RFI Template for Enterprise MDM Solutions - Template for Enterprise MDM Solutions. MDM SOLUTION ... A secure mobile device management solution is an integral part

Download RFI Template for Enterprise MDM Solutions -   Template for Enterprise MDM Solutions. MDM SOLUTION ... A secure mobile device management solution is an integral part

Post on 19-Mar-2018




3 download

Embed Size (px)



    2012 Zenprise, Inc. 1

    RFI Template for Enterprise MDM Solutions


    2012 Zenprise, Inc. 2

    About This RFI Template

    A secure mobile device management solution is an integral part of any effective enterprise mobility program.

    Mobile devices are similar to other endpoints in the enterprise and require similar security as corporate issued

    desktops and laptops. Many businesses are also subject to regulatory requirements and compliance standards

    that drive the need for specific mobile security capabilities. Enterprise mobility is a fast evolving area and with a

    crowded field of products and solutions from several vendors, businesses have to choose carefully to pick the

    correct solution that will not only address their needs today but also those of the future. Not all MDM solutions are

    created equal. There are several products that offer basic management of devices and inventory. Others support

    only a limited range of features on some platforms. Very few solutions offer a full complement of capabilities that

    address enterprise mobile security, availability, and manageability requirements. This document provides

    guidelines on key requirements that should be addressed by an MDM solution.

    The requirements for MDM solutions are grouped into the following categories:

    1. Core MDM capabilities

    2. Simplicity of MDM solution for administrators and end-users

    3. End-to-end security and compliance

    4. Enterprise-grade architecture

    5. Best-in-class support, services and training


    2012 Zenprise, Inc. 3

    1 Core MDM Capabilities

    1.1 Delivery Model:

    1.1.1 Solution should provide deployment options that fit the business model and budget, with cloud

    and on-premises options, as well as a hybrid option with a mix of cloud solution and back-end

    integrations with LDAP, PKI, and application servers, as well as subscription options.

    1.1.2 How does the solution handle the BYOD (bring your own device) trend in enterprises?

    1.2 Integration with Systems and Services:

    Solution must be able to integrate with the standard application, collaboration and email platforms.

    1.2.1 Explain how the solution integrates with the following systems:

    Active Directory (direct integration for not just authentication, but also role and group data)

    Microsoft Exchange Server / ActiveSync for securing access to corporate email/calendar.

    PKI and certificate systems for two-factor authentication and single sign-on

    Security Information and Event Management (SIEM) Systems for advanced correlation, re-

    porting, and incident forensic analysis

    Asset management or configuration management databases

    1.2.2 Explain how the solution provides additional functionality over and above what is available with

    Microsoft Exchange ActiveSync (EAS) Direct OS-MDM API integration instead of relying

    only on ActiveSync policies.

    1.3 Provisioning:

    1.3.1 Explain the provisioning process for devices on different platforms iOS, Android, Sym-

    bian, and WindowsMobile. Is the enrolment process similar or are there platform specific


    1.3.2 Explain how the solution provides a secure registration process in which users and devices can-

    not partially register (e.g., register with the Microsoft Exchange server but not with the MDM).

    1.3.3 Explain how the solution performs a compliance check pre-enrollment, to ensure that jail-broken,

    rooted, or non-compliant devices can be enrolled into the system.

    1.4 Presence Awareness:

    1.4.1 Explain how the solution provides device status, tracking, and monitoring. Does it provide a full

    software inventory and a range of device statistics?


    2012 Zenprise, Inc. 4

    1.5 Platform Support:

    1.5.1 Provide a matrix of platforms and operating systems your service supports. At a minimum the so-

    lutions should support all of the major mobile OSes iOS, Android (including non-C2DM),

    Windows, Symbian, and Blackberry.

    1.5.2 Explain how the solution manages devices remotely per platform and operating system. What

    remote service and troubleshooting capabilities does it provide? Does it enable device service

    functions such as chat and remote control?

    1.6 Inventory Management:

    1.6.1 Explain how the solution captures and stores information about the user, device, user location,

    compliance, quantity, groups, device type, OS type, etc.

    1.6.2 Explain how the solution manages and enforces the number of devices and types of devices per

    user. Does the solution support the Apple VPP program to enable automated provisioning of

    volume licenses purchased from the Apple enterprise store?

    1.7 Security and Compliance Management:

    The MDM solution must have the capability to detect, block/allow, and report on devices that are not

    compliant with security requirements and policies. It must also enable IT to specify certain device

    compliance checks pre-enrollment. Device compliance checks must also include the following:




    Managed vs. unmanaged

    Compliant pc policy


    Application (blocking)

    Software (version)

    Firmware (version)

    1.7.1 Explain how the solution identifies, reports, and handles violations from the list of compliance cri-

    teria above.

    1.7.2 How does selective wiping and full wiping work?

    1.7.3 What kind of information logging and auditing capability is available for compliance audits?


    2012 Zenprise, Inc. 5

    1.7.4 Do you support application deployment to managed devices?

    1.7.5 Do you support selective wiping of Active-Sync information?

    1.7.6 How do you secure applications and over the air data exchanged with applications?

    1.8 Handling of Corporate Liable versus Individually Liable Devices:

    1.8.1 How does the solution identify corporate liable vs. individually liable devices? Does it enable us-

    ers to self-identify device ownership, or does it keep that in the hands of IT or security


    1.8.2 Does it allow import and automatic tagging of device ownership from an asset or configuration

    management database?

    1.8.3 Does the solution provide a secure container for secure distribution of corporate documents that

    can be time-expired?

    1.9 Reporting:

    1.9.1 Please provide a list of common reports that are available from the system.

    1.9.2 Can the system provide reports by the following parameters?

    By Device Count

    By Device Type

    By User Name and User Count

    By Carriers

    By OSes

    By Inventory

    By Status

    By Location/Region

    2 Simplicity for administrators and end-users

    IT administrators and security personnel are constantly under pressure to serve their internal customers

    efficiently. Every new task or activity adds incremental burden that causes costly additions of temporary

    personnel, resources, training needs or service-level challenges. Explain how the MDM solution addresses

    the following user experience criteria.


    2012 Zenprise, Inc. 6

    2.1 Deployment:

    MDM solutions should ease the IT administrators burden by making it simple to deploy policies and

    match them to user groups and devices.

    2.1.1 Explain the information architecture that is used store users, groups, policies and configurations.

    Can users be associated with multiple groups (e.g., can a user be part of West Coast, Man-

    agement and Sales, or is it a one-to-one mapping)?

    2.1.2 How many steps are required to deploy a new policy?

    2.1.3 How does the solution present the set of policy choices available by platform? How does it pre-

    vent selecting the wrong policy for a device type (e.g., Associating an Android policy to iOS)?

    2.1.4 How hard is it to change a policy once that policy has been mapped to user groups or deployed?

    Can you change the policy once and have the change reflected everywhere the policy is de-

    ployed, or do you have to change it everywhere its deployed?

    2.2 Active Directory/LDAP integration:

    Having up-to-date information in the MDM system is important for security. The system should allow the

    setting of policies and rules on the inheritance of policies across groups and users.

    2.2.1 Does the solution automatically handle the addition or removal of groups and users based Active

    Directory/LDAP changes?

    2.2.2 Does the solution provide support for certificate based authentication and two-factor authentica-


    2.2.3 Does the MDM solution offer true, real-time LDAP integration avoiding the need to manually add

    or remove users?

    2.2.4 Are changes seamlessly propagated to all intended user groups and devices?

    2.2.5 How soon can a change made in the Active Directory system be seen in the MDM administration


    2.3 Reporting Capabilities:

    2.3.1 Explain how the MDM solution supports generating reports to analyze data, performance and

    compliance reporting.

    2.4 Mix and match mobile configuration resources:

    One of the ways that MDM solutions can reduce the time and effort for administrative tasks is by

    allowing the reuse of p


View more >