BYOD in the workforce: MDM and MAM with Microsoft Intune

According to current data, the average home now has 25 linked gadgets, up from 11 in 2019. This widespread acceptance, along with a worldwide pandemic, has altered the way we work and interact on a personal and professional level.

Many sectors are embracing remote employment, made feasible by technology that enables remote healthcare consultation and monitoring, virtual classrooms, and food ordering and tracking via mobile devices.

Furthermore, many firms have converted to a bring-your-own-device (BYOD) environment because employees want to accomplish activities at home and at work without switching gadgets. This shift toward a device-dependent workforce necessitates a closer examination of how security teams manage and secure the data they gather and the devices they use.

Whether the device is personal or corporate-owned, security teams must enforce corporate data access and productivity requirements on mobile devices via mobile device management (MDM) and mobile application management (MAM).

The difference between MDM, MAM, EMM, and UEM

MDM secures mobile devices such as smartphones and tablets, whereas MAM safeguards apps on such devices that access enterprise data such as Outlook, SharePoint, and OneDrive. MDM software is frequently intended to handle one or more operating systems, such as iOS and Android. It keeps a device profile, which lets businesses remotely track, lock, protect, encrypt, and erase devices as needed. The program also installs agents on the devices to query and get the status of the device.

Enterprise mobility management (EMM) focuses on-device application, content, and identity management, whereas MDM is primarily concerned with device security. However, because EMM does not support platforms such as Windows and iOS, universal endpoint management (UEM) was developed as a centralized management solution that provides multiplatform compatibility, removing the need for different solutions. It should be noted that the security and confidentiality of data obtained through any of these solutions are only as good as their implementation.

MDM at work

MDM software is included in devices via vendor-specific programs from the manufacturer or by manual enrollment via a token, QR code, email, or SMS. VMWare Workspace One, Microsoft Intune, Citrix Endpoint Management, MobileIron, and SimpleMDM are some of the MDM software solutions available. Through APIs integrated into operating systems, MDM software sends a set of commands to registered devices. It gathers information from registered devices like as hardware and software specifications, installed and configured apps, security status, location, and so on, and it controls the programs running on the devices, permitting, blocking, or uninstalling them based on predefined settings.

Policies are used to enforce compliance requirements from standards such as HIPAA, GDPR, and PCI. Devices may be monitored and maintained centrally, and policies can be applied to devices in bulk. Automation simplifies the tracking, encryption, security, and wiping of devices.

MAM at work

Enrolling in MAM software does not necessitate the use of any devices. Employees can install and download corporate apps from company app stores on their BYOD smartphones. Personal and corporate data are kept separate by running apps in secure containers.

One key difference between MAM and MDM is that MAM does not require device control. MAM prevents sensitive data from being transferred or duplicated to other programs. Employees that use their own devices prefer MAM since it has less control over their complete device than MDM software.

Microsoft Intune for MDM and MAM

Microsoft Intune is a cloud-based service that specializes in MDM and MAM. It can impose controls on devices to prevent data from crossing corporate boundaries. It supports devices like laptops, mobile devices, and tablets, and it enforces policies, and protects data whether a device is registered or not. 

The integration of Microsoft Intune with Azure Active Directory and Office 365 apps is a significant benefit. It regulates who has access and what they have access to when coupled with Azure Active Directory. Many firms utilize Office 365 products such as Outlook, OneDrive, SharePoint, Teams, and so on, including mobile apps on personal devices, therefore corporate regulations must be implemented uniformly on such devices as well.

MDM and MAM are critical security technologies for both remote and BYOD workers. Microsoft Intune may be configured to give security controls that provide comprehensive coverage of MDM and MAM.

Synopsys’ on-demand resources and expertise can help you expedite and expand your application security testing. Our cloud configuration services include locating and correcting misconfigurations in Microsoft Intune and other Microsoft-related apps.