Mobile Device Management (MDM)

Mobile device management (MDM) is a type of security software used by an IT department to monitor, manage and secure employees' mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization. Mobile device management software is often combined with additional security services and tools such as Mobile Application Management (MAM) to create a complete mobile device and security Enterprise Mobility Management (EMM) solution.[1]

Mobile device management (MDM) includes software that provides the following functions: software distribution, policy management, inventory management, security management and service management for smartphones and media tablets. MDM functionality is similar to that of [[PC PC configuration life cycle management (PCCLM) tools; however, mobile-platform-specific requirements are often part of MDM suites.[2]

Over time, mobile device management has advanced to include newer methods like remote server controls, more versatility in managing groups of diverse providers, and even software-as-a-service implemented controls. In older systems, users may have had to install a SIM card in a device to get access to internal systems, whereas newer MDM systems often operate through an over-the-air method. MDM has adapted to fit the needs of enterprises managing specific kinds of systems related to tech trends around smartphone and mobile device use. One of the most prominent of these is bring your own device (BYOD). With BYOD, employers and employees have been able to share mobile use with flexible arrangements where a personal device can be used for business. Modern mobile device management adds security and scalability to these kinds of uses, which can require some complex access architectures and customized engineering.[3]

Mobile Device Management (MDM) addresses the unique needs of a mobile devices. It provides you with real management capabilities, including convenient configuration, self-service tools, and enhanced protection. It also keeps you up to date with best practices.[4]

Overview of Mobile Device Management (MDM)[5]
MDM is a way to ensure employees stay productive and do not breach corporate policies. Many organizations control activities of their employees using MDM products/services. MDM primarily deals with corporate data segregation, securing emails, securing corporate documents on devices, enforcing corporate policies, integrating and managing mobile devices including laptops and handhelds of various categories. MDM implementations may be either on-premises or cloud-based. MDM functionality can include over-the-air distribution of applications, data and configuration settings for all types of mobile devices, including mobile phones, smartphones, tablet computers, ruggedized mobile computers, mobile printers, mobile POS devices, etc. Most recently laptops and desktops have been added to the list of systems supported as Mobile Device Management becomes more about basic device management and less about the mobile platform itself. MDM tools are leveraged for both company-owned and employee-owned (BYOD) devices across the enterprise or mobile devices owned by consumers. Consumer Demand for BYOD is now requiring a greater effort for MDM and increased security for both the devices and the enterprise they connect to, especially since employers and employees have different expectations concerning the types of restrictions that should be applied to mobile devices. By controlling and protecting the data and configuration settings of all mobile devices in a network, MDM can reduce support costs and business risks. The intent of MDM is to optimize the functionality and security of a mobile communications network while minimizing cost and downtime. With mobile devices becoming ubiquitous and applications flooding the market, mobile monitoring is growing in importance. Numerous vendors help mobile device manufacturers, content portals and developers test and monitor the delivery of their mobile content, applications and services. This testing of content is done in real time by simulating the actions of thousands of customers and detecting and correcting bugs in the applications.

Mobile Device Management (MDM) Tools[6]
MDM tools should include application management, file synchronization and sharing, data security tools, and support for either a corporate-owned or personally owned device. The ideal mobile device management tool:

  • Is compatible with all common handheld device operating platforms and applications.
  • Can function through multiple service providers.
  • Can be implemented directly over the air, targeting specific devices as necessary.
  • Can deploy next-generation hardware, operating platforms and applications quickly.
  • Can add or remove devices from the system as necessary to ensure optimum network efficiency and security.

Implementation of Mobile Device Management (MDM)[7]
MDM is typically used to minimize business risks by protecting sensitive office data and also reduce maintenance and support costs of the business establishment. Hence, it focuses on offering the maximum possible security, while also reducing the costs involved to the minimum. With more and more employees using their personal mobile devices while in office, it has become imperative for companies to monitor their employees’ mobile activity and more importantly, secure their data from being inadvertently leaked out and reach the wrong hands. Several vendors today help mobile manufacturers, portals and app developers by offering testing, monitoring and debugging services for mobile apps and other mobile content. MDM platforms offer end-users plug and play data services for the major mobile devices. The software automatically detects the devices in use within the particular network and sends them the settings required to sustain uninterrupted connectivity. Once connected, it is capable of keeping a record of every user’s activity; sending software updates; remotely locking or even wiping a device; protecting device data when in case of loss or theft; troubleshooting it remotely and much more; without interfering with the day-to-day activities of employees in the workplace.

MDM for Mobile Security[8]
All MDM products are built with an idea of Containerization. The MDM Container is secured using the latest cryptographic techniques (AES-256 or more preferred). Corporate data such as email, documents, and enterprise applications are encrypted and processed inside the container. This ensures that corporate data is separated from user’s personal data on the device. Additionally, encryption for the entire device and/or SD Card can be enforced depending on MDM product capability.

  • Secure email: MDM products allow organizations to integrate their existing email setup to be easily integrated with the MDM environment. Almost all MDM products support easy integration with Exchange Server (2003/2007/2010), Office365, Lotus Notes, BlackBerry Enterprise Server (BES) and others. This provides the flexibility of configuring email over the air.
  • Secure Docs: Employees frequently copy attachments downloaded from corporate email to their personal devices and then misuse it. MDM can restrict or disable clipboard usage into or out of the secure container, restrict forwarding of attachments to external domains, or prevent saving attachments on SD card. This ensures corporate data is secure.
  • Secure browser: Using a secure browser can avoid many potential security risks. Every MDM solution comes with built-in custom browser. An administrator can disable native browsers to force users to use the secure browser inside the MDM container. URL filtering can be enforced to add additional security measures.
  • Secure app catalog: Organizations can distribute, manage, and upgrade applications on an employee’s device using an App Catalogue. This allows applications to be pushed onto the user's device directly from the App Store or push an enterprise developed private application through the App Catalogue. This provides an option for the organization to deploy devices in Kiosk Mode or Lock-Down Mode.

Mobile Device Management (MDM): Pros and Cons[9]

  • Pros
    • Ability to ensure the proper protection around the entire device and ensure compliance with the set policies.
    • Central management of all mobile devices and ability to check statuses and compliance of each device.
  • Cons
    • Extremely intrusive on the management of the device and locking down of personal devices.
    • Significant issues locking down entire devices based on the volume of devices that are continuously being pushed into the market.
    • Degraded user experience and added troubleshooting requirements for the support team.
    • Discovery of information for Electronic Discovery (e.Discovery) becomes non-existent or extremely difficult.
    • Inability to separate personal data from company data.

See Also

Mobile Application
Mobile Application Management (MAM)
Mobile Content Management (MCM)
Mobile Device
Enterprise Mobility
Enterprise Mobility Management (EMM)
Bring Your Own Device (BYOD)


  1. What is Mobile Device Management (MDM)? Webopedia
  2. MDM Suites Gartner
  3. Explaining Mobile Device Management (MDM) Techopedia
  4. Mobile Device Management (MDM) Stanford
  5. Overview of Mobile Device Management (MDM) Wikipedia
  6. Mobile Device Management (MDM) Tools Techtarget
  7. Implementating Mobile Device Management (MDM) Livewire
  8. MDM for Mobile Security Wikipedia
  9. Pros and Cons of Mobile Device Management (MDM) TrustedSec

Further Reading

  • The Best Mobile Device Management (MDM) Solutions of 2017 PC Mag
  • What is MDM, MAM, and MIM? (And what's the difference?) Brian Madden
  • 10 BYOD mobile device management suites you need to know ZDNet
  • Top ten reasons you don’t need Mobile Device Management (MDM) MaaS360
  • Top Ten Reasons to Manage Your Mobile Devices with Mobile Management MicroFocus
  • 11 Best Practices for Mobile Device Management (MDM) MaaS360