Got MDM? By Jove, aren’t you the clever one? It’s true that mobile device management (MDM) borders on the divine when it comes to its almost-seraphic ability to make business better. But MDM alone isn’t a magic antelope. You won’t get the best out of it unless you have a strong MDM configuration plan in place.
What the Actual *Bleep* Is an MDM Configuration Plan?
Ask a tech-head what an MDM configuration plan is and they will go antlers deep into systems configuration and rattle on at length about zero trust architecture, enterprise authentication, the kneebone connecting to the buttbone, etc. It’s true that an MDM configuration plan does include the techy nuts and bolts of systems and protocols, but, even before your eyes glaze over, you’ll know it’s more than that.
A strong MDM configuration plan is a holistic strategy that describes how people, policies, protocols, procedures, and systems work together to deploy and manage the kind of MDM that best supports business needs. And by “business needs” we mean a) staying operational, b) giving your remote workforce all the stuff they need to do their job, and c) not being breached.
Where Do You Even Start?
Putting together a decent MDM configuration plan is all about assuming the persona of an annoying five-year-old by asking questions until someone puts you in the naughty corner. You need to understand what you’re building and why you’re building it.
Questions to ask include:
- How do we safely onboard new people?
- What SaaS is available that would help us?
- Are we doing BYOD now, and, if so, what levels of security do we need from non-corporate devices?
- How do we control access?
- How many defense layers should we put in place against malware?
- Are we going for compliance accreditation? If so, what do we need from our MDM?
- What’s the protocol if a device is stolen? Or lost? Or burned at the stake?
- Do we need a 24-hour helpdesk?
- Which platforms do we want to support?
- Who gets a beating if it all goes wrong?
- How should we manage our spares?
OK, I’m Sort of Convinced. So, What Does a Strong MDM Configuration Plan Cover?
Buckle up, because this may take some time. A decent MDM configuration plan covers:
Roles & Responsibilities
Clarify who in your organization has responsibility, accountability, and oversight of each aspect of MDM. You may have a lead for compliance & security, for business processes, and an internal liaison with teams such as HR who’ll get involved in onboarding. You’ll need someone to take overall responsibility, too. Lucky them! Or, if it’s just you and the dog, at least it gets you thinking about all the aspects that need your care.
Integration With Your Business Strategy
To make sure that your MDM is configured in a way that serves your business, take a peek at your business strategy – and your IT strategy (you got one, right?). Your IT strategy should support your business goals and thus influence your MDM configuration plan. For instance, if your CEO is planning to expand the workforce across borders, you’ll need to configure your MDM to support it: get that onboarding checklist written up! And talking about onboarding checklists…
An Onboarding Checklist
And not just a checklist, but a big, hairy mature one. And this means thinking about what streamlined, safe onboarding looks like and how your MDM should be configured for it. Stuff like:
- What apps, tools, and platforms will you need for each type of role?
- Who’s responsible for getting a new device to a new person?
- How long before a new person joins should you open their cloud accounts, e.g., for Figma or Slack? Remember, open but unused accounts cost you $$$!
- What groups should they be assigned to?
- Who’s available to help the newbie on their first day?
- Can your MDM support X number of newbies in one day, where X is a massively large integer?
Onboarding is a meal in itself.
An Offboarding Checklist
The sad underpig of World of Personnel, safe offboarding is often forgotten but should be part of any half-decent MDM configuration plan. A configuration for safe offboarding will include:
- Closing cloud accounts promptly, retrieving licenses, and revoking access to corporate stuff.
- Getting that device back promptly and safely.
- Retrieving or wiping corporate data from non-corporate devices.
Cyber Security Protocols
Here’s where you’ll make decisions about your defense against the dark arts of cybercrime in order to configure your MDM to be as bulletproof as possible. You might decide on a defense-in-depth configuration, which bathes your fleet and people in multiple layers of protection, such as:
- Third-party email and DNS filtering.
- Two-factor authentication to secure accounts against password attacks.
- Cloud SSO and the flavor that works best for your mix of devices.
- AI-based anti-malware.
- Forced OS updates and passcodes.
- All the encryption that ever was.
- Mobile application management for BYOD.
- Always, always, always deploying antivirus software. Yes, even on Macs.
Cross-Platform Operationality
MDM configured for a single platform is superduper, if that’s all your business needs. But if you plan to offer Choose Your Own Device, or want the right platform for the right task, you’ll need MDM that’s configured to cope with multiple platforms.
Making Sure You Have a Strong MDM Configuration Plan Is a Beautiful Thing
Yes, a strong MDM configuration plan is indeed a beautiful thing but it can also get ugly because there’s a whole lot of stuff involved: strategy, people, tech, timing, and the rest. If you’re feeling overwhelmed, our job is done, so call our special Overwhelmed Because of MDM Configuration hotline. We’re waiting for your call. That’s how much we care.
Ignition is Silicon Valley’s best (and friendliest) IT security, compliance, and support team. Call us now–chatting about IT support and cybersecurity is our favorite thing to do!