices are automatically enrolled and ready for admins or employees to use right out of the box. 

App and system management: Before an employee receives their enrolled device, admins can determine how and what employees can access on their devices, from preconfiguring business-critical tools like messaging, WiFi, and VPN to blocking use of unauthorized apps and certain settings to maintain security. 

• Bulk app distribution: Admins can distribute apps at scale to their teams with no action required by employees—apps can be pushed to all employees or select groups of users.

• Security policies: Admins can configure specific rules to automatically block suspicious apps or malware from downloading to devices. 

• Operating system updates: Admins can remotely schedule and push software updates to devices related to the OS as a whole to ensure employees are equipped with the latest technology with little to no end-user action required.

Kiosk configuration: For increased control over corporate-owned devices, kiosk configuration limits device functionality to only one or a set of predetermined apps (single-app or multi-app functionality). When kiosk mode is engaged on a device, users are unable to access nonessential apps and content for their safety, security, or productivity. 

• Safety: Protect employees by activating kiosk mode to limit mobile device usage while in motion or operating heavy equipment.

• Security: Keep sensitive data secure when using mobile devices in customer-facing interactions, such as collecting signatures during service calls or screen-sharing during presentations.

• Productivity: Eliminate unwanted distractions on mobile devices to help employees stay focused on the task at hand.

Device location tracking: Real-time GPS tracking and geofencing helps admins identify high-risk or non-compliant use of devices so they can take action to keep mobile assets and data safe, such as remotely wiping a stolen device or recovering a lost device.

Remote access: One of the biggest time-saving features MDMs offer is the ability to remotely access and control devices—this allows admins to help employees when issues occur as well as facilitate employee training. 

• Troubleshooting: Remote access to devices allows IT departments to help employees with troubleshooting from any location with visibility into everything the end-user is seeing to diagnose and solve the issue at hand.

• Training: Remote access can be used to coach employees on new tools and processes on their devices. Admins can customize employee training using the employee’s own device interface to walk them through a repeatable workflow. 

Device management for different operating systems

Mobile devices primarily run on two operating systems, Android and iOS. Android is the open operating system created by Google, used by smartphones and tablets from a variety of manufacturers, while Apple runs proprietary operating systems specific to their own device types, such as iOS on iPhones and macOS on laptops. The basic tenets of MDM for Android and iOS are similar, but there are some differences in deployment and native OS offerings.

Android device management: 80% of the world’s mobile devices are Androids—with majority market share, there’s much more diversity among Android devices compared to Apple devices, giving organizations more flexibility to configure the mobile experience for their employees. Android MDM solutions use Android Enterprise APIs to support the unique suite of applications from Google, Microsoft, or other software providers that an organization uses.

• Enrollment: Androids offer flexibility when bulk enrolling devices through a variety of methods such as zero-touch enrollment, Android Near Field Communication (NFC) enrollment, QR codes, third-party EMM tokens, and more.

• Account management: Android Enterprise work profiles keep personal and corporate data secure and separate when using BYOD. 

• App management: Android’s app store—Google Play Store—allows admins to distribute any private or third-party app and configure app updates to keep devices secure. 

• Bonus: Android supports rugged mobile devices for organizations whose workers require smartphones and tablets that meet the physical demands of jobs in industrial operations.

Due to the prevalence of Android devices, Android users are more often exposed to malware and data breaches compared to Apple users. Deploying mobile device management is a critical yet simple way to protect business data, devices, and, most importantly, individuals against cyber-threats.

• Malware is malicious software that is “invisible” and unknowingly installed onto a user’s device to either interrupt operations, release classified information, gain access to sensitive systems, or block end-users' previously-held access.

• A data breach is the transfer, theft, release, or viewing of sensitive data by an unauthorized user. Data breaches can result from malware, criminal action, or unintentional mistakes. 

Apple device management: For organizations using Apple devices, iOS MDM software works with Apple Business Manager to control iOS, macOS, and iPadOS devices being used for work. 

• Zero-touch enrollment: Configure devices remotely and assign users without physically touching the device. 

• Managed Apple IDs for business: Create work accounts in place of or alongside personal Apple IDs on devices.

• Apple Configurator: This tool allows IT admins to manage content on enrolled devices including configuration, app installation, and license distribution. However, this is not a true MDM because there is no security element, so it's often paired with a dedicated MDM tool for iOS devices.

Choosing a mobile device management solution

With so many MDM providers to choose from, it's important to carefully select one that meets your organization's needs. In general, an effective MDM solution saves time, improves efficiency, and keeps your organization secure. When evaluating MDM solutions, look for:

Ease of use: Any good software system should simplify and enhance, rather than complicate, the user experience. Prioritize an intuitive user interface with essential features and the flexibility to customize to your work environment over an extensive suite of bells and whistles that your organization may not really need.

Industry fit: When choosing a MDM, be sure to take the unique demands and working conditions of your industry into consideration. If your organization includes mobile workers in industrial settings, make sure your MDM functions reliably in remote, rugged, and unpredictable environments. If your workers drive long distances or operate heavy machinery, a MDM with safety features helps keep employees focused and connected, whether they’re on the road or in the field. It’s also important to make sure your MDM is accessible to all the right teams in the back office, not just IT. Any leader that’s responsible for the day-to-day of their workers, whether they’re in safety or operations, should play an active part in the management of their employees’ mobile experience.

A unified platform: Just as you don't want your employees to have to juggle a dozen different apps every day, your admins don't want to manage a dozen different backend systems every day. Make everyone’s life easier by choosing a consolidated platform with functionality that's relevant to other departments across your organization to save your back office time and take employee productivity to a new level. 

Looking for mobile tools to keep your employees connected and productive? Learn more about the Samsara Driver App and Fleet App, or reach out for a free demo or trial of our Connected Operations Cloud today.