This content is part of the Essential Guide: Enterprise mobility management software offerings and use cases

Infographic: When to use MDM, MAM, and other EMM techniques

A visual guide to how Android Enterprise, iOS MDM/DEP, Samsung Knox, and mobile threat defense apply to BYOD, COPE, embedded devices, and the extended enterprise.

Ever since I wrote my book (all the way back in 2013!), it’s been my goal to help IT pros understand the world of enterprise mobility management. These days there are a lot of different technologies out there, and plenty of buzzwords.

You can read my articles on topics like mobile app management, Android Enterprise, Samsung Knox, iOS mobile device management, the extended enterprise, mobile threat defense, and BYOD, and you can look over my list of EMM resources, but in this infographic, it’s my goal to lay everything out in one easy to read, information-rich table.

I’m excited to present the version 0.3 below (from October 2018; the original version came out in February 2018). It’s still a pre-1.0 version, so if you have suggestions or want to argue a point that I made (or want to tell me how useful it is!) leave a comment or hit me up on Twitter.

Click for full-size version!

Use cases

There are four main categories of use cases:

  • Work only: Kiosks and embedded devices, and locked-down corporate devices.
  • Mixed work and personal devices, enrolled in MDM: Corporate-owned, personally-enabled (COPE) devices enrolled in MDM, and BYOD devices enrolled in MDM.
  • Mixed usage devices, not enrolled: COPE without MDM (yes, it happens a lot, especially by accident!), and BYOD without MDM. Sometimes these are known as MAM-only.
  • Extended enterprise: Contractors, gig workers, and consumers.


There are several categories of technologies. First, there are device policies:

  • Android Enterprise: Dedicated devices (a.k.a. COSU), Android work devices, and Android work profiles
  • Samsung Knox: Knox platform capabilities (like all the hardening and hardware-level stuff), Knox containers, and Knox Configuration and Customization
  • Apple: iOS MDM, Device Enrollment Program, and Supervised mode

Then there are app policies, including third-party email clients, MAM SDKs, and app wrapping technologies.

Under mobile threat defense, I’ve included blacklisting or whitelisting apps, mobile app reputation services, and device attestation.

Next, the infographic considers scenarios where IT gets to determine hardware requirements and choose devices, versus scenarios where IT has to deal with anything that walks in the door.

Finally, everything should be built on the foundation of a solid identity management and conditional access strategy.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Nice visualization and summary for new and seasoned Mobility folks :-) One suggestion, “Android Work Device” should be “Android Work-Managed Device” or “Android Work-Managed”. The terminology for Android MDM can get confusing as they are changing terms so often. E.g Device Owner, Android for Work etc.
Excellent visual guide. EMM techniques like MDM, MAM, MCM and MIM, cater to different requirements of customers and their business scenario. What works bets for you is what every business has to determine before opting for the solution.  
AirWatch and Intune are the only two vendors left in the game.

XenMobile and MobileIron are dead products.