IT Pro Verdict
Mobile Device Manager is low-cost and provides versatile monitoring of a wide range of devices. Unfortunately, not every feature works as smoothly and we wanted more effective controls to prevent the installation of unwanted apps. It's got great potential, but it’s still a long way from fulfilling that in its semi-finished state.
Easy monitoring of iOS, Android and Windows 8 devices; Clear web interface; Email and interface alerts of policy violations; Low cost
Blacklisting doesn’t prevent app installation; Limited control over email; Blacklisted apps not deleted on iOS
One of the leading security concerns for businesses of all sizes is the inherent vulnerability of mobile devices. Whether they're company-issued or part of a Bring-Your-Own-Device (BYOD) infrastructure, smartphone and tablets are rife with risks. Tech savvy staff are prone to installing unauthorised apps, employees leaving may do so with data they shouldn't have access to and devices are invariably lost.
Issues of this sort are continuing factor in the popularity of BlackBerry's business infrastructure for mobile telephony. All device are remotely administrated by a BlackBerry Enterprise Server. However, this isn't cost-effective for all businesses: you may want staff to be able to use their own devices for work, value the ease of development and rollout of corporate apps under Android, or want to deploy iOS devices.
It's this market that the 3CX Mobile Device Manager is designed to corner. The service gives administrators a web-based interface which they can use to monitor, track and manage Android and iOS phones and tablets along with Windows 8 laptops.
Apples and Pairs
If you're going to be using iPads and iPhone devices with the system, you'll first have to create an Apple Push Certificate which gives the MDM software the right to have its queries and commands recognised by iOS devices. There are detailed instructions which describe how to do this and the relevant options in Mobile Device Manager's system menu are easy to follow.
Once you've generated the request document, you have to go to Apple's identity subdomain, log in and upload it to create a signed certificate. Finally, you download the signed certificate from Apple and upload it to the Mobile Device Manager. It's a bit of a palaver, but it's not too onerous and you only need do it once.
Before you can manage iOS devices, you have to generate a signed Apple Push Certificate
Devices are managed through a web interface. Just select Add User from the Users node, enter the name, phone number and the email address you'll use to identify them and send them the instructions to set up the MDM client on their device. In the case of Windows PC users, you'll also need to enter their Windows username. You can also bulk add users by importing a CSV file containing the required information formatted according the service's requirements.
You can add users individually or by importing a CSV file containing their data. Either way, they'll be sent the app link and installation instructions via email
However you go about adding users, the MDM app will then have to be installed on their device and associated with your company's MDM account. The person installing the app whether it's your system administrator or the phone's user is informed of the software's capabilities. If the user has installed the app without being sent a specific invitation for it, such as in the case of a user adding a second device, the administrator has to approve the device via the web portal.
In the case of iOS hardware, you'll also have to manually assign a user to the device using the web portal, otherwise they'll appear as Anonymous users. This may be fine for shared corporate devices, but in general you'll want to tie each piece of hardware to a specific user. If you're going to be using GPS tracking, the users will have to enable it. For both battery-saving and ethical reasons, it's generally best to give them control over enabling and disabling these features.
K.G. is a journalist, technical writer, developer and software preservationist. Alongside the accumulated experience of over 20 years spent working with Linux and other free/libre/open source software, their areas of special interest include IT security, anti-malware and antivirus, VPNs, identity and password management, SaaS infrastructure and its alternatives.
You can get in touch with K.G. via email at email@example.com.