What can MDM Monitor? How does MDM Monitoring Work?
Monitoring is one of the reasons that enterprises become users of Mobile Device Management software. There are several benefits:
- Detect any abnormal user behavior and take immediate actions remotely.
- Inspect poor working devices at once and maintain them remotely.
- Better control access and usage of devices to improve work efficiency.
- Check location to prevent device loss.
While these benefits are obvious, the privacy issues that come with them have also raised concerns. Many people worry that while enjoying these conveniences, personal privacy may be violated. In this article, we will take a deeper look at surveillance systems, including what can be monitored and how to use it, as well as how to enjoy the benefits of these technologies while protecting your privacy.
Part 1 : What is MDM and its Monitoring System?
Mobile Device Management is a necessary initiative if companies have their own work-used devices or that adopt bring-your-own-device (BYOD) and company-owned personal enable (COPE) device policy. By means of MDM software or EMM/UEM providers, organizations are allowed to manage all devices in a central system.
Monitoring system is an important part of the management mechanism in order to protect company resources. After enrolling in an MDM console, a device is under the admin's observation.
The MDM monitoring system typically encompasses the following aspects:
Device Status Monitoring:
- Real-time assessment of the device's operational status and health
- Remote capabilities to lock, wipe, or troubleshoot devices
Usage Management:
- Monitoring of device usage patterns and application activities
- Implementation of rules to permit or restrict system settings
Security Management:
- Receiving and processing alerts for abnormal device behavior
- Presetting triggers to execute automated actions
Geolocation Tracking:
- Real-time tracking of device locations to prevent loss
By leveraging these features, administrators can more effectively protect company resources and enhance work efficiency.
Part 2 : What can MDM Solutions Monitor?
In short, the mobile device management solution can see and can't see the following items.
What MDM can see:
Phone model; OS version; device info such as battery and RAM; app name and version; device location; etc.
What MDM can't see:
Personal text; email; files (including photos); browser history; app account and content; contacts; financial and payment information; authentication information; etc.
More specifically, the MDM monitoring system is mainly used for checking device status, network status and usage, traffic-consuming conditions on apps, user logs, and preset policies working status.
Then, how does the monitoring system work on the mentioned aspects?
1Device
In the Monitor dashboard, you can see the online status, network status, battery capacity, MDM software version, and others.
Network monitoring is available to check how many devices are using WiFi and Cellular, signal quality, and daily data usage.
Besides, the MDM tool is also available to track device location but requires online devices. As for screen monitoring, it will need permission to access camera and is often used in unattended devices.
Other details that an MDM can monitor on devices: available storage, battery temperature, permission condition, external HDMI/SD card status, etc.
With the provided info, companies can find if there's an unusual circumstance then remote control and troubleshoot the equipment.
2App
After enrolling the device to the MDM console, the app info shows as follows:
MDM solutions can view the installed app names, versions, and last update time. They can monitor the traffic usage of each app as well.
3User
The Mobile Device Management tool will monitor user activity if he is invited.
4Others
If a device is applied with Kiosk Mode or has used Policy, the status can be viewed in Monitor dashboard. This can prevent the device from exiting the setting accidentally.
Part 3 : Is it Legal to Have MDM Monitoring Employee's Device?
Privacy issues are frequently related to MDM monitoring, in particular when the organization uses MDM on personal phone for work. There are two main reasons for this:
1User Consent
It's worth knowing that a Mobile Device Management tool does have the capability to get equipment-related data like OS details and app details by accessing the device. But, it does not mean that the organization has unlimited power to view the device user's secret.
To get data or use monitoring features require permission from device owners in advance. Without the user's approval, the MDM software is not allowed to collect information.
2System Regulations
MDM software cannot secretly gain permission, as it must comply with app developer policies. These policies mandate transparent consent from users, ensuring that users are informed and agree to the data collection and usage.
Take Android and Apple for instance.
As Android developer policy center states, "....must be transparent in how you handle user data. ...the access, collection, use, handling, and sharing of user data from your app, and limiting the use of the data to the policy compliant purposes disclosed. " (Read more about Privacy, Deception and Device Abuse)
Apple also illustrates how apps can access private data, "must request permission to access: Personal data, including location, health, financial, contact, and other personally identifying information; Device capabilities like camera and microphone..." (Read more about Accessing private data)
Part 4 : How to Use MDM Monitoring?
Using an MDM monitoring system involves different steps for different actions. You need to follow it up for a smooth running of your requirements. So, take AirDroid Business as an example,
1. Add Devices to MDM Console
When you add up the device to the automated monitoring system MDM, you need to grant Biz Daemon (software for devices being controlled by AirDroid MDM) some special permissions so that you can monitor and remote control the device.
These accessibilities need to activate: file and media; microphone; camera; location; and so on.
Device user can change permission easily by visiting Biz Daemon anytime after deployment.
2. View Device Details in the Dashboard
Go to the dashboard and check the info. Here you can monitor the device status, network, location, and screen.
3. View Data Usage, App Info and User Activity in Report
Go to the Devices bar, select workbench, and move to the reports bar. You can choose one to check related details.
By leveraging the monitoring capabilities of AirDroid Business, administrators can efficiently oversee device usage, ensure compliance with company policies, and enhance overall operational efficiency. The robust monitoring features provide real-time insights and control, making it an essential tool for effective device management.
Part 5 : Best Practices of MDM Monitoring:How to Manage Employee Devices with MDM and Avoid Offending?
Companies can manage employee devices while still respecting their privacy. With clear communication and careful configuration, companies can ensure data security while minimizing any potential offenses caused by MDM monitoring.
1. Assign company-owned work-used mobile devices to employees so the company can fully control the device and how they're used. This is a great way to ensure that confidential company data and sensitive information are safe and secure.
2. For personal devices that use in the workplace, use Mobile Device Management (MDM) software that only has access to the employee's work account. This can help balance the need for data security with privacy concerns.
3. Make sure to communicate to employees what information the company may access and why. This will help ensure that employees are aware of their privacy rights and minimize any potential offense caused by the implementation of MDM. A guideline is necessary before connecting devices to the organization.
4. If the admin has to remote control a device, for example, to delete data, he should inform the user in advance and explain.
FAQs
Leave a Reply.