It’s fair to say that we at Jamf are sold on mobile device management (MDM) for Apple, but not everyone is. So, here are a few things that worry end users and IT pros about MDM, and our take on them.
1. “Isn’t MDM just Big Brother?”
End users are more likely to fear this one, worrying that their employers can monitor their whereabouts, spy on them, and see everything down to their family photos on their devices.
Apple sets important security rules for their devices, and MDM providers must follow them. For example:
- Even if an administrator wants it, no management tool is allowed to access the camera or microphone of any Apple device.
- IT administrators have no access to your browsing history.
- Employers with Apple device management have no ability to copy an individual’s files.
- MDM will not empower administrators to log in or write to a text file to an individual’s work device.
- While MDM admins may locate a lost device, the individual user gets a notification that this has happened.
- Reputable MDM providers will not allow for continuous device tracking, as this is explicitly against Apple’s privacy and security guidelines.
MDMs are generally using security controls already built into Apple’s operating systems. It’s a balance between protecting what the company or school considers private information versus what the end user’s privacy rights are.
2. “When I leave, or if I lose my device, my boss will wipe everything!”
This is a legitimate concern for end users: it is true that if you suddenly leave the organization or your device becomes lost, your business or school can lock and/or wipe the device that they own and that you are using for work. If you leave the organization or lose a device, your employer is often legally-bound to protect their data from distribution elsewhere. Locking or freezing a device allows them to control their own data, and it really is necessary for most organizations to be able to do this.
This would mean a loss of personal items such as music and photos, if you saved them on your work device. (It is generally a good idea not to keep personal information on work devices, whether your employer uses an MDM or not.) That said, if you are using your own device, Apple has restricted what data employers may wipe from devices — in a bring your own device (BYOD) situation, the employer might be able to lock it temporarily, but would only have the power to wipe their own data from the device.
3. “MDM set-up is very time consuming!”
If you choose an MDM product that has too many features and options for your needs or technical knowhow, or that doesn’t have a clear setup procedure, it might take a while to set up. Even in the best of situations, introducing a new tool into your existing structure will definitely take at least some time and attention to get it running.
The question to ask yourself: is this time investment worth it in the long run?
The security features of a robust MDM mean fewer panicked calls to IT on the weekends, fewer security breaches, and fewer hours spent configuring and loading up devices individually. In its essence, an MDM can help control where information goes and who can access it, all from a central location. That means not only more control, but it also more time to focus on other IT tasks.
If you’d like to automate Terminal commands, using something like Jamf Pro’s policy packaging will save you enormous time right out of the gate. How long does inventory take you now? Are you ensuring everyone’s machines are updated with the newest, most secure apps? How about responding to repetitive tickets when one command could fix the problem for dozens of devices in one fell swoop? You could also turn to a more lightweight MDM solution like Jamf Now to quickly sign up and immediately begin managing devices.
Take a look at the timesaving features of the best MDMs on the market. Can you afford NOT to take the time for setup?
4. “Do we actually need Apple device management?”
It really depends: Do you want to protect the end user or protect the company’s data? MDM is for you. Are you a school needing to protect students and to share devices? MDM is an excellent tool for that. Do you have enough devices in your organization that IT is spending way too much time configuring, setting up, updating and patching? An MDM can help with that.
But if you are a small organization for whom the cost of MDM would be prohibitive, with only a few Macs, a handful of iPads, and an iPhone or two to manage, you can probably get away with using a more lightweight MDM solution without all the bells and whistles.
5. “An MDM would get in the way of me doing my job. Updates just show up. I can’t download what I want.”
While the vast majority of employees and students are well-meaning, there are always some who do not understand the importance of security protocol, and an MDM that controls which apps individual users can use helps to secure company data and fight malware or viruses that may arrive. Updating occurring automatically is also a security feature, because apps that have not been updated are often missing patches or updates that have closed security holes. Additionally, disallowing individual users to save to the cloud in unmanaged places does two things: protects the organization’s data AND gives end users specific and easy-to-find places that they may store files.
A good MDM allows employers to customize which apps they allow or restrict and which permissions they allow or restrict. If an MDM is getting in the way of you doing your job, it is important to let IT know that you need access to certain apps or features. A good MDM also allows for very flexible control of devices based on criteria such as job title, department or other sections; such as Jamf Pro’s dynamic smart groups.
When it comes to MDM, it’s all about balancing individual privacy and organizational data protection. It’s about how much you need to, say, protect student information or send an update to your entire organization. It’s about how many devices you oversee and who is using those devices.
If you believe MDM may be right for your organization, take any objections or concerns you have to a reputable provider. They might reassure you. They might confirm your worries. Either way, arming yourself with the knowledge of what an MDM can and can’t do for you will help you to understand and address these challenges as they come.