The web has a lot of content about enterprise mobility management these days. (This is good news, because this wasn’t always the case!) But eventually, all content grows to the point where it needs curation, hence this article.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
I have a few goals: First, this is a followup to my EMM book, since it’s is a few years out of date (though it still makes a good introduction). Readers that are new to EMM should be able to find all they need to know about MDM, MAM, BYOD, and other related topics. For those that are already involved in EMM, this can serve as a bookmark for industry resources. For those that want to hear our opinions and worldviews, there’s a lot of commentary (though it focuses on the industry in general, not on specific vendors).
This article gets updated every few months—the edition you’re reading now is current as of April 18, 2017. For day to day news, head to the BrainMadden.com homepage, RSS feed, my Twitter account, or our Friday Notebook series.
General EMM content
Here’s an overview of the EMM space and how it evolved. It’s the article-length version of my book, so it’s from 2014, but it’s good for background.
Last summer, I wrote a 5-part series on the current state of EMM. It’s still current as of April 2017. Part 1 covers what’s mature; Part 2 outlines the stages of adoption; Part 3 is about the spread of EMM; Part 4 is why to get started; and Part 5 identifies issues we’re still dealing with.
Here are all of our thoughts on BYOD today. (Well, actually from late 2015, but still all true and relevant as of April 2017)
Mobile app management
I often hear that mobile app management is still a confusing topic for new EMM customers, and this has long been an important issue to me. To that end, check out my three-part guide to mobile app management: Part 1: Why we need MAM, but why it’s challenging; Part 2: Different MAM techniques; Part 3: MAM applied to different use cases. [December 2016] You can also see all of this in a video version, via my May 2016 Citrix Synergy session.
Then check out two other recent important articles about MAM: Apple’s iOS management protocol needs to get better for BYOD. Here’s why and what they could do. And: What does the Microsoft Graph API for Intune mean for the rest of the EMM market?
Finally, another resource on the MAM features that are built into iOS and Android is the multi-vendor AppConfig Community.
Here’s a general overview of how we think about mobile apps: Five things you need to know about creating and sourcing enterprise mobile apps. One important thing to understand is that mobile devices can provide apps with a lot of data frameworks that aren’t used by typical desktop and web apps—so when you’re mobilizing an app, you’re not just making the UI smaller and more focused, you’re adding other brand-new features.
Many mobile apps are going to be used by field workers, partners, contractors, and users other than traditional office employees. Some people call this the Extended Enterprise, and it’s a big place for mobile apps. Many of these scenarios will have an effect on how you do EMM for these users.
We don’t cover the nuts and bolts of mobile development, but we do cover various technologies that aim to make it easier to modernize and mobilize legacy apps. One big topic is something we call app refactoring, which turns legacy desktop and web apps into mobile apps, sometimes leveraging desktop virtualization technology. Gabe has written about the downs and ups of this market. Other topics to know about are mobile backend as a service (MBaaS) and mobile app development platforms (MADP).
Mobile security and identity
Identity and access management is the peer of EMM—since we’re in the mobile/cloud era, it’s what you need to deal with all those cloud apps. Here’s a basic introduction. It’s also getting much smarter, thanks to visibility into mobile devices, contextual/conditional access policies, and machine learning to look for anomalous user behavior. A newer related technology is cloud access security brokers (CASB). Also, it’s important to ask: How will the rise of artificial intelligence affect EMM, desktop virtualization, and EUC?
Moving on to devices and OSes, it can be informative to read the security reports and resources directly from Apple and Google. Check out:
- Apple’s March 2017 iOS security white paper
- Source.Android.com security overview
- Googles Android 2016 Security Year in Review (Blog post | complete PDF)
Mobile malware is indeed a threat, but it’s much smaller than other threats. Here’s my basic overview of mobile threat detection products; as well as the often-cited 2016 Verizon Data Breach Investigations Report, which identifies other much more pressing issues, including identity management.
Another mobile security product we’ve been following is virtual mobile infrastructure (VMI). It’s like VDI, but with mobile OSes hosted in the data center and remoted to mobile app clients. We have an overview of what it is; the technical challenges; the potential use cases; a BriForum video about VMI; and other VMI content.
Apple and iOS mobile device management
The most important places to dig in will be the iOS Deployment Reference and the macOS Deployment Reference. You’ll also want to see the Apple device configuration profile key reference, and the over-the-air profile delivery and configuration in order to understand the concepts behind MDM.
Apple also has several special programs, including the Device Enrollment Program, the Volume Purchase Program, and Apple School Manager. If you’re deploying enterprise-owned devices, you’ll also want to learn about Apple Configurator. (It’s only available for macOS, free in the Mac App Store.)
iOS updates are usually announced in June and roll out in September with new iPhone models, but sometimes big updates with new EMM functionality come out in the spring. That happened in 2017—check out the updates in iOS 10.3, tvOS 10.2, and macOS 10.12.4, and then listen to this great podcast of the highlights, from Russ Mohr, of MobileIron, and Aaron Freimark, of EnterpriseiOS.com.
Google and Android mobile device management
We all know the Android MDM story: Originally, Android didn’t have great MDM capabilities, so OEMs like Samsung added their own. Then in 2014/2015 Android for Work came along (and now it’s just called Android enterprise). Google's Android enterprise site lists supporting EMM vendors, supporting devices, and basic features.
- The Android enterprise help page answers lots of basic and important questions.
- The Managed Google Play help page covers bulk app purchasing and deployment.
- The Android in the enterprise for Developers is more for EMM vendors and app developers, but there's tons of information to poke around in if you're curious. The same goes for the Android EMM Developers site. There's even a test device policy controller app you can play with.
For more on specific versions of Android (since you’re likely to have a mixture in your environment, see the enterprise features for: Android 5.0; Android 6.0; Android 7.0; and the preview features for Android O.
Samsung Knox is still providing EMM features that can be used alongside or instead of Android enterprise. See:
- SamsungKnox.com: Everything you need to know about Knox!
- The Samsung Enterprise Alliance Program: This is mostly for EMM software vendors and partners, but if you want to know even more about all different Knox capabilities, this is the place to go. Dig around, there's lots of interesting stuff.
- The Samsung Business Mobility site: Mostly enterprise-oriented marketing materials, but could be a good place to find more information.
Windows 10 MDM and Unified Endpoint Management
Windows 10 brought many changes, and one of the most significant for us is support for MDM. Here are official materials from Microsoft:
- Overview of Windows 10 MDM
- All of the MDM APIs available for Windows 10
- Guidance on Windows 10 MDM from Microsoft
- Newer MDM APIs in more recent versions of Windows 10, including support for ADMX-backed policies.
- Microsoft has also released an MDM Migration Analysis Tool, intended to help companies compare Group Policy options to MDM options
And here’s some of our commentary:
- Commentary: An update on Microsoft’s app strategy (from Tim Mangan)
- Can we get to a more secure desktop? A tour of all the new Microsoft security features. (Also by Tim)
- Unified Endpoint Management is getting a lot of buzz, but as always the devil is in the details.
- Managing Windows 10 with MDM: VMware has the right idea, but IT needs help getting there.
- MobileIron Bridge breaks through the MDM wall in Windows 10