Do you let your BYOD users choose between MDM enrollment and MAM-only?

We’re years into the BYOD era—how have things changed?

You may be tired of hearing about the topic after 5 years, but there’s still a significant split between mobile device management and apps-only mobile app management. There’s a lot to talk about, especially when it comes to BYOD. Today, I’m going to continue the conversation and build off of an article I wrote a few weeks ago, “Corporate devices are getting all the love these days, but BYOD challenges remain.”

(If you need a guide to MAM, I have a three-part series that covers all the background you need to know.)

Many MDM versus apps-only MAM decisions are clear-cut. If the device is corporate-owned and has an asset tag on it, you almost always enroll it in MDM. If it belongs to a partner or contractor, you take an apps-only approach. However, if it’s a BYOD device that belongs to a typical office worker, then you face a choice between MDM enrollment and apps-only MAM.

For years, I’ve advocated the idea that, all things being equal, you should let end users decide which management technique they prefer, since both approaches have pros and cons. For example, some users might prefer the built-in email client and browser, and be fine with MDM enrollment; or others might be more concerned about privacy, and choose an apps-only approach with a third-party enterprise email client and browser.

So my question today is this: Now that we’ve had several years for get comfortable with enterprise mobility management, where have you landed on BYOD? Do you let your users choose between MDM-enrollment and MAM-only, or do you have more strict and prescriptive policies?

Here are a few things to consider:

  • Choice is confusing and complicating. Users might not really get or care about the differences, so if you offer them a choice, then you just have to answer more support questions.
  • This is totally anecdotal, but even in 2017, I know plenty of people that opt out of BYOD and carry two phones around instead. (There are a lot of good reasons for this!)
  • As I noted earlier, BYOD challenges remain. Android Enterprise (with the BYOD-oriented Profile Owner Mode) is still new enough that I haven’t encountered it among friends and family yet. And iOS is now long overdue for a rethinking of the MDM for BYOD experience.
  • Some EMM vendors have talked about on-demand MDM enrollment as part of conditional access policies. For example, a user could access basic emails from an un-enrolled device, but when they access a more sensitive app, they’re prompted to do an MDM enrollment. In theory, the user or the MDM server could unenroll when they’re done.

Perhaps we’ll see some evolution to MDM or BYOD that will change the conversation, but I’m not going to try to predict when that will happen.

In the meantime, do you or your company give BYOD users a choice over management techniques? Let us know in the comments below or on Twitter.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Jack- We are looking to provide user choice over management techniques as you put it to avoid the big-brother type of culture. In your opinion, what are the best solutions out there today that support this? Thanks