Background
In the past, organizations used to strictly enforce the COPE (corporate-owned, personally enabled) model on mobile devices to ensure data security. However, multiple users can use a single COPE device, reducing the level of accountability and increasing the level of vulnerability. Today swipe-savvy smart phones have flooded the market due to the evolution in mobile devices. As As a result, organizations are getting accustomed to adopting the BYOD (bring your own device) program, which allows employees allows employees to use their personal mobile devices to access valuable corporate to access valuable corporate data and applications. This helps to increase employee collaboration, efficiency, and productivity; however, the organization is vulnerable to security threats. Therefore, organizations have a growing need to monitor and manage corporate and personal (employee-owned) mobile devices that have access to corporate data.
Overview
WSO2 Enterprise Mobility Manager (EMM) is a unique solution designed to specifically address the mobile enterprise needs. EMM includes of two key components: Mobile Device Management (MDM) and Mobile Application Management (MAM). WSO2 EMM also supports single sign-on (SSO) and multi-tenancy.
MDM enables organizations to secure, manage and monitor Android and iOS powered devices (ie.eg., smart phones, ipod ipod touch devices and tablet and tablet PCs), irrespective of the mobile operator, service provider, or the organization. Users need to accept the policy agreement, which states all the actions that can be carried out on the device when enrolling with MDMEMM. MDM MDM only controls the corporate data that is present on the devices, while the personal data is left untouched.
The administrator can create policies in MDM, in EMM and define the MDM aspect of the policy (i.e., device management rules) via the MDM Console, blacklisted applications and list of applications that need to be installed when the policy is enforced. EMM policies can be set at various levels, namely user level (L1), platform level (L2) and role level (L3). L3 policies have the lowest priority. L2 policies override L3 policies; while, while L1 policies override both L2 and L3 policies. When When employees register their devices with MDMEMM, the applicable policy rules (e.g., enabling the phone lock, disabling the camera, and more) will be enforced on their devices. WSO2 EMM constantly monitors all the registered devices for policy compliance. WSO2 EMM will automatically generate a notification and carry out follow-up actions in the event a device is in violation of the enforced policy. The administrator can select the follow-up actions (e.g., send the user a warning message, enforce the policy again, and more) based on their security requirements. MAM enables organizations to control corporate applications (apps) on devices that are enrolled with the MDM. MAM
WSO2 EMM consists of three key consoles: EMM Console, Publisher, and Store and MAM Console. Users use the Publisher to manage enterprise apps throughout their app application life cycle, which include app includes applicaiton states such as, published, unpublished, approved, rejected, deprecated, and retired. The Store acts as a marketplace and contains all the corporate mobile apps, which users can search, view, rate and install on-demand. The administrator uses the MAM EMM Console to manage users, administer MAM EMM policies, and install or uninstall mobile apps in bulk. The administrator can define the MAM aspect of a policy (e.g., blacklisted apps and apps to be installed upon policy enforcement) via the MAM Console.and more.