bexxandbrain - Fotolia

Guest Post

Evaluating top MDMs for Android and iOS

While most MDMs can handle both mobile OSes, IT professionals should be aware which platforms can handle Android or iOS better than others. Learn about these platforms below.

When it comes to choosing a mobile device management platform, there are several factors to consider, such as OS support, security, budget, user experience and reporting.

Organizations that only want to locate devices, wipe them and issue basic policies to mobile endpoints can use pretty much any mobile device management (MDM); the core features that all MDM platforms offer are common to all platforms. What sets each MDM apart is the approaches to niche features, and organizations need to weigh their desire for these features.

Most platforms can manage more than 80% of the features available on the device, and in practice this is more than most organizations need to control their devices. For example, the vast majority of organizations don't have the need to push custom fonts to iPhones, although the feature has been available to iOS administrators for several years.

The limitations of MDM for Android and iOS

Both Google Android OS and Apple's iOS present some shortcomings for mobile admins that need to manage them. With iOS, for example, the OS does not permit administrators to accept permissions on behalf of users, and this greatly limits IT's administrative control over iOS devices that are not in Supervised Mode. If a device does not support a command, then the MDM cannot control it. If an MDM enforces encryption on an Apple device, it does not actually encrypt the device, but rather tells the device to encrypt itself. There is no difference between the endpoint encryption on Apple devices from the various MDM vendors because of this.

Android also presents some shortcomings that IT must know how to handle. For example, Google recently deprecated Android Enterprise's work profiles on fully managed devices. This deployment model often served as organization's method for deploying corporate-owned personally-enabled (COPE) devices. While Android Enterprise has a new deployment method that can replicate the deployment via a local device policy controller, organizations must find an MDM that supports this new feature. Android Enterprise offers a centralized location for all the relevant management APIs for Android devices, but IT administrators must ensure they have an MDM with the latest APIs native to the platform.

In comparison to Apple's native device encryption, Android admins can use Samsung Knox Workspace, which offers a container built into the device with hardware backing it. This is good for organizations that require the strictest separation of corporate and personal information. All these platforms offer a native look and feel, which requires less user training. MDM containers tend to use proprietary software which changes the user experience and increases their footprint on the endpoint.

Many MDMs offer containers to segregate personal data from business data, but these have declined in popularity as iOS and Android both offer app sandboxing. Features such as Managed Open In have greatly reduced the risk of corporate information being leaked through personal apps.

MDM vs. EMM vs. UEM

MDM platforms capable of managing Android and iOS for businesses

While the following is not a comprehensive list of unique features, it sheds some light on the differentiators between some of the leading management platforms. Once again, all of the following platforms -- unless otherwise noted -- include significant Android and iOS MDM features, so the decision may come down to the ancillary management features that these platforms offer.

VMware Workspace One

This platform offers Chrome OS support and continued support for Windows Mobile. Android is supported from version 4.3 and on, while iOS support has been around for much longer.

MobileIron UEM

MobileIron offers both on-premises -- named Core -- and cloud variants. This management platform includes built-in MTD which simplifies rollouts for both Android and iOS. There is also an identity and access management add-on available for passwordless security including cloud applications.

IBM MaaS360

This platform provides support for legacy OSes such as Android 2.2 and Windows XP, as well as support for Chrome OS, iOS and modern Android builds.

Microsoft Endpoint Manager (formerly Intune)

While this platform lacks in some features, especially granular Android controls, it offers great front end as part of Microsoft 365, incorporating Azure Information Protection, Identity management and Cloud App Protection. With the Microsoft suite, organizations can go beyond looking at endpoint security and can take a holistic view of their data security as well.

Soti

Soti offers a wider range of controls for Android devices than most competitors do, and it offers both cloud and on-premises platforms. It also offers Telephony Expense Management, which is usually an over-the-top platform with other vendors.

MDM architecture
The architecture for mobile device management platforms

Knox Manage

Samsung designed Knox Manage with Samsung devices in mind and offers a wider range of controls for Samsung devices than anything else on the market. However, it also offers multi-OS support, so it is not just for Android and Samsung-exclusive customers.

Jamf

Jamf has deprecated Android support and focuses exclusively on Apple devices. Jamf offers the widest range of features for Apple devices. Android support has been deprecated in recent versions, so this really is a specialist offering for companies that deploy Apple exclusively unless they wish to use another platform for their other devices.

If none of the features above can serve an IT team's purpose, then it might be difficult to ascertain which is the best management platform for them. IT could also consider integration with third-party products it already uses or may deploy in future.

Many over-the-top management platforms only develop integrations with the top few MDMs, so IT should be mindful that whatever decision it makes might have an effect on future rollouts. Nearly all MDM vendors offer a trial, so IT admins should be sure to test the efficacy of the short list of MDM platforms against their use case and endpoint types before making a final decision.

About the author
Colm Warner has worked in a wide range of technology jobs from photocopier repair to data center design in a technology career spanning two decades. For the past several years, he has focused on consulting for mobile IT solutions and is now with Akamai Technologies. Colm's interests include music, travel and movies, but change frequently as he becomes distracted by new hobbies.

Dig Deeper on Mobile management