Protection of mobile devices

Enforcement of password rules: administrators can enforce the use of strong passwords or PINs to unlock devices.

Example: all devices in the company are configured so that users must set passwords with a minimum length of 8 characters, containing numbers, letters and special characters. Attempts to use a simple password, such as '1234', are automatically blocked.

Data encryption: MDM enforces memory encryption on mobile devices, which protects data in the event of loss or theft.

Example: Bank employees' mobile devices have enforced data encryption. Even if the device is stolen, customer data (e.g. bank statements) will remain inaccessible without the encryption key.

Blocking hazardous functions: you can restrict access to features such as rooting, jailbreak or installing applications from outside authorised sources (e.g. Google Play, App Store).

Remote data erasure: if a device is lost or stolen, administrators can remotely delete data from the device, protecting confidential information.

Example: A marketing employee loses a company phone in a coffee shop. The IT administrator uses the MDM function to remotely delete all company data from the device, preventing it from being used by third parties.

Location of the device: MDM solutions allow the device to be located in real time, which can help in its recovery.

Example: A courier using a company tablet forgets it in the delivery vehicle. The IT administrator, using the MDM system, locates the tablet on a map in real time and instructs the courier how to retrieve it

Device lock: the possibility to remotely lock the device, preventing its further use by unauthorised persons.

Example: The merchant's stolen smartphone is locked by the MDM, preventing it from being used to steal customer data.

Safe browsing: restricting access to dangerous websites through URL filtering mechanisms.

Example: an employee attempts to access a phishing website impersonating a courier company. MDM blocks access to this website, displaying a warning about the threat.

Scanning applications: MDM monitors the applications installed on the device and blocks the installation of unauthorised or malicious software.

Example: an application with a suspicious reputation attempts to install on an HR employee's device. MDM detects the threat and immediately blocks the installation

Integration with EDR (Endpoint Detection and Response) class solutions: Real-time threat detection and analysis of user behaviour allows a rapid response to suspicious activity.

Example: MDM detects that an application installed on the CEO's phone has started to behave abnormally (e.g. transfer large amounts of data). The EDR system analyses the network traffic and neutralises the threat.

Containerisation: corporate data is stored in an isolated environment on the device, preventing its unauthorised use by private applications.

Example: on a sales employee's phone, business data (e.g. CRM) is stored in a secure container that cannot be accessed from private applications such as Facebook.

Protection of corporate applications: MDM restricts the ability to copy or transfer corporate data outside of trusted applications or environments.

Example: a PDF file with customer data cannot be copied from the business application to a private folder on the device.

Detection of unusual activity: For example, access attempts from unauthorised locations or frequent SIM card changes may be automatically flagged as suspicious.

Example: an employee enters several incorrect passwords to unlock the device. MDM flags this as suspicious activity and automatically locks the device, sending an alert to the IT department.

Alerts and reports: the system generates alerts in the event of security policy violations, such as the installation of applications from outside trusted sources.

Example: The MDM system generates a report showing that the user has installed an application from outside the trusted source. The administrator receives a notification and can remotely remove the application.

VPN on-demand: MDM can enforce the automatic use of encrypted VPN connections when accessing corporate resources.

Example: an employee from the finance department connects to the company's server from a hotel. MDM automatically activates the VPN connection, encrypting all network traffic.

Multi-factor authentication (MFA): provides additional security against unauthorised access to applications and data.

Example: An employee tries to log in to the ERP system from a mobile device. To gain access, he or she must confirm identity via SMS code and fingerprint.

Certificate management: automatic deployment of security certificates allows encryption of communication between the device and the company's infrastructure.

Example: MDM automatically installs a security certificate on mobile devices, enabling encrypted communication with the mail server.

Automatic access blocking: if a device is detected to have been compromised, MDM automatically disconnects it from the company network and resources.

Example: An employee on an infected phone attempts to access the company's CRM system. MDM automatically locks the device and cuts it off from the network.

Quarantine Mode: The suspect device can be restricted to operate in quarantine mode, where the user only has access to selected functions.

Example: the technical department's phone has been compromised. The device switches to quarantine mode, where it only has access to the necessary diagnostic tools.

Remote deployment of updates: administrators can force the installation of the latest operating system and application updates.

Example: an urgent security update against a new Android exploit is rolled out on devices in the organisation. MDM automatically installs it on all devices.

Blocking devices with outdated software: you can prevent devices that do not meet security requirements from accessing company resources.

Example: a phone with an outdated, vulnerable version of iOS is automatically disconnected from the company's network until it is updated.