Why your organization needs MDM to protect what matters

Mobile Device Management text on modern laptop screen in office environment. 3D render illustration business text concept.

Before we head into why your organization needs MDM (Mobile Device Management) I will explain a few abbreviations and perceptions. These will be of importance for this post, and for your EMM journey.

EMM = Enterprise Mobility Management. It’s a very wide area. It includes everything that you can configure, protect, install and report on a mobile device. From a product perspective, it includes, but is not limited to, Microsoft Intune, OneDrive for Business, Azure AD, Microsoft Cloud App Security etc.

MDM = Mobile Device Management. The classic approach to managing iOS, Android and other operating systems. Your organization are in full control of the device and can configure most settings. You are also able to install apps, do inventory and so on. Includes products like Microsoft Intune, VMWare Airwatch, MobileIron, etc

MAM = Mobile Application Management. The more modern, but sometimes limited, way of especially protecting organizational data. Instead of your organization is in control of the entire device, you control the apps which holds your data. Especially applicable to Microsoft Intune, but other vendors have similar solutions.

Privacy, user experience and applicability

Perceptions that we need to address before continuing this post:
 

  • My organization only implements MDM so that they can spy on me!
    • WRONG! EMM or MDM is not about gaining access to the content of a phone or track how the user uses it.
  • My phone will be unusable if my organization implements MDM!
    • WRONG! You can configure a device to be usable both for work and for private use, at the same time!
  • MDM is only for large organizations, we don’t need it in SMB.
    • WRONG! MDM or MAM is something all organizations need and can benefit from.

With that sorted out let’s head into why you need EMM, MDM or MAM in your organization.

A phone with an app that shows that security features are turned on.
Why do your organization need EMM?

There are in general three reasons for EMM (which I will use for the purpose of this post, and includes MDM and MAM):

Threat & Privacy protection

Even though we see a few targeted attacks towards Android and iOS today, that is highly possible to change in the future. It is however more common that we see apps which require very high levels of access on mobile devices.

These high privileges open up possibilities for privacy breaches, data leakage as well as future attacks. In addition, we need to protect our users from malicious web sites, phishing sites and similar web-based threats.

Data protection and compliance

This is probably the most common, most important and most underestimated use-case for EMM today. Most of the EMM projects we are currently involved in are focused on data protection and compliance.

It’s about allowing access to organizational data, applications and solutions on mobile devices – while keeping it secure, contained and reachable for IT.

Employee experience

Apart from the two areas above, I find it very important to remember that we can use EMM to create an even better employee experience!

Things like a simple onboarding for a new employee, an always up to date device with simple connectivity to Wi-Fi and internal resources. With these controls, you have the opportunity to make a difference for your colleagues.

A smart phone and a smart watch, managed by EMM while allowing a good user experience.
One product is not enough

How can your organization achieve all of the above? In my opinion, Microsoft 365 and especially Microsoft Intune combined with Microsoft Defender ATP and Cloud App Security is a great way to get going.

There are EMM vendors and consultants that claim that ONE particular solution is all you need to stay protected and compliant. That is simply not true.

EMM is part of your threat protection and data compliance solution for mobile devices, but far from a complete solution. We do however often start our projects with a Microsoft Intune implementation.

It is a great way of both adding instant value to an organization. But also because it’s a good way of understanding weak points in other solutions and products used.

From there we can continue integrating other solutions, depending on licensing, requirements and platforms for each individual customer.

You can read more in my previous blogpost here!

How can you get started?

First, ask yourself: What kind of data are you making available on your organizations mobile devices?

Second, what regulations do you need to adhere to across your IT-infrastructure?

Third, with the tools you have today – can your really adhere to these regulations for the data made available?

As an example, and a very common challenge, how are you ensuring that your organization’s data do not leak to services such as iCloud, Google Drive, WhatsApp, or OneDrive?

Depending on the data, it could be either a loss of intellectual property, a GDPR violation, a marketing disaster, or all three.

A smart phone with a lock through its screen.
User Experience is key to a succesful EMM implementation

At the same time, you need to balance your security and compliance requirements with user experience. To be successful with that, you need to have a proven practice for designing, implementing and maintaining an EMM solution.

Once you have answered the three questions above, look into what kinds of mobile devices you are using in your organization today. Based on that, you can start to look into platform-specific solutions. As well as platform requirements to get started with your Microsoft Intune implementation.

If you need a hand, drop us an e-mail and we are happy to help you get started, or stay with you for the entire project.

What´s next?

In upcoming blog posts, we will dig deeper into the challenges and possibilities with mobile platforms, EMM, and Microsoft 365. If you want to learn more, check out our newly updated training offerings for Microsoft Intune and Microsoft 365 Security!