MDM Design Considerations Guide V2 ASSIGNMENT PDF

Preview

Summary

Will mobile devices be enrolled by you, by users, or both?
 Do you need to ability to bulk-enroll mobile devices?
 What is the maximum number of devices you’ll need to bulk-enroll?
 Do the mobile operating system platforms in your organization require different bulk
enro...

Description

Mobile Device Management Design Considerations Guide

Published August, 2015 Version 2.0

Copyright This guide is provided “as-is”. Information and views expressed in this guide, including URL and other Internet Web site references, may change without notice. Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred. This guide does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this guide for your internal, reference purposes. © 2015 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Microsoft Intune, Microsoft System Center 2012 R2 Configuration Manager, Mobile Device Management for Office 365, Office 365, Windows, and Windows Server are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners.

Contents Introduction .................................................................................................................................................. 1 Design considerations overview ................................................................................................................... 3 Step 1 - Identify your mobile device management requirements ................................................................ 3 Task 1: Identify your business needs ........................................................................................................ 3 Task 2: Specify your mobile device management location requirements ................................................ 5 Task 3: Develop your mobile device management adoption strategy ..................................................... 6 Step 2 - Plan for mobile device management tasks .................................................................................... 13 Task 1: Understanding the mobile device management lifecycle .......................................................... 13 Task 2: Gather monitoring requirements ............................................................................................... 18 Task 3: Determine network resource requirements...............................................................................19 Task 4: Define your mobile device management lifecycle strategy .......................................................23 Step 3 - Plan for enhancing mobile devices protection .............................................................................. 40 Task 1: Gather your data protection requirements ................................................................................ 41 Task 2: Specify your privacy requirements ............................................................................................. 43 Task 3: Specify your access requirements .............................................................................................. 44 Task 4: Develop your incident response requirements .......................................................................... 45 Task 5: Plan your mobile device security strategy .................................................................................. 46 Step 4 - Plan for Software as a Service (SaaS) mobile device management ............................................... 63 Task 1: Identify your SaaS requirements ................................................................................................ 64 Task 2: Identify your SaaS solution / on-premises infrastructure integration needs ............................. 67 Task 3: Develop your SaaS mobile device management adoption strategy ........................................... 70 Next steps and resources ............................................................................................................................ 74 Mobile device management solutions.................................................................................................... 74 Mobile device management documentation ......................................................................................... 74 Mobile device management resources...................................................................................................75

Introduction With all of the different design and configuration options for mobile device management (MDM), it’s sometimes difficult to determine which combination will best meet the needs of your organization. This design considerations guide will help you to understand mobile device management design requirements and will detail a series of steps and tasks that you can follow to design a solution that best fits the business and technology needs for your organization. Throughout the steps and tasks, this guide will present the relevant technologies and feature options available to organizations to meet functional and service quality (such as availability, scalability, performance, manageability, and security) level requirements. Specifically, the goals of this guide are to help you answer the following questions: 

What questions do I need to answer to drive a MDM-specific design for a technology or problem domain that best meets my requirements?



What is the sequence of activities I should complete to design a MDM solution for the technology or problem domain?



What MDM technology and configuration options are available to help me meet my requirements, and what are the trade-offs between those options so that I can select the best option for my MDM requirements?

Who is this guide intended for? Information technology architects and professionals responsible for designing a mobile device management solution for medium or large organizations. How can this guide help you? You can use this guide to understand how to design a mobile device management solution that is able to manage company-owned devices as well as userowned devices in different form factors.

Mobile Device Management Design Considerations 1

Figure 1 - Example of a hybrid Intune and System Center 2012 R2 Configuration Manager MDM solution Figure 1 is an example of a hybrid solution, where it’s leveraging cloud services to integrate with on-premises capabilities in order to manage all types of devices, regardless of their location. Although this is a very common scenario, every organization’s MDM design might be different than the example due to each organization’s unique management requirements. This guide details a series of steps and tasks that you should follow to assist you in designing a customized MDM solution that meets your organization’s unique requirements. Throughout the following steps and tasks, this guide covers the relevant technologies and feature options available to you to meet the functional and service quality level requirements for MDM. Though this guide can help you design a MDM solution, it does not discuss specific implementation or operations options for the management solutions. You can find detailed deployment and configuration steps for Microsoft Intune, Mobile Device Management for Office 365, and Microsoft System Center in the TechNet Library using the links available in the Next Steps section located at the end of this guide. Assumptions: You have some experience with Intune, System Center 2012 R2 Configuration Manager (ConfigMgr), Windows Server 2012 R2, and mobile devices running Android, iOS, and Windows Phone. You may have even deployed one of these solutions in an initial MDM test or limited production environment. In this guide, we assume you are looking for how these solutions can best meet your business needs on their own or in an integrated solution.

2 Mobile Device Management Design Considerations

Design considerations overview This guide covers a set of steps and tasks that you can follow to design a solution that best meets your requirements. The steps are presented in an ordered sequence. However, design considerations you learn in later steps may prompt you to change decisions you made in earlier steps as your design matures or due to conflicting design choices. We’ll alert you to potential design conflicts throughout this guide. You will develop a mobile device management design that best meets your requirements only after iterating through the following steps as many times as necessary to incorporate all of the considerations within this guide: Step 1 – Identify your device management requirements Step 2 - Plan for mobile device management Step 3 - Plan for secure mobile devices Step 4 - Plan for SaaS mobile device management

Step 1 - Identify your mobile device management requirements The first step in designing a mobile device management solution is to determine the management platform requirements that will be used to support your mobile devices. Overall mobile device adoption for your company will dictate the platform requirements. If you decide to adopt a single management solution to manage all your mobile devices, you may disregard the multi-platform requirements for your solution. You’ll need to go over your company’s business strategy to fully understand your current and future business requirements. If you don’t have a long-term strategy for mobile device adoption, chances are that your solution won’t be scalable as your business needs grow and change.

Task 1: Identify your business needs Each company will have different requirements. Even if these companies are part of the same industry, the real business requirements might vary. You can still leverage best practices from the industry, but ultimately it’s the company’s business needs that will identify the requirements for the mobile device management solution. To help identify your business needs, answer the following questions: 



Device ownership: You must understand the device ownership policy for your company. o Who owns the mobile device?  The employee?  The company?  Both? Platforms: Understanding which mobile device operating systems will be used by the company is very important for adoption and supportability decisions. o Which mobile device operating systems will be supported? Mobile Device Management Design Considerations 3





 Android?  iOS?  Windows?  Windows Phone?  All of them?  A mix of the above options? o Which mobile OS version will be supported?  Only the latest?  Current -1 (current version plus the previous version)? Applications: Since the main reason to embrace mobility is to increase productivity, the applications (apps) used by employees must be able to run in all the mobile device operating systems used in your organization. This is an important point to consider, because while some companies might have their most important apps fully portable to run in a mobile environment, others might need to understand what options are available that can help them to deploy their apps to mobile devices. To assist you identifying individual app requirements, ask yourself the following questions. o Do the apps require Internet access from users’ devices? o Do the apps collect any user personal information?  If so, do the apps inform users about privacy issues and data collection while being installed? o Do the apps require integration with cloud services? o Were the apps developed to run on a specific operating system, or are they capable of running on any operating system? o Do you plan to enable users to use apps via remote desktop from their own devices? o Do the apps require full-time access to corporate resources, or can they run in offline mode? o Do the apps have any integration with social networks? o Will all apps be available to BYOD users? o How do you plan to deploy these apps to users’ devices? o What are the deployment options for these apps? o Does the installation requirement vary according to the target device, or is it the same? o How much space in a target device is necessary in order to install each app? o Do the apps encrypt the data before transmitting it through the network from the users’ devices to the app server on the back end? o Can the apps be remotely uninstalled via the network, or do they need to be uninstalled via the devices’ consoles? o Do the apps work in a low-latency network? o Do the apps provide authentication capabilities?  If so, which authentication method do the apps use? Users: One of the main points in embracing mobility is to put the user at the center of the mobility solution and enabling the user to be more productive, while keeping company data secure and available. This is important to understand what the user’s requirements are. o Will the user be able to bring their own device and access company’s resources?

4 Mobile Device Management Design Considerations

o o

o

 If yes, what are the requirements to access company’s resources? Does your company have different user’s needs?  If yes, how each user’s profile will impact the mobility strategy? Will users be able to access all apps that they have access to in the on-premises environment via their mobile device?  If not, which apps will be available for the users?  Are those apps available for all supported mobile device platforms?  Will be necessary to modify or update any apps in order to run them on all supported mobile device platforms? Do your users only need basic access to email (including calendar, contacts, and tasks) features?

During this task, you should also evaluate if the company has existing management and compliance policies in place for mobile devices and how these policies might affect the mobile device management solution selection. Note Make sure to take notes of each answer and understand the rationale behind the answer. Task 3 will go over the available options and advantages/disadvantages of each option. By having answered these questions, you’ll be able to select which solution best suits your business needs.

Task 2: Specify your mobile device management location requirements Location requirements are one of the many factors that you should take in consideration when designing your mobile device management strategy. Location is important from the mobile device management solution perspective as well as from the device itself. Answer the following questions: 



Track users: For some kinds of mobile device control, you might need to implement policies that can restrict access to company resources based on a user’s location. o Does the company need to implement mechanisms to cover geo-fencing, or the ability to enforce policies based on the geographic location of the device? o Does the company need to keep track of where the user was geographically located when they accessed a company resource? Administration model: Depending on the mobile device management solution that you deploy, administration can be distributed in different sites (locations) or centralized in a single location. A central administration site is suitable for large-scale deployments and provides a central point of administration and the flexibility to support devices that are distributed across a global network infrastructure. A primary site is suitable for smaller deployments, though it has fewer options to accommodate future growth. Determine if MDM control should be centralized or distributed. o Does your company need a centralized administration model?  Does the device management solution need to be located on-premises?  If not, can it be located in the cloud? Mobile Device Management Design Considerations 5

o

 If not, can it be hybrid? Does your company need a decentralized model where different locations should have autonomy over the device management administration?

Note Make sure to take notes of each answer and understand the rationale behind the answer. Task 3 will go over the available options and advantages/disadvantages of each option. By having answered these questions, you’ll be able to select which solution best suits your business needs.

Task 3: Develop your mobile device management adoption strategy In this task, you’ll develop the mobile device management adoption strategy that will meet the business requirements that you identified in Tasks 1 and 2.

Task 3a: Device ownership After reviewing your organization’s current policy and strategy to manage devices, you should have a list of scenarios that your organization plans to implement. Table 1 will help you understand the advantages and disadvantages of each scenario: Table 1 Scenario Employee owns the device (BYOD)

Advantages

Disadvantages  Increases the amount of  Your company does not need security considerations to to buy mobile devices for the protect company’s data employees located on personal devices  Usually allows employees to be  Increases likelihood of data more productive since they will leakage, especially when be using the mobile device of appropriate security controls their choice aren’t in place  Support costs may decrease since the organization will have  Limited management capability due to privacy limited support over the mobile restrictions devices

Company-owned device

 Full management capability, including device hardening and security controls  More control over mobile devices  Capability of defining which mobile devices will be used by employees

6 Mobile Device Management Design Considerations

 Potential increases in support costs, since the organization will maintain the mobile devices  Less flexibility for end users, which may affect their productivity  Cost increases, since the organization will have to buy mobile devices

Your organization might need to implement a mixture of elements from these scenarios. In that case, the device management platform must be able to manage multiple platforms while integrating with current on-premises infrastructure.

Task 3b: Supported mobile device platforms The decision you made regarding device ownership will help you identify which mobile device platforms you’ll support. The mobile device management solution that you choose will have to accommodate this decision. In a single mobile device platform scenario, the platform choice will not be as relevant as in the multi-platform scenario. Use Table 2 to help you choose the mobile device management solution for a multi-platform scenario: Table 2 MDM option Intune (standalone)

Advantages

MDM for Office 365

 Integrated with Office 365  If you’re already using Office 365, the MDM capabilities are easily leveraged to manage mobile devices  If you’re already using Office 365, you won’t need to use another console to manage mobile devices

Hybrid (Intune with ConfigMgr)

 Native integration between Intune and ConfigMgr  Allows you to use a centralized console to deploy policies and manage on-premises PCs, servers, and mobile devices

 Always-on cloud service that supports the latest MDM features and updates  Supports provisioning all major mobile device operating systems (Android, iOS, Windows 8, Windows 10, and Windows Phone).  Allows you to manage any mobile device from any location  More advanced management options for mobile devices  Mobile application management capability

Disadvantages  Lack of integration with current device management solution located onpremises will introduce an additional management interface for you to use  Policies created using the on-premises MDM solution are not replicated to the cloud service

 Limited set of capabilities (see the note that follows this table) to manage mobile devices  Lack of integration with current device management solution located onpremises will introduce an additional management interface for you to use  Requires additional configuration steps to connect Intune and ConfigMgr  If the organization does not have a current ConfigMgr

Mobile Device Management Design Considerations 7
...