Device management

Despite BYOD being a fairly old concept, many businesses are only just becoming aware of the need for it as their employees start to work from home for the first time. Those that do not have experienced IT teams or large budgets must be able to protect themselves just as much as larger organizations. That is because hackers are equally likely to target a small company as they are a global corporation.

Citrix Endpoint Management

Mobile Device Management (MDM)

The core purpose of MDM is to protect the corporate network by securing and optimizing mobile devices, including laptops, smartphones, tablets, and Internet-of-Things (IoT) devices, that connect to enterprise networks. Besides boosting the security of business networks, it also enables employees to use their own devices, rather than corporate-supplied devices, to work more efficiently and be more productive.

MDM software is part of the wider enterprise mobility management (EMM) family, which incorporates enterprise file syncing and sharing, identity and access management (IAM), and mobile application management (MAM). MDM, in the context of controlling PCs, is referred to as unified endpoint management (UEM), which enables organizations to manage all of their enterprise devices from one single location.

The best MDM solutions

1. ManageEngine Mobile Device Manager Plus (FREE TRIAL)

ManageEngine Mobile Device Manager Plus

ManageEngine Mobile Device Manager Plus is a free MDM solution that can monitor desktop computers, laptops, smartphones, and tablets. The software supports multiple operating systems including Windows, Mac OS, Chrome OS, iOS, and Android. Through the customizable dashboard you can monitor mobile smart device status, giving you complete visibility over the connected devices your employees bring to work.

The mobile asset management experience offered by ManageEngine Mobile Device Manager Plus is very comprehensive. The dashboard also enables you to view additional information on devices including device owners, installed applications, and more. You can schedule regular device scans to keep this information updated.

If there are any problems with a device you can use remote troubleshooting to take control of the device and find the root cause of the issue in real-time. The administrator can use a remote chat to communicate with the end-user of the device. The chat can also be used to issue security commands.

ManageEngine Mobile Device Manager is recommended to enterprises who want a free mobile device management solution. The software’s free for up to 25 devices. ManageEngine Mobile Device Manager Plus is available on-premises (for Windows) and in the cloud. For pricing information, you must request a personalized quote from the company directly. You can download the 30-day free trial.

EDITOR’S CHOICE

ManageEngine Mobile Device Manager Plus is a complete enterprise mobile management package that comes in both on-premises and cloud-based versions. Include a configuration manager for single or mass device set up and there is also a self-enrollment app that you can use for your device enrollment program. You can also set different policies for business-owned and user-owned devices.

2. Kandji (FREE TRIAL)

Kandji Dashboard Screenshot

The setup for a group of devices is planned in a system called Blueprints. You can create the same Blueprints for different models of mobile devices because the features that you include in one of these plans relate to the applications and access rights, which sit on top of the operating system and aren’t hardware dependent. You don’t have to apply the same Blueprint to all devices, so you can create different plans for different groups of users.

User accounts can be acquired from third-party apps, so you can import the accounts that you have already set up in systems, such as Slack or Okta. This allows you to easily create a single sign-on environment for all of your mobile devices, also coordinating access rights to on-premises Macs.

You set up an account on the Kadji website and then download an agent onto each of the devices that you enroll in the service, so there are both cloud and on-device elements to this system. The starting price for the package is $399 per month for up to 100 devices. You can get a 14-day free trial, which starts with a system demo to assess the Kandji service.

3. VMWare Workspace ONE

VMWare Workspace ONE

VMWare Workspace ONE is a mobile device management tool that can be used to remotely manage devices. With VMWare Workspace One you can configure devices in bulk with the Apple Device Enrollment Program, Know Mobile Enrollment, and Android zero-touch enrolment.

To manage devices, you can configure policies that determine restrictions and assign them to devices. You can distinguish between devices and assign them based on the operating system or ownership type. Ownership types are divided into BYO (Bring Your Own) and corporate-owned so you can tell which devices are company-owned and which are owned by employees.

The platform also enables you to automatically push applications to devices. This means you can purchase applications in bulk and deploy them efficiently without wasting any time. When it comes to adding new devices, users can enter credentials into an onboarding workflow to join the management solution.

VMWare Workspace ONE is suitable for enterprises of all sizes and comes with a range of pricing options, due to its seven editions. Prices start at 800.66 (£1.33) per device and $3.00 (£2.40) per user. You can try the 30-day free trial to manage up to 100 devices.

Choosing the right mobile device management system

The growth of mobile device usage and the steady push towards IoT devices has changed the reality of network monitoring. Monitoring mobile devices is now just as important as managing computers. MDM software solutions make the remote network monitoring process easier by allowing one location to monitor all the devices throughout your network.

Our editor’s choice for this article is ManageEngine Mobile Device Manager Plus because it supports enterprises with an easy-to-navigate user interface and a free package. Other choices like AirWatch Workspace ONE and BlackBerry Unified Endpoint Management are also standout alternatives.

Taking a proactive approach to monitoring mobile devices allows you to eliminate potential entry points to your network and keep your data safe. If you’re not already monitoring mobile devices consider investing in a solution.

Some Key Full Forms and Definitions

The MDM and BYOD space can be quite complicated, with lots of technologies and solutions available for organizations to choose from. We have distilled these into a list of terminologies and definitions below:

  1. Bring your own device (BYOD): BYOD is the concept of employees using their own laptop or mobile device for work. Traditionally, it meant bringing a device to the employee’s workplace or connecting it to a secure corporate network.
  2. Content access: Content access means providing a connection to a back-end repository that employees can use to share or transfer content onto their devices. This includes providing content access to repositories like SharePoint or Documentum, while avoiding roaming download restrictions and enabling logs of which users access and download files.
  3. Enterprise mobility management (EMM): An EMM solution is a collection of policies, processes, technologies, and tools used to manage and maintain employees’ mobile devices. An EMM suite enables organizations to manage mobile device usage and drive the secure use of devices on their networks and systems. For example, MDM software is frequently used in combination with security tools as part of a complete EMM solution.
  4. Mobile application management (MAM): Mobile application management is a process that enables organizations to apply policy control functionalities to applications, which are managed by their EMM console. This is particularly useful if a device does not allow the management capability that an organization requires or if businesses choose not to install MDM profiles onto devices. Mobile application management comes in two forms:
    • Preconfigured application: This is typically an application like a personal information manager for calendars, contacts, or email. It could also be a secure web browser provided by a third party or an EMM provider. A preconfigured application is set up to be managed and secured by the organization’s EMM system.
    • Application extension: This sees policies applied to applications through a software development kit (SDK) or through a wrapping process.
    • Mobile content management: Mobile content management is the process of enabling employees to access content via their mobile devices. This can be achieved through client-side applications, or secure containers, that enable users to store content on a mobile device. The EMM enforces security policies such as authentication, copy and paste restriction, and file sharing to secure the process. The user is then able to access applications like email or content from back-end repositories. Content can also be managed through push-based document delivery, which puts functions in place to control document versions, issue alerts to users when new files are added, or to flag upcoming content expiration dates.
    • Mobile device management (MDM): MDM is software that allows organizations to monitor, manage, and secure their employees’ devices across multiple service providers and operating systems.
    • Remote monitoring and management (RMM): RMM is another piece of software that enables IT service providers to monitor devices, endpoints, and networks remotely. It is also known as remote IT management, whereby a provider manages a fleet of devices across an organization or multiple companies.

    MDM Solutions

    Fortinet endpoint visibility and device protection solutions enable organizations to protect every single employee, regardless of where they are or which network they are connected to. The solutions provide organizations with visibility of every device across the enterprise, then control and protect each. This ensures organizations understand which devices are accessing their networks, and from where, so that they can continuously assess their potential risk and take a more proactive approach to endpoint protection.

    To further protect devices, Fortinet offers real-time endpoint protection, detection, and automated response through FortiEDR, a proactive solution that automatically prevents data breaches in real time without overwhelming organizations’ security teams with false alarms or disrupting the business’s regular operations.

    Fortinet solutions also include pre- and post-infection protection against ransomware attacks, as well as contextual incident response that includes customizable playbooks to help organizations with threat investigations, discovery, and threat hunting.

    These endpoint protection solutions are tightly integrated with the Fortinet Security Fabric, which ensures advanced protection, reduces businesses’ attack surface, ensures dynamic access control, and detects and diffuses threats in real time. They also help organizations automate and orchestrate responses to threats.

    How Does Mobile Device Management Work?

    MDM relies on two separate components. The first is an MDM server management console, which is stored in an organization’s data center and enables administrators to configure, manage, and enforce policies. The second is an MDM agent that receives and implements these policies on users’ devices.

    Why is mobile device management required?

    Mobile device management (MDM) is required because it allows organizations to secure their networks, ensure employees access corporate systems using secure devices, and prevent the risk of data breaches. Cyber criminals are increasingly launching cyberattacks against mobile devices and platforms, which means it is imperative for organizations to have solutions in place to defend themselves. MDM solutions provide protection against attacks aimed at mobile devices by detecting the latest threat strands and preventing them from infiltrating corporate networks.

    What does mobile device management mean?

    MDM means mobile device management, which is a type of software that enables organizations to monitor, manage, and secure their employees’ mobile devices. Businesses can use MDM to secure corporate networks and enable employees to work using their own personal devices. The term is included within the Gartner Magic Quadrant for unified endpoint management (UEM).

    Authorship:

    https://www.fortinet.com/resources/cyberglossary/mobile-device-management
    https://www.comparitech.com/net-admin/mobile-device-management-software/
    https://www.fortinet.com/resources/cyberglossary/mobile-device-management
    Device management

    The configuration process with Miradore is enrollment-based. That is, you don’t configure all the devices, but you invite each user to set up the device with the Miradore client to access your network. Those configurations can include secure email apps, wifi protection, and a VPN service. The VPN is only available for iOS devices.

    BlackBerry UEM

    What is IoT Device Management and How it works?

    IoT is transformative as it empowers businesses to adopt a data-driven approach, which helps them create new business models and also facilities the improvisation of the existing operations and processes. But IoT is all about collecting data from multiple scattered devices, so there are many intricacies that need to be taken care of in the entire process of data collection. This is where IoT device management is needed. It is necessary for managing, monitoring and sustaining the security of the connected devices.

    As the adoption of IoT has increased across different industries, IoT device management has become significantly important. It can be said that IoT device management is an indispensable requirement necessary for the successful deployment of an enterprise’s IoT solution. This article will explain more about IoT device management, how it works, and which all technologies facilitate IoT device management:

    What is IoT Device Management?

    IoT Device Management refers to processes that involve registration, configuration and provisioning, maintenance and monitoring of connected devices. For example, all the significant cloud providers, Azure IoT Hub, AWS IoT or Google Cloud IoT, include services of IoT device management in their offerings.

    You may find billions of smart devices that are already running on the internet worldwide. However, every single device needs to be connected to the web for the first time. Therefore, the first step is to register the device.

    For example, in AWS IoT, each device is called a thing. A thing can be either a physical device or a logical representation of a device. You can either register one device at a time or multiple devices based on your requirements.

    For example, when you have a sensor to track temperature in your time, you can register one sensor at a time. But, if you have to manage a fleet of self-driving cars, you may have to register multiple sensors at a time.

    If you are using the AWS IoT cloud platform, you can create groups in the IoT device registry. Using groups in the registry allows you to aggregate devices to implement a similar command to various devices at once.

    • An IoT policy
      An IoT policy is a document that mentions whether your device can send and receive and from where. Without this policy, your device cannot have access to send and receive data. You will have to link the IoT policy to the device certificate to provision a device in the IoT core.
    • An X.509 Certificate
      It is a digital certificate that leverages the X.509 public key infrastructure to validate that the device within the certificate has the correct key. If you already created an IoT device or thing, you may either have AWS create an X.509 certificate for you or use the existing one.The certificate allows the IoT device registered on the IoT core to communicate with the device and authenticate. You have to copy a certificate to the thing that you created for your device and onto the device itself.AWS uses X.509 certificate as it is ideal for long-term connections and you will only have to copy the certificate onto the device once.
    • Your IoT Device/Sensor
      The above process may work if you have only one or a few devices you require to provision in IoT core. The process is tedious and time-consuming for many devices. However, AWS provides us a way to do it automatically for many devices.

    Step 4: Data Analysis
    The last step is to analyze the data generated from IoT devices by applying computation and action on that information. You need to perform the computation on data using the following steps:

    • Workflow Execution
      Define a workflow for the data collected by IoT devices or sensors. For example, if the temperature under which a specific product needs to be kept gets reduced, users should receive a notification immediately. A defined workflow for an IoT-enabled system can help you take actions efficiently.
    • Maintenance
      It is essential to keep an eye on the functioning of IoT devices from time to time. You should have a plan for the maintenance of an IoT device or sensor.
      For example, if your IoT device or sensor stops sending the data, it can affect your business operations. Therefore, you should have an action plan that should send a notification to the owner when the device stops transmitting the data.
    • Action and Analysis
      IoT devices should be connected to execute any specific action based on the data collected via IoT sensors. For example, if temperature sensors send the alert about the increased temperature level in the room, the air conditioner should automatically manage the temperature level.

    The best MDM solutions

    1. ManageEngine Mobile Device Manager Plus (FREE TRIAL)

    ManageEngine Mobile Device Manager Plus

    ManageEngine Mobile Device Manager Plus is a free MDM solution that can monitor desktop computers, laptops, smartphones, and tablets. The software supports multiple operating systems including Windows, Mac OS, Chrome OS, iOS, and Android. Through the customizable dashboard you can monitor mobile smart device status, giving you complete visibility over the connected devices your employees bring to work.

    The mobile asset management experience offered by ManageEngine Mobile Device Manager Plus is very comprehensive. The dashboard also enables you to view additional information on devices including device owners, installed applications, and more. You can schedule regular device scans to keep this information updated.

    If there are any problems with a device you can use remote troubleshooting to take control of the device and find the root cause of the issue in real-time. The administrator can use a remote chat to communicate with the end-user of the device. The chat can also be used to issue security commands.

    ManageEngine Mobile Device Manager is recommended to enterprises who want a free mobile device management solution. The software’s free for up to 25 devices. ManageEngine Mobile Device Manager Plus is available on-premises (for Windows) and in the cloud. For pricing information, you must request a personalized quote from the company directly. You can download the 30-day free trial.

    EDITOR’S CHOICE

    ManageEngine Mobile Device Manager Plus is a complete enterprise mobile management package that comes in both on-premises and cloud-based versions. Include a configuration manager for single or mass device set up and there is also a self-enrollment app that you can use for your device enrollment program. You can also set different policies for business-owned and user-owned devices.

    2. Kandji (FREE TRIAL)

    Kandji Dashboard Screenshot

    The setup for a group of devices is planned in a system called Blueprints. You can create the same Blueprints for different models of mobile devices because the features that you include in one of these plans relate to the applications and access rights, which sit on top of the operating system and aren’t hardware dependent. You don’t have to apply the same Blueprint to all devices, so you can create different plans for different groups of users.

    User accounts can be acquired from third-party apps, so you can import the accounts that you have already set up in systems, such as Slack or Okta. This allows you to easily create a single sign-on environment for all of your mobile devices, also coordinating access rights to on-premises Macs.

    You set up an account on the Kadji website and then download an agent onto each of the devices that you enroll in the service, so there are both cloud and on-device elements to this system. The starting price for the package is $399 per month for up to 100 devices. You can get a 14-day free trial, which starts with a system demo to assess the Kandji service.

    3. VMWare Workspace ONE

    VMWare Workspace ONE

    VMWare Workspace ONE is a mobile device management tool that can be used to remotely manage devices. With VMWare Workspace One you can configure devices in bulk with the Apple Device Enrollment Program, Know Mobile Enrollment, and Android zero-touch enrolment.

    To manage devices, you can configure policies that determine restrictions and assign them to devices. You can distinguish between devices and assign them based on the operating system or ownership type. Ownership types are divided into BYO (Bring Your Own) and corporate-owned so you can tell which devices are company-owned and which are owned by employees.

    The platform also enables you to automatically push applications to devices. This means you can purchase applications in bulk and deploy them efficiently without wasting any time. When it comes to adding new devices, users can enter credentials into an onboarding workflow to join the management solution.

    VMWare Workspace ONE is suitable for enterprises of all sizes and comes with a range of pricing options, due to its seven editions. Prices start at 800.66 (£1.33) per device and $3.00 (£2.40) per user. You can try the 30-day free trial to manage up to 100 devices.

    Choosing the right mobile device management system

    The growth of mobile device usage and the steady push towards IoT devices has changed the reality of network monitoring. Monitoring mobile devices is now just as important as managing computers. MDM software solutions make the remote network monitoring process easier by allowing one location to monitor all the devices throughout your network.

    Our editor’s choice for this article is ManageEngine Mobile Device Manager Plus because it supports enterprises with an easy-to-navigate user interface and a free package. Other choices like AirWatch Workspace ONE and BlackBerry Unified Endpoint Management are also standout alternatives.

    Taking a proactive approach to monitoring mobile devices allows you to eliminate potential entry points to your network and keep your data safe. If you’re not already monitoring mobile devices consider investing in a solution.

    Search for devices

    You can configure the search scope through a server property, include.device.properties.during.search, which defaults to false. To include all device properties in a device search, go to Settings > Server Properties and change the setting to true.

    Many mobile operators or device manufacturers provide lists of authorized mobile devices. You can use these lists to avoid having to enter a long list of mobile devices manually. Endpoint Management supports an import file format that is common to these supported device types: Android, iOS, and Windows.

    The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

    DIESER DIENST KANN ÜBERSETZUNGEN ENTHALTEN, DIE VON GOOGLE BEREITGESTELLT WERDEN. GOOGLE LEHNT JEDE AUSDRÜCKLICHE ODER STILLSCHWEIGENDE GEWÄHRLEISTUNG IN BEZUG AUF DIE ÜBERSETZUNGEN AB, EINSCHLIESSLICH JEGLICHER GEWÄHRLEISTUNG DER GENAUIGKEIT, ZUVERLÄSSIGKEIT UND JEGLICHER STILLSCHWEIGENDEN GEWÄHRLEISTUNG DER MARKTGÄNGIGKEIT, DER EIGNUNG FÜR EINEN BESTIMMTEN ZWECK UND DER NICHTVERLETZUNG VON RECHTEN DRITTER.

    CE SERVICE PEUT CONTENIR DES TRADUCTIONS FOURNIES PAR GOOGLE. GOOGLE EXCLUT TOUTE GARANTIE RELATIVE AUX TRADUCTIONS, EXPRESSE OU IMPLICITE, Y COMPRIS TOUTE GARANTIE D’EXACTITUDE, DE FIABILITÉ ET TOUTE GARANTIE IMPLICITE DE QUALITÉ MARCHANDE, D’ADÉQUATION À UN USAGE PARTICULIER ET D’ABSENCE DE CONTREFAÇON.

    ESTE SERVICIO PUEDE CONTENER TRADUCCIONES CON TECNOLOGÍA DE GOOGLE. GOOGLE RENUNCIA A TODAS LAS GARANTÍAS RELACIONADAS CON LAS TRADUCCIONES, TANTO IMPLÍCITAS COMO EXPLÍCITAS, INCLUIDAS LAS GARANTÍAS DE EXACTITUD, FIABILIDAD Y OTRAS GARANTÍAS IMPLÍCITAS DE COMERCIABILIDAD, IDONEIDAD PARA UN FIN EN PARTICULAR Y AUSENCIA DE INFRACCIÓN DE DERECHOS.

    ESTE SERVIÇO PODE CONTER TRADUÇÕES FORNECIDAS PELO GOOGLE. O GOOGLE SE EXIME DE TODAS AS GARANTIAS RELACIONADAS COM AS TRADUÇÕES, EXPRESSAS OU IMPLÍCITAS, INCLUINDO QUALQUER GARANTIA DE PRECISÃO, CONFIABILIDADE E QUALQUER GARANTIA IMPLÍCITA DE COMERCIALIZAÇÃO, ADEQUAÇÃO A UM PROPÓSITO ESPECÍFICO E NÃO INFRAÇÃO.

    Authorship:

    https://www.leewayhertz.com/iot-device-management/
    https://www.comparitech.com/net-admin/mobile-device-management-software/
    https://docs.citrix.com/en-us/citrix-endpoint-management/device-management.html
    Device management

    In a bring your own device (BYOD) work environment, users expect to be able to work from any location at any time, on the device of their choice. Moreover, users now typically have several identities, meaning that they use their devices in both work-related and non-work-related contexts. For example, they might bring a personal tablet to a business meeting and expect to access files on a team’s Microsoft SharePoint site, or they might present a Microsoft PowerPoint presentation over Microsoft Skype for Business. They’re likely to check both work and personal email accounts on their phone, and may use their phone camera to take photos of whiteboard sessions to help them remember what a work group collaborated on during a meeting. On both types of device, they’re likely to have a mix of apps, some for personal use and some for work.

    IMG_0021

    Network Device Management Software

    SolarWinds ® Network Configuration Manager (NCM) is built to give you broad control over your config backup policies. You can create a scheduled job by identifying the devices and configs you want to back up and specifying the times when the network backup will be made. You can also choose whether you want to backup all configs or just the ones that changed since the last backup. Next, you can configure an email notification and attach the results log. NCM is designed to organize your archives by device and date to help you locate them quickly.

    Network Configuration Manager is built to simplify change detection by downloading and comparing configs to their prior, backed-up versions while monitoring syslog and SNMP messages for real-time notifications. In addition to detecting changes, NCM helps identify who made the change and provides a visual comparison highlighting the config changes.

    Make bulk config changes with config change templates

    Network Configuration Manager supports scripting and using powerful config change templates, so you can make bulk configuration changes. Scripts are useful for making simple changes on similar devices, but for more complex changes, you can use config change templates determined by the properties of the target device. This allows you to develop one script and deploy it on dissimilar device types. In addition, NCM provides immediate or scheduled execution with result logging and reporting.

    No matter the size of your business, network device management can help you save money by enhancing your cybersecurity and reducing downtime. Unauthorized or failed config changes can lead to downtime, loss of productivity, or even security vulnerabilities, which can allow bad actors to access your network.

    How MDM Conditional Access works

    MDM policies are applied to groups of users (it will affect all of the user’s devices) and they can enforce Conditional Access to Exchange Online, SharePoint Online and OneDrive for Business through any of the supported mobile applications.

    Conditional Access works like this: when a user logs into Office 365 through a supported mobile app, the app checks with Azure Active Directory to see if the user is subject to a Conditional Access policy. If the user has a policy assigned, and the device is not marked as enrolled and compliant, the application prompts the user to enroll the device in MDM. In the case of an Exchange ActiveSync (EAS) client, Exchange sends an email with a link to enroll. Once the user has enrolled the device, the device settings policies are sent to the device, and the user must update the device to meet the appropriate settings such as PIN and encryption. After the settings are updated, the agent on the device informs the management service, which in turn marks the user’s device as enrolled and compliant in Azure Active Directory.

    Solution

    Microsoft Digital has been involved in mobile device management (MDM) for several years and is evolving strategies and best practices to ensure the proper balance between convenience and security as BYOD becomes the norm in organizations of all sizes.

    Microsoft Digital approaches MDM a bit differently today than it did in the past. Even as recently as 2013, the focus was much more on providing access to applications. Now, however, the focus is on access as defined by certificate and profile provisioning. In the future, the focus will be on conditional access that is based on the state of the device as interpreted through the MDM system and Microsoft Azure Active Directory.

    The Microsoft Intune and Microsoft Azure teams are working together to provide solutions so that Microsoft Digital can address a range of related issues: identity and access management, mobile device and app management, and information protection. The first step is to make Microsoft Digital cloud-based and enable a mobile workforce.

    Identity and access management

    For employees who use multiple devices for work, a key convenience—a requirement, even—is to have single sign-on (SSO) and a common identity, so that they can get their work done on whatever device suits them at the moment. A common identity enables application access management, regardless of whether those applications are on the device or in the cloud. This ensures that the user can have a consistent experience across devices and remain as productive as possible.

    Microsoft Digital is delivering identity and access management by providing that SSO experience, using federation to manage access to external resources, and consistently managing identities across on-premises and cloud-based identity domains. This helps Microsoft Digital address the matter of managing access.

    Developers can build applications that use the common identity model, integrating applications either with Active Directory Domain Services for on-premises applications or with Azure for cloud-based applications.

    Azure Active Directory syncs with on-premises Active Directory Domain Services through Azure AD Connect. Azure Active Directory enables self-service password changes and resets, and self-service group management for internal users. It also supports multifactor authentication, so that internal users don’t have to carry around their smart cards.

    Multifactor authentication provides an additional layer of security in case a device falls into the wrong hands or is used improperly. When a user attempts to log on or perform an action that is subject to multifactor authentication, the application or service confirms the user’s identity by sending a text, making a phone call, or using a mobile app. Typically, this additional authentication factor is a numeric code, such as a personal identification number (PIN), and may only be intended for a single use. The user must respond (usually within a limited period, such as 10 minutes) before the application or service allows him or her to proceed.

    Credential caching enables enterprises to determine how long credentials can be cached on a device. This allows the enterprises to customize the user experience when users access applications and resources on devices. For example, enterprises can specify how long credentials pass through during logon or device registration, so that users do not have to enter their credentials so many times.

    Mobile device management

    Users prefer a consistent experience when they access and work with their line-of-business (LOB) apps, no matter what device they use, how often they use it, and what platform it runs. Device enrollment should be simple, and the process for finding and working with apps and other internal resources should be familiar. In addition, policies should help users feel secure that their personal data is protected on devices that they also use for work, and it should be possible to remove devices that users no longer want included in a managed environment.

    Device enrollment

    Users can enroll a device relatively quickly in Intune. Notably, the process is opt-in rather than opt-out. This sets a friendlier tone for the experience, because it doesn’t feel like a mandate. Users recognize the value of being able to use personal devices for work, and voluntarily enroll them.

    Similarly, when users no longer want to use a device for work, they can easily remove it by using the Intune console (the web portal for information workers). For example, if a device has been lost or stolen, the user can either remove it for himself or herself, or request that Microsoft Digital do so. When a device is removed, corporate assets are automatically removed from it. Devices can be completely wiped or just selectively wiped. See the “Device retirement/wiping” section later in this document.

    Authorship:

    https://www.solarwinds.com/network-configuration-manager/use-cases/network-device-manager
    https://www.microsoft.com/en-us/microsoft-365/blog/2015/07/21/explore-the-built-in-mobile-device-management-mdm-feature-for-office-365/
    https://www.microsoft.com/en-us/insidetrack/mobile-device-management-at-microsoft

    Leave a Reply

    Your email address will not be published. Required fields are marked *