- What Is System Center?
- Understanding System Center Configuration Manager
- Understanding System Center Operations Manager
- Understanding System Center Data Protection Manager
- Understanding System Center Virtual Machine Manager
- Understanding System Center Service Manager
- Understanding System Center Capacity Planner
- Understanding System Center Mobile Device Manager
- Understanding System Center Essentials
- Understanding System Center Licensing
- Best Practices
Understanding System Center Mobile Device Manager
System Center Mobile Device Manager is a product that Microsoft has been selling for the past few years. The current rendition of the product is System Center Mobile Device Manager (MDM) 2008 SP1. MDM provides tools to manage Windows Mobile devices in the enterprise, such as mechanisms to patch and update mobile devices, to inventory and track mobile devices, to enforce policies on mobile devices in terms of password change-control policies, and the like. The Mobile Device Manager console, shown in Figure 1.16, is the main menu for the MDM 2008 product.
Figure 1.16 System Center Mobile Device Manager console.
Business Solutions Addressed by System Center Mobile Device Manager
Just a few years ago, a mobile device was usually just a mobile phone that a user would occasionally make phone calls on when they were out of the office. However, in the past couple of years, mobile phones have become the primary communications device for many users. Mobile phones are no longer just for making and receiving phone calls, but also act as email clients, web browsers, or even information access systems to acquire, store, and manage files and documents over the Internet.
Additionally, as these mobile devices do more, what used to be $50 mobile phones that were not important to inventory and track in a network are now $299 or $399 devices that many times cost as much as a full-blown laptop or desktop these days. As such, organizations are inventorying the devices and tracking them as assets in the enterprise.
System Center Mobile Device Manager helps organizations keep track of their mobile assets as well as helps users maintain the privacy and security of the information stored on the mobile devices. With users synchronizing email messages to the mobile devices, or remotely accessing documents or spreadsheets and viewing the data on the mobile device, MDM needs to help organizations protect and secure potentially confidential or legally protected information.
Major Features of System Center Mobile Device Manager
The System Center Mobile Device Manager 2008 SP1 product provides a whole series of features and functions specific to the management of mobile devices; some of the major features in the product are as follows:
- Device provisioning—MDM helps administrators provision or set up a mobile device for users. Beyond just creating a user profile for the mobile device user to access and synchronize their emails and contacts, MDM's process of provisioning helps IT personnel lock down the device, uninstall unnecessary applications, encrypt content on the mobile device, enforce security on the mobile device, and provide secured (VPN) access from the mobile device into an organization's business resources.
- Device inventory and tracking—MDM also keeps track of mobile devices by keeping track of device serial numbers, validating that the device still exists and is active in the environment, and transferring serial numbers and asset tag information between users when a device changes from one individual to another in an organization.
- Active updates and device management—MDM also has the ability to push updates to a mobile device. Although many organizations pay little attention to the patching and updating of mobile devices in the enterprise, with the proliferation of mobile devices and the complexity of the software and applets available for mobile users to install and use on their mobile devices, performing periodic patching and updating of devices is critical. MDM provides the mechanism to update systems "over the air."
- Password and PIN control—The password and PIN control configuration options allows for changing security settings of mobile devices all from the centralized MDM console.
- Self-service management—The self-service management function of MDM, shown in Figure 1.17, allows a user to self-enroll new devices and submit requests for management options for their mobile device in a self-service web portal screen.
Figure 1.17 Self-service enrollment capabilities of MDM.
- Device wipe and deprovisioning—If a user loses their mobile device, MDM can send a "poison pill" to the device and wipe the data off the device and completely reset the device's configuration. This is important as a user who loses their device with sensitive emails or confidential file data is subject to the same laws and regulations that protect privacy of protected data, and as such, organizations need a process where device security can address laws and regulations around data protection.
Background on System Center Mobile Device Manager
System Center Mobile Device Manager has been available for the past couple of years initially as a tool to simply provision and deprovision mobile devices. With the release of System Center Mobile Device Manager 2008 SP1, more functionality was added to better help administrators manage and support mobile devices in the enterprise. Mobile Device Manager today supports managing Windows Mobile v6.1 or higher devices utilizing Active Directory 2003 or Active Directory 2008 with specific policy push and security management control capabilities that organizations can leverage in their process to keep mobile devices managed and protected similar to servers and other client systems in the environment.
What to Expect in the System Center Mobile Device Manager Chapter
In this book, a single chapter is dedicated to the System Center Mobile Device Manager product. Chapter 18, "Using Mobile Device Manager to Manage Mobile Devices," covers what's in MDM, how administrators can install MDM, best practices at creating MDM policies, and how users can take advantage of MDM to self-service manage and support their mobile devices.
System Center Mobile Device Manager 2008 SP1 is a very helpful product for organizations looking to manage their Windows Mobile devices. Jump to Chapter 18 of this book for specific information and deployment and configuration guidance on how MDM can be best leveraged in your enterprise.