Mobile Device Management explained: central control, security and compliance across the entire fleet.
Mobile Device Management (MDM):
What it is, how it works and why businesses need it
Mobile Device Management (MDM) is a software solution that enables companies to centrally manage, configure and secure all mobile end devices. MDM allows IT departments to configure devices remotely, distribute updates, enforce security policies and wipe data in the event of loss or theft – regardless of where the device is located.
1. What is Mobile Device Management?
Mobile Device Management (MDM) is a category of IT management software developed specifically for managing mobile end devices in corporate environments. At its core, MDM enables the following:
- Viewing all corporate devices centrally in a single dashboard
- Automatically distributing configurations (Wi-Fi, email, VPN, apps) to all devices
- Enforcing security policies uniformly across all managed devices
- Remotely locking or completely wiping individual devices in an emergency
2. How does MDM work technically?
Technically, MDM consists of two components: a central management console (the MDM server) and a management profile or agent on each end device. The two communicate with each other in encrypted form – the IT department steers from the console, the device applies the settings.
The process follows a fixed pattern:
- Enrollment – the device is registered once in the MDM, either manually or automatically via Apple Business Manager or Android Zero-Touch.
- Profile distribution – configurations and policies are transferred to the device as profiles and enforced there by the operating system.
- Push communication – changes reach the device via the manufacturers' push services (Apple Push Notification service, Android Management API), without the user having to do anything.
- Status reporting – the device continuously reports its state and compliance status back to the console.
Important: MDM uses the official management interfaces of Apple and Google. It is not an intervention into the device "from the outside", but the secured method intended by the manufacturer for managing devices in a company.
3. The 9 most important MDM functions
1. Remote wipe and device lock
In the event of loss or theft, IT administrators can immediately lock or completely reset a device remotely. Corporate data is protected within seconds.
2. Automatic software updates
Security and OS updates can be centrally scheduled and rolled out to all devices simultaneously. No device falls behind, no update is missed.
3. Enforcing security policies
Password requirements, screen lock timeouts, encryption standards and access controls are automatically enforced on all managed devices.
4. App management
Corporate apps can be distributed, updated or removed across all devices via an internal app catalogue – without any action from the user.
5. Remote device configuration
Wi-Fi profiles, email accounts and VPN connections are automatically set up on new devices. If Wi-Fi credentials change, the update is instantly pushed to all devices.
6. Inventory and asset management
MDM provides a real-time overview of all enrolled devices: model, OS version, battery status, installed apps and compliance status.
7. Separation of personal and corporate data
In BYOD scenarios, MDM enables a clear separation of private and business content on the same device via an encrypted container.
8. Compliance reporting
MDM systems automatically generate reports on the compliance status of all devices – ideal for GDPR and ISO 27001 audits.
9. Faster device provisioning
Via zero-touch enrolment, a device is fully configured the moment it is switched on. New employees are immediately productive.
4. MDM, EMM and UEM – what is the difference?
| Term | Meaning | Introduced |
|---|---|---|
| MDM | Device management at hardware level | from ~2005 |
| EMM | MDM + app management + identity management | from ~2012 |
| UEM | All endpoints in one platform: smartphones, tablets, notebooks, desktops, IoT | from ~2017 |
In common usage, MDM, EMM and UEM are often used interchangeably. When companies talk about "MDM" today, they typically mean a full UEM/EMM solution.
5. Which MDM platforms are available?
| Platform | Provider | Strength |
|---|---|---|
| Microsoft Intune | Microsoft | Part of Microsoft 365; ideal for Windows-heavy environments |
| VMware Workspace ONE | Broadcom/Omnissa | Comprehensive UEM functions, strong integration |
| MobileIron | Ivanti | Proven in high-security environments |
| Samsung Knox Manage | Samsung | Optimal for Samsung device fleets |
| Jamf | Jamf | Specialised in Apple ecosystems |
Enterprise Tech Solutions AG supports all the platforms listed and offers both MDM setup and ongoing MDM operation as a managed service.
6. MDM and BYOD
BYOD – "Bring Your Own Device" – means that employees also use their private smartphones for work. That is convenient, but it raises a question: how can corporate data be protected without intruding on the device owner's privacy?
MDM solves this through strict separation: an encrypted work area (work profile or container) is set up on the private device. Business apps, emails and data live exclusively there – separated from the private part of the device.
This results in a clear division of responsibilities:
- The company manages only the work area – policies, apps and data within the container.
- The private area remains untouched – photos, private messages and personal apps are neither visible nor controllable for the IT department.
- When an employee leaves, only the container is deleted – the private device remains fully intact.
This way, both sides benefit: the company keeps control over its data, and employees keep sovereignty over their private device.
7. MDM and GDPR
MDM and data protection are closely linked – in two directions.
MDM supports GDPR compliance: encryption, access controls and the ability to remotely lock or wipe lost devices are concrete technical and organisational measures (TOMs) of the kind the GDPR requires. Automatic compliance reporting also provides the evidence that these measures actually take effect.
But MDM itself must be used in a GDPR-compliant way: because an MDM system processes device data and, in part, usage data, this requires a data processing agreement (DPA) with the service provider, transparency towards employees about what is being managed, and – especially with BYOD – a clear assurance that private data stays out of scope.
Set up correctly, MDM is therefore not a data protection risk but a building block that demonstrably supports GDPR compliance.
8. What does MDM as a managed service cost?
The cost of MDM as a managed service consists of two parts: a one-off setup and an ongoing monthly fee per device. How high both turn out depends above all on these factors:
- Number of devices – the larger the fleet, the lower the price per device tends to be.
- Platform and complexity – a homogeneous device fleet is cheaper to manage than a mixed environment with several operating systems.
- Depth of service – platform provisioning only, or full operation including support, monitoring and reporting.
- Setup effort – initial configuration, migration of an existing system and enrolment of the existing devices.
Instead of a large purchase, the result is a predictable monthly operating expense. The best way to determine the specific price for a given environment is a short health check.
9. FAQ
Request your ETS MDM Health Check
We review your existing MDM setup and identify optimisation potential – free of charge and without obligation.
