Anyone using MDM?

Are any MSPs using MDM for their clients?
Does it work well?

​​

I tried MDM for Android but my customers are scared by the amount of authorizations the app (or better Android) requires to full manage the device. In my opinion nowdays the phone is like a personal place and they don’t trust me so much to give me full access to of their device and the GDPR makes the thing more complicated.

Also after enrolled an android device and installed the MDM app, it keeps on asking for full permission every few seconds (preventing the client from doing anything else) until he doesn’t enable all permissions and this is annoying because in some cases the android devices of the clients have some features turned off to safe on battery so he is can’t enable that permission.

Last, the email sent to the client to install the app contains a not working link to Google Play, at least on my last trying. See:

https://play.google.com/store/apps/d…com.itarian.em

Its battery usage is so bad im not sure how anyone can use it regularly. Also ran into the privacy/permission issue. Unless the devices are owned by the employer/business, MDM really doesnt work for employee’s personal devices. That means for IT that you have to put in a good acceptable use policy along with a segmented network for personal devices (DMZ), perform any filtering you can at the edge level (network/firewall), or just not allow personal devices. Thats why I think most go the route of providing mobile devices if possible, so control can be maintained. I dont blame people, I wouldnt feel comfortable with MDM on my personal device either.

I tried it on my own Samsung mobile.
Lots of scary permission requirements.

Then it promptly deleted a load of my apps.

swiftly uninstalled.

I tried it on my own Huawei Mate Pro mobile.But in the last days i wont to use Telegram / Message from MDM : According to the established policies you do not have access to “Telegram” application.

What can I do?

We had to remove it from our Android phones due to it draining the battery and resources.

We’re evaluating it. The battery usage is fine for us but we can’t get the client certificate install to work. Anyone have an openssl command that generates a valid *.crt or experience with the certificate capability on a non-Samsung Android 10?

Hello @fltr

Could you please extend on what purpose you are trying to generate certificate for non-Samsung devices? Are you having trouble adding the certificate on Anrdoid profiles -> Certificates section or is it a problem about generating a certificate?

Best regards,
Ilgaz

We figured it out. Android 10 removed support for Device Manager: https://developers.google.com/androi…in-deprecation

We needed to either factory reset the device to enroll via Android For Work (afw) or sideload via ADB, then the certificate showed up.