What is MDM, MAM, and MIM? (And what's the difference?)

In this post I want to simply explain what MDM, MAM, and MIM are and how they're different from each other.

As you start to dig into the mobile device space, you're undoubtedly going to hear three acronyms thrown around: MDM, MAM, and MIM. So in this post I want to simply explain what each of these is and how they're different from each other.

(Editor's note: We published an updated version containing all the latest info on MDM, MAM, EMM, and UEM at the beginning of 2019.)

MDM (Mobile Device Management)

MDM stands for "Mobile Device Management." It typically comes in the form of software that companies can use to lock down, control, encrypt, and enforce policies on mobile devices such as tablets and smart phones.

In the old days (like, before 2007), most people associated MDM with Blackberries. But now that most users prefer iPhones and Android devices, many MDM software vendors have emerged that allow IT departments to manage these new devices just like they've been managing Blackberries for the past ten years.

The thing about MDM software is that it allows the IT department to have full control over the device—IT can "own" it and essentially do whatever they want to it. Back in the days of the corporate-issued Blackberry, this was okay. IT could say, "Here is your device. It's company-owned, so we're watching everything you do and you'd better behave." Users generally obliged and in those days virtually everyone carried two devices—a corporate-owned MDM-controlled "work phone" and a "I-can-drunk-text-all-I-want" personal phone.

But once the iPhone and Android phones came out, users started bringing their own personal devices into the office. IT departments initially balked at this, but then the MDM vendors came along and said, "Hey IT, don't worry, you can use our MDM software to control these iPhones and Androids to make them secure!"

IT said, "Great!" But for the users… this was not so great!

Think about it. If you're an end user and you buy your own iPhone and bring it into work, would you want give full control to your IT department? Do you want them to be able to see what apps you have installed and where the device is at all times? Do you want them to have the ability to remotely wipe your entire device, including anything personal you have on there? Do you want them to enforce a crazy-complex password with a 10-second screen lock timer that you'll have to fumble through every time you want to snap a photo of your kid?

MDM is like a root kit that your IT department puts on your phone. :( No thanks!

So while MDM was awesome in the days when companies owned the phones, now that users own their own phones and do some many personal things on them, MDM software is a bit heavy-handed. It's getting to be an anachronism in today's world. So what's the alternative? Enter MAM!

MAM (Mobile Application Management)

Mobile Application Management is like MDM, except it's only applied to specific applications on a device instead of the entire device. The general idea is that using MAM, an IT department could lock down, control and secure just their specific corporate applications, while everything else on the phone could be left up to the user.

For example, a company could use MAM to deliver secure email, calendar, contact, and expense reporting applications to an iPhone. So if the user just wanted to pop open their phone to snap a picture or play Angry Birds, they wouldn't need to use a password to unlock the phone. But if the user clicked on the email app, then they'd be prompted for a password to get into just that app.

The same goes for policy controls, encryption, remote wipe, etc. MAM could allow IT to encrypt just the data that's stored by the apps they deliver—the user's other apps would just be installed like normal. For remote wiping, the company could just wipe the corporate apps and data while leaving the user's personal apps alone. And, perhaps most importantly, when using MAM, the company doesn't have visibility to anything users do outside of their apps. So if you want to download Weekend Snogger Lite, then go for it!

So if MAM is so great, why isn't everyone using it? The main reason is that as of today, the MAM software isn't that great. It's getting there, and it's going to be great.. but right now? Meh.

The main problem is that users want to be able to download apps from the official app stores of their phone OS. (Apple App Store, Android Marketplace, etc.) The way the app stores are structured make it impossible for MAM vendors to get "in between" the app and the user's device. So MAM vendors have to get creative.

For example, some MAM vendors just write their own "secure" versions of apps. So if you use their MAM, you use their mail app, their calendar app, etc. This is cool because it's easy for users to download those apps from the app stores, but it also kind of sucks because these are "second rate" apps in terms of look-and-feel and functionality. (I mean who do you think can write a better mail app? Apple, or some random MAM vendor?) Also if you're getting your controllable apps from your MAM vendor, what happens if you want to control an app that the MAM vendor doesn't offer? (Some MAM vendors have SDKs and APIs to allow third-party app makers to plug-in to their security systems, but that still requires that those vendors take the time to plug in to those specific MAM platforms.. more if, if, if…)

Another approach MAM vendors take for application-specific security is to "wrap" regular off-the-shelf apps  with their own layer of security, encryption, and control. This is awesome in concept, but tough in real life. The problem is that in order for an IT department to "wrap" an iOS or Android app, they have to get the app's original package files from whomever wrote the app. (Remember that the MAM software can't get in-between the device and the real app store.) So if you want to securely deploy Microsoft OneNote for iOS to your users, do you really think you can convince Microsoft to send you the .ipa file so you can wrap it with your chosen MAM tool?

I'm gonna say "no!"

So the bottom line for MAM is "Watch this space," but I'm not 100% in love with anything here yet. And I'm not 100% in love with MDM for user-owned devices either. So where does that leave us? Hello MIM!

MIM (Mobile Information Management)

MIM is "mobile information management" which could roughly be described as all those "Dropbox-like" cloud-based services that sync files and documents across different devices. (To be honest, a more appropriate name for this might be "mobile data management," but that would have the confusing acronym of "MDM" too, so the industry sort of collectively agreed to call it "MIM" instead.)

The cool thing about MIM is that it's good and real today. There are plenty of public services (Dropbox, Box, Microsoft SkyDrive, Google Drive, etc.) that users can get on their own today. And there are plenty of corporate-controlled on-premises versions of MIM products (Nomodesk, WatchDox, RES HyperDrive, Citrix ShareFile, VMware Octopus, etc.)

Ultimately these MIM products will be rolled into the larger service offerings that IT provides to users (just like email and calendar), and the client apps will be delivered to mobile devices via MDM or MAM. But MIM works with MDM/MAM—you'll ultimately have MDM+MIM or MAM+MIM.

MXM (Mobile "X" Management)

I'm sure that there will be plenty of other "M-something-M" products that come out in the future. VMware is talking about a hypervisor on mobile devices which they'll probably call something like "MVM." I can imagine security vendors selling "MSM" products—really the sky's the limit. But for now the Big 3 are MDM, MAM, and MIM. And now you can talk intelligently about what they are and how they work!

Bonus: BYOD (Bring Your Own Device)

Even though this post is about MxM acronyms, a lot of people toss in "BYOD" when they're talking about things like MDM. The reality, however, is that BYOD has nothing to do with MDM or MAM. BYOD is an ownership model, while MDM, MAM, and MIM are specific types of software companies can buy and use.

BYOD is the concept that end users can bring in their own mobile devices and hook them into IT's corporate resources. In many cases, companies choose to buy and use MDM, MAM, and/or MIM when they implement BYOD programs, but the two don't have to go together. Many companies let users hook up their personal mobile phones to the corporate email servers without having any specific kind of MDM or MAM.

So there you have it: MDM, MAM, MIM, and BYOD!

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Great post!

I have yet to meet an IT person who is happy with their ESD tools to manage Windows apps on a single IT owned platform.

I don't really believe that MDM/MAM tools can rein in the inherent complexity of trying to manage devices/apps on multiple OSs, on devices that IT doesn't control.

MIM feels like the way to go...stop trying to control apps, just control the data. Easier said than done maybe, because IT is fast losing control of data in SaaS apps.

Just finished writing a post: http://wp.me/p2pm2z-2n


@Amitabh, we've been through cross platform delivery, AKA Java Web Start and the browser.  Always a compromise somewhere as the native platform does function or feature x which makes it attractive to stay native. HTML 5 will for sure help but even there I believe for a subset of apps not all.

@Brian MIM. Not sure I agree. Data Management, has been tried for many many years. Document management systems, DRM etc. It's a hard problem that is nowhere close to being solved any time soon IMO. MDM I still think will be suited for many types of use cases even if it it's just a sub feature of MAM. Agree MAM still very early and solutions are young or not released. Even if they were mature, the question i still have in my mind is how many apps will people really care about? Will it be just a few in house apps for business that things like Good Dynamics may be ok for, or is the wrapping 3rd party IPAs something people want to do. Perhaps a survey of your readers may help get us better answers to this question?


So the solution is that there is no solution? Don't put management software on my phone (i.e. an MDM "rootkit") but by the way I have not alternative suggestions?

I do however think you have a point that data is at the heart of the matter and the bottom line is that we want business people to have access to it while not giving away the keys to the kingdom. Every eco system has controls to keep it in whack.

So what are you proposing corporate IT does? Lay out some solutions.


@appdetective There will be always be apps that will be written as native, because it requires a level of interactivity that can't be provided by HTML5. But in the medium term (2-5 years) I think the vast majority of enterprise apps will do fine as just HTML5 apps.

@harrycolo Right now people think that MDM/MAM will allow IT control  over apps and data while still giving users flexibility with their own devices.  In my mind, that's wishful thinking. I think MDM can and should be applied in a limited context - to be determined by individual organizations.


   Application management is the strategy and process around developing/procuring, securing, deploying, accessing configuring, updating and removing (business) applications from mobile devices used by the employees…notice how I didn’t say an employee’s devices, because it could be some ruggedized devices that are used by various employees.

   Device management is about configuring the mobile devices and making sure that the IT policies that have been set up remain intact, as well as monitoring the overall status and health of the device.

What is the use of MAM and MEM if MDM is already there? MDM can manage the whole device, so why anything else required to manage mails and apps?
Can you please explain in brief how BYOD has nothing to do with MDM/MAM. Even though companies hook up user personal phones but they are eventually providing them support via any application source for eg: Blackberry Work/Access, is widely use for BYOD platform.
I wonder the implementing MDM and MAM has a high score. What kind of recommended tool for doing that
We use the EMM software from apptec360 and it includes MDM, MAM, MIM, BYOD and many more functions. Highly recommended for testing www.apptec360.com
Thx for this great post Brian and thank you Julian for your recommendation to apptec. We tested it now and it convinced us.
What does MoM stand for (as in MomReturning Users)?