EMM = Enterprise Mobility Management. It’s a very wide area. It includes everything that you can configure, protect, install and report on a mobile device. From a product perspective, it includes, but is not limited to, Microsoft Intune, OneDrive for Business, Azure AD, Microsoft Cloud App Security, etc.
MDM = Mobile Device Management. The classic approach to managing iOS, Android, and other operating systems. Your organization is in full control of the device and can configure most settings. You are also able to install apps, do inventory, and so on. Includes products like Microsoft Intune, VMWare Airwatch, MobileIron, etc.
MAM = Mobile Application Management. The more modern, but sometimes limited, way of especially protecting organizational data. Instead of your organization being in control of the entire device, you control the apps which hold your data. Especially applicable to Microsoft Intune, but other vendors have similar solutions.
Privacy, User Experience, and Applicability
Perceptions that we need to address before continuing this post:
- My organization only implements MDM so that they can spy on me!
- WRONG! EMM or MDM is not about gaining access to the content of a phone or tracking how the user uses it.
- My phone will be unusable if my organization implements MDM!
- WRONG! You can configure a device to be usable both for work and for private use, at the same time!
- MDM is only for large organizations, we don’t need it in SMB.
- WRONG! MDM or MAM is something all organizations need and can benefit from.
With that sorted out let’s head into why you need EMM, MDM, or MAM in your organization.
Why Does Your Organization Need EMM?
There are in general three reasons for EMM (which I will use for the purpose of this post, and includes MDM and MAM):
Threat and Privacy Protection
Even though we see a few targeted attacks towards Android and iOS today, that is highly possible to change in the future. It is, however, more common that we see apps that require very high levels of access on mobile devices.
These high privileges open up possibilities for privacy breaches, data leakage as well as future attacks. In addition, we need to protect our users from malicious websites, phishing sites, and similar web-based threats.
Data Protection and Compliance
This is probably the most common, most important, and most underestimated use-case for EMM today. Most of the EMM projects we are currently involved in are focused on data protection and compliance.
It’s about allowing access to organizational data, applications, and solutions on mobile devices – while keeping it secure, contained, and reachable for IT.
Employee Experience
Apart from the two areas above, I find it very important to remember that we can use EMM to create an even better employee experience!
Things like a simple onboarding for a new employee, an always up-to-date device with simple connectivity to Wi-Fi and internal resources. With these controls, you have the opportunity to make a difference for your colleagues.
One Product is Not Enough
How can your organization achieve all of the above? In my opinion, Microsoft 365 and especially Microsoft Intune combined with Microsoft Defender ATP and Cloud App Security is a great way to get going.
There are EMM vendors and consultants that claim that ONE particular solution is all you need to stay protected and compliant. That is simply not true.
EMM is part of your threat protection and data compliance solution for mobile devices, but far from a complete solution. We do however often start our projects with a Microsoft Intune implementation.
It is a great way of both adding instant value to an organization. But also because it’s a good way of understanding weak points in other solutions and products used.
From there we can continue integrating other solutions, depending on licensing, requirements, and platforms for each individual customer.
How Can You Get Started?
- First, ask yourself: What kind of data are you making available on your organization’s mobile devices?
- Second, what regulations do you need to adhere to across your IT infrastructure?
- Third, with the tools you have today – can you really adhere to these regulations for the data made available?
As an example, and a very common challenge, how are you ensuring that your organization’s data do not leak to services such as iCloud, Google Drive, WhatsApp, or OneDrive?
Depending on the data, it could be either a loss of intellectual property, a GDPR violation, a marketing disaster, or all three.
User Experience is Key to a Successful EMM Implementation
At the same time, you need to balance your security and compliance requirements with user experience. To be successful with that, you need to have a proven practice for designing, implementing, and maintaining an EMM solution.
Once you have answered the three questions above, look into what kinds of mobile devices you are using in your organization today. Based on that, you can start to look into platform-specific solutions. As well as platform requirements to get started with your Microsoft Intune implementation.
If you need a hand, drop us an e-mail and we are happy to help you get started, or stay with you for the entire project.
What´s Next?
In upcoming blog posts, we will dig deeper into the challenges and possibilities with mobile platforms, EMM, and Microsoft 365. If you want to learn more, check out our newly updated training offerings for Microsoft Intune and Microsoft 365 Security!