Best Mobile Device Management (MDM) Solutions Buying Guide

By editorial staff, writer
| Updated
Oct 11, 2018

What is Mobile Device Management and Enterprise Mobility Management?

The rapid proliferation of corporate- and user-owned devices in the workplace means that organizations need to beef up their support infrastructure now. Mobile device management (MDM) is the primary software solution for managing and securing your company's data and applications that are used on the many mobile endpoint devices that go in and out of your organization.

MDM platforms give you a central interface to interact with the data on your company's devices as well as your employee's personal devices, which are typically enrolled in the platform when they are hired. Enterprise mobility management (EMM) solutions are another form of endpoint management that usually refer to a larger suite of tools.

Today, EMM solutions typically include MDM, mobile application management (MAM) and mobile content management (MCM) capabilities, each of which addresses specific concerns regarding managing devices, applications and content. Other common EMM capabilities include an app store and productivity apps, a secure browser, email management, reporting and analytics. Some products even offer identity and access management (IAM), single sign-on (SSO) and threat protection.

The financial benefits of MDM and EMM tools include:

  • Enhanced IT control, including remote monitoring, configuration, app deployment, etc.
  • Enhanced security including policy enforcement, blacklists/whitelists, password management, etc.
  • Protection against data breaches including remove lock and wipe capabilities for lost or stolen devices
  • Logging and reporting capabilities for compliance purposes
  • Data protection, backup and restore functionality for corporate data
  • Improved productivity for end users

Editor's note: Looking for a mobile device management solution? Fill out the below questionnaire to have our vendor partners contact you with free information.


Most MDM vendors charge annually per device, but some offer a "per user" option, where the price is a bit more, but includes an unlimited number of devices per user. The user pricing option is ideal for organizations that are supporting BYOD programs or mixed environments.    

Several vendors have additional support/maintenance/software update fees that are separate from the device/user fees. Some also offer a perpetual device fee with an annual support/maintenance fee. Additionally, many MDM solutions are part of a bigger bundle or package that might include a separate license.  

Your first step should be to get an accurate quote and perform a cost analysis that takes into consideration not only the MDM fees, but also the management costs associated with implementing and supporting the solution. Consider what the transition will require and if the vendor is helping in any way. Determine how many people you'll need in each role and how much time you'll need them for. Then include these costs in your analysis.  

More advanced EMM platforms that feature and entire suite of endpoint management tools are more likely to be based on different tiered plans, and will likely work with your company to come up with a quote based on your exact needs.

Negotiation Tips

As you research and shop for an EMM and MDM solution, it's important to know exactly what your organization's needs and use cases are for a platform. There are several features and prerequisites you should keep in mind and make sure the service has which includes: 

Supported Operating Systems and Platforms

MDM suites usually support a subset of all available operating systems (OSs) and platforms. Operating system refers to the software that the device uses and platform is the type of device, such as mobile phone, tablet computer, and laptop computer.

Major mobile devices OS options include Android, iOS (Apple) and Windows Mobile. Major computer OS options include Windows, Mac OS X, Linux and Chrome OS. Based on the devices your employees regularly use, you can decide which ones you want to allow in your network.

Security Features

While all MDM vendors will tout their security features list, there are a few essential ones to recognize and require for your own company's safety and ongoing security efforts.

  • Mandatory password protection
  • Jailbreak detection
  • Remote wipe
  • Remote lock
  • Device encryption
  • Data encryption
  • Malware detection
  • VPN configuration and management
  • WiFi configuration and management

Enterprise App Integration

You don't want to commit to a tool that doesn't fit in with what you already use. Examine your MDM prospects with a discerning eye when it comes to integration with your existing enterprise applications, such as active directory/LDAP, Microsoft Exchange, web-based mail, cloud services and backup/restore.

End User Support

Unless you have the resources and the desire to provide 24/7 support for your users, you should find out if your MDM suite offers a self-service portal, help desk and multi-language support

Management and Reporting Features

Before purchasing an MDM suite, you should find out what's offered for management and reporting. Administrators will need a robust management interface with which to monitor, to patch, and to track managed devices. For reporting, you should look for device-level analytics, alerting options, and a real-time dashboard so that you can scan the number and health of your MDM efforts. Check on the type and the extent to which there is any third-party management software integration available for your suite.

The key to purchasing an effective MDM solution is to "try before you buy." Most vendors have limited device demonstration software that you can use for an evaluation period. Include your technical team who will be using the software so they can fully vet the suite and its features.

There are plenty of MDM suite choices that provide you the protection you need, give your employees the freedom they want, and have the features that matter.

State of the Industry

There are three key changes to the world of mobility management. First, the definition of mobile devices has expanded, and now includes notebook computers, two-in-one devices and wearables. If it's not physically attached to a desk or rack, or too heavy to move, it can and should be under mobile management. From a feature and function perspective, enterprise access and containerized productivity apps are driving EMM purchase decisions, rather than augmenting them as a value add.

Second, the IT world has pushed incumbent enterprise applications to either become mobile friendly, or be replaced by newer (and oftentimes less expensive) cloud-based solutions. Under the auspice of mobile application management (MAM), nearly every type of tool either has a native app, a web browser link, or another mechanism to securely access enterprise data. As an aside, monitoring and protecting access has birthed cloud access security brokers (CASBs).

Finally, anywhere access to content has also changed. What was pioneered by Dropbox in the consumer space and Egnyte in the business world, has blossomed into the market of enterprise file sync and share (EFSS). As it relates to EMM, this is the third leg of EMM: mobile content management (MCM). As an included component of EMM suites, this is disrupting not only the incumbent document management platforms, but also SharePoint, default storage for public cloud apps (such as Salesforce) and, finally, knocking out the antiquated shared drive model.

What You Can Do With MDM

Tracking Mobile Devices: Asset Management - The first step to managing mobile devices in the enterprise is ensuring you have an accurate inventory of devices working with your infrastructure. Inventory and asset management features can help you identify the number and types of devices on your network. Asset management features should include the ability to register devices, query for device configuration, and report on the status of devices. For example, you should be able to generate reports on the number of mobile devices registered, the type of devices present, as well as the operating systems and patch levels used. An asset inventory supports many of the other functions required for managing the security of mobile devices.

Screening Apps: White/Black Listing - System administrators can readily control applications installed on workstations and laptops by limiting administrator privileges. Achieving comparable levels of control with mobile devices is more challenging. Different platforms will offer varying features and functionality, so look for an MDM system that provides a common set of management features for all the platforms you will support. One of those common features should be the ability to limit apps used on managed mobile devices.

Whitelisting allows you to list the set of acceptable apps for mobile devices. Some mobile device management systems include app stores which allow you to host a repository of apps for your users. Mobile application management is also a separate category of software; if your mobile device management platform does not provide an app store you can get that functionality from another application.

Blacklisting allows you to limit the use of unapproved applications. This is useful when you wish to specifically identify an application that should not be on a mobile device accessing the corporate network, such as those that collect personal or corporate information unrelated to the function of the app.

Keeping Data Confidential: Encryption - One of the advantages of tablets, and even smartphones, is the ability to maintain copies of and read documents away from the office. Office productivity apps can give much of the functionality of desktop word-processors and spreadsheets creating even more incentive to download copies of corporate information to mobile devices. The obvious security drawback is that mobile devices can be lost or stolen, and therefore potentially leak confidential information.

MDM systems can allow you to define an encryption policy for data stored on mobile devices. This should include strong encryption and key management. Keep in mind that data should be encrypted during transmission ("data in motion") and while stored on the device ("data at rest"). 

Be sure to test your essential apps with device encryption. Data must be decrypted before it can be programmatically manipulated or viewed. Encrypting a device could disrupt some app functionality.

Locking Down Devices: Controlling Device Configurations - Mobile devices are feature-rich with Bluetooth communications, geo location tracking, Wi-Fi network access and other functions. These can all be useful in many situations, but for security-conscious IT professionals, these can seem more like vulnerabilities than features. MDM systems should allow for remote control over configurations, up to and include remotely wiping a lost or stolen device.

Enforcing Rules: Policy Management - A sound mobile device management strategy should include policies that describe configuration and operational requirements imposed on mobile devices. These policies can cover a broad range of device controls such as the use of encryption, the need for device passwords, or disabling Bluetooth, Wi-Fi or location services. Since many organizations will support multiple mobile device platforms, the policy enforcement mechanism should function across multiple platforms.

MDM systems can help mitigate security risks related to the use of tablets and smartphones in the enterprise. Look for support for asset management, app management, encryption and policy enforcement to help protect your information assets.


Bring your own device (BYOD) policies have been a money saver for companies that require employees to be mobile. Understanding BYOD and its impact on an existing organization and infrastructure is a critical milestone in the adoption of employee-owned devices that will allow a business to make the best use of cloud computers, smartphones, super phones and tablets.  

There are market forecasts that expect the BYOD and Enterprise Mobility market to grow at double digit rates and reach more than $180 billion within five years. Juniper estimates that there are currently 150 million BYOD devices deployed. Within two years, that number is expected to grow to 350 million and span major organizations. 

Implementing BYOD bring with it concerns that will touch long-term vendor plans, maintenance and procurement, application development and data ownership. Security concerns about BYOD often do not receive enough attention at organizations, potentially setting the stage for catastrophic exposure of sensitive data.

Here are some of the best practices when it comes to BYOD and security concerns:

  • Policy review: Existing policies may need tweaking, but there should be a clear path toward applying current policies to the mobile app and device world as well.  
  • Set realistic expectations: Using a mobile device privately is very different from using a mobile device within an organization. Employees using BYOD will have to accept compromise and that your organization's security is the priority. 
  • Platform support: The mobile platform environment is extremely fragmented, and there is no reason to believe that this fragmentation will change anytime soon. Remember that certain devices outside Apple's iPhone/iPad may support different features, which requires your organization to maintain a supported devices list. 
  • Application policy: An application policy can be based on blacklisting or whitelisting software in combination with using containers to run third-party software. There needs to be clarity regarding which software is permitted and which is not. Setting an application policy can consume a massive amount of resources, but stands at the center of your security policy. Only apps that provide auditing, reporting and centralized management should be allowed. 
  • Evaluation of MDM: MDM software can solve many of your security headaches, but will require time to be evaluated properly. Think of MDM as the skeleton structure of your BYOD program, with a basic set of secure applications you do not have to worry about, including email and remote device access, as well as a structure to enforce Internet data traffic policies.  
  • Mandatory PIN and encryption: Consider the mandatory use of PINs as the first security layer on a device. Similarly, all data stored on the device should be encrypted by default.  
  • Ongoing education and training: All people providing and using BYOD are, by default, risk factors. Consistent education addresses unnecessary risks and provides the knowledge necessary to use BYOD responsibly. Accidental data loss remains one of the main reasons why data is put at risk. Education and training are effective ways to mitigate that risk. 

Your policy will change and evolve as you create and implement the program. Consider the support of the legal team as the usage of BYOD has legal implications. Employees with access to BYOD should agree to terms of use of BYOD.

Guides & Whitepapers (Downloads)

The Control Is Yours: Five Reasons to Use Mobile Security Management Applications
The Control Is Yours: Five Reasons to Use Mobile Security Management Applications

Download Now

No longer tethered to their desktop computers, small-business owners are experiencing a newfound freedom as technology provides more flexibility in their lives. Security management systems can provide more than security. Learn how the next generation of mobile security applications can provide flexibility, productivity, business insights and work-life balance.


Webcast: Macs in the Wild: Securing Your Mobile Workforce and Their Devices

Register for the Webcast

MacBooks, iPhones, and iPads make great travel companions for your employees. They’re sleek, light, and attractive. Especially to cyber criminals due to potential valuable corporate data that can be stolen from these devices. Join this webinar to learn how to set up a strong defense against would be device, identity and data theft for your mobile workforce.

Five Requirements for Choosing a Mobile App Management and Monitoring System
Five Requirements for Choosing a Mobile App Management and Monitoring System

Download Now

Logging into a mobile app store to quickly find and download an app has become as commonplace as picking up a half gallon of milk at the corner store- in fact, it's even easier and faster. Today's apps promise everything from convenience and efficiency, social sharing, and entertainment to discounts, music streaming, or tools that formerly could only be purchased in the analog world.

How Mobile Communications Can Improve Collections
How Mobile Communications Can Improve Collections

Download Now

According to a report from Juniper Research, the number of mobile banking users worldwide will reach 530 million by 2013, up from about 300 million in 2011. For banks, this creates new options for mobile communication and interaction with customers, while reducing the load on their call centers.

The opportunity is particularly compelling in collections for a simple reason: Many people do not like dealing with collection agents. Mobile communications allows customers to bring their payments up to date without dealing with an agent or receiving embarrassing phone calls, making this channel far more effective than traditional methods.

Download today and learn more!


Webcast: Any Device, Any User, Always Secure: Adding Macs and Mobile Devices to Your Existing Management Infrastructure

Register for the Webcast

Never before have we seen the proliferation of so many new devices with so much power.

Can workers really use their device of choice while still allowing IT to manage the device and secure the way users access corporate resources and applications; without compromising security, or adding unmanageable amounts of complexity for both IT and the end user?

Mobile Device Management - Community Answers your Questions

This really depends on your business model and if you know how to utilize the tech of the day. Google glasses are probably still a ways away from hitting the mainstream (if they can ever fix the eye-strain issue) but smart phones and tablets can help employees work in more places and collaborate more. While I think these devices are ultimately good for business as a whole, don't just jump on the bandwagon because everyone else has one. Make sure you have a plan and that the technology fits...

Read More

Hi Eli, See testing of mobile application is done in multiple stages 1) The first step you should check all the codes written in the app is working properly or giving some errors at the time of launching the app. 2) Secondly, check the UI & UX part of the app so that you can able to verify how the user interface is and all buttons and tabs are working properly in all screen sizes or not. 3) Test your app in different OS versions like for android test the app in (Android Lollipop to...

Read More

My gut instinct is that if the trust level is that low, management is doing a poor job recruiting good people and earning the trust and respect of those employees. You have uncovered the tip of a much deeper issue.

Read More

I answered a question related to yours here: You can use time doctor. Benefits can be found in my answer or on the Time Doctor website.

Read More

Nice to meet you Mustaali. I have a few pieces of advice for you that I hope will help you and your team ensure device/data/infrastructure security. - Educate your employees. Your employees may not be as cybersecurity ready as you are. Employees can be your biggest asset or your biggest risk. Be sure to spend the time to host informative training sessions (interactive ones) and keep cybersecurity trends and tech advancements fresh in everyone’s mind. An informed employee can identify a...

Read More