What in the world is an MDM? Should my startup be using one?

Kevin Qiu
April 6, 2021

Have you ever had to wait hours for IT to install a printer for you? Maybe you've lost a company laptop and freaked out about the files on it? What about waiting for IT to approve a new productivity tool with their admin account? Fear not! MDM solutions are here to make that a thing of the past.

MDM stands for Mobile Device Management. With the rise in remote work, MDM solutions are quickly becoming a valuable way for IT teams to ensure that company smartphones and laptops remain secure. In fact, the MDM market is expecting to grow to $15.7 billion by 2025.

Based on our past experiences working at tech companies like ironSource and SeatGeek, and from customer stories here at SafeBase, we've crafted a post about some of the common use cases for MDM solutions, some drawbacks, and a list of popular solutions for you to consider adopting at your company.

MDM solutions can be used to secure company data on smartphones

There are several major benefits that make MDM solutions a smart investment for companies of all sizes:

Easy Onboarding

MDM solutions generally allow IT administrators to set up seamless onboarding experiences for new hires. For the most part, properly configured, MDM-managed, new computers can be set up by a new user in a few minutes, without the need for an IT helpdesk technician. Items such as password policies, common applications, and wireless or printer settings can be automatically downloaded once a user turns on the computer for the first time. In an increasingly remote world, the benefits of an easy onboarding can't be overstated.

Centralized IT Management

After onboarding, MDM solutions also help IT administrators with general IT management. They allow all devices to be centrally tracked and inventoried, allowing IT teams to easily understand information such as where devices are, when they are due for upgrades, and more. Most platforms also allow admins to push out custom scripts or policies after initial onboarding to account for new policies and procedures. Another common use case for MDM solutions is a company approved, internal app store. In many cases large organizations have enterprise licenses for popular software such as Office Suites. MDM self-service app stores allow users to install pre-approved, safe, and licensed applications without needing to submit a support ticket.

Improved Security

Better security is perhaps one of the most important features of any MDM solution. In the event of a theft or loss of a company device, administrators can choose to remotely wipe or lock any managed device, reducing the risk of sensitive company data from being leaked. In addition, MDM solutions allow admins to remotely push the latest security updates to vulnerable devices. Admins can also use MDM policies to enforce operating system level settings such as screens locking after idle periods. In some cases, IT admins may even require that access to company data on personal devices be done using sandboxed special email and office apps.

Considerations

We want to note that MDM solutions aren't always perfect, and that companies should take the following considerations in mind when deciding to invest in one:

  • Solutions are generally priced based on number of users
  • Requires initial setup, including manually enrolling existing employees
  • Can occasionally be prone to bugs that can be difficult to debug without an IT person
  • Cloud hosting means proper access control will be critical given that these solutions usually have highly privileged access to devices
  • Platform support is dependent on solution
  • Some users may balk at having to use separate MDM apps for email

Although some of these may seem concerning, overall we still believe that the benefits of MDM solutions outweigh the drawbacks. With that being said, now you might be wondering how to get started. There are multiple well known vendors that offer MDM solutions, each with their own features and operating system support. For the most part, they all generally have the same core capability of letting you centrally manage your devices, but they all vary slightly in terms of platform support, price, and occasional nice-to-have features like bundled anti-malware.

Our Recommendations

Here is a list of some of the most popular solutions:

  1. Fleetsmith
  • iOS and macOS
  • Popular with tech startups, especially early-stage ones
  • Was purchased by Apple in 2020, but is still an independently branded product
  • Unlimited free trial for up to 10 devices

  1. Jamf
  • iOS and macOS
  • Very fully featured
  • Formerly self-hosted, but now focused on cloud
  • Certifications and training available
  • Is used at very large organizations
  • Also has an anti-malware product called Jamf Protect
  • Is the most tried-and-true solution for Apple products

  1. VMWare Workspace ONE
  • iOS, Android, Windows, macOS
  • Formerly known as AirWatch and is very popular with big enterprise
  • Has additional security features for zero trust authentication
  • Very fully featured

  1. Microsoft Endpoint Manager
  • iOS, Android, Windows, macOS
  • Included as a part of Enterprise Mobility and Security
  • Integrates with Azure AD and is a good choice for existing Azure customers
  • Much easier to configure than traditional, standard on-premise Active Directory
  • Recommended for smaller teams with mostly Windows laptops

  1. MobileIron
  • macOS, Windows, iOS, Android
  • Allows some passwords to be replaced with biometric authentication
  • Remote screen share for mobile devices
  • Includes a Threat Defense product

  1. Google Endpoint Management
  • iOS and Android focused, limited capabilities for other operating systems
  • Makes users create a work profile sandboxed from personal apps with the ability to do remote deletion
  • Can enforce general settings like encryption and screen passwords for phones, but its overall capabilities are pretty limited compared to other MDM solutions
  • Included with Google Workspace plans

  1. Rippling MDM
  • macOS and Windows
  • Enforces basic policies such as a complex password policy and disk encryption
  • Included with Rippling HR service
  • Optional Cylance integration for anti-malware
  • We use this internally here at SafeBase

And there you have it, a handy list of some MDM solutions for you to consider. We highly recommend deploying one if you haven't already. Your future IT team will thank you, especially if you do this while your team is still small. (This is coming from someone who had to manually send out JAMF install emails to over 1000 users once!)

SafeBase is the single source of truth for your security program. Close deals faster with a Security Status Page that accelerates the vendor assessment process for your customers.

Discover SafeBase

Learn how SafeBase has helped companies speed through security assessments and expedite deals.