Learn About Mobile Device Management
- Develop your mobile device management strategy.
- Explain what MDM is and how it can be beneficial.
- Summarize the Android and iOS requirements for using MDM.
- Describe the basic steps for deploying the Salesforce mobile app with MDM software.
The final piece to the mobile security puzzle is device management. How do you enforce your company’s security policies on users’ mobile devices across mobile operating systems? Can employees use personal devices for work? How do you maintain and administer all the enterprise mobile apps your employees use?
Before rolling out the Salesforce mobile app, have a device management strategy in place so your company’s data is safe when users access it from phones and tablets. If your employees are already using various enterprise mobile apps, it’s likely that your company has a device management strategy. Check with your security experts to find out.
But what if your company doesn’t have a strategy for managing mobile devices? Well, then you need to work with your security experts to develop one. After completing this unit, you have the information you need to get started.
If your company doesn’t have a device management strategy, decide whether your users can access the Salesforce app from their personal devices or company-issued devices, or both options. If you let employees use their own devices, develop a Bring Your Own Device (BYOD) policy that outlines your company’s rules and responsibilities regarding those devices.
There’s no one-size-fits-all approach to BYOD policies, so we can’t tell you exactly how to regulate personal devices at your company. But we’ve listed a few resources at the end of this unit to point you in the right direction.
Regardless of whether they’re owned by your company or the user, make sure all devices meet the minimum platform requirements for running the Salesforce app (see the resources section).
OK, now that you’ve sorted out your approach to personal and company-owned devices, let’s learn how to manage those devices. There are two ways to administer the phones and tablets that run the Salesforce app:
- Use the connected app policies to secure the Salesforce app and manage access. This option is sufficient for most organizations.
- Implement the Salesforce app with a mobile device management (MDM) solution. Large companies and businesses with strict security and compliance requirements sometimes have needs that can’t be met using the connected app policies. They use MDM to help them enforce those requirements.
So what exactly does an MDM solution do? What’s the benefit of using one? Let’s talk about that next.
MDM is security software that lets companies monitor, manage, and secure mobile devices that are deployed across multiple mobile operating systems and service providers. Most MDM solutions provide end-to-end security, which means the mobile apps, network, data, and the device itself are managed with a single software product.
There are many MDM solutions on the market, and they all have similar features. Here are a few things you can typically do with MDM software:
- Push apps to users’ devices. You can even configure settings for the apps before deploying them. For example, you can push custom login settings to the Salesforce app.
- Require VPN for specific apps.
- Control granular security and compliance settings. For example, you can require a passcode at the OS level, disable screen capture, or prevent users from taking photos.
- Use x.509 certificates to either speed up user authentication or as a second factor in the login process.
- Control content sharing permissions.
Both iOS and Android are compatible with MDM, but the approach is slightly different depending on the OS:
- For iOS devices, MDM solutions work with the native management framework built into the operating system. This capability has been available since iOS 7.
- Android’s device management functionality is available with Android for Work, which is a program that supports enterprise use of Android devices. Android for Work has been available since Android 6.
For more information about iOS and Android enterprise management, see the links in the resource section.
So do you need MDM? The answer is a resounding, “It depends.” Your organization is a special snowflake with its own unique set of security and compliance requirements. Only you and your security experts can decide whether your company needs an MDM solution to meet those requirements.
If your company already uses an MDM solution, find out who the administrator is and work with them on the configuration and deployment of the Salesforce app.
The specific steps for configuring and deploying the Salesforce app varies depending on the MDM solution your company is using. But we can give you a few general instructions so you understand what needs to happen in your MDM software. Here are the high-level steps:
- In your MDM software, install the Salesforce mobile app.
- Configure the security and compliance settings for the app. For example, in some MDM software you can require a VPN connection for Salesforce access.
- Optionally, configure features specific to the Salesforce app, such as the ability to set up custom login hosts. (Detailed information is available in the security guide, so be sure to provide that document to your MDM administrator.)
- Push the Salesforce app to your users.
If you or your MDM administrator have questions about how to deploy the Salesforce app with your MDM solution, contact your MDM vendor. They’re your best resource if you run into issues with your MDM configuration.
If you’ve never witnessed MDM in action, you’re probably curious about how it works. Check out this video for a brief demo of the end-to-end experience. Discover how an MDM administrator can set up and deploy the Salesforce app, and how users install and access the mobile app.
You now know how to take advantage of all the available features in Salesforce that can help you minimize your company’s mobile security risks. You can deploy the Salesforce app with the knowledge that you’re making your company more secure by adhering to its mobile security and compliance policies.
So congratulations! Enjoy the sound sleep you get tonight knowing your valuable enterprise data is safe on your users’ mobile devices.