What is MDM Deployment? How to Deploy Mobile Devices?
How far can you go without Mobile Device Management in modern workplaces?
So long as you realize that data is a crucial corporate asset, you can't leave hand-carried devices unmanaged.
To address data security issues, you will need MDM software and have company-owned devices subsumed into the supervisory system. Of course, with years of development, the software is mature enough to deploy BYOD devices without a privacy break-in.
This blog will be a practical guide that lists what to configure and how to complete MDM deployment.
Part 1 : What is MDM Deployment?
If this is your first time engaging with Mobile Device Management, you can regard the solution as a central console with features to monitor and control connected devices.
MDM deployment is the beginning process of using MDM, which includes initial configuration for the device and its apps.
After deployment, the company is able to determine how the device can be used and monitor device conditions. More importantly, adding security layers to both device and data is available.
The specific deployment method and procedure might be different due to device systems, such as Android, iOS, Windows, and Chrome. But the main difference lies in binding devices, which are more commonly known as 'Device Enrollment'.
Part 2 : MDM Deployment Checklist (with Feature Explained)
No matter which mobile device management solution you use, the enterprise mobility deployment shares similarities. According to provisioning objects, the deployed content can be summarized as:
- Deploy MDM solution
- Deploy Devices
- Deploy Apps
- Deploy Device Security
- Deploy User & Group
Here‘s a checklist table to clear up what you need to deploy when using MDM tools.
MDM Deployment Checklist
|MDM Solution Installation||Install controller software/signup via web|
|Install controlled end software|
|Create MDM admin account|
|Device Deployment||Device enrollment|
|Kiosk mode configuration (optional)|
|App Deployment||Apps whitelist / blacklist|
|Apps installation / uninstallation|
|Website allowlist (optional)|
|Install company-owned app (optional)|
|Release testing company-owned app (optional)|
|Device Security Deployment||Password Configuration|
|Apps installation / uninstallation|
|File transfer setting|
|Wireless Network setting|
|Automate remote wipe|
|User & Group Deployment||Invite team member|
|Assign user role & permission|
|Create group for devices / users|
If you're completely new to mobile device deployment, take a closer look at the following features. You will need them to help with settings.
1. MDM Solution Installation
There are two ways to install MDM software - cloud-based and on-premise. You can choose according to the requirements for data storage.
For cloud-based installation, you need to have it on both devices that use to manage and are being managed. In addition, the admin can log into the control board via the web portal. An MDM account is needed.
In AirDroid Business, the controller software is called AirDroid Business and AirDroid Biz Daemon for controlled end.
2. MDM Device Deployment
- Device Enrollment: it is used to add devices to the MDM console in order to configure and monitor. Installing controlled end applications is one of the enrollment methods.
- Policy: feature with capabilities to set up rules for device system settings. For example, enforce password, block network, disallow USB acccess, configure APN, etc.
- Kiosk Mode: a lockdown feature to pin device screen as wanted. You can specify which apps or websites can be used on the screen. Company-owned apps are available after uploading packages.
3. MDM App Deployment
App Management Services contains app whitelist/blacklist, app installation, removal and update.
The existing apps in the device can be restricted by adding them to the whitelist or blacklist. And, the IT admin can force download or remove apps on the device.
It's worth noting that some mobile device management tools allow to publish and test company-owned apps. AirDroid Business supports app staged rollout for mobile deployment.
4. Mobile Device Security Deployment
This is not a particular feature name but contains functions to improve security. For instance, settings related to password, Wi-Fi, Bluetooth, and file transfer can be deployed in Policy. Let's check others.
- Geofencing: it helps track device location and path history. Also, you can set a geographical range to monitor if devices enter or leave the area.
- Alerts: with preset triggered conditions, the admin can receive alert notifications in the MDM console, such as device offline, low power, external peripheral access, etc.
- Workflows: feature used with Alerts. You can set up automated operations once a certain alert happened. As an example, when a device is out of the configured geographical range, remote wiping will be implemented automatically.
5. User and Group Deployment
Sometimes, you may need a team to manage a great number of devices. In Members & Groups, you can invite team members via email to join the MDM console. Next, to further assign operation permissions.
Part 3 : Step-by-step Guide to MDM Deployment
MDM deployment can initially seem overwhelming, but with the proper guidance, you can set it up and running in no time. In this section, we'll go through the steps of activating MDM and deploying corporate devices with it.
1Install MDM and create account simply
How to deploy MDM?
The simplest way is to create an MDM account with an email address and log into the dashboard through web page.
If you value convenience, you can also download the software on your Android or Apple handset, and sign up for an account.
2Enroll device from MDM
After successfully installing the MDM solution, you can start adding devices that you want to manage to the MDM software.
Here we will show how to add a single mobile device. If you would like to explore automated deployment or bulk-enroll, please click here.
Firstly, visit 'Device Enrollment' > 'Regular Enrollment'. Download AirDroid Biz Daemon to the mobile device.
Second, open Biz Daemon and find 'Deployment Code'. You need to enter a code to finish the deployment. Go to the admin console and get it in 'Device' > 'Device List; > 'Default' > 'Enroll'.
More, downloading Biz Daemon via the link is another method to enroll devices and will save the second step. Once the installation is done, the mobile device will be added to the console automatically.
AirDroid Business offers Device Owner Enrollment for MDM deployment Android that contains 6 Time Tap and USB enroll. This method is more stable when remote accessing device and reduce failure for policy configuration.
3Preconfigure device settings
Policy files allow IT admins to configure device system settings once it is enrolled in MDM.
Open Policy, you can see settings about password, device camera, factory reset, USB debugging, network connectivity, etc. Here you can activate or deactivate these functions on the devices.
Then, save the file and apply it to devices during enrollment.
4Manage device's apps from MDM
Deploy applications from MDM can be a little different between BYOD devices and corporate fully managed devices. As something for daily use, there is more or less sensitive personal information stored in apps. Thus, employees might feel uneasy while IT admins access and deploy apps on their phones.
Good news is the problem is solved. MDM solution is able to access workspace only, which will be set during the enrollment. Once it's done, the admin will deploy apps without affecting private space.
Now, let's see how to create app blocklist and remove apps.
Visit 'App Blocklist' in ‘Policy’. Then add apps that you want to restrict by clicking 'Add app'. You can choose from installed apps and app library.
5Add user and assign permission
If you want to have more team members to help with device deployment and management, add users in 'Members & Groups'.
You will see a popup with an email template. Fill in the member's email address and choose his role from Super Admin, Admin, Team Member, and Viewer.
Ask the employee to complete further steps and create a password by clicking the invitation link in the email.
As an admin, you can also customize permissions for a user separately.
Part 4 : How does Mobile Device Management System Work?
The MDM system consists of MDM deployment, MDM monitoring, and remote troubleshooting.
How it works?
Once mobile devices are connected, the IT admin can deploy settings, apps, and files through the MDM console. Then, the admin can monitor device status including location, network conditions, available storage, etc. If there is a device fault, the admin is allowed to remote control the device and start maintenance.
Part 5 : Why Enterprises Should Setup MDM Strategy?
Security concerns come to the top. Whether small-size businesses or enterprises, data breaches caused by unmanaged mobile devices are serious. Sometimes, they bring close-down.
- 74% of global enterprise IT leaders report they have suffered from data breaches because of mobile security issue - IDG study.
- 40% of security breaches are caused by lost or stolen devices.
- 67% of employees use personal devices for work - Microsoft research study.
MDM solutions can help organizations secure their company data by controlling and monitoring. Therefore, managing devices is important to avoid potential security breaches.
Leave a Reply.