barscaret-downcaret-leftcaret-rightcaret-upcheckchevron-leftchevron-rightfile-pdfinfoinfo-circlesign-in-altsignin text-widthtimesyoutube
Blog
3 min read

Miradore Best Practices to Know

AndroidiOSMiradore Best PracticesWindows

3 min read

Andreas Handler

By Andreas Handler

One of the most frequent inquiries we get from our customers is how to get the most out of Miradore. While we'll share some general tips here, every organization is unique — the specific practices you adopt will depend on your setup. We encourage you to review the examples below and implement them where they align with your needs.

Mobile operating systems

Android—It’s important to choose the right management mode:

1. Work Profile is used ...

    1. If the device needs to be managed, but cannot be reset
    2. If it’s a private device on which a separate workspace is to be installed (private/business separation)
    3. If it’s a company device, but you want to ensure that it’s not possible to access the device remotely (remote wipe)

2. Device Owner Mode also known as Fully Managed is used ...

    1. If the device is owned by the company and is used exclusively for professional purposes
    2. If the device will be severely restricted (for example, only certain apps should be allowed on the device)
    3. If a device is to be switched to (Multi/Single) App Kiosk
    4. If the device was enrolled via Knox Mobile Enrollment or Android for Enterprise Zero Touch and is set up largely independently - without a workspace

3. Fully Managed with Work Profile is used ...

    1. If the device is owned by the company and is intended for both business and private use (private/business separation)
    2. If access to the private segment is needed to perform a remote wipe
    3. If the device was enrolled via Knox Mobile Enrollment or Android for Enterprise Zero Touch and needs to be set up largely independently - with workspace

Depending on the management mode, different functions are available. One important aspect about the Work Profile mode is that device management can be removed anytime by the device user.

Installing APKs is not possible for Fully Managed + Work Profile or Work Profile modes. Basically, configurations like restrictions affect only the managed space. For example, banning screenshots will have full effect on a fully managed device, whereas on a device with a Work Profile, the restriction only applies when an app from the workspace is opened.

 

Miradore - blog image break

 

iOS—It’s important to purchase the devices from a suitable partner to enable the appropriate management mode. Business devices should be registered in Apple Business Manager, ideally by the salesperson. Subsequent registration is possible via Apple Configurator on Mac or iPhone running iOS16 and up.

1. Profile installations offer a limited range of functions and are used when:

    1. It is a private device
    2. Devices belong to the organization but cannot be reset

2. Supervised from DEP/ADE—which is part of Apple Business Manager—provides full functionality …

    1. For devices belonging to the organisation
    2. For devices that should continue to be managed by the user
    3. For devices that should be switched to single app kiosk mode

The scope of functionality varies depending on the management mode. It should be noted that it is possible to separate company/private in both modes. However, controlling updates, a variety of restrictions, and location tracking (iOS Lostmode) in case of loss or bypassing an activation lock is only available with Option 2 (Supervised).

Other standards:

1. Use a Business Policy to define a standard policy that covers the minimum for all devices. Link these to standard tags, such as “dep”, “Device Owner”, “Profile Owner” or “FM+WP”

A standard Business Policy usually includes basic safety requirements, such as ...

    1. Passcode/PIN code length or behaviour in case of incorrect entry (recommended to delete after 10 incorrect entries)
    2. Standard WiFi
    3. Contacts
    4. Standard Apps

2. Use Business Policies to define departments or groups for users to distribute apps, configurations, etc.

3. Use apps that support managed configurations from vendors you trust, for example, mail clients from Microsoft, Apple, Google and Samsung.

4. Each user should be assigned only the devices he uses. Please note that, a maximum of 10 devices per user is allowed when using Android devices.

5. Regularly check the usage (online status) of devices.

6. Regularly check the operating system version (iOS/Android) or patch level (Android).

7. Check the storage usage for replacement purchases to reduce your expenses.

Desktop operating systems

    • If possible, select Full management for Windows and enrollment through DEP for macOS.
    • Use patch management.
    • Regularly check the usage (online status) of devices.
    • Check the operating system versions regularly.

Mobile device management isn’t always easy but Miradore is here to simplify the process, empowering you to manage your devices in a smarter way. Ready to experience the Miradore difference?

Andreas Handler Author background

by Andreas Handler

Andreas works as a Senior Technical Consultant and Customer Success Manager at Miradore. He has been part of the Miradore family since 2016 and is passionate about providing value to organizations by showing them how to increase efficiency with Mobile Device Management. Outside of work, you might find him bouldering or playing volleyball.

LinkedIn

Get started with Miradore

Take control of your mobile devices today with Miradore’s MDM solution. You can get started for free and try out the Premium+ features with a 14-day free trial — or explore our Showroom with a virtual device fleet.

No credit card needed.

Get started now See plans & pricing