How to Configure MDM Policy? (with Hands-on Example)
Sometimes, mobile device management determines the end of a company. Smartphones and other devices are the worst hit areas of cyberattacks. In particular, when they are used at workplaces, you'd better take data breaches caused by the attacks seriously. Otherwise, you may have to pay a considerable amount of money to save your company. Worse still, you fail to save it.
As a solution that keeps mobile devices working within the boundaries, MDM protects device data from external and internal threats by implementing MDM Policy, furthermore, raising productivity.
Now, let's explore what is MDM policy and how to make good use of it!
1What is MDM Policy?
MDM policy is a feature that comes with moblie device management software to fulfill controlling tasks that involve system settings through configuration files. To put it simply, MDM policy is a set of rules to make a mobile device work as you want.
Due to the nature of enforcement, MDM policy could create offense when applied to BYOD devices. Employees worry about their privacy and think that such a feature will make them completely unmasked. True is, device management software is available to manage work data separating from the personal area with containerization. There is no need to feel anxious.
In addition to mobile devices, the functionality can also be used in other IoT devices such as kiosks, POS, etc. Just make sure that your MDM solution is compatible with the device's OS.
2What is MDM Policy Used For?
Since security is the main purpose to use an MDM solution and policy works effectively for that. It protects an organization or personnel device from cyberattacks or unintentional data breaches caused by misuse that could affect the business's integrity.
How does it help? MDM policy can be used to:
Managing employee passwords is urgent as 81% of hacking-related data breaches among companies is caused by weak password. (Source: Bank of North Dakota.) Reuse, limited characters, and frequently-used birthdays or name in passwords can lead to a security issue. MDM policy is what to prevent it.
Policy allows IT admins to set rules on lock screen password. For example, you can require the device user to set the password with num, alphabet, or with both. Further, you can define a password yourself and the user cannot reset it. It's convenient for you to regularly change the code and secure data better.
2Configure Network Connectivity
Keeping the device connected or disconnected is just one of the capabilities.
If you want to give a safe network environment to your devices, let's say, to use a company-dedicated network, you can provision Wi-Fi or APN in the policy configuration file.
3Block USB External Device
File transfer is one of the sources of data breaches. To help, mobile device management policy is able to control external storage device access, and block transfer between device and computer.
4Enforce Storage Encryption
To add another security layer to company data, you can activate Mandatory Storage Encryption via MDM policy. This function will generate error codes when exporting device-stored data.
5Restrict App Usage
Loads of applications are at risk of data theft. Implementing a mobile device policy is a necessary measure to reduce the possibility. After setting the app blocklist in the policy file, those installed apps will be disabled during work.
Besides, disallowing users to install unknown resource apps and remove apps are supported.
6Restrict Device Build-in Features
Here are some restrictions you can set for company-owned devices with Policy.
- Factory Reset
- Location Settings
- USB Debugging
- Safe Mode / Developer Mode / Airplane Mode
7Update Device System
Choose from Auto Update, Defer Update, or Windowed Update (Scheduled update time) to save manual work. If you have set Auto Update, the user cannot click the update button on the device at all.
Settings related to device system are available to configure by MDM policy as well, such as screen timeout, screen brightness, language, time zone, volume, power menu, etc.
3How to Configure MDM Policy and Implement? (Show-how)
Implementing policy is a step-by-step process irrespective of any strategy (BYOD, COPE, COBO, or other) adopted by your organization.
Here, we will give an example starting from the very beginning.
First, you need to sign up for an account on the AirDroid website. Then, log in and it will direct you to the Admin Console.
Next, click the Policy & Kiosk >> Policy & Kiosk Config Files >> Press ＋Create Config File button. The system will prompt you with options. Here, you can set up various rules that take effect on your managed devices.
Step 1 : Set up password policy to improve device access security
A firm MDM policy requires a robust password implementation. You can choose the system to ensure passwords meet the complexity requirements set or force a single password for all the devices that obey the MDM security policy config file.
The complexity can consist of Numeric, Alphabetic, or Alphanumeric characters.
If you choose force password configuration, then users cannot change the password set up by the admin. Its length could be from 4-16 characters.
Step 2 : Disable device features to limit usage
The MDM software provides many in-depth controls. This restriction section requires attention to the setup. And AirDroid Business provides user-friendly operation by turning on or off the buttons for certain functions.
Open Restrictions and you will see all things you can configure in Policy file.
For instance, you can enable/disable the camera, lock screen camera, and microphone from the Device Function tab.
In Safety, you can disallow Factory Reset, Safe Mode, or Developer Mode.
Block WiFi, usb file transfer and Bluetooth connectvity are available.
3. Set up app blocklist and block unknown sources (optional)
AirDroid MDM policy allows IT admin to set up a blocklist for applications using in the device. There are three ways to add apps: by device installed app, by App Library, and by Package ID. The latter two methods require uploading APK. After creating the list, the user is unable to use them.
As to block unknown sources, you can activate the button in Restriction >> Apps.
4. Apply the policy file to devices
Click 'Save' when you finish configurations. Now you can choose a device group to implement the MDM policy file.
4Common Issues when Implementing MDM Policy
Fail to work on devices
Although not often, there are still failures when provisioning policy to mobile devices. Low system version, inadequate permission, and incompatible with other software are three main reasons that account for it. Then, how to solve the problems?
As for the first reason, you only need to update the latest device system.
It's a little complicated to solve the second one, especially when it comes to employee-owned devices. Because you will need to gain more operation permissions as you are the super admin, and employees may not cooperate with you. You'd better use an MDM provider that is available for BYOD devices.
Sometimes, other installed apps will affect MDM software and make policy ineffective. You can reenroll the mobile device using 6 Times Tap enrollment. Please click here to learn more about enrollment.
As mentioned above, MDM policy is a feature with mandatory attribute. It works best with corporate-owned devices instead of personal devices. Employees who bring their devices to work will feel uneasy if companies try to control their equipment.
It is recommended to use BYOD MDM policy to manage employees' devices. It will leave personal data alone while implementing the command.
For example, if your employee is using an Android smartphone with GMS (Google Mobile Services), you can choose to access his work profile while enrolling the device to MDM software. In this way, you can set a secure policy without intervening in private area.
Time-consuming to configure to multiple devices
Is there a simpler way to apply mobile device policy rather than time after time?
Yes, of course. And you can even apply policies when enrolling devices simultaneously to reduce workload. AirDroid Business provides an MDM policy template to help with pre-configuration - the Provisioning Templates.
What is MDM policy provisioning template? It's a feature brings by the MDM software to simplify the policy configuration process.
See how it works.
To set up provisioning templates, first navigate to Devices Tab >> Provisioning Templates. You can choose Default Configuration to edit a default provisioning template or create a custom one.
For creating a template, you can choose apps for pre-installation, and set default language and network for the ready-to-enroll devices. You can also import an existing policy file if you want more configurations.
After completing the template, choose the device group in Device List that you created for the provisioning. Then, you will get a Provisioning Templates QR Code so that you can auto-configure your preset policies when enrolling devices.