What is an MDM – frequently asked questions, answered simply!

MDM

April 25, 2022

Integrating an MDM into your organization, connecting non-business devices to the MDM, and switching MDMs.

In our new blog article series we take you into the world of Mobile Device Management (MDM) and answer frequently asked questions about the topic. Read and learn more about the importance of MDM and how to best integrate an MDM system into your organization.

Selecting an MDM and registering devices - here's what you should look out for

Time and again, we encounter the question of how an MDM can be integrated into a company. There are various challenges that need to be overcome here: An MDM must fit into the existing structure, the introduction must not consume vast amounts of time and money, and it must be intuitive to use after configuration. The selection of a suitable MDM is correspondingly difficult. In this article, we have compiled a list of what you can look out for when selecting an MDM. After selecting the right mobile device management system, it is important to know how this MDM can be introduced in the company.

Fitting an MDM into an existing structure - using MDM interfaces

In general, MDMs have various interfaces that make it possible to use existing company applications and structures. However, it is particularly important to transfer existing employee contacts from an internal database (which is, of course, always kept up to date). This can be achieved, for example, with Microsoft's 'Active Directory' program. Such a database offers a clear structure of the data and allows you to transfer it to an MDM. Especially if you have a large number of employees who are to be created as users in the MDM, this can save a lot of time and avoid errors. In order to transfer users and groups efficiently into an MDM, you can also create a CSV file, which is also very easy to do in Excel. You just have to make sure that you follow the common notation to separate users and group names correctly. All settings of the CSV are then transferred one-to-one to the MDM as soon as the CSV has been uploaded, checked and imported.

Securing mobile communication in the company with an MDM

For many of our MobiVisor customers, it is important that the company's mobile communication is also suited to the MDM and can be secured with it. After all, the purpose of an MDM is to ensure the security of corporate data on mobile devices. Especially when employees spend a lot of time on the road outside the protected office atmosphere, tablets and cell phones must always have a secure connection for remote work. With MobiVisor, we paid particular attention to the fact that Exchange programs such as Microsoft Outlook, including calendar and contacts, can be connected. Our MobiVisor Secure Mail application provides the interface for this.

The advantage of such an integration is also that the user only has to log in to MobiVisor once. All MobiVisor interfaces and extensions use the MobiVisor login. To be on the safe side, you can also use the MobiVisor Messenger. This gives you all the benefits of a messenger service combined with the
possibility to be managed with your MDM.

Manage existing devices with an MDM

Companies that want to implement an MDM are often faced with the challenge that there are already devices existing in the company. One strategy might be to simply wait until these older devices are disposed of and new ones are acquired before implementing an MDM.
It doesn't have to be that complicated and costly though, since existing devices can also be integrated into an MDM. At this point, we will refrain from explaining the 'Bring your Own Device'(BYOD) model, as devices brought by the employee are by definition not company devices. You can find out more about the advantages and disadvantages of BYOD models here.

The integration of existing devices in the MDM is important because this is the only way to achieve the required protection of these devices. In order to manage Apple devices with MDM, they must be added to the Apple DEP directory. For Android devices, the migration to Android Enterprise is the best option. There are various procedures for this.

Convert iOS devices to Apple DEP devices

In general, it is advisable to register Apple devices directly as Apple DEP devices at the time of purchase. This way, they are stored directly in the Apple Business Portal and setup is easier.
However, it sometimes happens that devices are only used as business devices after a company bought them. In this case, they have to be manually connected to the Apple DEP portal. This serves to connect Apple devices with the MDM. This procedure is a bit more time-consuming, but it is still worth it, as it is the only way to ensure that the MDM can be used as desired.

Use the Apple Configurator for setup

First of all, the Apple devices must already have been registered in the MDM. After that, you can access the 'Settings' tab via the MobiVisor portal and from there you can go to 'Apple DEP'. With the help of this guide, registering the devices as Apple DEP devices is easy! In short, the goal of this procedure is to connect your MDM and Apple Business Account. If you don't have an Apple Business Account for your company yet, create one first. For this you need the DUNS number. This is an identifier that allows Apple to verify that your company is a real company. You can get the DUNS number here.
Next, download the Apple DEP token in MDM and log in to your company's Apple Business account. There you upload the MDM token and download the Apple DEP token. You then upload this to the MDM. Now the MDM and Apple Business Account can communicate with each other and you can start to assign the devices step by step in the Apple Business Account to the MDM.

 

Need help configuring your MDM? No problem. Simply contact our Apple expert Toni Voß at [email protected]

Important to note:

We advise our customers to issue the newly set up Apple DEP devices to the users only after the expiration of a period of 30 days, because within this period the business profile could still be deleted from the Apple device. The iCloud backup will also not work during this period.
If a device is no longer to be used, you should remove the iOS device from both the MDM and the Apple Business account. Otherwise, it could continue to be managed via the latter.
If a device has already been put into operation, an Apple ID has usually already been assigned to it. This must first be removed before the device can be used further.

Convert Android devices to Android Enterprise

The same applies to Android devices: if they are purchased directly as business devices from the manufacturer or reseller, this saves a lot of time. But it is not impossible to turn devices into Android Enterprise devices afterwards. Android Enterprise refers to the Android operating system that is particularly suitable for mobile device management in the enterprise. For this, you first need a Google Enterprise account. To create it, you use a universal email address, i.e. one that is not dependent on a single person. You also need to specify a data protection officer - this can simply be the system administrator, for example. After that, you can turn on the devices individually and follow Android's instructions for setting up corporate devices. Instead of a Google account, simply enter the code: afw#mobivisor. This will automatically install the MDM client on the device.

 

The management of corporate devices without own IT department

Many of our customers are small and medium-sized businesses - often even without their own IT department or system administrators. Accordingly, we know that while security is paramount, managing applications like an MDM can exceed in-house resources. To help you manage mobile devices without in-house IT, we offer the Ready2Go service. With this MDM service solution, we take over the complete management of your mobile enterprise devices. This is particularly suitable for customers who want consistent implementation of their security policies. The advantage of an MDM service solution is also that you do not have to worry about the best possible structuring of groups and users as well as restrictions and authorizations yourself. We will be happy to work with you to create a concept that fits your needs.

Can I switch my existing MDM solution?

Of course it’s possible to switch. Sometimes it is only while working with a software that you discover that it is too extensive or cumbersome for your own purposes, or that it simply cannot be adapted to your own requirements as well as originally planned. Of course, the implementation of an MDM costs some time and also money. But software that is hardly used is also an unnecessary cost factor. Once the decision to switch has been made, the process should be as smooth and simple as possible.

Switch your MDM solution to MobiVisor

When switching Android Enterprise devices from one MDM to another, the general rule is that your company's Android Enterprise account must first be removed from the old MDM. To delete all changes and settings made via the old MDM, the devices are reset to factory settings. This also completely cuts the connection to the old MDM. Afterwards, the Android Enterprise account is integrated into the new MDM, e.g. MobiVisor. If you want to move your Samsung devices, the Samsung Knox account must now also be integrated and the devices must be deposited with the new MDM in the Samsung portal.
How exactly the deposit of a device in the Samsung Knox Portal works, you can learn here: Samsung Knox Portal. The device can then be set up with the help of the Android instructions.
It is also possible to integrate Apple DEP devices into another MDM in a similar way. To do this, create a new MDM server in the Apple Business Account. (Instructions for this can be found at Apple Support) You then link this MDM server to MobiVisor using the Apple VPP and APNS certificate. This is important so that the MDM takes over all settings and commands for the devices. You should also remove the devices from the old MDM. After that, reset the devices.
Make sure that the devices are not reactivated. In the Apple Business account, you then map the devices to MobiVisor and register them on your MobiVisor domain, where you also create the users. After that you can set up the devices and the policies will be automatically applied as soon as the devices are activated.

What questions are you interested in about MDM?

In the following articles around the questions about MDM we illuminate, among other things: How to move from a cloud solution to on-premise / (And the other way around) How can users be switched on devices/ If the appearance of an MDM can be customized and many more.
So stay up to date with our blog articles on MDM and follow us on Instagram (mobivisor) or LinkedIn (MobiVisor)

We haven't answered one of your questions yet? Feel free to contact us and send us your MDM questions! We will be happy to answer them in further articles.

Contact Us

Similar Contents

Data Separation on iOS devices: a necessary chore?

Data Separation on iOS devices: a necessary chore?

Why is it necessary to separate data on a iOS device? And how do you do that? Our blog article has all the answers!

Read More
Ensuring GDPR Compliance in Your Mobile Device Management (MDM) Strategy

Ensuring GDPR Compliance in Your Mobile Device Management (MDM) Strategy

Integrating an MDM into your organization, connecting non-business devices to the MDM, and switching MDMs. In our new blog article series we take you into the world of Mobile Device Management (MDM) and answer frequently asked questions about the topic. Read and learn more about the importance of MDM and how to best integrate an […]

Read More