What is MDM?

The simple answer: MDM is the standard acronym for mobile device management.

However, if you are landing here, you are likely beginning to venture into the world of digital transformation and looking for more than the meaning of an acronym. You may already have devices you'd like to use more efficiently. Or, you may be planning an investment soon and looking for ways that technology can help you achieve your business goals. Both are great places to be— and MDM is the perfect next step to getting more from technology while helping your team succeed with mobile devices.

So, let’s begin…

Defining Mobile Device Management

What is MDM?

Mobile device management is an industry term for the administration of mobile devices— such as smartphones, tablets and laptops. In the Apple world, it leverages Apple’s native management framework used to manage iOS, iPadOS, macOS, watchOS and tvOS devices. At a high level, MDM provides IT and users with additional capabilities so the device’s full potential can be unleashed

from a central location. This supports devices and users in an easy, consistent and scalable way without manually intervening and interrupting usage.

In layman’s terms, MDM is a way for companies of all sizes to perform IT tasks to manage devices across the infrastructure from anywhere and over any network connection at any time.

MDM helps to ensure that devices are configured properly and standardized across your organization and that devices are maintained with security patches and up-to-date software.

The management tasks achievable with MDM are endless, but some of the ones administrators commonly use are:

• Deploying supported apps in bulk and configuring them as required
• Providing effective troubleshooting and remote assistance to users from anywhere
• Monitoring and tracking device inventory, statuses and usage data
• Performing remote erase and wipe commands that prevent data from being compromised if devices become lost or stolen
• Implementing policy-based management to uphold compliance with regulatory requirements

By using MDM for device management, IT (or stakeholders designated by leadership) can take full responsibility for these tasks, thus taking the burden off of end-users while maintaining an organized and uniform structure. This is a key component to having a technology plan that can scale with any potential growth and be flexible to organizational changes.

Simply put: creating that foundation is critical to changes that call for dynamic actions, like allowing users to utilize personal devices for work or shifting to a distributed workforce model.

Importance of MDM in today’s business environments

Myth #1: All MDM solutions are created equally.

Typically, MDM solutions are developed by a third-party vendor that is not the same as the company that sells your devices. When searching for a device management solution for the first time or when evaluating your current tool for a potential upgrade, it is easy to get pulled in multiple directions with vendors often making claims that seem great at face value, like:

• “Our solution offers a single pane of glass to manage ALL of your products.”
• “We’re the least expensive option.”
• “Our tool is good enough to get the job done.”
• “You already use our services for X.”
• “Don’t go with anyone else! Why? Because we’re constantly striving to make our solution as good as the competition.”

The problem with these claims is that they often attempt to disguise the lack of critical functionality— which results in solutions that may not be able to meet the unique needs of your organization. Some of the most glaring omissions that could very well impact IT’s ability to effectively manage devices or deliver a meaningful user experience are:

• No same-day support for operating system updates or patches: delaying or skipping support for new hardware and/or software features
• Lack of a Self Service component for end-users to procure what they need, when they need without the need for service ticket requests to IT
• Inability to align managed technology with company standards or compliance requirements
• Missing mechanisms that enforce management and secure configurations with policies
• No capability to remotely track missing or to securely erase lost or stolen devices

Success with the ecosystem you choose begins with your platform of choice — be it Apple, Microsoft or Google — and is further impacted by the management solution you ultimately select (even if it’s not Jamf). While we obviously want you to choose our best-of-breed solutions, we most importantly want you to be fully informed prior to making any decisions that will affect the ability of your enterprise, small business or school to manage its device fleet efficiently and effectively.

Myth #2: A single pane of glass makes management easier.

Administrators will often consider platforms that can manage every device type because they want to achieve similar goals with each device — this is called Unified Endpoint Management (UEM).

Generally speaking, MDM functions and goals are quite similar to UEM. That said, no matter which device you are using, how each company or device type is managed is very different. For example, when it comes to seamlessly enrolling devices into your MDM, Apple has automated device enrollment, Google has manual enrollment into G Suite, and Microsoft has dynamic provisioning via Azure AD.

If these terms don’t resonate much with you at this point in your journey that’s ok; they are mentioned here as an example of the lack of commonality between platforms and how this could require rethinking how to reach your management goals across different devices.

Forcing them all into the same mold can lead to a difficult, confusing and convoluted experience— not just for IT pros tasked with managing these devices, but also for the stakeholders expected to accomplish work-related tasks on these devices.

Choosing a vendor that specializes in a specific company’s devices allows you to depend on that vendor as a partner you can rely on to help you avoid pitfalls when meeting your management needs. They should also offer full lifecycle management to keep devices moving forward in the long term, helping your team to achieve business goals. At some point, the decision will be yours to make for what fills your requirements best.

Myth #3: Apple is a consumer product — not for use in the enterprise.

When it comes to mobile device management with Apple devices — iOS, iPadOS, macOS, watchOS and tvOS — Jamf is the preferred MDM provider for IT leaders across the world. That's because, like every other company’s devices, Apple approaches MDM in its own way.

According to ComputerWorld, "Not only are Mac sales into US enterprises rising rapidly," but that increase has translated into an 89.5% year-on-year growth in Mac sales in emerging global markets as well.

While the numbers make it easy to justify Apple's continued growth in the enterprise, it's the little differences in how Apple management occurs that make it a favorite among users and administrators over competitors. Since Apple has full control over its hardware and software, this level of integration allows IT to deploy enterprise-owned devices as part of an easy, seamless and holistic workflow directly from Apple (or an authorized reseller) to the end-user.

This workflow is called zero-touch deployment and it starts with a free, Apple-provided service that provides businesses and educational institutions with a web-based tool to manage their inventory of:

• Apple hardware devices
• First- and third-party apps
• User accounts and credentials
• Integration with Apple services such as Apple IDs
• Links to MDM solutions for ongoing management

This service: Apple Business Manager (ABM) and Apple School Manager (ASM).

With it, you can add multiple MDM solutions, if your organization uses them for different locations or device types, linking them to your inventory of devices in whole or in part at a granular level.

This flexibility permits organizations of any size, using any combination of Apple hardware and residing anywhere around the world, to centrally manage the backend infrastructure. This serves as the jump-off point for device provisioning and deployment without IT having to physically touch a device to get users onboarded.

The general three-step process for provisioning a device to end-users with ABM/ASM + Jamf looks like this:

1. Open the box.
2. Power on the device.
3. That’s it! There is no step 3!

Simply put: Once your organization has purchased an Apple device, it appears within your ABM/ASM portal. From there, IT links it to your MDM solution where the Apple service maintains a synchronized connection with your preferred MDM.

Once the device inventory is updated within the MDM, IT adds it to a pre-enrollment profile. And then, we wait. We wait for the end user to unbox and power on the new Mac, iPad or iPhone they received from Apple. During the setup process, the device connects to a wired or wireless network and contacts ABM/ASM automatically, which hands off the device to the MDM solution for enrollment and additional configuration.

That’s it! The device is now enrolled in Jamf Pro. It's already configured according to your company’s unique security requirements and business needs using Apple Push Notification Server (APNS). The MDM maintains a constant connection to devices, sending/receiving commands to/from the Apple devices managed by your MDM. Essentially, you define how you want the device to behave, and MDM and APNS collaborate to make it happen.

Resources to aid your MDM journey

Since organizational needs vary from one company to another, we won’t be performing a deep dive into how you should set up your MDM solution to meet your unique needs. That said, we urge you to look at the assets below to learn more about what points to consider when evaluating an MDM strategy for your devices. There are seven major components to consider:

1. Deployment and provisioning
2. Asset inventory
3. Device configurations
4. Management commands
5. App lifecycle management
6. Security and privacy (including the user experience)
7. Compliance enforcement

Key takeaways

• The right MDM solution is the one that provides support for all of your organization's needs, today and tomorrow. Effective device management aligns with business standards, remains compliant with regulatory requirements and is enforced through policies to ensure that devices meet compliance or are brought back in scope immediately.
• "One size fits all" types of solutions never provide the full level of support necessary to holistically manage devices.
• Your MDM solution is the core of the management component— and also serves as an integral part of the security component. The wrong solution can lead to missing critical features or to delays in supporting those features. This introduces risks, such as not being able to patch security vulnerabilities promptly because your MDM solution's developer doesn't support that OS version.
• By integrating your MDM solution with first- and third-party services, organizations can extend and add value to services, such as by simplifying workflows and automating essential tasks.
• Apple devices may be consumer-friendly, but they're enterprise-ready and capable of helping users get school and/or work-related tasks completed. Apple device deployment and provisioning is an easy three-step process.