From the course: CompTIA Security+ (SY0-701) Cert Prep

Mobile device management

From the course: CompTIA Security+ (SY0-701) Cert Prep

Start my 1-month free trial

Mobile device management

- [Lecturer] You've already learned how you can configure the security settings on an individual mobile device to meet an organization's security requirements. If you try to do this for every single device in your organization, you'll be facing a formidable challenge. That's where mobile device management technology comes into play. Mobile device management or MDM solutions provide organizations with an easy way to manage the security settings on many mobile devices simultaneously. It's similar to the way you might use active directory to manage the settings on many Windows systems. Administrators can create and enforce policies across groups of devices from a central console without requiring access to multiple devices. And in fact, MDM solutions are often incorporated into broader configuration management solutions called Unified Endpoint Management or UEM platforms. MDM allows administrators to perform device configuration management, preventing end users from disabling the security settings on their devices in a way that overrides the organization's security policies. For example, you can use MDM to require the devices be protected with an alphanumeric passcode or that they use encrypted backups. You can also disable unused device features to increase the device's security profile. MDM provides administrators with control over the data stored on devices as well. It allows remote wiping of lost or stolen devices, as well as revoking user access to a device on the fly. These are especially helpful when an employee loses a device or leaves the organization without notice. Administrators can also disable the use of removable storage on devices to prevent the removal of sensitive information from the organization. One of the most important features of mobile device management is application control. Administrators can specify the applications that users may install on mobile devices using either a block list or allow list approach with mobile application management technology. In the block list approach, administrators identify specific prohibited applications and users can install any applications not on the list. In the allow list approach on the other hand, administrators identifying the applications that are allowed and all other applications are prohibited. Some mobile device management solutions provide containerization and storage segmentation capabilities. This provides a secure encrypted portion of the device for use with sensitive organization data while allowing users unrestricted access to the remainder of the device for personal use. MDM solutions also allow administrators to configure content management filters that prevent users from accessing unauthorized content on the device. And there are many different mobile device management products on the market. Let's take a look at one with a little demonstration. We'll look at Google Mobile Management. Here we are on the Networks page of Google Mobile Management. I'm going to go ahead and click on wifi and then add wifi. And let's go ahead and set up a wifi network for use on our mobile devices. We're going to call this the Corporate Network. And if our network uses the SSID of company, we can go ahead and also tell what the security type and use on that network. Let's say we're using WPA2 encryption with a passphrase. And I'll go ahead and type in that passphrase and we'll call it not secure because we should always use a very complex passphrase, if not enterprise authentication on our wireless networks. We can go ahead then and set all sorts of different settings about this wireless network. If there's a proxy in use, which types of devices may access it, and then whether we're going to apply it by user or by device, depending upon how we'd like this network to be rolled out across all of our mobile devices. All I have to do then is go ahead and click the Add button and save this policy. And over the next few hours, this wifi setting will be pushed out across all of our mobile devices. This is a really convenient way to add wifi networks to devices without having users entering passcodes or configuring authentication. And when you make changes, you can just push those changes out and have them automatically applied to wireless devices across your enterprise. Now, let's take a look at some of the more detailed device configuration settings on the mobile management screen. From this screen, I can perform many different functions including blocking and wiping devices, activating new devices, and controlling security settings. Let's go here into the device management settings and take a look at some of the things that we can do. We have the ability to control which types of synchronization may be used and on what platforms. We enforce security policies. We can require passwords and choose that. We want to make those strong passwords and specify all the different password settings that you'd expect. The minimum number of characters, how often passwords need to be changed, if a device is locked after a period of inactivity, whether encryption is required on the device, if the user may activate the remote white functionality. There's really a lot of different security settings here within Google mobile management that we can apply to Android, Chrome and iOS devices. Now, I'm going to go back to this mobile management screen without saving any of those settings. And let's say I want to manage the applications that can be used on iOS devices. Let's take a look at how this application control actually works. We're going to go ahead and click on the applications that are whitelisted for use. And you can see Google's already defaulted to allowing some of these different Google applications. But let's say I also want to allow users to watch movies while they're traveling. So I want to add Netflix. I can go ahead and click add application here. And as you can see, I'm given this whitelist iOS app screen. And I can just type in the name of an iOS application. We'll type Netflix and click Search, and then I choose the correct Netflix application and click whitelist. And in just a moment here, Netflix appears down on the bottom of the whitelist and can be used across all of my devices. That's how application control works in an iOS environment using Google Mobile Management. Mobile device management is a powerful tool that allows security professionals to ensure that all devices used with an organization's data have security settings in place that match the organization's security policy.

Contents