Device management and security: It all comes down to preparation.

It’s not a good feeling when you lose your device. It’s an even worse feeling when someone steals it and has access to your sensitive intellectual property and company data. Ensuring corporate security on your mobile devices is paramount!


So what should you do if your work phone, laptop or tablet goes missing? Actually, the security of your business doesn’t rely on what you do when something goes missing, it all comes down to how well you’ve set up your device management security system before it goes missing.


Not sure where to start? Here’s a quick breakdown.


Device Management Security 101

A device management security system is a series of programs that provide a much greater level of security management across your entire collection of mobile devices, laptops and computers than managing each of them individually. Done well from the outset, a good device management security system can help a company keep track of their inventory, customise devices to suit, deploy applications and push updates to everyone in the company in one hit, and enforce a far greater level of security than would usually be found on a private device.


Apple Deployment Services

Apple Deployment Services is the pre-stage enrolment platform for your mobile device management (MDM) system that Tech Help Direct primarily uses with iOS and MacOS devices. Apple Business Manager (or Apple School Manager for education providers) is the over-arching security program to supervise (or lock down) company-owned devices. Apple Business Manager is made up of two systems; Device Enrolment Program (DEP) and Apps and Books (formerly Volume Purchase Program (VPP). These systems enables administrators to automatically add company-owned devices to their MDM system and to buy or assign multiple app licences from the Apple app store and automatically send them to the devices in their network, without requiring and individual employee's Apple ID.


From here, a MDM platform is linked to the system. We primarily use Cisco Meraki Systems Manager and Jamf Pro (or Zuludesk for education providers). All of these platforms connect with their Apple Business or School Manager portals so they can see the devices that are enrolled by the company. These connection points enable IT to automatically enrol their devices into their MDM platforms and allow them to customise the devices as they want, without having to physically touch them at all. This could be anything from customising backgrounds and downloading profiles, to pushing updates and deploying applications.


When Good Devices Go Missing

Security is obviously a high priority when it comes to businesses and corporations. Enrolling mobile devices into a device management platform firstly enables IT managers to efficiently manage their inventory, including how much storage capacity each device has, how much data is being used (on certain apps), and generally what’s happening with that device. But when it comes to security, especially managing security if a device goes missing, an IT manager can’t do much if they haven’t enrolled the device in their device management system.


If a device goes missing and if that device is enrolled, an IT manager has the power to do a lot of things remotely. For example, they could remotely wipe a device simply by pressing a button. They can lock a device and also,  change the password on a device remotely.


Restricting Use

Another important thing to note is if a device is enrolled in a DEP specifically to your company, anyone who picks up a missing phone and tries to use it physically can’t.  If you wipe the phone remotely, it will become useless to anyone else who picks it up. If they do manage to break their way in, as soon as the phone turns on it will try to re-link back with your DEP and re-enrol in your MDM, which means you could track it if you wanted to.


This means that no one who tries to maliciously use your company devices (for example, a rogue employee or a thief) will have access to your business intellectual property or be able to bypass any of your security measures.


Retrospective Enrolment

As of about two years ago, Apple now give businesses the option to retrospectively enrol existing devices into their Apple Business Manager's DEP through an app called Apple Configurator. This means that businesses that are still switching from manual management process to automatic processes can still use and manage the inventory they already have.


Back to Security Basics

Getting the basics right will help ensure the security of your device too. Associating an Apple ID to your device and requiring your password to be entered before anything can happen is Apple Device 101.


Creating a secure password that no one can guess is also essential; don’t do a ‘Kanye’ and make your iPhone password six zeros. Don’t use your birthday or wedding anniversary as inspiration either, avoid consecutive numbers, and don’t use six of the same number.


Registering your device to Find My iPhone in iCloud settings is also a very good idea.


Security Relies on Preparation

If a business configures their mobile device management system right the first time, it’s very easy to manage moving forward. As new devices are purchased, they can automatically be enrolled in your system then customised and managed according to pre-configured business preferences.


Of course, it’s easier said than done if you’re not sure where to start. Need a hand configuring your own mobile device management system? Contact the team at Tech Help Direct today; we’ve got the know-how and the can-do to set your business up well from the outset then give you the tools you need to manage it day-to-day.