So far, this framework has touched on Active Directory Domains and Workgroups for device management strategies. There is a third strategy called Mobile Device Management (MDM), which involves using a proprietary cloud-based tool to provision and manage all company devices. In an MDM scenario, devices are configured with profiles that enroll them under company resources, thus becoming “managed” devices. Even if the devices are owned by the employees and do not even enter the official workplace, they are still under the control of the company. The devices are controlled by administrators through a central dashboard, where they can configure security settings, personalization, and restrictions on resources.
You should recall the Windows AD Group Policies from the section on Active Directory. MDM templates function much in the same way, only they are used in a cloud-based scenario. MDM control can be extremely granular. Administrators can not only configure the host operating system, but also the system behavior and installed application settings as well. Some MDM features, like Windows Autopilot, allow devices to be configured right out of the box so they can be sent to employees already under organizational control.
MDM is a good solution for organizations with significant amounts of mobile and remote working. MDM solutions are usually tied into identity and access management (IAM) platforms, allowing an organization to configure most of its IT infrastructure on the cloud. Employees are provisioned with user identities and privileges and are assigned an MDM-managed device that they use to sign in with their identity and perform their workloads on company-managed resources. Another management strategy called Mobile Application Management (MAM) takes things even further and allows the organization to restrict and control company resources at the individual application level.
If you run a smaller organization and have no desire to host on-premises servers, yet you still need some sort of device management technology, then MDM is built for you. Many business owners may also find that using an MDM platform is more straightforward than using Active Directory. There are a variety of reputable MDM solutions out there. Microsoft Intune is extremely powerful; it integrates with an organization’s pre-established Microsoft 365 infrastructure and accounts and supports a variety of operating systems from Windows to macOS to Android and IOS. If you are running an Apple-dominated environment, then JAMF and Apple Configurator are options for managing a range of different Apple devices.
