Most companies and large organizations have to manage a range of different devices that connect to their network and run apps using licenses owned by the organization. These devices will often have access to internal networks and servers used by the organization. The devices typically include laptops, tablets, and smartphones and will be owned both by the organization and by the user. That last category of device — owned privately by the user but used for work — is known as BYOD (bring your own device) and presents a challenge for network administrators, namely how to manage the device to ensure it complies with organization policies while not intruding on the user’s privacy. One solution to that is mobile application management (MAM). We’ll explain everything you need to know about MAM.
What is mobile application management?
Mobile application management is a process that allows IT administrators in an organization to control enterprise applications — that is, those licensed by the organization and used for work purposes — on a device owned by either the organization or personally by the user. It allows IT administrators to enforce corporate policies on apps used for work purposes and limit the sharing of data from those apps. Crucially, it allows for the separation of personal apps and data from apps and data used for work purposes on the same device.
While to the user, the apps and data sit side by side on the device, the MAM profile allows the administrator to see only the apps and data installed by the organization. This is achieved through containerization, where apps used for company business are sandboxed, which isolates those apps from the rest of the apps on a device. By applying a wrapper to the sandboxed apps, administrators can connect them to backend systems that protect data and enforce security policies.
MAM solutions cover only apps installed on the device and don’t, for example, configure network settings or automatically download apps. Those tasks must either be done manually by the user or by a mobile device management (MDM) tool.
Why is MAM important?
Without MAM, an organization has no control over the apps and data on mobile devices that connect to its network. That means that older versions of apps with security vulnerabilities could be connecting, putting the whole network at risk. It also makes it more difficult to stop unauthorized access to company systems using mobile apps and prevents IT administrators from having control over data held and transferred on mobile apps used for work purposes.
What is the difference between MAM and MDM?
The difference between MAM and MDM is that MAM works only at the application level, while MDM covers the whole device. So, MAM software manages and controls enterprise applications and their data and enforces security policies at the application level. MDM software works across the device on devices that have the MDM profile installed. That means it has access to device settings, security policies, and apps. It can also wipe or selectively wipe data, locate and lock a device, and enforce passwords. MDM software also allows IT administrators to install apps and push updates to a device.
Most MDM solutions incorporate an MAM component so that the organization is able to manage data and settings at a device level and at an application level.
How does MAM work?
In the early days of BYOD and the need to manage multiple mobile devices on a company network, MAM tools became very popular in their own right, and there were lots of different systems available. However, over the last few years, the market has consolidated, and most MAM solutions are now incorporated in larger MDM solutions from vendors like Microsoft and Jamf. The limitations of MAM, outlined above, mean that most organizations now want an MDM solution with MAM built-in rather than MAM on its own.
Some MDM systems work in conjunction with Apple Business Manager so that companies can deploy new devices directly to users — known as zero-touch — with the necessary profiles already installed. The device doesn’t have to go through IT support to be set up, and all the user has to do is turn it on and follow the instructions on-screen.
Some MDM solutions also include bespoke app stores that allow users to download and install the apps they need from a selection enabled by the organization.
What are the benefits of MAM?
The key benefit of MAM is that it allows a company to control some apps on a user’s device and ensure that, for example, the app is updated regularly and that the data it contains is secure and doesn’t present a threat to the organization’s network. However, because control is limited to apps, many organizations now prefer MDM solutions.
As you can see, mobile application management is a useful tool for companies with employees who connect mobile devices to the company network, especially if the device is the employee’s own personal phone, laptop, or tablet. However, mobile device management is even more useful and secure because it gives the organization access to more than just applications on the device.