Microsoft Mobile Device Management (MDM): central management and protection of mobile devices
Das Wichtigste in Kürze
- MDM manages company-owned devices centrally via Microsoft Intune. Configuration, apps, updates and security policies all come from a single source
- Full control over encryption, mandatory passwords as well as remote lock and data wipe in case of loss or theft
- MAM is suited to BYOD, MDM to company-owned devices. Many companies combine both for a holistic security strategy
In today's modern work environment, mobile devices are a must-have; companies face the challenge of balancing security and productivity. While Mobile Application Management (MAM) focuses on protecting corporate data within apps (usually on employees' own devices), Mobile Device Management (MDM) takes it a step further: it allows for complete centralized management and security of company-owned devices. Companies that work with sensitive data or are subject to high security requirements particularly benefit from an MDM strategy.
This is the second and final part about securely managing mobile devices and applications. The first part was about Microsoft Mobile Application Management (MAM).
What is Microsoft Mobile Device Management (MDM)?
Microsoft Intune, Microsoft's cloud-based endpoint management solution, offers Mobile Device Management (MDM) to enable centralized configuration, monitoring, and security of mobile devices. IT administrators can use it to enforce security policies, manage apps, and remotely administer devices - whether they're in the office or external.
With MDM, companies can ensure that all company-owned devices are configured according to IT policies. This minimizes security risks and ensures compliance.
The benefits of Mobile Device Management (MDM) for businesses
1. Complete control over company devices
MDM allows for full control and management of company devices:
- Enforcement of security policies such as encryption or password requirements.
- Installation, updates, and blocking of apps on managed devices.
- Remote wipe of data if a device is lost or stolen.
2. Uniform security standards for all devices
With MDM, IT departments can implement a uniform security strategy across all mobile devices. This includes:
- Automatic device configurations directly at the time of setup.
- Security mechanisms to prevent unauthorized access and data loss.
- Integration with Microsoft Defender for additional protection against threats.
3. Protecting sensitive business data
While MAM ensures that business data is only used in approved apps, MDM controls the entire device. This allows businesses to prevent employees from using unauthorized apps or insecure networks.
4. Centralized management and increased efficiency
With Microsoft Intune, administrators can manage all MDM-managed devices from a single platform, saving time and reducing administrative overhead. New devices can be preconfigured with zero-touch deployment and made ready for use immediately.
How does MDM work in practice?
MDM is implemented using Microsoft Intune. Companies can:
- Register and manage devices - regardless of whether they run Windows, iOS/iPadOS, or Android.
- Define security, access, and app policies.
- Control settings and updates centrally, without users having to take any action.
- Remotely lock or reset devices if there is a security risk.
Sample MDM policies:
- Mandatory device policies: passwords, biometrics, encryption requirements
- Automatic app installation: corporate apps are specified and updated centrally
- Device restrictions: blocking unauthorized apps or cloud services
- Remote management: IT teams can reset or lock devices
MDM vs. MAM: When to use which solution?
- MAM is ideal for BYOD devices, as only corporate data and apps are protected.
- MDM is optimal for company-owned devices, as the entire device management remains under control of the IT department.
Many companies combine both approaches to develop a comprehensive security strategy.
Baggenstos' experience with MDM
If a company wants to use dedicated devices, for example in a high-security environment, MDM is the "gold standard" for mobile device security. Baggenstos has years of experience in centrally managing mobile devices and is, of course, Microsoft-certified in this area. Our customers benefit from a solution that ensures highly secure device and app management.
Bottom line: When MDM is indispensable
For companies that want to maintain full control over their mobile devices and implement a unified security concept, Mobile Device Management (MDM) is the best choice. By integrating it into Microsoft Intune, you can optimize IT processes, unify security standards, and protect your company data as effectively as possible.
You already use Microsoft 365 or Intune?
Then you should integrate MDM as a central component into your IT strategy to manage your fleet of devices efficiently and securely.
Source and further links
- What is Microsoft Intune app management?
- Video «MDM vs MAM: What’s the Difference?» (3:56 min.) and associated Blog post about the same topic (both English) about the commonalities and the four crucial differences between MDM and MAM.
