Many companies or enterprises are either providing mobile devices (e.g., smartphones, tablets, etc.) to employees or allowing employees to bring their own mobile device. However, allowing employees to access services within the company through a mobile device has increased the company's exposure to potential security breaches. For example, if an employee lost their mobile device, an unauthorized party could retrieve any unsecured data on the phone and potentially access services within the company. As another example, if the employee leaves the company and does not give back the mobile device, the former employee could still potentially access sensitive data stored on the device or within the company.
In order to mitigate this type of unauthorized access, many companies use mobile device management (MDM) policies to restrict control of the mobile devices and thereby reduce potential security risks for mobile devices that are capable of connecting to services within the enterprise. The MDM policies that are set by the enterprise control and protect data through management of the configuration settings of the mobile devices. In order to manage the configuration settings, over-the-air programming (OTA) capabilities are often used. The use of OTA capabilities allows the enterprise to remotely configure a single mobile device or an entire fleet of mobile devices, to send software and OS updates, and to remotely lock and wipe a device in order to protect the data stored on the device when it is lost or stolen, etc.
However, the restrictions imposed by the MDM polices can be cumbersome to the user who may also be using the device in a personal capacity. For example, an MDM policy may require the mobile device to auto lock and prompt the user to provide a password with a particular set of characteristics before the mobile device is unlocked. The user may find these restrictions annoying. As such, there are a number of challenges and inefficiencies created in traditional mobile device management.