hate these ads?, log in or register to hide them
Results 1 to 20 of 20

Thread: MDM (No, not the debugger)?

  1. #1

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,271

    MDM (No, not the debugger)?

    What experiences do you have with Mobile device Management solutions ?

    As a MS / Edu house, i'm interested in InTune from MIcrooft.
    We also have a limited demo of MobileIron kicking around that lets us do everything short of what we want to do (Deliver apps / lock down devices).

    Out requirements are:
    - Support of iOS and Android.
    - App store mode where we can make approved apps availible to staff.
    - Total phone lockdown - no booky apps and screensavers for you.

    Shouldn't be too hard i think, but it's one of those things which has been dropped on us fro a great height with no planning or forewarning, and has to be done next week
    Last edited by Itiken; June 25 2018 at 10:22:55 AM.
    Please don't teach me what to do with my pc.

  2. #2

    Join Date
    May 31, 2011
    Posts
    4,032
    You might want to add the title to read/clarify MDM (Mobile device Management), because my first thought was "Microsoft Debug Manager" (mdm.exe).

  3. #3
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    18,755
    For some reason my first thought was MDMA and I was wondering why it was in the tech area..

    InTune is supposed to be good but I haven't touched it.
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  4. #4

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,271
    I had to hit people with the common sense stick but we are going to stick to Jamf for all apple devices, and just use 'something(tm)' for androids.
    Please don't teach me what to do with my pc.

  5. #5

    Join Date
    May 9, 2011
    Location
    Unsubbed
    Posts
    2,561
    Before we went Google (They have their own MDM - Device Policy) we were using Airwatch.

  6. #6

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    6,271
    It look sliek the only MDM controls you can put onto android devics is the Android for enterprise sandbox, then install apps into that so there's no cross contamination...

    C/D ?
    Please don't teach me what to do with my pc.

  7. #7

    Join Date
    May 31, 2011
    Posts
    4,032
    As for InTune, in general MS' docs over at docs.microsoft.com seem to be quite decent these days, so you might want to have a look at https://docs.microsoft.com/en-us/intune/

  8. #8
    Mashie Saldana's Avatar
    Join Date
    April 10, 2011
    Location
    Peterborough, UK
    Posts
    969
    We use VMware AirWatch here. Works great for me as an end user. No idea how it is to manage though.

  9. #9
    root's Avatar
    Join Date
    April 26, 2011
    Location
    The Camel Empire
    Posts
    3,100
    Quote Originally Posted by Lana Torrin View Post
    For some reason my first thought was MDMA and I was wondering why it was in the tech area..

    InTune is supposed to be good but I haven't touched it.
    Damit Lana, I wanted to make a shit post about this
    The Rapier is my love boat
    ~lowsec smallscale pvp 'n stuff~

  10. #10
    SteeleResolve's Avatar
    Join Date
    April 13, 2011
    Location
    AKA Pubbie McLemming
    Posts
    3,167
    Used it about 3 years ago. Seemed good, but we were using WP10 devices.

    As far as pushing out apps, it didn't do a great job, but as far as security was concerned, not hard to lock them down.

    A bit like activesynch++

  11. #11
    balistic void's Avatar
    Join Date
    May 5, 2011
    Location
    Dublin
    Posts
    2,642
    My place uses MobileIron, seems to work ok. I don't have a company phone tho so I have to pay money for an email client Using touchdown for android to read outlook mail.

  12. #12
    Straight Hustlin's Avatar
    Join Date
    April 14, 2011
    Posts
    10,365
    Wait why not use Outlook for Android?

    Sent from my Moto Z2 Play using Tapatalk

  13. #13

    Join Date
    September 13, 2011
    Location
    Norway
    Posts
    859
    Quote Originally Posted by Straight Hustlin View Post
    Wait why not use Outlook for Android?

    Sent from my Moto Z2 Play using Tapatalk
    It's shit but convenient. There are better options, like Samsung Focus.

    For MDM made easy, try MobiLock Pro. Has all the functions, but is setup simple and not so "Enterprise configuration".

  14. #14
    balistic void's Avatar
    Join Date
    May 5, 2011
    Location
    Dublin
    Posts
    2,642
    Quote Originally Posted by Straight Hustlin View Post
    Wait why not use Outlook for Android?

    Sent from my Moto Z2 Play using Tapatalk
    I have NFI - it just doesn't work! Recommended fix from gis is to install touchdown -.-

  15. #15

    Join Date
    August 14, 2018
    Posts
    1
    If you're still looking, you might find user reviews for all the major MDM solutions on IT Central Station to be helpful.

    Users interested in options like InTune also read reviews for BlackBerry Enterprise Mobility Suite. This user writes, "It is flexible to use. We can enroll multiple devices to use iPhone, iPad, and Android devices, with all that they entail. There is very high flexibility for different setups of single users, so it can give a single use many different device types with different enrollment types." You can read the rest of his review here.

    Good luck with your search.

  16. #16

    Join Date
    May 31, 2011
    Posts
    4,032
    What, no disclaimer "I wrote that article"?

    BTW, here's the above link with the tracking bits removed, if anyone is interested. https://www.itcentralstation.com/pro...-daniel-weber/

  17. #17
    Joe Appleby's Avatar
    Join Date
    April 9, 2011
    Location
    in front of the class
    Posts
    14,246
    So one of the things following this was a meeting between my principal and the teacher in question as well as another one with similar doubts who teaches our basic IT course and helps running our network.

    My principal, who is not very tech savvy, saw through some of their complaints as being dumb. They did mention one thing that is a quite valid concern which brings me to this thread. The software we use also offers an app and a lot of colleagues want to use it. They said that the teachers need a course in security (logging off of computers etc) and if they want to use the app, that they should make sure their phone is secure.

    A colleague who my principal conferred with a colleague (she has insight into the system we use and is very tech savvy) and she suggested that teachers wanting to use the app need to sign that they set up a proper lock screen on their phone that either uses a pin or a pattern or biometrics to unlock.

    I want to go a bit further. MDM

    It is (obviously) a BYOD environment with as much different hardware as people working there.

    Erichkknaar mentioned that there is a way to force security policies onto devices through a server protocol without the use of an app necessarily. I am not against forcing users to install an app through which I force the settings. Preferably very strict settings.

    I don't really want to do this, I rather want to force the colleague to see how inconvenient inappropriately strict security can be. I can't imagine the other colleagues really wanting me to lock down their phones just because one colleague threw a fit. Nor can I see her accepting that someone else remotely changes settings on someone else's phone.

    Yes, I have become really petty about this.

    But, I do see the point about educating the colleagues on proper security and will gladly train them. As some show some really harrowing behaviors.
    nevar forget

  18. #18

    Join Date
    May 31, 2011
    Posts
    4,032
    I'm really just pointing out the obvious, but sometimes it helps to be reminded of those.

    As you mentioned: the point with all these MDM platforms is that the user basically "hands over" the phone to the admin, allowing him e.g. to remote wipe the phone, if necessary. But you really should also do the "sign this document" part, so that they're aware that there are responsibilities and consequences. This document also is a chance to clarify in layman's terms the "whys" and "whats".

    Proper training is also a key point to security. The weakest link in all attacks is the user. Teach them to be paranoid about everything "internet".

    The 3rd point to keep in mind is not restricted to IT (security): any policy implemented is subverted right in the second when any of the superiours is excempt/excempts himself from those policies. They need to act as the bright example of how to do it right aka "Der Fisch stinkt vom Kopf her".

  19. #19
    Joe Appleby's Avatar
    Join Date
    April 9, 2011
    Location
    in front of the class
    Posts
    14,246
    Quote Originally Posted by Hel OWeen View Post
    I'm really just pointing out the obvious, but sometimes it helps to be reminded of those.

    As you mentioned: the point with all these MDM platforms is that the user basically "hands over" the phone to the admin, allowing him e.g. to remote wipe the phone, if necessary. But you really should also do the "sign this document" part, so that they're aware that there are responsibilities and consequences. This document also is a chance to clarify in layman's terms the "whys" and "whats".

    Proper training is also a key point to security. The weakest link in all attacks is the user. Teach them to be paranoid about everything "internet".

    The 3rd point to keep in mind is not restricted to IT (security): any policy implemented is subverted right in the second when any of the superiours is excempt/excempts himself from those policies. They need to act as the bright example of how to do it right aka "Der Fisch stinkt vom Kopf her".
    True. I don't want to implement it because I'd rather not force myself to do that to my phone either. But I know I would have to. We are going to do that training.

    However I want to present the "proper way to do it" and just watch her deal with the consequences.

    Rant:
      Spoiler:

    What annoys me the most is that I can understand when non-tech savvy teachers are against such things but a CS teacher should at least entertain the idea of a more contemporary approach. I mean the paperless office has been a thing for decades as an idea and as a reality it has certainly been possible for a decade. And its not like she never worked outside school, quite the opposite, she worked in the IT sector for a couple of years before teaching. But that has been more than a decade ago or so.

    Still.

    Talked with the vice principal today about the register, she's 100% behind us. She is the one who creates all class schedules and going full digital is what she wants. The class register software is an extension of the software she uses for the schedules.
    Last edited by Joe Appleby; August 23 2018 at 02:39:28 PM.
    nevar forget

  20. #20
    Joe Appleby's Avatar
    Join Date
    April 9, 2011
    Location
    in front of the class
    Posts
    14,246
    In our quest to get the digital class register out to everyone, we have to deal with PE. Our gym isn't covered by our school's LAN. So we will provide wifi there and hand out tablets to the PE teachers. We had 4 Samsung tablets from a project that will work just fine.

    Since we have some asshats security conscious colleagues, I am looking at a free* MDM solution that lets me go hardcore on those tablets, at the very least disable play store, sideloading and the camera(s). Bonus points for restricting wifi to one specific network.

    Any pointers?

    *free as in really free, we have no budget just for that.
    nevar forget

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •