Centrify DirectControl for Mobile is a basic MDM product with no extra frills—it simply provides a direct link from Android and iOS management APIs to Active Directory. It leaves application and data management up to other solutions, but its basic and strait-forward management, especially with a free edition available, should be a highly desired tool for many administrators.
Centrify’s background is in managing Linux and Unix servers, adding management for Macs about four years ago. Their mobile product launched last fall. The interface for all of their management products is through Active Directory.
How does Centrify’s solution differ from any other MDM solution? On the device level, it doesn’t at all. Since every single MDM vendor has access to the same iOS and Android management APIs, every vendor's solution should fundamentally be able to do all the exact same things, notwithstanding other features such as data or application management components.
Getting those APIs to interface with a management system is where solutions do differ, along with other components. In Centrify’s case the management is done through Active Directory, with their cloud service acting as a proxy to deliver management profiles. iOS and Anroid devices can then be managed just like any other PC or server, from the same interface, with no need for any other on-site management servers.
For any other features, it’s all up to the administrator to create in policies. Fortunately, people have been doing this for over a decade, and managing organizational units and group policies can create the complex sets of rules needed for all sorts of different device management scenarios.
DirectControl is also offered for free, without support from Centrify; however users of the free edition still get to taking advantage of the cloud proxy service.
BYOD with MDM
There are no special tricks to accommodating personal devices or creating seperate containers for work data—instead it’s just a matter of creating profiles with the appropriate levels of permission for different users, devices, and liability scenarios. All this, of course, has nothing to do with applications or data on the device. Centrify leaves the application and data management up to other players for now, but their website promises some application management features in the future.
It is possible to detect jailbroken or rooted devices, or to detect what applications are on the devices, and to consequently keep them off of a network, VPN, or to keep mail clients from syncing via Exchange ActiveSync.
Users can self-enroll their devices via a link and—assuming that policies are in place for their role and hardware/OS—can join or leave the domain as they please, with no need for administrators to touch or worry about individual devices. Management profiles can automatically be removed when a user is removed from Active Directory.
While Centrify DirectControl for Mobile doesn't offer many of the features of the more complicated BYOD solutions, for pure MDM it should be an excellent choice, considering that there's no need for onsite servers or separate management consoles.
This feature overview will be updated from time to time. If you notice any inaccuracies, please comment or email me at firstname.lastname@example.org. There are a lot of vendors and features to keep track of, and I want to be sure and keep everything straight.
- Platform Android, iOS
- Architecture cloud-based component connects standard MDM APIs to AD
- Security Device/MDM native features
- Management interface local Active Directory
- On-site requirements domain controller
- Provisioning web-based self-enrolled