Mobile device management (MDM) is a technology industry term for the administration of mobile devices, such as smartphones, tablets, laptops, and desktop computers. MDM is usually implemented with the use of a third-party product that has management features for particular vendors of mobile devices. Which features can be managed are often dictated by the vendor of the device or device operating system. Before an MDM solution can completely manage a mobile device, the device must go through Mobile Device Provisioning (MDP). Technologies that are currently available for MDP in an enterprise system require individual setups on a device-by-device basis. This leads to significant inefficiencies because each device must be initialized, programmed and updated in order to operate (and continue to operate) in an enterprise system.
Moreover, many enterprises ship company-owned, un-configured and MDM-free mobile devices by the thousands to a distributed workforce, with the expectation that employees properly enable and enroll in company-required MDM. While it is possible to configure these devices individually before shipment, it is very labor intensive, expensive, and prone to human error. There key mobile control features such as supervision are thus often skipped out of expediency. This can lead to security and network vulnerabilities that can threaten the enterprise system.
There are many third-party MDM systems from many different vendors for mobile devices, which may include smartphones, tablets, and other such devices. However, the management of certain mobile device features may often only be accomplished through the use of a specialized application or distribution program provided by that particular hardware vendor. These specialized applications or distribution programs provided the necessary MDP that allowed MDM solutions to more completely control devices. In some cases, mobile devices that go through a vendor's specialized application or distribution program will unlock over 20 additional features after completing the provisioning process. Some examples of features that may only be available after supervising and provisioning a mobile device through that vendor's specialized application or distribution program include: updating the operating system/firmware, setting the lock screen image, setting the wallpaper, and enabling or disabling built-in apps.
Hardware-vendor supplied specialized applications or distribution programs are most often used by enterprises as the first step in managing mobile devices, and often constitute the first MDP step. The device is first run through the hardware vendor supplied specialized applications or distribution programs to provision the device and lay down the base settings. A third party MDM solution may also be installed to further manage the device. In part because of the complexity and cost involved, however, many enterprises are forgoing this first MDP step and are missing out on key management features. Indeed, it is estimated that fewer than 10% of all institutionally owned mobile devices are supervised.
Further, there are a number of drawbacks to using the hardware vendor supplied specialized applications or distribution programs approach. First, the software may only be available on particular hardware and software platforms. Second, once a device is provisioned by a computer running the hardware vendor supplied specialized application, that device is locked to that computer, and only that computer can make changes to that mobile device. If that computer is lost or destroyed, the only available method for un-supervising the mobile device is to go through a factory recovery on it, which involves the wiping of all data on it. Third, apps that are installed onto the mobile device via hardware vendor-supplied specialized application may not be updated later by third-party MDM solutions.
Using the hardware vendor-supplied specialized application approach for MDP also means that enterprises with a distributed workforce that will be working with mobile devices will need to deploy the hardware and software necessary to run the hardware vendor-supplied specialized application to each location. The enterprises will also need to create a process on how the hardware vendor supplied specialized application is configured, and how mobile devices will receive any updates from it. This can be an expensive endeavor, from both a hardware, programming, and personnel perspective.
Furthermore, mobile device usage creates an interesting use case for enterprises. By their very nature, mobile devices are best suited for use out in the field, but the hub of technical knowledge for most enterprises is still located at its headquarters. Without a central way of provisioning and administration of these devices, enterprises are often left with a widely deployed, and hard to manage and support, distribution and provisioning model. Other systems have sought different piecemeal solutions to enterprise mobility administration and provisioning, but there is no standardized way to integrate all the necessary protocols for the hardware, software, networks, updates, provisioning, and general administration of mobile devices that can be widely distributed, yet centrally managed.
The issues described above are some of the reasons for the need for a better way to supervise and manage mobile devices. Without expertise and great expenditure on hardware and personnel, it is difficult to manage both local and remote deployments of devices.
Accordingly, there is a need for an improved system for cloud-managed mobile device administration and provisioning to ease the administrative burden during both small and large scale deployments, and on-going mobile device administration. There is also a need for an improved system to enable multiple systems to manage a mobile device after putting it into supervised mode, instead of being locked into using the computer that provisioned it originally for any subsequent management and administration needs.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.
The apparatus and method components have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.