Ever since I wrote my book (all the way back in 2013!), it’s been my goal to help IT pros understand the world of enterprise mobility management. These days there are a lot of different technologies out there, and plenty of buzzwords.
You can read my articles on topics like mobile app management, Android Enterprise, Samsung Knox, iOS mobile device management, the extended enterprise, mobile threat defense, and BYOD, and you can look over my list of EMM resources, but in this infographic, it’s my goal to lay everything out in one easy to read, information-rich table.
I’m excited to present the version 0.3 below (from October 2018; the original version came out in February 2018). It’s still a pre-1.0 version, so if you have suggestions or want to argue a point that I made (or want to tell me how useful it is!) leave a comment or hit me up on Twitter.
There are four main categories of use cases:
- Work only: Kiosks and embedded devices, and locked-down corporate devices.
- Mixed work and personal devices, enrolled in MDM: Corporate-owned, personally-enabled (COPE) devices enrolled in MDM, and BYOD devices enrolled in MDM.
- Mixed usage devices, not enrolled: COPE without MDM (yes, it happens a lot, especially by accident!), and BYOD without MDM. Sometimes these are known as MAM-only.
- Extended enterprise: Contractors, gig workers, and consumers.
There are several categories of technologies. First, there are device policies:
- Android Enterprise: Dedicated devices (a.k.a. COSU), Android work devices, and Android work profiles
- Samsung Knox: Knox platform capabilities (like all the hardening and hardware-level stuff), Knox containers, and Knox Configuration and Customization
- Apple: iOS MDM, Device Enrollment Program, and Supervised mode
Then there are app policies, including third-party email clients, MAM SDKs, and app wrapping technologies.
Under mobile threat defense, I’ve included blacklisting or whitelisting apps, mobile app reputation services, and device attestation.
Next, the infographic considers scenarios where IT gets to determine hardware requirements and choose devices, versus scenarios where IT has to deal with anything that walks in the door.
Finally, everything should be built on the foundation of a solid identity management and conditional access strategy.