Jammin’ with James Recapped: The Modern Workplace Approach to MDM/BYOD

In this month’s webinar, James Golden, Plow Networks’ Director of Technical Development, discusses the differences between BYOD and MDM policies. In this article, you will learn about enrollment types for Apple and Android, which will help you determine what type is best for your business.

To start, here are some definitions:

• BYOD: Bring Your Own Device—When organizations allow their employees to use their own devices for work-related activities. This increases employee productivity, employee satisfaction, and cost savings.
• MDM: Mobile Device Management—The process of monitoring, managing, and securing mobile devices used within a work context. MDM improves security, compliance, and regulatory adherence. Common user complaints are that MDM is an invasion of privacy and uses up more battery on devices.
• MAM: Mobile Application Management—A subset of MDM that focuses on securing and managing applications on a mobile device. It puts walls around applications to prevent data leakage without the device needing to be enrolled, which is beneficial for BYOD organizations.

Apple’s enrollment types are geared more towards individual users than corporations, as these policies reflect. Your organization will only need to access Supervise mode to more intensely monitor your users’ devices, such as obtaining GPS coordinates of enrolled devices.

1. Automated Device Enrollment: Through this enrollment process, you can access Supervise mode. It also requires you to have Apple Business Manager in place and factory reset all devices to enroll in onboarding.
2. Apple Configurator Enrollment: This enrollment plan also allows you to access Supervise mode. The negatives are that you will have to reset your devices and will need a USB cable.
3. BYOD User and Device Enrollment: For this enrollment option, your users will log-in with their company credentials to set aside a part of their device to be somewhat controlled. This is a more cost-effective option that allows users to continue using their preexisting devices.

1. BYOD: Android’s BYOD enrollment allows users to split their devices in half with work and personal profiles.
2. Android Enterprise Dedicated Devices: This enrollment type is best for fully controlled devices, such as kiosk machines. These devices are company-owned but not being used by specific individual users.
3. Android Enterprise Fully Managed: A fully managed enrollment should be used when you have Android devices that are fully controlled within your company’s environment. You can track device locations and enroll on a per-user setup.
4. Android Enterprise Corporate Owned Work Profile: This is the same as the Fully Managed option but divides profiles up so that it looks like a BYOD Android device.
5. Android Open Source Project: The Open Source Project is an alternative to Android Enterprise. Devices are designated for a single user and are fully managed by Intune.

Your organization may consider establishing app protection policies, which create walls around apps so they will be the only ones affected by security mechanisms. To design an app protection policy, go to intune.microsoft.com. Here, you will navigate to the “Monitor” tab, find the “Policy” section, and click on “App Protection Policies.” Each policy will have a list of supported applications and specifications for what qualities a device must have to be eligible.

While BYOD and MDM policies are beneficial for users, employees may still have reservations about their data safety. To mitigate employee concerns about MDM, be transparent about how your policies impact their devices and environment, implement policies to protect personal data, and limit management to only work-related apps.

Based on this article, you can decide what device enrollment plan is best for your business. To view past webinar recaps, visit our YouTube channel.