3CX Mobile Device Manager review
If you run a small business your staff will probably want to use their own smartphones and tablets for work purposes. While this could reduce the company hardware budget, Bring Your Own Device (BYOD) arrangements can be risky. Staff could install compromised apps, for example, or lose a device containing your company’s valuable data.
The 3CX Mobile Device Manager (MDM) is a web-based service that can monitor, track and manage Android and iOS mobile devices and Windows 8 laptops, mitigating such risks. It's free for five or fewer devices, making it an appealing option for small businesses.
You control Mobile Device Manager through its web interface, and adding users to it is easy. You simply enter their name, phone number and the email address used to identify them and MDM will email them with instructions on how to set up the client on their device. In the case of Windows PC users, you’ll also need to enter their Windows username. You can even import a CSV file containing the required information to add multiple users in one go.
Once the users have been chosen, you must install the Mobile Device Manager app on the user's device and associate it with your company’s MDM account. In the case of iOS hardware, you’ll also have to assign a user to the device using the web portal, otherwise they’ll appear as an anonymous user. Users must enable GPS tracking in order for your company to use it.
You can manage everything from within a web browser
A LEGAL NETWORK
It's important that your users understand that control you’ll have over their devices as you’ll be able to erase the contents of the phone remotely should it be lost, or lock it to prevent access among other things. You can even force the device to encrypt all stored app data and disable the phone’s cameras.
The Mobile Device Manager’s tracking capabilities make it easier to locate stolen devices and give directions to lost staff, but the possibilities for infringing on users’ privacy is massive. It’s generally accepted that a company is within its rights to track its own assets such as vehicles, phones or computer hardware, but employees may not welcome tracking on their personal devices, especially after office hours.
In addition to wiping and finding devices, MDM also lets you view and control the applications that are installed on each system, install your own apps remotely, view the call history of some devices and create group policies.
Mobile Device Manager's main screen shows you how many users and devices are currently online and, if you have GPS tracking enabled, where they are. However, you’ll spend most of your time on the Device screen, the top half of which is occupied by a list of associated devices. Select one and tabs along the lower part of the screen show you its location, system information, installed apps, call history, configured email accounts and more. There’s also a Remote Control option, but this failed to work on any of our test devices.
A Group Policies node lets you apply rules to sets of devices; this is handy if you want the sales team to have different restrictions to the IT manager, for instance. Once you’ve created groups, you can roll out applications to all compatible devices, send them wireless network connection information and create group policies. Like individual device policies, which always take precedence, these allow you to control features such as GPS tracking and camera use on every device in the group. The Alerts node shows you who’s been violating your policies and you’re also emailed about policy violations.
The ability to install and uninstall apps en masse is particularly helpful, making it easy to send business-critical apps to every device in a group. Although iOS apps can be installed remotely, Android users have to approve all installation and deletion requests for their device manually. However, the iOS version can't delete apps that were present before the MDM client itself was installed. Despite these flaws, it’s still a far easier way to distribute apps to users than emailing links.
You can also create app blacklists, but they don’t actually prevent unwanted apps being installed. On Android, the offending app is put on the MDM client’s uninstall list for the phone’s user to approve. On iOS, blacklisted apps were added to the deletion list but then could not be removed at all via the remote interface after that. 3CX was unable to provide us with a full workaround for this, but you can delete apps from individual devices using the Remove Application option as long as you don't blacklist them first. The Policy tab for iOS devices also lets you disable the App Store, as well as Safari and iTunes, but measures such as this aren't suitable in a BYOD environment.
Receiving reports of policy violations makes it easier to educate staff, but if you’re blacklisting apps to prevent potential malware or security breaches, they aren’t sufficient. We’d like the app to inform users that an app they’re installing is blacklisted. The Windows 8 version of the MDM client lets you see what's installed and whether it's up to date, but it's for monitoring purposes only; you can't use it to prompt users to add or remove software.
IT'S IN THE MAIL
Mobile Device Manger also lets you remotely configure email accounts for the client device, making it easy to set up an office email account for each user. The same controls let you remove corporate email access when someone leaves the company. Android users get a free copy of AquaMail Pro; iOS doesn't require a third-party app. Only POP and IMAP email is supported. If you use Microsoft Exchange Server, you’ll have to rely on its own remote management and wiping capabilities.
If you only want to keep track of five or fewer devices, then you won’t have to pay a thing. Larger businesses can buy licenses on a sliding scale, from €124 (£105) per year for 10 devices and €1 (£190) per year for 25.
Mobile Device Manger doesn't cost much and makes it easy to monitor a wide range of devices. However, monitoring is the only thing it can be guaranteed to do consistently. While its other features have great potential, most are limited practically. We particularly wanted more effective controls to prevent the installation of unwanted apps. MDM is the first multiplatform device monitoring system we've seen and it costs nothing to try, but don't expect full control and management of client hardware.