Mobile device management done right: Top MDM tools to secure your devices

Mobile device management creates a standard setting for corporate owned mobiles, tracks their location, and enforces security. Systems can also manage BYOD. Find out the best MDM system.

Businesses that have roaming employees need to keep in touch with them, and smartphones and tablets are the best devices for that purpose. However, whether you supply those workers with corporate devices or expect them to use their own, they represent a security risk. 

There have been many tales of laptops left in stolen cars and phones lost in a park, revealing corporate or government secrets when the people who end up with those devices turn them on. Mobile devices also allow hackers easier paths into your corporate network through fake WiFi hotspots and man-in-the-middle attacks.

IT asset management and security system providers have spotted a need in the market, and they have created packages called “mobile device management” (MDM) systems. 

A typical MDM includes device tracking plus remote locking and wiping. However, beyond those essential services, there are quite a variety of approaches to mobile device management. 

Some MDMs provide a single app, which creates a portal with more icons within it for access to corporate apps, such as a file drive, a word processor, a spreadsheet, and an email system. Other tools use containerization around specific apps on the device. Some enable kiosk modes for retail devices that have only one function and block the user from getting to the operating systems. Other tools use a form of hypervisor to create a virtual desktop for each user that can be accessed from any device. 

Systems such as portals, VMs, and containers work just as well on user-owned devices as they do on corporate fleet devices. Some MDM packages provide a site that visitors and employees can use to enroll their own devices in the corporate systems. 

So, there are many options and features to look for when searching for an MDM. We have investigated the market and come up with a list of tools that provide the full range of options. 

Here is our list of the best MDM software solutions:

1. ManageEngine Mobile Device Manager Plus (EDITOR’S CHOICE): This package will manage access to corporate resources from mobile devices by creating a secure portal, which is also a great BYOD solution. With both free and paid editions, this system is available as a SaaS platform or a software package for Windows Server. Start a 30-day free trial.
2. VMware Workspace ONE (FREE TRIAL): This system manages access to company systems from desktops and mobiles by creating a virtual desktop for each user. Offered as a SaaS platform or for installation on Windows Server. Get a 30-day free trial.
3. Citrix Endpoint Management: Incorporating XenMobile, this package provides unified endpoint management for desktops and mobile devices and operates a virtualization strategy for user access. Available as a SaaS platform or for installation on Windows Server.
4. SOTI MobiControl: Mobile device management that can be subscribed to as part of the SOTI ONE unified endpoint management suite. This is a SaaS package.
5. Scalefusion: This cloud-based package provides performance and security monitoring and management for mobile devices and workstations.  
6. Miradore Mobile Device Management: This SaaS package provides management controls for mobile devices running Windows, macOS, iOS, and Android. Available in both free and paid versions.  
7. Kandji: A cloud-based management and monitoring service for Apple devices that includes asset management functions, such as OS patching.

The best MDM solutions

Our methodology for selecting a mobile device management package for your business

We reviewed the market for MDM tools and analyzed options based on the following criteria:  

• Fleet onboarding utilities that can operate on devices in bulk.
• Device tracking, remote locking, and wiping.
• Management options for BYOD.
• Performance and security monitoring.
• Containerization to keep company data away from the device’s operating system.
• A free trial or a free demo for a cost-free assessment opportunity.
• Value for money from a package that provides a full mobile device management service at a fair price.

With these selection criteria in mind, we identified a list of systems that perform mobile device management, with some that are part of a full unified endpoint management service.

1. ManageEngine Mobile Device Manager Plus (EDITOR’S CHOICE)

ManageEngine Mobile Device Manager Plus provides management and monitoring for desktops, mobile devices, and TV set-top boxes that run Windows, macOS, iOS, Android, Chrome OS, and tvOS. The package includes onboarding, tracking, remote access, and remote control features. It also secures the delivery of corporate applications and data to mobile devices. 

Key features:

• Deployment options: A SaaS platform and also a software package for Windows Server.
• Mobile app management (MAM): Creates a private app library.
• Mobile content management (MCM): Only allows authorized apps to access corporate data.
• Email management: Containerizes email access and attachment viewing.
• Containerization: Provides secure delivery to fleet devices and BYOD.

Why do we recommend it?

ManageEngine Mobile Device Management Plus is a comprehensive MDM that provides containerization that can be applied equally to fleet devices and user-owned devices. The system enables mass onboarding, tracking, remote access, remote control with locking and wiping, and secure email delivery. ManageEngine provides this system as a SaaS platform and also as a software package for Windows Server.

I observed that all connections between the mobile device and the corporate network are protected by a VPN. A VPN connection can be set up to jam a device so that it isn’t able to use the internet outside the secure link. If users want to access the internet for business, they would do it through the company’s network gateway, where all activities can be monitored and controlled. The VPN only influences data connections – the calling part of the phone will still work as usual.

All data delivered through the VPN is containerized, so there is no trace of company files on the phone’s operating system. Shadow copies and cloud uploads can be blocked. Remote locking and wiping mean that lost devices won’t result in the disclosure of company secrets. 

Who is it recommended for?

This MDM will appeal to all sizes and types of businesses that provide mobile devices for their employees. The top package is available for free, but that Free edition is limited to managing 25 devices. That is going to be an appealing option for small businesses. 

The two platforms for ManageEngine Mobile Device Management Plus offer the same utilities per edition but at different prices. The cloud version is more expensive, but it includes cloud storage space for app libraries and statistics, which is an extra feature that isn’t included with the on-premises version. There is a Free edition, which provides all the utilities of the top package but is limited to managing 25 devices. The top package, which is called the Professional edition, is available for a 30-day free trial.

EDITOR’S CHOICE

ManageEngine Mobile Device Manager Plus is our top pick for an MDM tool because it covers all the major mobile operating systems. You can protect links to your roaming devices and secure any content that is sent down that encrypted tunnel. This package enables a central administrator to see where each device is and put blocks on where content can be sent to – a necessity for GDPR. You don’t have to worry about stolen or lost devices with this package because the administrator can enforce a lock and wipe the device as soon as the loss is discovered.  

Get a 30-day free trial.

Operating system: Windows Server or cloud

2. VMware Workspace ONE (FREE TRIAL)

VMware Workspace ONE is a unified endpoint management package (UEM) that includes mobile device management. VMware is the work leader in virtualization and the company uses this technology for its UEM. Each user is assigned a virtual desktop and can access a personal file space as well as corporate assets. This method also creates access from mobile devices. 

Key features:

• Utilizes virtualization: Users get remote access to a VM on the corporate server.
• Data security: Files are encrypted when transferred to the mobile device.
• Connection security: Connections are protected by VPNs.
• BYOD: Corporate apps and files can be wiped from the device by an administrator.

Why do we recommend it?

VMware Workspace ONE provides strong security in its app and content delivery that reduces the risk of corporate data falling into the wrong hands. The processes of the MDM work equally well for fleet devices and BYOD. The files and apps are kept away from the device’s operating system and can be detected from the device wherever it is.

I found that this package is an interesting service for those who are already familiar with VMware products. The company has a very reliable and highly respected brand. The system can tie in with third-party multi-factor authentication and single sign-on systems. 

Who is it recommended for?

This is a solution for large corporations that have a variety of roles for employees that create the need to work off-site. Examples of these types of roles are construction, sales, and delivery drivers. The system is priced per device with options to take on just the mobile device management unit without the functions for managing on-site workstations.

VMware Workspace ONE is available as a SaaS platform or as a software package for Windows Server. You can examine the system with a 30-day free trial.

3. Citrix Endpoint Management

Citrix Endpoint Management is a unified endpoint management package that integrates an MDM that was previously marketed as a standalone system, called Citrix XenMobile. This system manages devices running Windows, macOS, iOS, and Android. The company also runs an app delivery system called NetScaler that provides an option for mobile application management.

Key features:

• Work profiles: Keep business apps separate from personal apps on BYOD.
• Multiple OSs: Windows, macOS, iOS, and Android.
• Deployment options: Host on Windows Server or access the SaaS version.

Why do we recommend it?

Citrix Endpoint Management comes from one of the top three virtualization providers. Citrix has taken its mobile device management system through a number of changes in recent years, so this service is a little in flux. The service now includes the NetScaler system for secure mobile app delivery.

I understand that Citrix is moving towards a Zero Trust Network Access (ZTNA) strategy for mobile service delivery. This creates a cloud-based hub for VPN connections to user devices and apps. The user gets an access app that also lists the applications that are permitted. The login for the access app flows through to logins for the application. 

Who is it recommended for?

Citrix provides access to applications through a hub. Its system is a little like a VM because the user gets a view on an application that is actually running on a server. That could be one of your own servers or on a cloud server. This is a complicated concept and is most suited to mid-sized and large businesses that are already familiar with the Citrix Xen system.

Citrix doesn’t offer a free trial for its Endpoint Management system.

4. SOTI MobiControl

SOTI MobiControl is classified as an Enterprise Mobility Management (EMM) package, but that’s the same as an MDM. This package manages rugged devices, sales equipment, and IoT devices, as well as smartphones and tablets. The service provides onboarding, tracking, locking, and wiping.  

Key features:

• Create app profiles: Specify a set of apps and get them installed at the push of a button.
• Mass onboarding: Set up multiple fleet devices in one session.
• Distributed app updates: Using SOTI Xtreme Hub.

Why do we recommend it?

SOTI MobiControl is a respectable package that is able to manage just about any mobile device, including those that are specifically designed for industrial, surveying, or retail use. The service stacks up well against all the other packages on this list in terms of the functions that it offers. 

I noted that the package provides remote viewing and remote control. These are measures for maintenance tasks and are the equivalent of the remote desktop and remote control access systems that technicians use when supporting endpoints. This is the key service of SOTI MobiControl that distinguishes it from many other MDMs.

Who is it recommended for?

SOTI MobiControl is an easy-to-use system that will be suitable for any size of business that runs mobile devices. The package is able to ban apps, so users are unable to install their favorite leisure apps on their company phones. 

This package supports devices running Windows, macOS, iOS, and Android. You can examine the SOTI MobiControl service with a 30-day free trial of SOTI ONE Platform, which includes a few other SOTI products. This will manage 25 devices.

5. Scalefusion

Scalefusion is a SaaS MDM platform that provides management for devices running Windows, macOS, Linux, Android, and iOS. Although Scalefusion deems this an MDM, the system manages workstations as well as mobile devices, so it is actually a UEM. The platform is offered in four plan levels, with higher, more expensive levels offering more features.  

Key features:

• A unified endpoint management package: Manages workstations as well as mobile devices.
• Native enrollment: Uses operating system processes for app installation.
• BYOD management: In all but the cheapest plan.

Why do we recommend it?

Scalefusion has transparent pricing, which is a great help for businesses who are investigating MDMs and need to know what a commitment to each plan entails. The four plans for the tool are clearly explained and show exactly what features are offered. The features can disable buttons and blacklist apps to reduce the chance of data theft through mobiles.

I observed that this package is very strong at content protection. It includes email access controls as well, Although it doesn’t scan outgoing emails for sensitive data. The service is able to implement geofencing, which is important for GDPR. It can also provide activity logging. 

Who is it recommended for?

This service has a charge rate per device and doesn’t impose a minimum account size or contract duration other than the one-year of each plan rate. This makes the service scalable and suitable for all sizes of businesses. It also has procedures for handling shared devices and retail kiosk-mode systems. 

This package is charged for on an annual subscription basis per device, which has to be paid in advance. You can examine the service with a 14-day free trial.

6. Miradore Mobile Device Management

Miradore Mobile Device Management is a SaaS package that manages computers as well as mobile devices. So, like Scalefusion, this is actually a UEM. The package can manage computers running Windows and macOS as well as mobile devices running iOS and Android. The system has a free plan and the two paid plans are able to manage equipment and IoT devices as well as endpoints. 

Key features:

• A unified endpoint management system: Manages computers and mobile devices.
• Security management: Tracking, locking, and wiping.
• Remote alarm: Administrators can help users find a device by probing it to sound an alarm.

Why do we recommend it?

Miradore Mobile Device Management is a strong competitor to Scalefusion. Like its rival, this system is tiered in plan levels, so buyers can decide whether they want more features or a lower price. This system provides security for connections and also for the storage space on the mobile device. 

This system doesn’t virtualize mobile access to applications. I learned that all apps are installed on the device and files accessed by the mobile user are actually transferred to the device. The system provides protection on both workstations and mobile devices by providing an onboard encrypted storage area. Apps operate within containers, so their shadow file copies can’t be accessed through the operating system.

Who is it recommended for?

This package is a good choice for any business, except that its paid plans have a minimum order quantity. The smallest number of devices that you can get the Premium plan for is 18, and it is 17 for the Premium Plus plan. The good news for small businesses is that there is a Free plan that manages an unlimited number of devices. 

Try out this system with a 14-day free trial. After that, you can carry on with the Free plan if you don’t want to pay.

7. Kandji

Kandji is an attractive and well-planned device management and security monitoring package. It has one detraction for many potential buyers: it only manages Apple devices. The tool will manage Macs, Macbooks, and the range of Apple mobile devices, including iPads and iPhones. The system will also manage TV set-top boxes that run tvOS. 

Key features:

• Onboarding features: Mass install app profiles on fleet devices.
• Native app management: Uses standard Apple system for app storage, installation, and patching.
• An Endpoint Detection and Response add-on: Will only protect Macs.

Why do we recommend it?

Kandji is designed just for Apple devices. That will please users of Apple products who are sick of playing second fiddle to Windows users when they are looking for system management tools. An unusual feature of this package is its Compliance Management service for CIS.

I discovered that Kandji has a process called Liftoff, which will configure brand new mobile devices as soon as they are unboxed and turned on. This works by the phone number, which the administrator will know at the point of purchase. The assigned user doesn’t have to take the device to the IT department because as soon as it connects to the Apple network, the pre-assigned setup routine will kick in. 

Who is it recommended for?

This is a great platform for companies that only use Apple devices. Any business that uses a mix of brands that bring in Android would need to buy a second MDM for those devices, which wouldn’t be very practical. Similarly, the MAC management features limit the appeal of the tool because companies that also have PCs on site won’t cover those computers with this service.

This is a cloud-based system, and you sign up for the service at the Kandji website. This will get you access to a 14-day free trial.