The importance of device management has always been known to IT support teams. It plays a vital role in configuring devices for the end users and managing company data on business owned devices or on an employee’s own smartphone, tablet or PC.
With more remote workers there is now even more need for processes that allow for easy management of mobile devices, allowing for configuration and access to secure and remove data from lost or stolen machines.
Working with Microsoft Intune
One of the most popular solutions for mobile device management is Microsoft Intune, a cloud based tool that allows for device and application management. The platform gives businesses control on how its employees interact with company data and it is able to simplify the process of deploying configuration settings to business owned devices.
Intune offers MDM and MAM (mobile device management and mobile application management) but rather than working independently of each other, MDM and MAM tend to work together and enable excellent security for mobile devices. Together they give control over how devices are set up to operate and handling app data.
What’s more, Intune also gives you great flexibility. Say you have employees with company provided managed devices, or you also allow staff to access company resources for personal devices, Intune can cover both situations or a combination.
Microsoft Company Portal
When you enroll devices into Microsoft Company Portal it gives you control over its security and the device settings. You set up your configuration in the platform and then the devices take their configuration automatically from the cloud. Employees can keep their hardware up to date with the latest security setting and business policies without the need to bring their hardware into the office.
Through the portal you can allocate a device or personal or business owned and this choice will inform how much visibility the IT department will have into the device and its data. If staff are concerned about privacy they can also check in on the app on their device Microsoft Company Portal and they will be shown what data IT has access to.
For example a list of what the IT staff can see on a business owned device might look something like this:
- Model and serial number of device
- Information collected by corporate apps
- Information collected by commercial networks
- List of all apps installed on device
- Location of lost device
It’s likely that IT won’t be able to see personal data such as:
- Browsing history
- The location of personal devices
- Calendar, email, documents, or contacts
Mobile device management (MDM) examples
Below are a few examples of how a device can be configured using MDM:
- Set PIN and password requirements
- Lock devices that have been lost
- Create a whitelist of apps that are allowed for installation by the user
- System updates, for example upgrading to to Windows 11
- Configure Wi-Fi and VPNs
- Deploy or update security baselines
- Automatically deploy apps to user groups
Mobile Application Management
With MAM you can protect data at the application level by configuring the settings, including Microsoft apps or in house software applications.
When managing personal devices with access to company resources and apps this is a good process to follow. It allows the user to manage their own personal devices but you can control the security of company data at the application. App protection policies help to maintain your business security.
Examples of MAM:
- Set apps to work with specific settings
- Secured managed apps (ie in house software) with a password
- Separate business and personal data
- Block data transfer and saving of documents from business apps to unmanaged apps
In conclusion, while MAM and MDM are best used together to provide the highest level of security, in some scenarios MDM alone still allows the use of personal devices and access to company data. This offers the best option between security and employee flexibility.
Computers in the City, your IT partner
Computers in the City is London’s longest-standing IT partner. With over 20 years’ experience, we can assist you to meet your IT support, consulting and cloud computing needs. We’re proud to be local, offering 24-hour support in straightforward language that takes the stress out of IT support.