Mobile Device Manager Plus - long-awaited perfection or is it still not?

Today I would like to introduce you to ManageEngine Mobile Device Manager Plus. Although the solution exists both in the local version and in the cloud, I will limit my story to the cloud version - simply because it is easier and quicker to begin work on them.

Not so much water has flowed since the IT managers were still forced to choose: either to include corporate mobile devices in a common network and, therefore, to require employees to have at least two mobile devices, or to allow employees access to corporate data through mobile devices.

Fortunately, this situation has changed. MDM solutions, such as VMware AirWatch, Cisco Meraki, and Microsoft Intune, allow you to use the best of both options: employees can carry the mobile phone of their choice, and the company can selectively manage the device to ensure the security of corporate data.

What makes MDM Plus

Actually, how does ManageEngine MDM Plus provide a safe and workable BYOD script? Let's start by looking at the most important operations that IT managers need to perform on mobile devices:

• Manage multiple platforms for mobile OS, including Apple iOS, Google Android and Microsoft Windows Phone.
• Application Management. Distribute your own applications and selectively approve / block third-party applications.
• Asset Management: View and manage the hardware and software configurations of each mobile device.
• Security Management. Track mobile devices and perform remote wipe of lost or stolen devices.

Of course, MDM Plus can do even more! Let's take a closer look.

Initial setup and device registration

ManageEngine offers a 30-day unlimited trial cloud version of MDM Plus. I created my account and logged into the MDM Plus web portal in three minutes - everything was simple. Again, you can also run MDM Plus locally, but, from my point of view, this will not give you all the features of the cloud version.

On the portal home page, shown below, you can see an infographic that will help during the installation process. Unfortunately, not all of it is interactive. In my opinion, ManageEngine should make all these graphic elements interactive.

Now go to the Device Mgmt page, where you can register your iPhone with MDM Plus. The registration setup process is almost independent of the mobile operating systems used:

• Create an account (Apple Push Notification Service, Google Cloud Messaging, Windows Push Notification Services).
• Distribute a management profile, a policy profile, and an MDM application for clients.
• Check the devices in the MDM Plus console.

Again, I created my Apple Push Push Notification (APN) account in minutes. You can register your users' devices in several ways:

• Bulk registration through CSV input files.
• Self registration by email.
• Administrative registration using Apple Configurator.

In my environment, I registered my iPhone using an email invitation. As you can see below, I received an email from ManageEngine containing the registration link and one-time password (OTP).

NOTE. ManageEngine is technically a division of Zoho Corporation, so you will see links to both names in the MDM Plus infrastructure.

All that users have to do for their part, except to follow the link from the email, is to accept the management profile that your cloud server will send. After that, the ME MDM application will be installed on the device, this is how it will look like:

In the ME MDM application, you can access the Application Catalog, where your applications are displayed to end users.

As for firewall exceptions, you must open TCP ports 5223, 5228, 5229, and 5230 for the IPv4 17.0.0.0/8 range.

You can verify that the device is successfully registered by checking the web portal, as shown below:

Perform General Management Tasks with MDM Plus

I guess I know what you are thinking: “Tim, how can I restrict users from Root and jailbreak? How can we get users to use secure code? ”

The answer to this question is the policy profile. But, before we get to it, let's get a common inventory of the device. In the navigation pane, click Admin> Enrollment and select the managed device:

Please note that in the screenshot above, you can immediately see if the device has been hacked. By clicking on the “Geo-Tracking” tab, we can get the location of the device and, if necessary, perform a remote wipe or reset the access code, if necessary.

To create a management profile, go to Device Mgmt> Profiles and create a new iOS, Android or Windows Phone profile. As you can see in the following screenshot, you can create and apply some useful policies for mobile devices, including:

• Configure password locking and lock policy.
• Wi-Fi and VPN connections.
• Email settings (including Exchange ActiveSync).
• Corporate calendars.
• Selective resolutions / locks for built-in functions, such as camera, screen capture, in-app purchase, etc.
• You can deploy mobile device policies that enforce your IT security standards.

Speaking of applications, you can add, deploy and manage self-developed applications, as well as those that you get from the Apple App Store, Google Play Store or Windows Apps Store. The process of licensing and deploying so-called “enterprise applications” is beyond the scope of our discussion today, but we know that this is possible.

ManageEngine MDM Plus also offers Samsung KNOX security support. This is a cool technology that provides for the creation of an encrypted "container" on managed devices, where the user stores company data. I like this concept because it creates a hard line between the user's personal data and the data belonging to the organization, and, most likely, is in accordance with industry and / or government regulations.

In the dry residue

ManageEngine MDM Plus offers Windows administrators a low barrier to entering the mobile device management market. What's even cooler is that MDM Plus is completely free for 25 managed devices. Free mode supports one administrator and one auxiliary administrator role. (I forgot to say that MDM Plus uses the role-based access control model RBAC).

Prices for local and cloud options are comparable. At the time of this writing in February 2016, provided that she has 1 technical specialist and 200 managed devices, the annual license for the preliminary version is $ 3245, and the annual cloud license is $ 4325.