Back to glossary

Glossary term

Mobile Device Management (MDM)

Software solutions for securing, monitoring, and managing mobile devices used within an organization. MDM enables IT departments to enforce security policies, deploy applications, and remotely manage devices across multiple platforms.

Mobile Device Management (MDM) is a system for remotely enrolling, configuring, monitoring, and managing mobile devices, including smartphones, tablets, and similar hardware, that employees use for work. It is the mechanism that lets IT enforce security policies on a phone in someone's pocket without needing to touch it.

The Problem MDM Solves

Phones are different from laptops. They are more portable, easier to lose, more likely to be used for personal activity alongside work, and harder to control without specialized tools. They are also increasingly used to access sensitive systems: email, internal apps, communication platforms, cloud storage. An unmanaged phone with access to corporate email is a risk. If it is lost or stolen, the data on it may be accessible to whoever finds it. MDM addresses this by enforcing encryption, requiring PINs, and making it possible to remotely wipe a device if needed.

What MDM Controls

Enrollment and Provisioning

Devices are enrolled into the MDM system either by IT during setup or by the employee through a self-service workflow. Once enrolled, the device receives a configuration profile that applies the organization's security policies.

Policy Enforcement

MDM can require a minimum PIN length, enforce screen lock timeouts, mandate encryption, restrict which apps can be installed, block access to certain features like copying data to personal apps, and prevent the camera from functioning in sensitive environments.

Application Management

IT can push approved apps directly to devices and remove them when an employee leaves without touching the device. This is especially useful in BYOD (bring your own device) environments, where the goal is to manage the work container without touching personal data.

Remote Wipe

If a device is reported lost or stolen, IT can trigger a full wipe (erasing everything) or a selective wipe (removing only work-related data and profiles) remotely. This is one of the most important capabilities MDM provides.

BYOD vs. Corporate-Owned Devices

MDM policies look different depending on who owns the device. Corporate-owned devices can be fully managed where IT controls the entire device. Personally owned devices require a more careful approach: employees are understandably reluctant to give IT full control over their personal phone. Modern MDM solutions handle this with work profiles that separate personal and professional data. IT can manage and wipe the work profile without ever accessing personal apps, photos, or messages. Getting this boundary right is the difference between employee acceptance and widespread refusal to enroll.

Related terms

Browse adjacent topics in the same workflow area.

Unified Endpoint Management (UEM)Endpoint ManagementIdentity and Access Management (IAM)

Share this term

Copy a direct link for your team or documentation.

Explore more glossary terms

Keep exploring the glossary without leaving the section.

SaaS Cost Optimization

Strategies and practices to reduce SaaS spending while maintaining necessary functionality and service levels. This includes identifying unused licenses, eliminating duplicate applications, and negotiating better vendor terms.

SaaS Management

The practice of managing, optimizing, and governing an organization's SaaS application portfolio. It addresses challenges like shadow IT, license waste, and security risks by providing visibility and control over the entire SaaS ecosystem.

Shadow IT

Technology solutions used within an organization without explicit IT department approval or knowledge. While often driven by productivity needs, shadow IT poses significant security, compliance, and cost risks that must be addressed.

Zero-Touch Deployment

Automated device setup and configuration requiring minimal or no IT intervention. Devices ship directly to end users and configure themselves upon first boot, connecting to management systems automatically.