Any mobile phone that stores, or has access to company data, poses a security threat or vulnerability. And in the age of the smartphone, there are more mobile devices than ever that need to connect to your network and have access to sensitive data.
This is where mobile device management (MDM) and mobile application management tools (MAM) come in. From access restrictions to remote device wipe for lost devices, MDM and MAM tools allow you to manage your team’s mobile devices and data for better security. At the same time, they allow you to maximize your team’s productivity by making all the apps they need available and allowing you to release in-house apps or tools.
MDM vs. MAM vs. UEM: What’s the Difference?
Mobile device management (MDM), mobile application management (MAM), mobile information management (MIM), and unified end-point management (UEM), fall under the larger umbrella of enterprise mobility management (EMM). Along with a suite of other tools like mobile content management, mobile security management, etc., EMM solutions help enterprises control their devices and the data stored on them securely.
Apart from managing enterprise devices, MDM and MAM tools are useful whenever you need to exert a degree of control on connected devices and/or their applications. For instance, B2B/enterprise apps not listed in the public app stores can be distributed through EMM tools. Schools can also use these tools to introduce restrictions on students’ devices and apps, or remotely install the productivity apps they will need. Similarly, closed beta tests can use MAM tools to push beta updates and keep the test data secure.
Mobile Device Management
MDM is the oldest of these management approaches and is the one that offers the highest degree of control. This used to be through installing a proprietary client on devices that would exert its control at the device level. However, now, Apple’s “open-in” and Google’s “work profile” enable containerization and control of work data natively in their OSes.
MDM gives you near total control over managed devices, allowing you to set security policies, blacklist/whitelist apps, remotely control or wipe the device, and more. This degree of control can be very important for enterprises to make sure that their data is safe, and giving them the means to remotely control it.
Mobile Application Management
MAM takes a different approach and tries to manage the apps installed on the device rather than the device itself. They do this through the use of wrappers or an SDK that modify how apps work and assume control over them.
The use of wrappers and SDKs means that it is not universally supported by apps, unlike OS native management. And while the native MDM features can definitely be used for MAM, that requires the enrollment of the device into the MDM program and its level of control. However, in many Bring Your Own Device (B.Y.O.D.) cases – like consultants or contractors, for instance – this might not be welcome or acceptable.
Use cases like these are why MAM tools remain popular despite most MDM tools having the same capabilities and more. And with the increasing popularity of B.Y.O.D. as an employee-friendly approach, they are only gaining in popularity.
Unified Endpoint Management
UEM tries to centralize the control of all devices used for work under a single dashboard. This includes not only laptops, smartphones, and tablets, but also ruggedized and IoT devices. It is a new approach that tries to stay on top of the current technological trends and the adoption of IoT in work environments.
What About BYOD?
“Bring your own device” or BYOD is not a management approach like MDM or MAM, but rather a company’s policy about personal devices in the workplace. While this can certainly change how you should manage these devices, it is not restricted to any single approach.
Employees are understandably reluctant to give complete control over their personal devices and data to their employees. However, mobile OSes now support good containerization of personal and work data and profiles, to keep personal data and work data separate. This makes MDM solutions much more acceptable for device owners, but there still remain cases where MDM solutions are not preferred or not possible.
MDM might not be suitable in cases that involve external consultants and contractors who might refuse to give you control over their device or already have them managed by their organization. This is why many some companies use different tools for MDM and MAM or specifically choose MDM tools that offer a standalone MAM solution.
Top MDM tools
G Suite Mobile Management
Google’s G Suite includes a simple yet effective mobile device management solution. Although it is by no means a UEM solution, it does support both Android and iOS platforms (including wearables). Additionally, it allows for some basic mobile management features – like basic password enforcement and remote account wipes – without the use of a device policy controller.
If you already are a G Suite customer, mobile management comes at no extra cost, and if you aren’t, it comes with a host of other useful tools. This makes G Suite’s offer hard to resist for existing users and users who also looking for other tools that are included in G Suite.
Bulk Enrollment: Android Zero Touch enrollment
Pricing: Plans start at $5/user/month for the Basic package, going up to $10 for the Business package and $25 for the Enterprise package. The higher plans only offer a couple of extra mobile management features but do offer more value for the rest of G Suite’s products.
Intune is an enterprise-focused UEM solution that offers support for iOS, macOS, Android, and Windows. It has MDM features for enrolled devices, MAM features with or without enrollment, and mobile identity management through Azure Active Directory.
The standalone MAM capabilities are available for all Office365 apps and a few partner apps. However, they also provide Android, iOS, and Xamarin SDKs that can be used to add application management to any other app.
Naturally, Intune has a close integration with Office365, Azure, and other Microsoft Cloud services, making it an attractive choice for companies that already use other Microsoft services.
Bulk Enrollment: supports Android Zero Touch enrollment, Apple Device Enrollment Program, and Samsung Knox Mobile Enrollment
Pricing: Intune offers two plans starting at $8.74/user/month for the E3 plan and $14.80/user/month for the E5 plan.
IBM MaaS360 is another enterprise grade UEM solution that supports Android, iOS, macOS, and Windows platforms. This includes wearables and IoT devices that use API calls and integrates their AI assistant Watson to provide insights into how your apps and devices are being used.
They offer MDM and MAM features, including a private app store to provide MAM without the need to enroll devices. And with an IBM Watson powered dashboard giving you an overview of the state of your devices and their usage, it is a flexible solution that handles scale well.
Bulk Enrollment: Android Zero Touch Enrollment, Apple Device Enrollment Program, Samsung Knox Mobile Enrollment
Pricing: Packages start at $4/device/month or $8/user/month (unlimited devices per user) for the Essential plan and go up to $9/device/month or $18/user/month for the Enterprise plan.
Cisco Meraki Systems Manager
Part of the Meraki cloud platform, Systems Manager is a powerful UEM tool that supports Android, ChromeOS, iOS, macOS, and Windows. It provides advanced MDM and MAM capabilities in addition to mobile content and identity management.
However, Meraki’s MAM capabilities are only available for enrolled devices. This might be an issue for companies that need to deploy and manage apps to external contractors.
Bulk Enrollment: Android Zero Touch enrollment and Apple Device Enrollment Program
Pricing: Contact Cisco for a price quote
AirWatch is one of the most comprehensive UEM solutions, boasting support for iOS, macOS, Android, ChromeOS, and Windows. Standalone MAM capabilities are also supported through their container app, an SDK that developers can integrate into their apps, and app wrapping for already developed apps.
AirWatch also provides a host of other features like access and security management, virtual apps and desktops, and intelligent analytics and workflow automation. Moreover, AirWatch’s UI is quite intuitive and easy to master, allowing non-technical members to fully utilize its powerful capabilities.
Bulk Enrollment: Android Zero Touch Enrollment, Samsung Knox Mobile enrollment, and Apple Device Enrollment Program
Pricing: AirWatch starts at $3.78/device/month or $6.52/user/month (5 devices/user) for the Standard package, offering secure access and device management. The Advanced tier adds advanced UEM and secure apps for $6/device/month or $10/user/month, the Enterprise package adds Intelligent analytics and secure digital workspaces for $10/device/month or $15/user/month, and Enterprise for VDI adds virtual desktop infrastructure for $20/device/month or $25/user/month.
Miradore Online is a very affordable MDM solution that supports Android, iOS, and Windows devices. It offers all the regular MDM features, like remote device lock and wipe, remote app management and deployment, and more. It also allows you to automate your process and automatically deploy applications, configurations, and content to pre-defined business groups.
Miradore also supports Apple’s Volume Purchase Program (VPP) and managed Google Play Store, however, you can only manage registered devices and standalone MAM is not supported.
Bulk Enrollment: Apple Device Enrollment Program
Pricing: Miradore Online has a free tier that offers basic MDM features. Their Business plan adds restrictions and location tracking for $1/device/month, and the Enterprise plan adds MAM and automation capabilities for $2/device/month. Their Enterprise+ plan includes all of the features of the Enterprise plan, in addition to Secure Email for iOS.
EzMDM is an MDM solution that focuses on simplicity and ease of use and supports Android and iOS devices. While it does not support UEM or the more advanced MDM features, it does offer a robust set of MDM features in a user-friendly interface. Besides remote device lock or wipe, EzMDM allows you to enforce policies and restrictions, deploy configurations, and manage apps on enrolled devices.
EzMDM does not include MAM for non-enrolled devices but supports managed Google Play and Apple App stores. For enrolled devices, you can remotely deploy apps, blacklist/whitelist apps, silently install apps, predefine app configurations, and more.
Bulk Enrollment: Android Zero-touch, Apple Device Enrollment Program
Pricing: EzMDM offers only one plan that unlocks all features for unlimited devices at $1/device/month.
Wizy EMM is an Android exclusive MDM solution that offers powerful MDM features for all your Android Devices. It leverages Android’s native MDM capabilities to allow for remote device lock or wipe, policy enforcement, Wi-Fi management, and more.
It supports robust MAM features through managed Google Play for enrolled devices, allowing you to remotely and silently push apps and updates, blacklist/whitelist apps, and set configurations and policies for each app or device. Additionally, Wizy allows you to monitor and restrict data and telephony usage to enable expense management on your enrolled devices.
Bulk Enrollment: Android Zero Touch
Pricing: Wizy EMM’s Standard plan costs $3/device/month and unlocks all product features. Their Premium plan adds priority support, assisted deployments, and predictive machine learning, but you will need to contact them for a price quote.
Jamf is an Apple exclusive MDM solution that offers UEM for all your Apple devices, including iOS, macOs, and tvOS. It leverages native OS MDM and security features to provide a powerful mobile device management solution, allowing you to enforce policies, set configurations, and remotely manage and control your devices.
Jamf offers two products, Jamf NOW for basic mobile device management with limited features, and Jamf PRO with an extensive MDM and MAM feature list for enterprise-grade device management. Jamf also integrates with many other device management and security tools like Apple Business Manager, Apple School Manager, Azure Active Directory, and SSO services, in addition to a REST API for custom integrations.
Bulk Enrollment: Apple Device Enrollment Program
Pricing: Jamf NOW does not support tvOS, but offers the first three devices free of charge, after which it costs $2/device/month for the Standard plan and $4/device/month for the plus plan. Jamf PRO costs $3.33/iOS or tvOS device/month and $7.17/macOS device/month with a 50 device minimum for commercial, and a 100 device minimum for education, billed annually. They also offer paid onboarding remotely or on-site starting at $750 for a 4-hour remote session.
ZuluDesk is an education-focused, Apple exclusive tool that offers MDM features for iOS, macOS, and tvOS devices. It offers four separate clients for teachers, parents, students, and IT administrators, each with different features to suit their respective use cases. This also enables them to tailor the UI for each use case, offering different features and a user-friendly interface that helps each role to fully utilize the supported features.
ZuluDesk supports extensive MDM features, including device lock, wipe, policies, restrictions and more. Moreover, teachers can set-up lessons with different restrictions on a per lesson basis to ensure students have access to all the resources and functionality they need while restricting unnecessary functionalities to avoid distractions. ZuluDesk’s student client empowers students to manage their own devices and install approved apps and documents, and directly chat with teachers, giving them a sense of ownership over the device and maximizing their productivity.
Bulk Enrollment: Apple Device Enrollment Program
Pricing: ZuluDesk’s yearly license that can be transferred to replacement devices costs $5.50/device/year. You can also purchase a perpetual license that is locked to a single device for a one time fee of $17.50/device.
Appaloosa is a MAM tool that enables mobile application management through a private enterprise app store for Android and iOS. It does not offer any MDM features and does not require devices to be enrolled in your MDM solution, making it a great choice for managing your apps and data deployed to third-parties like contractors and consultants. It can also be used by internal employees in cases like BYOD and part-time employees, where complete device control is not preferred.
With Appaloosa, you can segment your users into groups and provide access to different apps according to each group’s needs. Additionally, you can remotely update, or revoke access, to manage apps, or wipe corporate app data from any of your devices. Appaloosa also integrates with SSO services and offers a REST API for custom integrations with the tools you already use.
Bulk enrollment: N/A
Pricing: Appaloosa offers a free tier that is restricted to one app and 5 users. Their Plus plan supports 5 apps for a minimum of 20 users and a maximum of 100, with limited functionality at €1.49/user/month. The Enterprise plan costs €2.49/user/month for a minimum of 100 users and unlocks all features except SSO authentication and custom URLs. The Custom plan adds SSO authentication and custom domain URLs, but you will need to contact Appaloosa for a price quote.