Infosec glossary

MDM

Mobile Device Management

Organizations use mobile device management to administer smartphones, tablets, and other supported endpoints from a central system. MDM applies configuration and security policy throughout the device lifecycle. It can support organization-owned devices and approved personal devices, depending on the operating system and enrollment method.

Platform acronym 5 min read By Infosec Writing Studio editorial team
01

MDM manages the mobile device lifecycle

The lifecycle begins with enrollment and assignment to a user, group, or ownership model. Administrators can then distribute settings, certificates, network profiles, applications, restrictions, and operating system requirements.

Later actions may include updating policy, checking compliance, locking a device, removing organizational data, or retiring the record. Available controls depend on the platform APIs and whether the device is fully managed, supervised, or enrolled for work access only.

02

MDM security controls and access checks

MDM can require a passcode, configure encryption settings, restrict applications, install certificates, and enforce supported operating system versions. It can also report whether a device meets policy so an identity or access system can permit, limit, or deny access.

MDM does not inspect every threat or replace endpoint detection. Its role is device administration and policy enforcement, with security capabilities bounded by the operating system and management mode.

  • Device enrollment and inventory
  • Configuration, certificate, and application delivery
  • Security policy and compliance status
  • Remote lock, organizational data removal, and retirement
03

MDM differs from UEM and EDR

Unified endpoint management extends centralized administration across mobile devices, desktops, laptops, and sometimes other endpoint types. MDM may be a component of a UEM service or a narrower deployment focused on mobile operating systems.

Endpoint detection and response monitors endpoint activity for threats and supports security investigation and containment. MDM and EDR can operate on the same device, but they collect different data and serve different administrative and security functions.