10 Best Practices for Iron-Clad Mobile Device Management (MDM)

Written by Ashley Gwilliam on May 30, 2022

Share This Article

Workers now rely on personal devices to stay connected to the office. But the convenience of accessing company data at Starbucks may come at a price. 

Cybercriminals are targeting mobile device users more frequently than ever before. They most often attack their unsuspecting victims via high-risk apps with malicious code or nefarious email attachments. 

The unfortunate reality is stolen-corporate data is worth a lot of money. According to a Ponemon Institute study, organizations lose an average of $3.44 million due to lost or stolen mobile devices and $3.65 million because of malware-infected devices annually. The average cost for a mega breach in 2021 (50 to 65 million records) was a whopping $401 million.  

Once hackers steal records, they either blackmail the companies that own the data or sell the information to the dark web. The industries most at risk are healthcare, government, and finance.  

With this in mind, IT admins must constantly balance employee “wants and needs” against potential security risks. Choosing the right MDM software, overseeing identity and access management (IAM), engaging multi-factor authentication (MFA), and constructing device policies are paramount. 

This article will provide a roadmap to implement a strong mobile device management (MDM) program. Use it to identify gaps in your existing MDM strategy or start from scratch. 

1. Identify Mobile Needs

Successful mobile device management begins with choosing the right MDM platform. Unfortunately, that’s sometimes easier said than done. 

As Amit Pandey, Citrix Group VP of mobile platforms, says, the most common mistake organizations make with MDM implementation is choosing a software solution before assessing their team’s total mobility applications, wants, and needs. 

For example, say the VP of sales insists his team would be more productive with Salesforce access via mobile devices. The IT department then scrambles to accommodate their request, choosing an MDM solution based on Salesforce alone.



Fast-forward several months, and other department leaders follow suit. Suddenly, the original MDM no longer meets the set of solution requirements. At this point, the organization will either a) remove the original MDM software or b) set up additional point solutions to deliver the employees’ requested enablements. 


“Most companies are enabling a lot of apps and data on mobile,” Pandey says. “So, it’s good to step back and say which departments will I have to support in 12 months, 18 months, or 24 months? And for which types of data? When you go into vendor selection at that point, you will have a more comprehensive set of tasks.”


Of course, there is no one-size-fits-all solution in the marketplace, so thinking ahead is imperative. 


Ask yourself the following questions before evaluating MDM solutions: 

  • What devices and OSs do you need to manage? Linux, Windows, Apple, or do you need cross-platform MDM for a heterogeneous environment?
  • How many devices will you oversee? 
  • What are the devices currently connected to internally?
  • What MDM challenges are you looking to solve?
  • Do you want a more comprehensive MDM solution or an open source MDM tool?

Once you’ve answered these questions, you will quickly be able to eliminate several providers. 


2. Prioritize Customer Support

MDM developers build platforms with unique purposes in mind. Therefore, don’t be surprised if you come across some unfamiliar configurations. For this reason, it’s crucial to prioritize MDM vendors that provide ample educational resources, customer support, and troubleshooting. As an example, JumpCloud offers an MDM simulation guiding you through configuration settings.

Look for a dedicated help desk number or LIVE chat feature that immediately connects customers with support representatives. The best mobile device management solutions also come with owner’s manuals, how-to videos, and documentation on implementing best practices for MDM. 

In addition to free educational material, professional service offerings (PSO) provide invaluable support to help new customers set their experience off on the right foot.

MDM providers like JumpCloud offer professional services packages to walk new customers through laying the groundwork as part of a larger Zero Trust security framework. Our implementation engineers provide world-class project management skills and technical consultations to ensure customers build iron-clad MDM foundations from day one. 

Learn more about Zero Trust device management.



3. Automate to Save Time

Automation can both reduce the burden on your IT team while supporting ideal mobile security practices. According to a Salesforce survey, 74% of IT leaders said process automation helped their teams gain back 30% of their time. In addition, automation helped save up to 26% in costs. Regardless of the number of devices you’re managing, look for an MDM platform that: 

  • Automatically generates reports for various devices, 
  • Automates alerts when devices violate your MDM and corporate policies, and 
  • Makes it easy to lock mobile devices and wipe data as needed. 

If the MDM provider you’re considering doesn’t offer each of these convenient functionalities, definitely cross them off your list. Ready to dive into some vendor comparisons? 

Read this guide to compare MDM solutions.

Read this guide to weigh cost considerations for SMEs and learn about free MDM


4. Update OS’s Often

The longer employees wait to update their mobile device operating systems, the more likely a hacker is to prey on network vulnerabilities. Think of it like this: behind every security patch update exists hundreds of devices that were hacked because of coding holes. 

Mobile developers go to work “patching up” oversights so we don’t have to suffer from the same security breaches! So, running an outdated OS is like going on vacation and choosing to stay in a higher-crime neighborhood instead of a lower-crime one at no additional cost. 

Whether you’re running on-premise or cloud-based mobile device management software, up-to-date operating systems also ensure things run smoothly. Keeping your OS updated enables access to advanced MDM features that increase overall productivity of the end-users.

It’s worth mentioning that JumpCloud Patch Management makes it super simple to automate patch updates for macOS, Windows OS, and Ubuntu. Unlike other policies that require admin interaction to configure, these policies come preconfigured and ready to go.


automated patch management dashboard from jumpcloud
JumpCloud Patch Management


The bottom-line: enforce policies that require employees to engage updates on Android, iOS, Linux, or Windows operating systems. Learn more about Mac management and Linux management with JumpCloud.


5. Limit Access to Resources 

Security threats are no longer only coming from the outside. According to a study by Kaspersky, 52% of organizations say internal data breaches are a concern. Respondents said their primary fear was employees sharing company data via mobile devices, followed by the ramifications of lost or stolen mobile devices. 

One of the simplest ways to prevent confidential data from landing in the wrong hands is to implement the Principle of Least Privilege. The Cybersecurity and Infastructure Security Agency describes the principle like this: 


“Every program and every user of the system should operate using the least set of privileges necessary to complete the job. Primarily, this principle limits the damage that can result from an accident or error. It also reduces the number of potential interactions among privileged programs to the minimum for correct operation, so that unintentional, unwanted, or improper uses of privilege are less likely to occur.”


Experts also refer to the strategy behind the principle as privileged access management (PAM). In it, a privilege refers to anything a particular account can do. Types of privileges include accessible resources, features, and commands running against underlying operating systems of resources.   

Safeguard MDM by verifying by continually reevaluating who has access to what and why. In addition, containerization can help keep personal and corporate data separate on a single device. 



JumpCloud MDM

Manage All Devices in One Platform

6. Whitelist, Blacklist, and Update Applications

Furthermore, dictate the apps that appear on your corporate devices or networks. Allow employees to access the essential apps they need to complete tasks and block any non-essential ones they can do without. This simple protocol limits the chances of violating corporate security policies and boosts the effectiveness of MDM programs. In addition, mandate updates for regularly used applications to improve performance.  


7. Enforce Strong Policies

It’s essential to develop and enforce strong policies to govern mobile device management. Good policies define how management should deploy devices, how mobile employees can access corporate networks, and who can do what on said networks. 

Your Bring Your Own Device (BYOD) policy should cover:

  • Types of mobile devices permitted on the corporate network
  • Secure access and usage requirements 
  • Acceptable use policy and integration with other business systems
  • Limitations on BYOD devices
  • Exit strategies for BYOD employees who leave the company 

Additionally, enforce password and multi-factor authentication (MFA) policies besides developing procedures to be implemented in device loss or theft.


8. Back Up Files and Data

Though it may seem obvious, it’s worth emphasizing: always back up your files and data! It makes it infinitely easier to restore and access essential data in the event of device loss or theft.   

Cloud-based MDM solutions like JumpCloud make it easy to back up crucial company data and files. You can simply automate the process and have your data backed up regularly to your cloud storage. 


9. Monitor Activity

While some MDM solutions such as Apple MDM are committed to ensuring user privacy even on corporate-controlled devices, it’s worthwhile to monitor device activities on your networks. 

Doing so will prevent unauthorized access to company data and ensure employees are using resources in the right manner. As reported by Zippia, employees spend 56 minutes on average each workday performing non-work-related activities on their smartphones. 


10. Require Security Training 

Lastly, provide regular security training for employees. Periodically remind team members of your corporate network best practices, security policies, and mobile device policies. 

New employees especially should receive mobile device management policies and safety training as part of their orientation. 

A general rule is to conduct security training at least once per year. At JumpCloud, we mandate quarterly refreshes. Evolve your training programs whenever you update your MDM or adopt a new MDM solution.


Streamline MDM with JumpCloud

In the BYOD era, it’s more important than ever to rely on reliable mobile device management tools. An intuitive, streamlined, and robust MDM program supports employee productivity, while minimizing risk. 

The JumpCloud Cloud Directory includes a wide array of device management capabilities that enable admins to meet BYOD requirements. Our products simplify MDM, allowing admins to protect sensitive company data without inconveniencing your employees. 

More than 150,000 organizations use JumpCloud to save time, effort, and unnecessary costs. Want to experience the ease of MDM combined with IAM?

Try our JumpCloud MDM solution for free.

Ashley Gwilliam

Ashley Gwilliam is a Content Writer for JumpCloud. After graduating with a degree in print-journalism, Ashley’s storytelling skills took her from on-camera acting to interviewing NBA basketball players to ghostwriting for CEOs. Today she writes about tech, startups, and remote work. In her analog life, she is on a quest to find the world's best tacos.

Continue Learning with our Newsletter