Mobile Device Management (MDM)
What is Mobile Device Management (MDM)?
Mobile Device Management (MDM)Software that lets an organization enroll, configure, monitor, and remotely wipe iOS, Android, macOS, and Windows endpoints from a central console.
MDM uses platform APIs — Apple Declarative Device Management and Android Enterprise's Device Policy Controller — to push configuration profiles, enforce passcodes and encryption, deploy apps, manage certificates, and trigger remote lock or wipe on lost or stolen devices. It is the foundation of most enterprise mobility programs and a building block of broader EMM and UEM platforms such as Microsoft Intune, Jamf, VMware Workspace ONE, and Google Workspace. MDM is also the abuse channel for malicious enrollment: an attacker who tricks a user into accepting a rogue MDM profile can install non-store apps, intercept traffic, or harvest device telemetry, so users should only accept profiles from a known IT department.
● Examples
- 01
Microsoft Intune pushes a Wi-Fi profile and an S/MIME certificate to all newly enrolled iPhones.
- 02
After a stolen laptop is reported, the MDM issues a remote wipe and revokes its device certificates.
● Frequently asked questions
What is Mobile Device Management (MDM)?
Software that lets an organization enroll, configure, monitor, and remotely wipe iOS, Android, macOS, and Windows endpoints from a central console. It belongs to the Mobile Security category of cybersecurity.
What does Mobile Device Management (MDM) mean?
Software that lets an organization enroll, configure, monitor, and remotely wipe iOS, Android, macOS, and Windows endpoints from a central console.
How does Mobile Device Management (MDM) work?
MDM uses platform APIs — Apple Declarative Device Management and Android Enterprise's Device Policy Controller — to push configuration profiles, enforce passcodes and encryption, deploy apps, manage certificates, and trigger remote lock or wipe on lost or stolen devices. It is the foundation of most enterprise mobility programs and a building block of broader EMM and UEM platforms such as Microsoft Intune, Jamf, VMware Workspace ONE, and Google Workspace. MDM is also the abuse channel for malicious enrollment: an attacker who tricks a user into accepting a rogue MDM profile can install non-store apps, intercept traffic, or harvest device telemetry, so users should only accept profiles from a known IT department.
How do you defend against Mobile Device Management (MDM)?
Defences for Mobile Device Management (MDM) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Mobile Device Management (MDM)?
Common alternative names include: MDM, Device management.
● Related terms
- mobile-security№ 382
Enterprise Mobility Management (EMM)
An integrated platform that combines MDM, MAM, identity, content, and access controls to manage mobile devices and apps across an enterprise.
- mobile-security№ 696
Mobile Application Management (MAM)
Controls that protect corporate data inside specific mobile applications without taking full management of the underlying device.
- mobile-security№ 123
Bring Your Own Device (BYOD)
A workplace model in which employees use their personally owned smartphones, tablets, or laptops to access corporate applications and data.
- mobile-security№ 694
Mobile App Security
The practice of designing, building, and testing iOS and Android applications to protect user data, prevent reverse engineering, and resist runtime tampering.