Want more than just blog posts? Login or Sign up for a free acount and get research, videos, slide decks and more! Join the online social network for Enterprise Mobility.

Group Admins

  • Avatar Image

Mobile Device Management

Public Group active 2 weeks, 6 days ago

This is a group where you can discuss whatever is on your mind regarding mobile device management

Windows Mobile 6.X (9 posts)

← Group Discussion   Discussion Directory
  • Avatar Image Stephen said 8 months, 2 weeks ago:

    I was wondering if anyone out there is managing WinMo 6.x devices with MDM. What what sort of benefits are there to be had?

    #
  • Avatar Image Philippe Winthrop said 8 months, 1 week ago:

    @spandy What types of Windows Mobile devices? Ruggedized?

    #
  • Avatar Image Matt Carrier said 7 months, 3 weeks ago:

    Hello Stephen, Can you expand on the benefits to be had comment? WinMo and WindowsCE are both mature and very well documented mobile operating systems. From an enterprise management perspective it’s a very close second to BlackBerry on the number of things you can manage on these devices (IMO). Most MDMs will give you security controls (Pin/Password/encryption/Wipe), configuration controls, file & registry manipulation, remote control, inventory, & application deployment. What are you trying to do? Feel free to drop me an email off line as I’ve been working with Windows devices for a decade now and can probably provide some insight.

    #
  • Avatar Image Stephen said 7 months ago:

    Not ruggedized, I’m mainly asking about standard WinMo smartphones, such as the Samsung Jack. I’m just not sold on the value prop with managing these devices under my MDM provider. Pin/Password/Wipe is currently enforced by Exchange 2003 where I work. I’m primarily focusing on device security at this point so I’m especially curious about the options are around encryption, config controls & registry manipulation. Matt, I can pop you an email but it might be nice to use the emf to share best practices in an effort to reach the other members who may be interested in this topic.

    #
  • Avatar Image Philippe Winthrop said 7 months ago:

    Stephen – Thanks for providing some specifics and for wanting to have an open dialog here about the issue. I would none the less encourage you to have an off line discussion with Matt should there be any sensitive issues for you to cover.

    #
  • Avatar Image Matt Carrier said 7 months ago:

    Stephen – you mentioned your focus is around security? How are you controlling access to your Exchange environment (requiring certificates)? If no certs or MDM -how are you limiting your EAS traffic to just the folks with Samsung Jacks. Exchange provides some tooling to see who is using ActiveSync but it leaves a lot to be desired. From a security perspective you should want to know OS, make, model, inventory (hardware/software), firmware version, etc including how many devices each user has registered and when the last date each device has connected.

    Without this control & visibility you can also run into Microsoft license compliancy issues with over-deployment.

    This chart below shows the features available by OS with EAS management and you can see once you audit your system and you see Android and iOS connecting you’ll definitely want MDM.

    http://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSync_Clients

    Many MDM vendors will be able to do additional Encryption controls over and above the native EAS. Things like Data Fading if the device hasn’t checked in for XX, Selective wipe of PIM area, external media, specified folders, encryption types.

    There are also config features like application whitelist, black list, control panel access, etc.

    There is actually a ton more that a MDM provides but it really depends on whether you feel what you have in place is not enough. Most people start with Exchange ActiveSync but then determine they need much more.

    #
  • Avatar Image Philippe Winthrop said 7 months ago:

    Great stuff Matt – your comments highlight precisely why I make the argument that “MDM” solutions are much more about EMM (Enterprise Mobility Management).

    #
  • Avatar Image Stephen said 7 months ago:

    We are using MDM where I work, but currently only for iOS. As for EMM, we also blacklist certain AgentIDs (primarily Android) from connecting to EAS at the ISA firewall. To prevent EAS access from unauthorized users, we’ve also implemented a whitelist in the ISA firewall. Only the specific AD group members can sync. These efforts help, but they’re still not full proof. I would eventually like to get to cert based authentication or some sort of mobile access control box that sits in line between the firewall and Exchange.

    But back to WinMo… I just don’t think our MDM tool is capable of things like enforcing encryption, control panel access, remote control, etc. on these devices. Perhaps that’s why I’m not seeing the value of eating up an MDM license to “manage” these devices…

    #
  • Avatar Image Matt Carrier said 7 months ago:

    I understand now. You have an MDM tool in-house which is being used to manage iOS. You were considering adding WinMo Standard under it’s umbrella of management. However the MDM you currently use doesn’t support the advanced Windows Mobile feature sets that could entice you to take that move. And it could be you are in the correct place with just EAS for these older Jacks running Windows Mobile. Typically they are just email devices and have limited if any business content (outside of email/PIM) & applications that you need a MDM/EMM platform can to deploy, configure, remove, repair.
    Thanks Stephen

    #