Mobile Device Management Systems – Part 2

This article is part 2 of 2 and describes additional features of mobile device management solutions. The previous article covered the main objective of mobile device management systems and the typical building blocks. A few features were explained already.

Access to enterprise servers, applications, emails and data may be granted to authorized private devices (“Bring Your Own Device”, BYOD). Privately owned mobile devices may use certificate-based authentication.

Administrators may want to define device configurations, security profiles and rules, user or device groups. Mobile device management systems may control different permissions based on roles.

The mobile device management solution should support the definition of passcodes (or passwords) and associated policies to meet different requirements in terms of length and complexity.

Some systems need enterprise access using Wireless Local Area Networks (WLAN), Virtual Private Networks (VPN) and specific protocols like IPv4 or IPv6. These interfaces, services and protocols should be supported.

TIP: check your infrastructure to support IPv6 for users accessing the Intranet via providers supporting IPv6.

Emails, sensitive data only or data in general may be encrypted. For privately owned devices (BYOD) some systems support logical separation of business and private data in different “containers” for individual data handling (encryption, copy protection, backup, deletion or other manipulations).

Users may be required to accept end user licence agreements during rollout process.

TIP: grant access only for users signing the agreements.

Jail-broken or rooted devices may be detected and blocked to prevent access to corporate services or data or execute applications.

TIP: blocking devices automatically may reduce risks and saves time.

Manual or automatic configuration and profile distribution and software update over-the-air (OTA) help to minimize workload for administrators.

The mobile device management systems generate inventories, control software versions and software updates.

Automatic security audits provide information about updates, VPN activities, encryption key management, authentication procedures,…

TIP: Most of the systems generate comprehensive logs and reports for managers about e.g. the International Mobile Equipment Identity (IMEI), International Mobile Subscriber Identity (IMSI), device configuration, updates pending or done, listing of known, certified, unknown or rogue devices.

New or inactive devices, devices out-of-service or devices of employees leaving the corporation have to be identified. Installed apps and stored data may be fully wiped but also prevented from full wipe under certain circumstances. Configuration reset to factory settings forces the device to an initial condition.


Book: Ronald Schlager: “Selecting Mobile Device Management Systems”, ISBN-10: 1482003708, ISBN-13: 9781482003703

About the Author:

Ronald Schlager is independent trainer, consultant and book author focusing on communications technologies and their application.

Ronald Schlager´s profiles:

Ronald Schlager´s Bio