This week, I was able to sit down and pick the brain of one of our senior consultants, David Sheddan, and go over some of the major functional differences in Enterprise-level MDMs and small-to-medium business level MDMs. Without spoiling everything, I can tell you that there's a solution that's right for your organization!
- Jamf Now (Apple Only)
- Apple Profile Manager (Apple Only)
- AirWatch express (Mixed Environment)
- Meraki Systems Manager (Mixed Environment)
- Basic understanding of how an MDM platform operates (some training still required as going into a project without it is bound to deliver less-than-optimal results)
- As opposed to Enterprise-level MDM's, the learning curve for these platforms are much less rigorous and more intuitive for a non-technical end-user
Target - Small Businesses generally 50 or less devices
Designed for smaller fleets
Highlighted Features: Small to medium-sized business MDM platforms are geared towards providing a suite of functions that allow users to deploy and report on device productivity. They are capable of deploying configuration profiles that are essentially XML documents with settings. Examples of these profiles include the ability to set up email, automatically configure WiFi connection settings, set up VPN client configurations, and about a dozen others. In comparison to the enterpise-level platforms, there is a definite limitation to functionality, but again the intended use of the smb-level platforms are for someone who is new to MDM technology, or may not be as tehcnically advanced as a major enterprise setup may be.
These platforms normally include step-by-step guides on how to configure settings and wizards for assisting the setup for the end-user. They also can display basic reports and graphs that can differentiate machines that have successfully completed assigned tasks with those that have not.
- Jamf Pro (Apple Only)
- AirWatch (Mixed Environment)
- Mobile Iron (Mixed Environment)
- MaaS360 (Mixed Environment)
- Fleet size generally - but not necessarily - would surpass at least 50 devices, no real device-number ceiling (this allows for organizational growth down the road without the headache of needing to "bump up" to another level)
- Higher-level IT understanding and steep learning curve to access and utilize (not recommended for companies without a dedicated professional or IT team. Don't have that? That's fine! BFA offers solutions to help in the management of MDM platforms)
- Training and foundational implementation is highly encouraged
- Jamf requires "JumpStarts" built into their platform offering to ensure their users are equipped to leverage the software
- Options vary, depending on the scenario of implementation and devices being managed (MacOS only vs. MacOS + iOS)
Highlighted Features: Enterprise-level MDMs provide a robust toolbox full of management, deployment, and support tools that allow an IT administrative team to not only set up, but also manage, and build for the future. These features may include things like certificates or active directory bindings, login window settings, restrictions of device functionality, file encryption, and many others. "With the "Big Boy MDMs, you're able to "work under the hood" of many devices at the binary level, through the use of the command line (Windows or Mac), or using bash scripts (Jamf), to have the device run actions or policies you would like to be placed on the machine."
One of the cool aspects of this type of granular work is that it gives the IT admin the opportunity to filter through the devices under management (which can range from around 50 to thousands of devices) to pinpoint specific actions you'd like the devices to perform. An example of this might be the use of a parameter that groups any device that is out of date of the last 3 updates. Through the creation of a smart filter, you're able to select the devices that fall into this parameter and signal them to update. Upon the completion of the task, as the devices update, they will automatically fall out of the scope of the initial filter, allowing the admin to focus on any devices that did not execute the command and may need additional attention.
Another example would be the administrator's ability to create and deploy custom profiles that can be user-specific, department-specific, or company-wide. This is a great way to ensure your end-users are getting the necessary functions for their position, while also restricting the use of applications or functions that would not apply to their responsibilities. From a numbers perspective, this means you can control the number of licenses needed and used for specific applications, as well as keep group-specific data separate. This is a tremendously helpful organizational feature that allows companies with multiple locations to keep their locational data organized without having to wade through other locational data which, in turn, minimizes the chance of accidental actions to valuable data.
With the ability to customize management, enterprise-level organizations can be more agile from an IT perspective. And with the rate at which technological advancement is occurring, it's a big win to be able to keep up as a larger business or educational organization.
*Mixed Environment - Term used to describe an IT environment that supports both Windows/Android and MacOS/iOS devices
*Apple Only - This term is used to describe IT environments that are comprised 100% of MacOS/iOS devices