mobile device management

In the evolving landscape of Enterprise Mobility Management (EMM), navigating the sea of acronyms can feel like translating a foreign language. Whether you're an IT administrator looking to enhance your EMM capabilities or a business leader eager to stay ahead in the mobility game, understanding the terminology is crucial. From Bring Your Own Device (BYOD) and Mobile Device Management (MDM) to Zero-Touch Enrollment, these terms represent key elements that can make or break your mobile strategy.

In this comprehensive guide, we'll break down these acronyms, explaining their roles, benefits, and how they fit into the broader EMM framework. So grab a coffee, pull up a chair, and let's demystify these essential EMM acronyms once and for all.

Guide contents:

 

What is Enterprise Mobility Management?

Enterprise Mobility Management (EMM) is the process of managing and securing mobile devices, applications, and data used in a business or corporate environment. EMM solutions provide a central platform for businesses to manage and secure their mobile devices, including smartphones, tablets, and laptops. EMM solutions typically include features such as device enrollment, mobile device management (MDM), mobile application management (MAM), and mobile content management (MCM). With EMM, businesses can ensure that their mobile devices are secure, up-to-date, and compliant with corporate policies, and can easily manage and support their mobile devices throughout their lifecycle. EMM solutions can be provided by third-party vendors or by the mobile device manufacturers themselves, such as Apple and Google.

What is Mobile Device Management?

Mobile Device Management (MDM) is a component of Enterprise Mobility Management (EMM) that focuses on managing and securing mobile devices, such as smartphones and tablets, used in a business or corporate environment. MDM solutions provide a central platform for businesses to manage and secure their mobile devices, including features such as device enrollment, device configuration, software updates, and remote device wiping. With MDM, businesses can ensure that their mobile devices are secure, up-to-date, and compliant with corporate policies, and can easily manage and support their mobile devices throughout their lifecycle. MDM solutions can be provided by third-party vendors or by the mobile device manufacturers themselves, such as Apple and Google.

What is Mobile Application Management?

Mobile Application Management (MAM) is a component of Enterprise Mobility Management (EMM) that focuses on managing and securing the mobile applications used in a business or corporate environment. MAM solutions provide a way for businesses to manage the deployment, security, and lifecycle of mobile apps on their employees' devices. This includes features such as app distribution, app wrapping, app blacklisting and whitelisting, and app-level security policies. With MAM, businesses can ensure that only approved apps are used on their employees' devices, and can enforce security policies to protect sensitive corporate data. MAM solutions can be provided by third-party vendors or by the mobile device manufacturers themselves, such as Apple and Google.

What is BYOD?

BYOD, or Bring Your Own Device, is a policy or practice in which employees are allowed to use their personal devices, such as smartphones and laptops, for work purposes. Under a BYOD policy, employees can access corporate data and applications on their personal devices, and are responsible for ensuring that their devices are secure and compliant with corporate policies. BYOD has become increasingly popular in recent years, as it allows employees to use the devices they are most comfortable with, and can help reduce costs for businesses by eliminating the need to provide devices for their employees. However, BYOD also introduces new challenges for businesses, such as the need to ensure the security of corporate data on personal devices, and the need to support a wide range of different devices and operating systems.

What is COPE?

COPE, or Corporrate-Owned, Personally-Enabled, is a term used to describe a mobile device management strategy in which a business provides employees with devices that are owned by the company, but can be used for both work and personal purposes. Under a COPE strategy, employees are allowed to use the same device for both work and personal activities, and the company is responsible for ensuring that the device is secure and compliant with corporate policies. COPE is an alternative to Bring Your Own Device (BYOD) strategies, in which employees use their own devices for work purposes. COPE can provide some advantages over BYOD, such as the ability to more easily control and secure corporate data, and the ability to provide employees with high-quality devices that are optimized for work. However, COPE can also be more expensive for businesses, as they are responsible for purchasing and maintaining the devices.

What is COSU?

COSU, or Corporate-Owned, Single-Use, is a term used to describe a mobile device management strategy in which a business provides employees with devices that are owned by the company and are only used for work purposes. Under a COSU strategy, employees are not allowed to use the devices for personal activities, and the company is responsible for ensuring that the device is secure and compliant with corporate policies. COSU is an alternative to Bring Your Own Device (BYOD) strategies, in which employees use their own devices for work purposes. COSU can provide some advantages over BYOD, such as the ability to more easily control and secure corporate data, and the ability to provide employees with devices that are optimized for work. However, COSU can also be more expensive for businesses, as they are responsible for purchasing and maintaining the devices.

What is Android Enterprise?

Android Enterprise is a suite of management solutions for Android devices that allows businesses and organizations to securely and easily deploy and manage their devices at scale. It provides a centralized way to manage the entire lifecycle of Android devices, from initial setup and configuration to ongoing management and maintenance. Android Enterprise includes features such as device enrollment, mobile device management (MDM), mobile application management (MAM), and mobile content management (MCM). With Android Enterprise, businesses can ensure that their Android devices are secure, up-to-date, and compliant with corporate policies, and can easily manage and support their devices throughout their lifecycle. Android Enterprise is provided by Google and is integrated with other Google cloud services, such as Google Play and Google Cloud.

What is the Work Profile?

The Work Profile is a feature of Android Enterprise that allows businesses and organizations to securely manage corporate data and applications on personal devices. The Work Profile creates a separate, secure space on the device for work-related apps and data, which is managed by the organization's mobile device management (MDM) solution. This allows employees to use their personal devices for work purposes, while keeping their personal apps and data separate and secure. The Work Profile is an alternative to Bring Your Own Device (BYOD) strategies, in which employees use their own devices for work purposes. The Work Profile can provide some advantages over BYOD, such as the ability to more easily control and secure corporate data, and the ability to support a wider range of devices. It is also less intrusive for employees, as it allows them to keep their personal apps and data separate from their work apps and data.

What is user enrollment?

User enrollment is a feature of mobile device management (MDM) solutions that allows employees to enroll their personal devices in an organization's MDM solution. With user enrollment, employees can use their personal devices for work purposes, and the organization can apply corporate policies and settings to the device to ensure that it is secure and compliant with corporate policies. User enrollment is typically used in Bring Your Own Device (BYOD) scenarios, in which employees use their own devices for work purposes. It allows employees to easily enroll their devices in the organization's MDM solution, without the need for IT intervention. It also allows employees to retain control over their personal apps and data, while still allowing the organization to manage and secure corporate apps and data on the device.

What is the Apple Developer Enterprise Program (ADEP)?

The Apple Enterprise Developer Program is a subscription-based program designed for businesses and organizations that develop and distribute proprietary, in-house iOS apps to their employees. The program provides access to a range of tools and resources that can help businesses develop and distribute their iOS apps, including the ability to create and distribute in-house apps, beta test apps with employees, and access to pre-release versions of iOS. The program also includes access to technical support and other resources, such as documentation and sample code. To join the Apple Enterprise Developer Program, businesses must have a D-U-N-S Number and must be registered as a legal entity. The program is available in select countries and regions.

What are iOS Custom Apps?

iOS Custom Apps, also known as in-house apps, are apps that are developed and distributed by businesses and organizations for their own employees. These apps are not available on the public App Store, and are typically designed to meet the specific needs of the organization and its employees. iOS Custom Apps can be developed using the Apple Enterprise Developer Program, which provides access to a range of tools and resources that can help businesses develop and distribute their iOS apps. With iOS Custom Apps, businesses can create custom app experiences for their employees, and can easily distribute and manage these apps within their organization.

What is the in-house code-signing certificate?

The in-house code-signing certificate is a digital certificate that is used to sign and distribute in-house iOS apps. In-house iOS apps are apps that are developed and distributed by businesses and organizations for their own employees, and are not available on the public App Store. The in-house code-signing certificate allows businesses to securely distribute these apps to their employees, and ensures that the apps can only be installed on devices that are managed by the organization. The in-house code-signing certificate is managed by the Apple Enterprise Developer Program, and is included as part of the program's subscription. To use the in-house code-signing certificate, businesses must have an active subscription to the Apple Enterprise Developer Program and must have registered their devices with the program.

What is the ad-hoc code-signing certificate?

The ad-hoc code-signing certificate is a digital certificate that is used to sign and distribute iOS apps to a limited number of devices. Ad-hoc iOS apps are apps that are not available on the public App Store, and are typically used for testing or beta-testing purposes. The ad-hoc code-signing certificate allows businesses to securely distribute these apps to a limited number of devices, and ensures that the apps can only be installed on the registered devices. The ad-hoc code-signing certificate is managed by the Apple Enterprise Developer Program, and is included as part of the program's subscription. To use the ad-hoc code-signing certificate, businesses must have an active subscription to the Apple Enterprise Developer Program and must have registered their devices with the program.

What is the apk app format?

The apk app format is the file format used for Android applications. Android apps are packaged as apk files, which are similar to zip files and contain all of the files and resources that are needed to run the app. The apk file format is used by the Android operating system to install and manage Android apps on a device. To install an apk file on an Android device, users can typically download the file from a website or email and then open it from the device's "Downloads" app or "Files" app. The Android operating system will then prompt the user to confirm the installation and will install the app on the device. Apk files can also be sideloaded onto Android devices, which allows users to install apps from sources other than the official Google Play Store.

What is the aab app format?

The aab app format is the file format used for Android app bundles. An Android app bundle is a package that contains all of the files and resources that are needed to run an Android app, including the app's code, resources, and assets. The aab file format is used by the Android operating system to install and manage Android app bundles on a device. The aab format is similar to the apk app format, but is optimized for delivering multiple app variants to different devices and user groups. This allows developers to create a single app bundle that can be used to target a wide range of devices, languages, and other device configurations. To install an aab file on an Android device, users can typically download the file from a website or email and then open it from the device's "Downloads" app or "Files" app. The Android operating system will then prompt the user to confirm the installation and will install the app on the device.

What is the ipa app format?

The ipa app format is the file format used for iOS applications. iOS apps are packaged as ipa files, which are similar to zip files and contain all of the files and resources that are needed to run the app. The ipa file format is used by the iOS operating system to install and manage iOS apps on a device. To install an ipa file on an iOS device, users can typically download the file from a website or email and then open it from the device's "Files" app. The iOS operating system will then prompt the user to confirm the installation and will install the app on the device. Ipa files can also be sideloaded onto iOS devices, which allows users to install apps from sources other than the official App Store.

How to enable unknown sources on Android?

To enable unknown sources on Android, follow these steps:

  1. Open the "Settings" app on your Android device.
  2. Scroll down and tap on the "Security" or "Privacy" option.
  3. Scroll down to the "Device administration" or "Unknown sources" section and tap on it.
  4. If the option is not already enabled, tap on the toggle switch to enable it.
  5. If prompted, read the warning message and tap on "OK" to confirm.

After completing these steps, your Android device will be able to install apps from sources other than the Google Play Store. However, you should be aware that installing apps from unknown sources can increase the risk of installing malicious or fraudulent apps. It is important to only download and install apps from trusted sources, and to carefully review the app permissions and reviews before installing an app.

How to install apps outside of the App Store on iOS?

To install apps outside of the App Store on iOS, follow these steps:

  1. Open the "Settings" app on your iOS device.
  2. Scroll down and tap on the "General" option.
  3. Scroll down and tap on the "Profiles & Device Management" or "Profiles" option.
  4. If you have not installed any app from outside the App Store, you will not see any profiles listed.
  5. If you have already installed an app from outside the App Store, tap on the profile for the app developer.
  6. Tap on the "Trust" or "Verify" button, and then tap on "Trust" again to confirm.

After completing these steps, you will be able to install apps from outside the App Store on your iOS device. However, you should be aware that installing apps from outside the App Store can increase the risk of installing malicious or fraudulent apps. It is important to only download and install apps from trusted sources, and to carefully review the app permissions and reviews before installing an app.

What is a private app store?

A private app store is a platform that allows businesses and organizations to distribute and manage their own custom apps for their employees. Private app stores are typically used by businesses and organizations that have developed their own in-house apps, and want to distribute these apps to their employees without making them publicly available. Private app stores can provide businesses with a centralized and secure way to manage their app catalog, and can help them to easily distribute and update their apps within their organization. Private app stores are often integrated with mobile device management (MDM) solutions, which allows businesses to manage and secure the apps on their employees' devices. Private app stores are typically available on a subscription basis and are designed for use by businesses and organizations.

What is an enterprise app store?

An enterprise app store is a platform that allows businesses and organizations to distribute and manage mobile apps for their employees. Enterprise app stores typically provide a centralized and secure way for businesses to manage their app catalog, and can help them to easily distribute and update their apps within their organization. Enterprise app stores often include features such as mobile device management (MDM), mobile application management (MAM), and mobile content management (MCM), which allow businesses to manage and secure the apps on their employees' devices. Enterprise app stores are typically available on a subscription basis and are designed for use by businesses and organizations. They can be hosted by the organization itself, or can be provided by a third-party service provider.

Does MDM work the same on iOS and Android?

Mobile device management (MDM) solutions are typically designed to work with both iOS and Android devices, but there can be some differences in the way that they work on these different platforms. In general, MDM solutions provide similar capabilities on both iOS and Android, such as device enrollment, device management, app management, and security management. However, there may be some differences in the specific features and capabilities that are available on each platform, and the way that these features are implemented can vary between iOS and Android. For example, iOS and Android have different app stores, and the way that apps are distributed and managed on these platforms can be different. Additionally, iOS and Android have different security models, and the way that MDM solutions can manage and secure devices on these platforms can also be different. Overall, while MDM solutions may work similarly on iOS and Android, there can be some differences between the two platforms that businesses should be aware of when implementing an MDM solution.

What are the requirements for MDM on iOS?

The requirements for mobile device management (MDM) on iOS vary depending on the specific MDM solution that you are using and the specific features and capabilities that you want to enable. In general, however, the following requirements apply for using MDM on iOS:

  1. The devices must be running iOS 8 or later.
  2. The devices must be enrolled in the MDM solution. This typically involves installing an MDM profile on the devices, which is a configuration file that contains the settings and policies for the MDM solution.
  3. The devices must be supervised. This means that the devices must have been configured using Apple Configurator or another tool that allows for advanced device management capabilities.
  4. If you want to distribute in-house apps to the devices, you must have an active subscription to the Apple Enterprise Developer Program, and you must have a valid in-house code-signing certificate.
  5. If you want to configure the settings for publicly available apps, you must have an active Apple Volume Purchase Program (VPP) account.

These requirements may vary depending on the specific MDM solution that you are using, and you should consult the documentation for your MDM solution to determine the exact requirements.

What are the requirements for MDM on Android?

The requirements for mobile device management (MDM) on Android vary depending on the specific MDM solution that you are using and the specific features and capabilities that you want to enable. In general, however, the following requirements apply for using MDM on Android:

  1. The devices must be running Android 5.0 or later.
  2. The devices must be enrolled in the MDM solution. This typically involves installing an MDM profile on the devices, which is a configuration file that contains the settings and policies for the MDM solution.
  3. The devices must have the Google Play Store app installed, and must have access to the Google Play Store.
  4. If you want to distribute in-house apps to the devices, you must have a Google Play Console account, and you must have enrolled in the Android Enterprise program.
  5. If you want to configure the settings for publicly available apps, you must have an active Google Play for Work account.

These requirements may vary depending on the specific MDM solution that you are using, and you should consult the documentation for your MDM solution to determine the exact requirements.

What are the requirements for Android Enterprise?

The requirements for using Android Enterprise vary depending on the specific deployment scenario and the specific features and capabilities that you want to enable. In general, however, the following requirements apply for using Android Enterprise:

  1. The devices must be running Android 5.0 or later.
  2. The devices must have the Google Play Store app installed, and must have access to the Google Play Store.
  3. If you are using Android Enterprise in the device owner mode, the devices must be enrolled in a mobile device management (MDM) solution. This typically involves installing an MDM profile on the devices, which is a configuration file that contains the settings and policies for the MDM solution.
  4. If you are using Android Enterprise in the managed Google Play mode, the devices must be registered with the managed Google Play store.
  5. If you want to distribute in-house apps to the devices, you must have a Google Play Console account, and you must have enrolled in the Android Enterprise program.
  6. If you want to configure the settings for publicly available apps, you must have an active Google Play for Work account.

These requirements may vary depending on the specific deployment scenario and the specific features and capabilities that you are using, and you should consult the documentation for Android Enterprise to determine the exact requirements.

What are the Work Profile requirements?

The requirements for using the Work Profile on Android devices vary depending on the specific mobile device management (MDM) solution that you are using and the specific features and capabilities that you want to enable. In general, however, the following requirements apply for using the Work Profile on Android devices:

  1. The devices must be running Android 5.0 or later.
  2. The devices must have the Google Play Store app installed, and must have access to the Google Play Store.
  3. The devices must be enrolled in a MDM solution. This typically involves installing an MDM profile on the devices, which is a configuration file that contains the settings and policies for the MDM solution.
  4. The MDM solution must support the Work Profile feature.
  5. The devices must be registered with the managed Google Play store.
  6. If you want to distribute in-house apps to the devices, you must have a Google Play Console account, and you must have enrolled in the Android Enterprise program.
  7. If you want to configure the settings for publicly available apps, you must have an active Google Play for Work account.

These requirements may vary depending on the specific MDM solution that you are using, and you should consult the documentation for your MDM solution to determine the exact requirements for using the Work Profile.

What are User Enrollment’s requirements on iOS?

The requirements for using User Enrollment on iOS devices vary depending on the specific mobile device management (MDM) solution that you are using and the specific features and capabilities that you want to enable. In general, however, the following requirements apply for using User Enrollment on iOS devices:

  1. The devices must be running iOS 13.0 or later.
  2. The devices must be enrolled in a MDM solution. This typically involves installing an MDM profile on the devices, which is a configuration file that contains the settings and policies for the MDM solution.
  3. The devices must be supervised. This means that the devices must have been configured using Apple Configurator or another tool that allows for advanced device management capabilities.
  4. The MDM solution must support the User Enrollment feature.
  5. If you want to distribute in-house apps to the devices, you must have an active subscription to the Apple Enterprise Developer Program, and you must have a valid in-house code-signing certificate.
  6. If you want to configure the settings for publicly available apps, you must have an active Apple Volume Purchase Program (VPP) account.

These requirements may vary depending on the specific MDM solution that you are using, and you should consult the documentation for your MDM solution to determine the exact requirements for using User Enrollment on iOS devices.

What is Android Entreprise essentials and how does it compare to Android Enterprise?

Android Enterprise Essentials is a simplified version of Android Enterprise that is designed for small and medium-sized businesses. Android Enterprise Essentials provides a streamlined set of features and capabilities for managing and securing Android devices, and is intended to make it easier for smaller businesses to implement an enterprise-grade mobile device management (MDM) solution.

Compared to Android Enterprise, Android Enterprise Essentials has a smaller set of features and capabilities, and is focused on providing the essential tools and capabilities that businesses need to manage and secure their Android devices. Android Enterprise Essentials includes support for device enrollment, app management, and security management, but does not include advanced features such as device policies, compliance rules, and advanced app management capabilities.

Android Enterprise Essentials is intended to provide a simple and easy-to-use solution for small and medium-sized businesses, while Android Enterprise is designed for larger organizations that need more advanced features and capabilities. Both Android Enterprise and Android Enterprise Essentials are part of the Android Enterprise program, and are designed to provide businesses with a secure and flexible platform for managing and securing their Android devices.

What is AMAPI?

AMAPI, or Android Management API, is a RESTful API that allows developers to programmatically manage and secure Android devices using the Android Enterprise platform. AMAPI provides a comprehensive set of tools and capabilities for managing and securing Android devices, including features such as device enrollment, app management, security management, and device policies.

AMAPI is designed to be easy to use and integrate with existing systems and processes, and allows developers to build custom solutions for managing and securing Android devices. AMAPI is part of the Android Enterprise program, and is designed to provide businesses with a secure and flexible platform for managing and securing their Android devices. By using AMAPI, developers can build custom solutions that leverage the power and capabilities of Android Enterprise to manage and secure their Android devices.

Julien Ott
September 15, 2023