The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/588021
WWW.ILTANET.ORG 45 THE DEVICE MANAGEMENT LIFE CYCLE The typical life cycle of today's mobile device moves through three key phases: Enablement: Once the minimum policy compliance criteria are met, the device is accepted into the device management infrastructure during a process called enrollment. The enablement phase typically combines the initial policy enforcement check with enrollment. An enrolled device will be uniquely registered into the device management solution and can then be monitored to ensure it remains in a configuration that complies with your organizational policies. Deployment: The MDM solution must be able to push configuration details to the device so services are enabled for the end user. This could be as simple as enabling the native email client to connect to your email infrastructure or as complex as installing specialized applications. Throughout the device's life cycle, applications might need to be revised, replaced or removed, so inventorying what applications are on which devices can be an important consideration. Other things to think about are virtual private network (VPN) and Wi-Fi access profiles that enable direct connection to your corporate network infrastructure. Knowing your needs in this area is key to selecting the right MDM solution. Retirement: Enabled devices must eventually be "wiped" — have all firm data and applications removed from it — and removed from the device management infrastructure. This is device retirement. Events such as termination of employment, loss or theft of the device, or replacement of the device can lead to device retirement. Since devices are typically not firm-owned, it is best if the MDM solution only removes firm data and applications at the time of retirement, leaving personal data and applications in place. When the retirement action is initiated by the firm, you need an administrator-driven mechanism, but when the device owner initiates the device retirement, a good MDM solution will enable responsible employees to invoke self-service retirement steps so key information is protected as quickly as possible. Across all three phases, remember your overarching concern of policy compliance enforcement. And ideal MDM solution will provide mechanisms for compliance that work equally well with firm- and employee-owned devices. THE BARGAIN: CONTROL VS. CONVENIENCE Striking the right balance with mobile device management is all about establishing and maintaining negotiated control boundaries. For employees, this provides more flexibility and efficiency in how they conduct work; the firm benefits from empowered and productive employees, protected information assets and happy clients. Few IT endeavors can influence all these points so directly. It is worth getting your MDM selection right. 1 2 3 About the Author Larry Kuhn, Account Technology Strategist at Microsoft Corporation, has helped numerous global enterprise customers plan, design and deploy solutions based on SharePoint and .NET technologies. Larry assists his customers with solving their business challenges and seizing market opportunities using Microsoft-based solutions. With over 25 years of experience in the software industry, his experience spans areas of end-user productivity, application development and project management. Contact Larry at lkuhn@microsoft.com. Multiple Solutions for Multiple Needs With technology continually evolving, it is possible that you will not find an MDM solution that meets all of your needs. Or you might have an incumbent MDM solution that once did everything you needed but now has gaps against rising expectations and requirements. Although not ideal, you could find you need to employ multiple MDM solutions. If this is the case, consider subdividing your mobile device management concerns across one or more of these dimensions: Device Age: Older devices live out their days managed by the MDM solution on which they were enabled, while new devices are directed to the newer MDM solution. The older MDM solution is retired when the last managed device is retired. User Needs: Users' devices are assigned to the MDM solution that provides the best fit for the individual device owner's device capability needs. Dual Management: With this option, the same physical device is placed under management by two MDM solutions. Due to potential conflicts among management solutions, this option should be a last resort, but might be necessary in some situations. Decide in advance which solution will be responsible for what. For instance, it might be feasible to have MDM solution A continue to manage its proprietary email and data container while MDM solution B manages other applications plus the Wi-Fi and VPN profiles.