Mobile device management. Policy. Best practices. Six words that tell you this article is gonna be a banger, so buckle up because it is going to be a wild ride. You already know that MDM is the jewel in the teapot of any IT ecosystem because it gives you the access control and data security you’ve always dreamed of. You also know that good policies make everything better.
Put it all together and you have a recipe for MDM that’s almost too good to be true. So, let’s check out eight mobile device management policy best practices that are our favorites right now.
Hold Up, Remind Me Why I Need an MDM Policy?
An MDM policy is a blueprint that will help you create, develop, and maintain a fully operational and secure fleet of devices. It’s a set of guidelines that you’ve developed as part of your IT strategy. Your MDM policy instructs you on day-to-day IT decision-making as well as the more big-picture, strategic stuff. It gives you clarity and saves you time in decision-making.
Mobile Device Management Policy Best Practices
Feeling strong? Let’s do this.
Best Practice 1: Scope
It’s a not-so-best practice to be a bit blurry about who and what you’re including within your MDM ecosystem. “Yeah, folks with computers” is way too broad. Instead, make sure your policy is clear on:
- Which devices and platforms will be covered, e.g., all Mac, all Windows, cross-platform, or something else? Tablets, smartphones, heck, even USBs?
- Who MDM will apply to: full and part-time staff are a cert, but what about consultants and contractors who use their devices to support your business? It’s good practice to make sure that regular contractors understand and agree to your MDM policies (and a non-disclosure agreement, obviously!)
- The type of device usage expected. Will your policy support a Bring-Your-Own-Device culture or its unholy cousins Company Owned/Business Only (COBO) or Company Owned/Personally Enabled (COPE)? When you decide what usage your MDM ecosystem should support, you’ll be able to better prepare for the weirdness that will follow.
Best Practice 2: Device Configuration
You’re looking for that fine balance between security that is tight enough to keep bad people and crapware out, but not so tight that your people can’t actually do what you pay them for.
Here’s where device configuration policy is important. To achieve that awesome balance, it’s best practice to have standardized rules, controls, and sub-policies on how each device is set up and the mix you decide on will depend on the nature of your fleet.
Best Practice 3: Antivirus Software
This scans files to sniff out any malware living inside the systems in your fleet. Antivirus software can come already built into platforms like Android and Windows, or you might choose to buy third-party antivirus software. Whatever you decide, you’ll need to configure it correctly and make sure it’s updated.
Best Practice 4: Application Management
Here is where you can ruin your team’s enjoyment of life by banning all the fun apps. Best practice application management controls risk by managing your people’s access to unsafe or unsavory applications. You might do this by restricting access to anything except your own enterprise catalog of dull-yet-safe apps. Or you might denylist the evil that is Wordle because your people should be working, dammit.
Best Practice 5: They. Need. Passwords.
Robust passwords make the world a better place. It’s just science. The fewer passwords your people need to remember, the better – that is what cloud single sign-on is for! Enforcing passcodes and requiring strong passwords, including multi-factor authentication, is high up the best-practice-device-configuration list.
Best Practice 6: Enforced Updates
Ignoring an update pop-up means only one thing – a tasty-looking gap just the right size for some malware to slither in. Those dang hackers are always looking for vulnerabilities, and software that is out of date is high on their To Hack list because it’s just so darn easy. That’s why the responsibility to accept and enforce updates is high up on any MDM Policy Best Practice list.
Best Practice 7: Enforced Policies
Best practice mobile device management policy says “You can’t sit with us” to devices that don’t comply with MDM policy. This is especially handy if you have a BYOD policy and you’re onboarding new hires. The magical fairy dust of conditional access means that personal devices can’t connect to corporate data until they conform to the security stuff demanded of them by the MDM policy. Neat, huh?
There are a ton of fun policies to enforce and, oh, the power. For instance, when devices step out of line, e.g., by attempting to connect to unsecured wifi, an enforced policy will reduce the risk appropriately by blocking that evil wifi or locking and wiping that abandoned device.
Best Practice 8: Monitoring
MDM serves you up an all-seeing entity, unimaginatively titled an IT asset register, AKA fleet sheet, AKA Roll of Horror. This enables a best practice MDM policy so prosaic and yet so vital – monitoring. Best practice monitoring is a heady blend of human and computer-based cleverness. Your IT asset register is a live list of all the devices in your fleet and what’s going on with them. Run your eye down the list and you’ll find out almost too much information, such as:
- Which ones are running outdated applications
- Which are jailbroken
- The presence of denylisted apps
- Device location, when it was last used, and by which user
There Are a Ton More Mobile Device Management Policy Best Practices
But that doesn’t mean you need to start panicking. The existence of mobile device management policy best practices means you hardly have to think about data security because it’s already been done for you. Tried, tested, and trusted methodologies for keeping data in and ransomware out are waiting for you, and we’re here to help you incorporate the best of the best practices into your fleet. Whenever you have the energy, give us a call.
Ignition is Silicon Valley’s best (and friendliest) IT security, compliance, and support team. Contact us now – chatting about IT support and cybersecurity is our favorite thing to do!