<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Youssef SAADE, Auteur</title>
	<atom:link href="https://www.riskinsight-wavestone.com/en/author/youssef-saade/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.riskinsight-wavestone.com/author/youssef-saade/</link>
	<description>The cybersecurity &#38; digital trust blog by Wavestone&#039;s consultants</description>
	<lastBuildDate>Wed, 01 Jul 2026 15:24:27 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	

<image>
	<url>https://www.riskinsight-wavestone.com/wp-content/uploads/2024/02/Blogs-2024_RI-39x39.png</url>
	<title>Youssef SAADE, Auteur</title>
	<link>https://www.riskinsight-wavestone.com/author/youssef-saade/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>Securing mobile devices : Introduction to MDM (Mobile Device Management) </title>
		<link>https://www.riskinsight-wavestone.com/en/2026/07/securing-mobile-devices-introduction-to-mdm-mobile-device-management/</link>
					<comments>https://www.riskinsight-wavestone.com/en/2026/07/securing-mobile-devices-introduction-to-mdm-mobile-device-management/#respond</comments>
		
		<dc:creator><![CDATA[Youssef SAADE]]></dc:creator>
		<pubDate>Wed, 01 Jul 2026 15:23:48 +0000</pubDate>
				<category><![CDATA[Cybersecurity & Digital Trust]]></category>
		<category><![CDATA[Focus]]></category>
		<category><![CDATA[Enterprise Mobility Management]]></category>
		<category><![CDATA[Mobile Application Management]]></category>
		<category><![CDATA[Mobile Device Management]]></category>
		<category><![CDATA[Mobile Threat Detection]]></category>
		<category><![CDATA[Securing mobile devices]]></category>
		<guid isPermaLink="false">https://www.riskinsight-wavestone.com/?p=30299</guid>

					<description><![CDATA[<p>The increased professional use of mobile devices, mobile phones and tablets, as well as the forced adoption of remote work during the Covid crisis, have led to a multiplication of mobile work situations in companies. Two cases can be distinguished: remote work...</p>
<p>Cet article <a href="https://www.riskinsight-wavestone.com/en/2026/07/securing-mobile-devices-introduction-to-mdm-mobile-device-management/">Securing mobile devices : Introduction to MDM (Mobile Device Management) </a> est apparu en premier sur <a href="https://www.riskinsight-wavestone.com/en/">RiskInsight</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p style="text-align: justify;"><span data-contrast="auto">The increased professional use of mobile devices, mobile phones and tablets, as well as the forced adoption of remote work during the Covid crisis, have led to a multiplication of mobile work situations in companies. Two cases can be distinguished: remote work situations (at home, in a coworking space, etc.) and nomadic work situations (while travelling, in an airport, train, hotel, etc.).</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">These new mobile uses, increasingly based on smartphones and tablets, introduce </span><b><span data-contrast="auto">new risks</span></b><span data-contrast="auto"> that must be controlled. Indeed, the company’s </span><b><span data-contrast="auto">attack surface</span></b><span data-contrast="auto"> increases considerably because of the very nature of these devices. The main risks associated with the use of mobile devices include :</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<ul style="text-align: justify;">
<li><span data-contrast="auto">Theft or loss of the device, and therefore in particular of locally stored data, which may lead to remote access to company data</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">The use of unmanaged mobile devices. This lack of control may enable risky behaviours such as the use of uncontrolled networks (e.g., public Wi-Fi), the installation of unmanaged third-party applications, delays in O/S security updates, or even mobile device jailbreaking</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">Risky wired or wireless data exchange with other devices (e.g., USB synchronisation with a computer, AirDrop, etc.)</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
</ul>
<p> </p>
<p style="text-align: justify;"><span data-contrast="auto">The observations below confirm the reality of these threats. Indeed :</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<ul style="text-align: justify;">
<li><span data-contrast="auto">53% of mobile devices have access to more sensitive data than a year ago </span><i><span data-contrast="auto">(source: Akamai)</span></i><span data-contrast="auto">,</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">45% of organisations have recently faced a mobile-related compromise </span><i><span data-contrast="auto">(source: CTM)</span></i><span data-contrast="auto">,</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">85% of mobile phishing attacks occur outside email apps, through other vectors linked to mobile uses </span><i><span data-contrast="auto">(source: Verizon)</span></i><span data-contrast="auto">.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
</ul>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><i><span data-contrast="auto">Securing mobile devices cannot be effective without a clear corporate strategy defining authorised uses, control levels and associated responsibilities.</span></i><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559685&quot;:864,&quot;335559737&quot;:864,&quot;335559738&quot;:200,&quot;335559740&quot;:278}"> </span></p>
<p> </p>
<p style="text-align: justify;"><span data-contrast="auto">Mobile security has been postponed for a few years, with efforts focused on workstations, even though it can directly threaten the security of the information system. Thus, while GPOs (</span><i><span data-contrast="auto">Group Policy Objects</span></i><span data-contrast="auto">) were commonly used to manage computer fleets, mobile devices did not simply inherit this approach.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">To meet this need, historical providers of computer security solutions (Microsoft, Ivanti, IBM, etc.), as well as new players (ManageEngine), offer SaaS or on-premises software to address the need to manage and secure mobile devices: MDM solutions (</span><i><span data-contrast="auto">Mobile Device Management</span></i><span data-contrast="auto">).</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">Beyond actively contributing to securing a company’s mobile fleet, MDM improves the user experience by ensuring that users have an up-to-date device that continuously complies with company requirements.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">In this article, we explain how to secure </span><span data-contrast="auto">corporate mobile devices</span><span data-contrast="auto"> using an MDM solution, which is a </span><i><span data-contrast="auto">must-have</span></i><span data-contrast="auto"> in the race to secure information systems, and share recommendations on their configuration.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"> </p>
<h1 style="text-align: justify;" aria-level="1"><span data-contrast="none">Mobile usage policies : a corporate strategy to define</span><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:0,&quot;335559740&quot;:278}"> </span></h1>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><span data-contrast="auto">In companies, mobile device usage policies have evolved significantly.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">Today, we distinguish three of the most common usage models in organisations (detailed at the end of this section in Figure 1):</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<ul style="text-align: justify;">
<li><span data-contrast="auto">COBO – </span><i><span data-contrast="auto">Corporate-owned, business only</span></i><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">COPE – </span><i><span data-contrast="auto">Corporate-owned, personal enabled</span></i><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">BYOD – </span><i><span data-contrast="auto">Bring your own device</span></i><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
</ul>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><span data-contrast="auto">First, it is necessary to define the company’s strategy for these mobile uses: are mobile accesses authorised and legitimate from a business perspective? If so, many additional questions must be addressed when defining the corporate strategy:</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<ul style="text-align: justify;">
<li><span data-contrast="auto">Which users are authorised (VIPs only, all internal users, external users as well, etc.)?</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">Which types of mobile devices are authorised (company-owned, personal, or both)?</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">Which applications or data may be accessed (email only, the full collaborative suite, etc.)?</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
</ul>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><span data-contrast="auto">This strategy is central to provide direction and guide the subsequent security efforts. It will make it possible to better target the risks applicable to the company, better control its information system and define rules that are consistent with authorised or unauthorised uses, while providing users with clarity on accepted and prohibited practices.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto"> </span><span data-ccp-props="{&quot;134245418&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559740&quot;:278}"> <img fetchpriority="high" decoding="async" class="aligncenter size-full wp-image-30305" src="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/Image4.png" alt="" width="801" height="499" srcset="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/Image4.png 801w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/Image4-307x191.png 307w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/Image4-63x39.png 63w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/Image4-768x478.png 768w" sizes="(max-width: 801px) 100vw, 801px" /></span></p>
<p style="text-align: center;"><strong><i>Figure 1 : Mobile device management profiles</i> </strong></p>
<p style="text-align: justify;"> </p>
<h1 style="text-align: justify;" aria-level="1"><span data-contrast="none">Securing mobile devices through 4 tools : MDM, MAM, EMM and MTD</span><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:0,&quot;335559740&quot;:278}"> </span></h1>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><span data-contrast="auto">Before going into detail on MDM-like tools, it is worth to remind that several complementary solutions exist for securing mobile devices. These tools operate at several stages:</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<ul style="text-align: justify;">
<li><strong>MDM (<i>Mobile Device Management</i></strong><span data-contrast="auto"><strong>) :</strong> fleet management and corporate device security tool (mainly at OS level)</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><strong>MAM (<i>Mobile Application Management</i></strong><span data-contrast="auto"><strong>) :</strong> application management and security tool (mainly at application level)</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><strong>EMM (<i>Enterprise Mobility Management</i></strong><span data-contrast="auto"><strong>) :</strong> a tool centralising MDM and MAM functionalities</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto"><strong>MTD (Mobile Threat Detection) :</strong> a tool for detecting attacks on mobile devices, similar to Endpoint Detection &amp; Response (EDR) for laptops (OS and application layers)</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
</ul>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><span data-contrast="auto">The figure below illustrates this ecosystem within a mobile device:</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-ccp-props="{&quot;134245418&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559740&quot;:278}"> <img decoding="async" class="aligncenter size-full wp-image-30307" src="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/Image3.png" alt="" width="903" height="570" srcset="https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/Image3.png 903w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/Image3-303x191.png 303w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/Image3-62x39.png 62w, https://www.riskinsight-wavestone.com/wp-content/uploads/2026/07/Image3-768x485.png 768w" sizes="(max-width: 903px) 100vw, 903px" /></span></p>
<p style="text-align: center;"><strong><i>Figure 2 : The enterprise mobility security ecosystem</i></strong><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559739&quot;:200,&quot;335559740&quot;:240}"> </span></p>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><span data-contrast="auto">An MDM, MAM or MTD does not address the same needs and secures the mobile fleet at different levels. The next sections of this article focus only on MDM.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">MDM solutions address the need to secure devices </span><b><span data-contrast="auto">owned by the company</span></b><span data-contrast="auto">, and therefore the </span><b><span data-contrast="auto">COBO</span></b><span data-contrast="auto"> and </span><b><span data-contrast="auto">COPE</span></b><span data-contrast="auto"> policies described above.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">A key consideration on BYOD: it is important to keep in mind that devices not owned by the company cannot be fully configured by the company. To secure the BYOD use case, i.e. access to company data and applications from an unmanaged device, MAM solutions can address the need by securing applications and creating a professional container.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">In the rest of this article, the BYOD case is considered out of scope. Since the device belongs to the user or to a partner company, the company does not truly control the configuration and security of these devices, as it can hardly require the user to install certain configurations or applications, or to share certain device data. However, it is possible to harden access to the information system to make BYOD usage impossible, but this requires an in-depth impact analysis, considering all use cases (multi-factor authentication on mobile, management of partners and external providers, conflicts between fleet management tools, access to training, etc.).</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"> </p>
<h1 style="text-align: justify;" aria-level="1"><i><span data-contrast="none">Mobile Device Management</span></i><span data-contrast="none"> at the heart of securing corporate mobile devices</span><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:0,&quot;335559740&quot;:278}"> </span></h1>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><i><span data-contrast="auto">Mobile Device Management</span></i><span data-contrast="auto"> tools make it possible to effectively administrate and secure a complete fleet of mobile devices through three core functions, which are detailed below:</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<ul style="text-align: justify;">
<li><b><span data-contrast="auto">Fleet management :</span></b><span data-contrast="auto"> know and configure the devices accessing the information system, and deploy company or third-party applications.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><b><span data-contrast="auto">Compliance control :</span></b><span data-contrast="auto"> ensure that devices comply with the company’s security policies and standards.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><b><span data-contrast="auto">Security and hardening :</span></b><span data-contrast="auto"> implement security measures on devices to strengthen protection against threats.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
</ul>
<p style="text-align: justify;"><strong><i>Note:</i></strong><i><span data-contrast="auto"> The following paragraphs aim to present features offered by most MDM solutions; the availability of the desired features should be verified before subscribing to any MDM solution.</span></i><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"> </p>
<h2 style="text-align: justify;" aria-level="2"><span data-contrast="none">Administering the corporate mobile device fleet: inventory, administration and provisioning</span><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:278}"> </span></h2>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><span data-contrast="auto">In response to security and regulatory requirements for device management, MDM centralises many mobile device management features in a single interface:</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<ul style="text-align: justify;">
<li><b><span data-contrast="auto">Deploy/remove :</span></b><span data-contrast="auto"> MDM facilitates the provisioning of new corporate devices for IT teams, potentially remotely with installation of company configurations and business applications, as well as the removal of these configurations and the deletion of company-related data when needed, for example at end of device life, in case of suspected compromise or theft (wipe-out function).</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><b><span data-contrast="auto">Manage :</span></b><span data-contrast="auto"> MDM inventories all corporate mobile devices and presents their key attributes, for example OS type, OS version, owner name, encryption status, IMEI, last connection date, etc., while ensuring compliance with the General Data Protection Regulation (GDPR).</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><b><span data-contrast="auto">Monitor :</span></b><span data-contrast="auto"> alerts can be configured in MDM solutions to monitor the health of the fleet and identify any deviation from the rules previously defined by the company.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><b><span data-contrast="auto">Support :</span></b><span data-contrast="auto"> MDM includes remote-control and device diagnostic features to facilitate interventions by IT teams.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
</ul>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><span data-contrast="auto">By providing up-to-date data on the mobile fleet, MDM can help meet various </span><b><span data-contrast="auto">regulatory requirements</span></b><span data-contrast="auto">, particularly regarding knowledge of and ability to manage the fleet, as well as reaction capability in the event of compromission. Several regulations, for example ISO 27002 (section 5.9 Inventory of Information &amp; Other Associated Assets), require companies to identify and manage their devices.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">This centralisation provides an overall view of the fleet, while also enabling classification for better administration. In particular, device tagging or grouping systems make it easy to manage subsets of devices that may have configuration variations or exceptions (depending on business needs, for example network teams, VIP users, etc.).</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"> </p>
<h2 style="text-align: justify;" aria-level="2"><span data-contrast="none"><strong>Compliance policies :</strong> assessing the compliance of mobile devices accessing company data and applications</span><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:40,&quot;335559739&quot;:0,&quot;335559740&quot;:278}"> </span></h2>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><span data-contrast="auto">More than just fleet management software, MDM solutions can assess the mobile fleet against corporate security policies, known as compliance policies.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">Highlighting non-compliant devices can be essential in order to take targeted action: for example, removing their access to the information system through conditional access if the device is jailbroken or does not run the latest OS versions. Since this assessment can be performed at each device connection, fleet compliance can be considered continuously up to date.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">This major MDM feature should be fully leveraged. A non-compliant device represents a risk to the company and its information system (presence of unpatched vulnerabilities, etc.). To avoid harming team productivity, the user can be notified as soon as non-compliance is detected, and access rights to company data can be removed through conditional access if the non-compliance is not resolved, by adjusting the compliance status validity period.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"> </p>
<h2 style="text-align: justify;"><a name="_Toc232070766"></a>Configuration profiles : configuring devices deployed by the company</h2>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><span data-contrast="auto">When corporate mobile devices are provided to employees, a configuration should be applied to protect these devices and align them with a predefined baseline: this is made possible through configuration profiles.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">To secure mobile devices, it is possible to </span><i><span data-contrast="auto">customise</span></i><span data-contrast="auto"> the baseline in order to </span><i><span data-contrast="auto">professionalise</span></i><span data-contrast="auto"> the device, across various platforms (iOS, Android). Common baseline hardening measures include:</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<ul style="text-align: justify;">
<li><span data-contrast="auto">Hardening of security configurations and feature restrictions;</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">Deployment of company configuration;</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">Restriction of third-party application installation outside the application store.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
</ul>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><span data-contrast="auto">Devices can then check for the latest configuration profile updates and apply them (frequency to be defined &#8211; recommendation: once a day). This setting helps ensure the device remains as close as possible to security best practices at all times.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">We recommend the following </span><b><span data-contrast="auto">measures</span></b><span data-contrast="auto"> when using an MDM solution:</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<ul style="text-align: justify;">
<li><b><span data-contrast="auto">Push the security configuration during device enrolment</span></b><span data-contrast="auto">, including at least:</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><b><span data-contrast="auto">Hard drive encryption</span></b><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><b><span data-contrast="auto">Hardened authentication policy</span></b><span data-contrast="auto"> (six-digit passcode or biometrics, with simple passcodes blocked)</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">Deploy </span><b><span data-contrast="auto">OS and application patches</span></b><span data-contrast="auto"> directly</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><b><span data-contrast="auto">Detect and block non-compliant devices</span></b><span data-contrast="auto"> (at minimum, jailbroken devices)</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><b><span data-contrast="auto">Deploy an action plan</span></b><span data-contrast="auto"> for non-compliant devices (alerts, blocking, etc.)</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
</ul>
<p style="text-align: justify;"> </p>
<h1 style="text-align: justify;" aria-level="1"><span data-contrast="none">In summary, MDM is a fundamental building block and a prerequisite for securing access to the information system</span><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:0,&quot;335559740&quot;:278}"> </span></h1>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><span data-contrast="auto">MDM solutions offer numerous interfaces, particularly with other security tools.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">In particular, to fully benefit from MDM, it is common and recommended to interface it with the company’s </span><i><span data-contrast="auto">Identity Provider</span></i><span data-contrast="auto"> (</span><i><span data-contrast="auto">IDP</span></i><span data-contrast="auto">). Integrating MDM with the identity and access management solution for the information system enables conditional access based on device compliance or attributes (for example, removing remote access to company data for mobile devices that do not comply with the compliance policies defined in the MDM). This contributes to Zero Trust strategies by strengthening the company’s posture through greater control over access to its information system.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">It is also possible to connect the MDM tool with </span><i><span data-contrast="auto">Mobile Threat Defense</span></i><span data-contrast="auto"> (</span><i><span data-contrast="auto">MTD</span></i><span data-contrast="auto">) solution. This interface with a complementary mobile device protection tool enables information to send back device compliance and health information to the MDM, or whether it presents compromise risks (malware, connection to an unsecured network, etc.). This analysis of the device and its risks can then condition access to the corporate information system.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">Finally, although accumulating MDM solutions is not recommended, it is sometimes necessary to interface the MDM solution with other MDM solutions in order to centralise information and manage the entire fleet centrally. For example, it is common to interface Microsoft Intune with Apple Business Manager MDM, which may contain the full database of iOS devices.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"> </p>
<h1 style="text-align: justify;" aria-level="1"><span data-contrast="none">Conclusion : key elements to effectively secure a mobile device fleet</span><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559738&quot;:240,&quot;335559739&quot;:0,&quot;335559740&quot;:278}"> </span></h1>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><span data-contrast="auto">In a context of increasing mobility in companies, MDM clearly stands out as a </span><i><span data-contrast="auto">must-have</span></i><span data-contrast="auto"> in the race to secure access to corporate information systems.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">More than a simple centralised inventory of mobile devices, this solution also simplifies the end-user experience by providing a hardened and secure turnkey device that complies with corporate policies.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p style="text-align: justify;"><span data-contrast="auto">To implement an MDM solution effectively, organisations should :</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<ul style="text-align: justify;">
<li><b><span data-contrast="auto">Cover all mobile devices</span></b><span data-contrast="auto"> in the fleet (all types, brands, platforms and business functions): the robustness of an information system is assessed by its weakest links</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">Formalise a </span><b><span data-contrast="auto">mobile device management policy</span></b><span data-contrast="auto"> adapted to the company’s needs, without major constraints for end users, in order to avoid user misbehaviours and reduce business impact</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">Translate this policy into </span><b><span data-contrast="auto">configuration profiles</span></b><span data-contrast="auto"> and </span><b><span data-contrast="auto">compliance policies, and keep them up to date</span></b><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">Raise </span><b><span data-contrast="auto">user awareness</span></b><span data-contrast="auto"> of the chosen corporate policy by sharing a corporate mobile device usage charter with users, explaining the benefits of centralised management and respect for user privacy, which requires a clear corporate strategy</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">Consider </span><b><span data-contrast="auto">mobile security as a whole</span></b><span data-contrast="auto">, and in particular </span><b><span data-contrast="auto">address BYOD in parallel</span></b><span data-contrast="auto"> to avoid workarounds through this channel, by combining MDM deployment with MAM deployment, in order to cover, for example:</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">The risk of data leakage (local storage on an unmanaged device, synchronisation with personal cloud services such as Google Drive, unintentional sharing via unsecured applications)</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">The risk of data interception over unsecured connections (cafés, hotels, transport)</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li><span data-contrast="auto">The risk of malware propagation across the information system</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
<li style="text-align: justify;"><span data-contrast="auto">In summary, while MDM is now an essential foundation for securing corporate mobile devices, its effectiveness depends above all on a clear corporate strategy and a sufficient level of device hardening.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></li>
</ul>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><span data-contrast="auto">The most mature organisations can then complement this foundation with MAM and MTD solutions, following a progressive approach adapted to their challenges (in particular, deploying MAM to enable BYOD use cases). It should be noted that MTD solutions are currently not widely deployed, with priority given to implementing the MDM and MAM combination which, when properly configured, can cover a large majority of mobile use cases, from managed corporate phones to personal phones.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559740&quot;:278}"> </span></p>
<p>Cet article <a href="https://www.riskinsight-wavestone.com/en/2026/07/securing-mobile-devices-introduction-to-mdm-mobile-device-management/">Securing mobile devices : Introduction to MDM (Mobile Device Management) </a> est apparu en premier sur <a href="https://www.riskinsight-wavestone.com/en/">RiskInsight</a>.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://www.riskinsight-wavestone.com/en/2026/07/securing-mobile-devices-introduction-to-mdm-mobile-device-management/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
