Flexible integration: Being able to plug into other enterprise tools you're already using, from data-loss prevention to Security Information and Event Management (SIEM). As the scope of MDM is ever expanding, being able to interoperate with a variety of other services you currently run is not just desirable but will often be essential. Ask the vendor if their MDM solution works with the services you're currently using.
Flexible policies: The ability to create user- or task-based policies as required to support business and an individual's needs. Can you segment application and network resource access based on device, user, or department?
Platform support: With the rate at which new smartphones and tablets are hitting the market, it's essential the MDM solution supports end-point software for the wide variety of architectures and operating systems. If your system supports Windows and Android but not Mac OS X, you're going to have some sad news for the department head who bought a new Macbook to use on the road.
Software distribution: Does the solution manage operating system patches, application updates, and anti-virus updates in addition to distribution applications and updating the end-point software? How easy is it to monitor and manage compliance for devices to be up-to-date, and can you segregate BYOD devices from company-owned products?
Scalability: While most MDM platforms will support thousands or tens of thousands of devices, what happens if you need to support hundreds of thousands or more down the track? Look at not just what your needs are today, but what they might be in future. How scalable is the product, how many devices can it manage?
Analytics and reporting: Beyond the status and security of managed devices, metrics on application and data usage can provide a valuable insight into how devices are being used by employees. This can tie into application management: if employees are sharing data through a third-party cloud app, you can only prevent or manage it if you know it's happening, not to mention help to reduce costs by ensuring bandwidth caps, SMS and voice thresholds with a telco are not exceeded.
Encryption: Encrypt corporate data and applications on a device as well as ensure encrypted communication between the device and the network. What level of encryption is supported? Is it enabled for every end-point and server transaction?
On-site or cloud: Depending on the size of your business and the disparity of your staff, a cloud-based solution may be preferred over an on-site installation. This can be more cost-effective for small companies and allows you to easily scale as you grow, not to mention tap into powerful management solutions that might normally be beyond the scope of your business by going with per-device subscription models to cloud-based services.
MDM is big business. There are over 30 vendors in the market at the time of writing with a wide range of offerings. We can't cover them all, but here’s our take on some of the more well-known players:
AmTel's list of features appears to tick every box, with support for the usual suspects of user self-enrolment, device tracking and app management as well as secure content sharing, call routing over a private network, and 'geo-fencing' to restrict app and device features (such as disabling camera or Wi-Fi) based on location. Platform support is good, though not as extensive as other solutions covered here. Still, the staples of Android, iOS, Blackberry and Windows Mobile/Phone are covered. For iOS integration with Apple's Configurator is supported, as well. AmTel's solution also includes extensive app management, secure document sharing, push messaging for emergency notifications, and cloud-based rapid deployment features.
AirWatch makes note of the size of the company and its extensive partners, which is almost as large the number of platforms it supports -- Android, iOS, Blackberry, Symbian and Windows Mobile/Phone 8 as well as vendor specific devices from HTC, Samsung, Lenovo and even Amazon's Kindle Fire. Simple wizards make it easy for users to enrol their devices, while web-based dashboards give administrators ample data on compliance, asset management, and data usage. Various privacy features allow corporate and personal data to be separated on devices, while a self-service management console for users helps to reduce the burden on IT for device management. Paired with the AirWatch Mobile Content Management service, the MDM solution is expanded with collaboration and sharing features, public and private secure cloud storage, and encrypted and secured access to corporate data and services.
Formerly Zenprise, this well-known product sports an enterprise app store that allows users to install administrator-approved apps, and includes its own 'app containers' to separate business apps and data from personal ones on a device. All the usual suspects are supported including Android, iOS, Blackberry, Symbian and Windows mobile/Phone 7, but desktop OS versions are not. Simple provisioning and self-service enrolment takes some of the headache out of adding new devices, while at the other end of the spectrum decommissioning features make it easy to manage lost, stolen or replaced devices in an auditable way.
XenMobile MDM is actually just the core MDM product, for features such as application identity management, secure browsing and remote access, and Microsoft SharePoint integration the full Mobile Solutions Bundle is provided, which pairs XenMobile MDM with the Citrix CloudGateway service.
Similar to LANDesk's solution (below), IBM's Endpoint Manager for Mobile Devices is just one component of a range of endpoint products by big blue such as its Lifecycle Management, Software Use Analysis and Security and Compliance suites. The Endpoint Manager for Mobile Devices supports the core features of inventory management, an enterprise app store, location services, and security features such as encryption, remote wipe, and policy enforcement. It has perhaps one of the more extensive lists of supported platform coverage that encompasses Android, iOS, Blackberry, Symbian, Windows Mobile, Windows Phone and all of Windows, Mac OS X, Linux and Unix for desktop clients.
LANDesk's suite is a collection of tools from its Total User Management solution which include Inventory Manager, Mobility Manager and the core Management suite. Full support for device discovery, enrolment, and policy enforcement can be had across a range of platforms that include Android and iOS, but not BlackBerry, Symbian and Windows Phone. Conversely, it supports all desktop platforms in Windows, Mac OS X and Linux. Additionally a self-service portal allows users to perform basic management of their device, while administrators have access to a plethora of tools including an extensive management and reporting console that allows you to easily view, report on and distribute software to managed devices. The Mobility Manager is considered an extension of the core LANDesk suite, which also means it works seamlessly with other LANDesk products such as Anti-Virus, Data Protection, Service Desk, and Asset Lifecycle Manager.
MaaS360 supports the full gamut of mobile platforms with end-point clients for Blackberry, Symbian, Windows Mobile, Windows Phone 7, and of course Android and iOS. It also supports Mac and Windows desktop OSes, including Windows 8, so it can encompass laptops and Windows tablets. It also bundles a 'Secure Browser' for all platforms that allows secure access to intranets and corporate networks without a VPN, along with the similarly titled Secure Mail and Secure Document Sharing to do the same. Device enrolment can be done via a custom URL, email or SMS and beyond the usual suite of security features also allows geo-fencing to enforce compliance based on location, while an emphasis on expense management allows for easy monitoring of data usage and telco plans.
MobileIron has made a name for itself as a leader in the MDM ecosystem, providing wide platform support with a focus on Mac OS X to bring Macs under the BYOD banner. Its iOS support is extensive as well, allowing full control to track and distribute approved iPhone and iPad apps. It's no slouch with other platforms however bundling Android, Blackberry, Symbian and the latest Windows Phone 8 support as well. An integrated enterprise app store helps track and secure apps on mobile platforms, while an application distribution engine allows fast access to custom corporate apps. A management and reporting console called MobileIron Atlas provides extensive overview of managed devices, status reports, identification and troubleshooting of issues, and custom reporting. Like other solutions here, MobileIron also includes secure browsing, email and document storage tools, along with Microsoft SharePoint integration.