Office, remote working, on the train, at the rest area, during the day and even while being asleep. The world has never been as interconnected as it is today. We live in the age of smartphones, tablets and whatever else may the future bring. TikTok and Instagram join Outlook and MS Teams with the indispensable security standard of multi-factor authentication (MFA) on smartphones. This is how work and private worlds are connected.

So that both sides can coexist with each other, Mobile Device Management (MDM) offers us the opportunity to increase and maintain our security standards. This blog post will show you in more detail how exactly this is supposed to work.

Why Mobile Device Management?

Anyone who has ever boarded an airplane, has gone to a concert or any other event that required security checks is familiar with luggage and body scanning. There is no difference in size, age, or appearance. Even in the corporate world you can’t stop at notebooks. Smartphones are very powerful tools and are just as vulnerable to the system if used carelessly.

MDM offers companies the opportunity to centrally manage mobile devices. Regardless of location, whether private or company devices are used for corporate purposes. With the help of the MDM, security guidelines can be set to identify security risks at the entrance door and deny access.

Device provision

A big issue in IT is the suppy of devices.

A certain pre-configuration of the devices is still necessary, such as: B. Operating system setup and network configuration. Once this is done, registration can be carried out using the device ID or using the “Azure AD Join” or “Device Enrollment Program”. The guidelines set by IT are now applied to the devices and the apps provided can be downloaded via a self-definable app store.

The Security Guidelines

When are the security policies applied

A certain pre-configuration of the devices is still necessary, such as: B. Operating system setup and network configuration. Once this is done, registration can be carried out using the device ID or using the “Azure AD Join” or “Device Enrollment Program”. The guidelines set by IT are now applied to the devices and the apps provided can be downloaded via a self-definable app store.

Contents of the security guidelines

Here is a small overview of guidelines that I found to be very useful.

  • The criteria of the local password
  • Password when unlocking the device
  • Type of characters
  • Number of characters
  • An activated firewall
  • Active disk encryption
  • Active antivirus program and regular scan
  • Current OS version
  • No jailbreak
  • Enabled Secure Boot
  • Automatic blocking in case of inactivity

Application management and updates

The policies are enforced by the MDM, making it no longer possible to access corporate data without meeting desired security standards. The MDM controls these policies centrally and synchronizes changes across all enrolled devices. This allows adjustments to be made to respond quickly to the constant changing of times.

Update

When updating, minimum operating system versions can be defined in the guidelines. To ensure that updates are not overlooked or forgotten, an update cycle can also be set in the MDM. The latest and desired versions or a version stop can be specified. At certain time intervals, you can then check for the latest updates and install them either on request or automatically. To avoid disruptions during peak working hours, a period can be set during which updates should be installed. If this timing is not convenient, there is an option to postpone the installation until it is imposed.

Diffrences between Private- and Company Devices

To ensure that private devices remain under the control of the owner, there are some differences in how private and company devices are handled.

This means that most of the data on private devices remain hidden from administration. For example, the apps not provided by the MDM are not listed. So, administration can see that Outlook is installed, but not that TikTok has. Photos, calendar data, contacts and similar personal data are generally not visible.

The aforementioned guidelines can be defined differently. For example, you may not want to prevent the app store for private devices, but you do for company devices.

Here everyone can find their own middle ground between freedom and security.

Improve Security

Access management

Every device that can access company data is recorded by the MDM and listed. This means you always have an overview as to which devices can access company data. This access can also be revoked at any time by either removing the device from the system to prevent further access, deleting the company profile, or resetting the device. This can ensure that when devices leave the company will no longer contain company data.

Application management

In addition to enforcing password policies, IT administrators can also restrict access to company data. The MDM also offers the option of providing trustworthy apps and thus also limiting the selection of available apps. By providing the apps you also have the option of providing certain versions as well as the most current version. Companies can, on the one hand, release required apps from the app store and, on the other hand, upload their own apps and make them available for the respective operating systems. This makes it possible to put together a customer or user-specific app store in which programs are stored in a secure, centralized manner so that the end user can click “Download” without hesitation. The administrator can view the installed apps and thus detect unauthorized apps.

Localization

In the event of loss or theft of an already registered device, the MDM offers some useful tools. For example, it is possible to play a signal tone despite being muted. This can be compared to warning signals such as severe weather warnings. Another option is GPS location. However, this is not permanently active, but is only activated at the user’s explicit request. A notification is sent to the device that the location is being shared. This means the end user can be reassured that their location will not be permanently recorded and monitored.

Group Policies

The group policies can also be defined via the MDM and synchronized with an existing internet connection. The big advantage over group policies from the Domain Controller is that no active VPN connection is required to maintain them. So, when changes are made, colleagues who are not often in the office are also kept up to date.

Conclusion

Despite our mobility today, IT does not have to be mobile to the same extent to carry out maintenance on all locations and devices. Instead, we can use Mobile Device Management to centrally configure or revise all devices, checking for security compliance even before access is granted. You can easily ensure that company data is removed and relocate equipment should you have lost sight of it.

Questions about Mobile Device Management? Simply write to service@inwerken.de.Our IT infrastructure team will contact you! You can find additional services in our Portfolio.