The recent shift toward remote and hybrid work is pushing admins across industries to restrategize their mobile device management (MDM) efforts.
In the face of increasing security threats, having quick access to remote wipe/lock, patch management, and multi-factor authentication (MFA) controls has never been more crucial. As reported by the FBI, cybercrime has increased more than 300% since the beginning of 2020.
Hackers know more employees than ever are using personal devices to access private information on corporate networks. And they are increasingly using techniques like phishing, banking trojans, and malware droppers to gain access to data they will gladly return for millions of dollars.
Are you looking for MDM technology on a budget? Open source and free MDMs are viable options for some lean organizations; this article will cover everything from the full range of platform capabilities to how the technology has evolved. We’ll also discuss the pros and cons of deploying an open source MDM solution versus a paid solution.
Open Source MDM: More Than Managing Mobile Devices
Before we dive into open source MDMs, let’s get clear on what the platforms can actually do. While most admins understand their basic functionality, those who haven’t interacted with them up close may not realize the immense power at their fingertips.
Of course, those who oversee Apple dominant environments were forced to prioritize MDM with the introduction of macOS Big Sur a couple years ago. With that said, the majority of corporate IT environments still run on Windows.
The fact is modern MDM capabilities extend far beyond simple “mobile” device management. Solutions like the JumpCloud Directory Platform provide a complete set of device management tools that allows admins to streamline onboarding, offboarding, and cross-OS device management within a Zero Trust security framework that enforces the most common security compliance standards.
How Does MDM Technology Work?
Once admins install an agent on organizational devices, they can identify them based on serial number, associated user, or device name (depending on the MDM and the organization’s needs). Once the agent is installed, admins can remotely deploy configuration settings and execute commands.
Some MDMs are fairly basic and provide only the most necessary security features, while others can assist with many tasks, including:
Many MDM solutions are only compatible with a single platform, while others work across multiple operating systems and device types. The vast majority of fleets are composed of a mixture of device types, so cross-platform support should be a priority.
For compliance reasons and overall security, IT teams must have control over all aspects of the machine with features such as remote wipe, lock, restart, shutdown, minimum password strength, and more.
With so many employees working remotely, having physical access to a device is no longer a given. If your organization determines that a new security policy needs to be in place, how easy is it to deploy and activate on your fleet of devices that are spread out around your city, the country, or even the world?
An MDM solution is a crucial aspect of managing your fleet when employees are working remotely. Devices must be able to check in to the MDM solution regardless of their location.
Consider how easy it is to make changes to security policies and configurations without requiring a VPN or other clunky connectivity methods. As new features for operating systems are released, management systems are likely to see updates to correspond. Being able to roll out these changes quickly is crucial to remain secure.
Application deployment is a vital part of an IT strategy, and keeping apps patched is critical. MDM solutions are built for device management, but application deployment is an essential function that allows IT organizations or MSPs (managed service providers) to operate efficiently. Staying in compliance with software vendors for licensing is also made easier by an MDM as reports can be run at any time to determine who has what installed.
With software being connected to the internet at all times, it’s critical to deploy patches quickly. As with software deployment, an MDM allows auditing to show what versions of what software is installed, and then patches can be deployed.
Zero-touch deployment is a dramatic change from the previous strategy of device imaging. With imaging, every machine would need to be opened, set up, and then configured with a monolithic image before sending it to the new employee for use. As remote work grew, this meant IT admins had to turn their homes into small electronics warehouses, with regular trips to their local post office to get employees the equipment they needed.
Alternatively, with zero-touch deployment, a configuration is built into the MDM platform that facilitates the steps an admin once took on their own. Once purchased, devices are shipped directly to employees from the manufacturer, and as they connect to the internet they enroll in the MDM and begin downloading configuration profiles and company applications automatically. Zero-touch deployment turns a tedious process into a turn-key one.
Once considered a “fringe” feature, user management is becoming a central part of many organizations’ technology strategies.
With a continued rise in SaaS applications, it’s becoming critical to security that users don’t have to keep track of dozens of logins. Many MDMs are building user management into their solution as a one-stop shop for IT departments to manage devices and people.
Are you ready to deploy your first mobile device management solution? You can set up a JumpCloud Free account for up to 10 users and 10 systems with no system management experience needed.
MDM: Then vs. Now
Historically, admins had a number of options to manage Apple Mac systems as well as devices at large. System management tools such as Microsoft’s Endpoint Configuration Manager (formerly SCCM) led the way as an option for system management within an on-premises Windows-based network and provided some basic Apple and Linux management capabilities.
Mac-centric management solutions started to appear as well once Macs became more common in the workplace. Open source configuration management tools have often been used to manage Linux fleets. Of course, manual management is always an option for IT admins, although as the fleet size increases, this can be less enticing.
Now however, a new generation of device management tools have emerged. When MDM solutions first arrived, they focused on mobile phones and tablets. But as user behavior changed and organizational needs grew, IT organizations required MDM tools that could also cover desktop, laptop, and server systems across Windows, macOS, and Linux operating systems.
Early MDM solutions couldn’t accomplish this, because they were restricted to on-premises systems, specific operating systems, or other limitations. In today’s world, the enterprise software category of system management is evolving to include cloud-delivered MDM solutions as part of the system management category. Some might even say that the MDM category is becoming the overarching label for the system management and device management categories.
For those managing Apple-dominant environments, prioritizing MDM became a priority after the release of Big Sur 11 in 2020. Apple now requires IT organizations and MSPs to manage devices running the latest version of macOS with an MDM.
Open Source MDM: Pros vs. Cons
There are a variety of tools and approaches that can work for your IT organization, but is open source MDM the best course of action?
- Checks the MDM box
- Variety of options
- Time intensive to implement
- May lack critical functionality and platform support
- On-prem deployment
Yes, there are advantages to open source MDM — but let’s look closer. Is a tool really free if it takes internal resources to stand up? If it lacks functionality, won’t you just be starting over again in two months when your IT team realizes they need a more sophisticated tool? If it doesn’t support all of the operating systems that you need, will you need multiple tools?
Open source MDM solutions exist for those willing to do the heavy lifting of setting up a server, installing and configuring the software, and then ultimately managing the solution. Although the software is free, the time and effort required to implement it is not. This is typically an investment that costs more in the long run than truly free, turnkey MDM.
Ultimately, though, the major concern for admins and MSPs is generally less about the cost of the solution and more about whether it has the right functionality and the ability to accomplish what they need it to. The good news is there are free and cost-effective MDM solutions available that do not require you to sacrifice performance.
Better Device Management Is Possible
There are two key areas involved in the remote management of devices: user and system management.
User management is the ability to create, delete, and modify user access to the system. This may include specifying password complexity rules and also second factors of authentication such as MFA via TOTP, biometrics, or WebAuthn.
System management is the ability to secure, configure, and update your entire fleet. You should be able to lock, wipe, shut down, and restart machines to maintain security compliance and more. Remotely configuring a device to the right state is also a critical capability, especially for zero-touch enrollment, as is keeping the device up to date with the latest software and patches.
You may be able to manage the systems you need with an open source MDM, but wouldn’t it be better to have a holistic approach to device management and consolidate user management into your free MDM tool?
The JumpCloud Directory Platform does exactly that, and your first 10 users and 10 devices are free until you scale to more. Your account never expires, and we won’t ask for a credit card when you sign up here today for free.
Plus, during your first 10 days, you have access to free 24×7 in-app chat support with our platform experts to help you get started. That’s MDM as it should be.