When we ask clients to enroll their Apple devices into our support system, it's common for anyone unfamiliar with Mobile Device Management (MDM) to have concerns.
These concerns are rare with users of Windows PCs because Windows devices are often automatically enrolled into a support system using Active Directory. Apple devices must get permission from the user to make this happen on devices already deployed. (Automated, Zero-touch deployment is best for new Apple devices.)
The good news is that Apple's Mobile Device Management is focused on the device, and the privacy of the person using the device is paramount. Said another way, MDM is concerned about organization data and not user data.
MDM is also a necessary foundation for securing a fleet of devices and protecting a team of people using these devices. No mature business today operates without some form of MDM on devices used to connect to business systems. Below are some examples of what MDM can and cannot do.
MDM CANNOT
- View personal mail, calendars, contacts
- View SMS or iMessages
- View Browser history
- View FaceTime or phone call logs
- View personal reminders and notes
- Collect the frequency of app usage
- Access device location
MDM CAN
- View and set the device name
- Query the phone number
- Query the serial number
- Query the model name and number
- View capacity and space available
- Query operating system version number
- Install managed apps
- Configure all restrictions
- Configure global HTTP proxy
- Remotely erase all content and settings on the device
- Manage Activation Lock
- Access roaming status
- Enable Lost Mode
- Enforce device security requirements
Comments
0 comments
Please sign in to leave a comment.