What is MDM?

The simple answer: MDM is the standard acronym for mobile device management.

However, if you are landing here, you are likely beginning to venture into the world of digital transformation and looking for more than the meaning of an acronym. You may already have devices you'd like to use more efficiently. Or you may be planning an investment in the near future and looking for ways that technology can modify your workflows to help you achieve your business goals. Both are great places to be and MDM is a perfect next step to getting more from technology and helping your team succeed with mobile devices.

So, let’s begin…

MDM at a high level

Mobile device management (MDM) is an industry term for the administration of mobile devices, such as smartphones, tablet computers and laptops. In Apple's world, it is Apple’s native management framework for managing iOS, macOS and tvOS devices. At the highest level, MDM provides IT and users additional capabilities so the device’s full potential can be unleashed.

In layman’s terms, mobile device management is a way for companies of all sizes to perform IT tasks from a central location to support devices and users in an easy, consistent and scalable way without manually intervening and interrupting usage.

The IT tasks achievable with MDM are endless, but some of the common ones include:

• Ensuring your entire ecosystem is consistent and uniform across teams
• Ensuring applications are deployed accurately en masse and are supported
• Updating devices, applications, software and tools
• Being able to effectively troubleshoot and assist users from anywhere
• Monitoring and tracking device inventory, status and usage

By using MDM for device management, IT or leadership can take full responsibility for these tasks (taking the burden off of their team) while maintaining an organized and uniform structure. This is a key component to having a tech plan that can scale with any potential growth and be flexible to organizational changes. Creating that foundation is critical and having an MDM like Jamf helps.

Why the MDM provider you choose matters

When it comes to choosing who your MDM provider is, it does matter. For a more in-depth read, check out a past blog here where I summarize it for you.

Usually, MDM comes from a third-party vendor that is not the same as the company that sells you your devices — such as Jamf. When searching for a device management solution for the first time or evaluating your current tool for a potential upgrade, it is easy to get pulled in multiple directions with vendors shouting:

• “Look over here! We can manage ALL of your platforms with one solution.”
• “But we’re the cheapest and our tool is good enough to get the job done.”
• “Wait! Don’t go with them! Why? Well, just because.”

At Jamf, we want you to succeed with the ecosystem you choose — be it Apple, Microsoft or Google — with the management solution you ultimately select (even if it’s not us). While we obviously want you to choose Jamf, we most importantly want you to be fully informed prior to making any decision.

A lot of people will look at platforms that can manage every device type because they want to achieve similar goals with each device – this is called UEM or unified endpoint management. While it is true that MDM functions and goals are similar no matter which device you are using, how each company or device type achieves that goal is very different. For example, when it comes to enrolling devices into your MDM cleanly, Apple has device enrollment, Google has manual enrollment into G Suite, and Microsoft has dynamic provisioning via Azure AD. While these terms might not mean much to you at this point in your journey, it is an example of the lack of commonality in how devices reach your MDM goals. Forcing them all into the same mold can lead you to a difficult, confusing and convoluted user experience.

Choosing a vendor or platform that specializes in a specific company’s devices allows you to depend on that vendor as a partner you can rely on to help you avoid pitfalls in your MDM plans. They should also offer you full lifecycle management to keep you moving forward long term, helping you and your team achieve real business goals. At some point, the decision will be yours to make for what fits your needs most.

Apple MDM: high level, how does it work?

When it comes to mobile device management with Apple devices – iOS, iPadOS, macOS and tvOS – Jamf is the preferred MDM provider for IT leaders across the world because, like every other company’s devices, Apple approaches MDM in its own way.

In Apple’s world, your MDM solution, such as Jamf, links to and creates a virtual MDM server in Apple Business Manager. You can add multiple MDM servers if your organization uses them for different locations or device types

Your MDM platform connects to and speaks with the Apple Push Notification Server (APNS) to send commands to Apple devices. APNS maintains a constant connection to devices, so you don’t have to. Devices then communicate back to the MDM server and receive commands. Essentially, you define how you want the device to behave, and MDM and APNS collaborate to make it happen.

Since this is a quick blog about the very surface of mobile device management, we won’t get into the nitty-gritty details here, but we urge you to look at the assets below to learn more, or our other blogs discussing MDM.

When evaluating an MDM strategy for your devices, there are six major components to consider:

1. Deployment
2. Inventory
3. Configurations
4. Management commands
5. App deployment
6. Security and privacy

Where device management meets endpoint security

MDM solutions are not the same as endpoint security solutions. The former relates to managing devices, their configurations and apps; while the latter focuses on reducing the attack surface of an endpoint by hardening it, protecting against threats like malware and phishing, for example. Two solutions provide different forms of functionality and support for IT and Security teams but both tie together very closely through mobile device management.

Why is MDM at the core of endpoint security? Because the management function that MDM fulfills provides insight into devices, their health, current configuration levels, installed software and most importantly, can push new settings to devices to ensure that they remain secured. Endpoint security intersects with MDM in that its functions provide MDM with actionable endpoint health data. By integrating the two solutions, MDM can be configured to trigger policies that take corrective action to mitigate risks, such as:

• Identifying devices that require triage
• Updating iPadOS or macOS
• Patching out of date apps
• Hardening vulnerable configurations
• Maintain compliance with policies/regulations

Additionally, when centralizing around MDM, automation of remediation tasks may be enabled which permits IT and Security teams to provide faster, more robust support by leveraging the automated functionality to provide holistic security while keeping endpoints protected against evergrowing threats facing remote and hybrid work environments. Further allows employees to focus on productivity, empowering them to work from anywhere, at any time, without impacting the user's experience.

To learn about these components and best practices for MDM, check out our Apple Device Management for Beginners guide or, if you are a small or medium business, check out our Basics of Apple Device Management for Small and Medium Business. These guides will review the six components mentioned above for Jamf Pro – Jamf’s enterprise-level product and Jamf Now – Jamf’s streamlined MDM product for SMBs.