Businesses of all sizes are exploring how mobile devices can benefit their operations. Unfortunately, not all plan for how they will deploy, manage, secure, and maintain mobile devices so they can see the greatest ROI.
Mobile device management (MDM) solutions allow you to automate device management and provide much-needed visibility into device status and location to minimize downtime and keep your client’s network secure.
To help you evaluate mobile device management software for your clients, we invited mobile device management software vendors to share details about their products. The companies that provided information for this product comparison are:
- Citrix: Citrix Endpoint Management, formerly XenMobile
- SOTI: SOTI MobiControl
- VMware: VMware Workspace ONE
In the coming months, we’ll be adding additional solutions from vendors that didn’t make the deadline for this first comparison post.
Note: XaaS Journal product comparisons aren’t about rating products or choosing “the best.” And they aren’t paid listings or ratings that some websites publish. Our objective, as always, is to provide VARs and MSPs with unbiased resources to help them make the best decisions for their clients and their businesses.
We also recognize that each business is unique, so different solutions may offer higher value to different clients. We’ve organized information provided by the vendors by features so it will be easier for you to compare and contrast them. For more information provided by the vendors, download our “Mobile Device Management Solutions” comparison spreadsheet.
Compatibility with Mobile and Desktop Platforms
It’s vital that the MDM solution you choose supports the platform — or platforms – used throughout your client’s organization. Mobile and desktop platforms supported by the products in our comparison include:
- Alexa for Business
- Android OS
- Android Enterprise
- Samsung Knox
- Chrome OS
- Windows 10
- Citrix Workspace Hub
- Android (legacy and Android Enterprise)
- Samsung KNOX
- Windows Phone 10
- Windows CE 7
- Windows Mobile 5, 6.1, 6.5
- QNX 6.5
Mobile devices are everywhere. Your client’s employees may be using them to communicate with the office when they’re on the road, transmit payment or personal data, or access applications and data when working remotely. Mobile devices can provide a business with capabilities that can help them operate more efficiently and elevate the quality of customer service — but they can also create security risks if not managed properly. Here are some of the security features the products in our comparison offer:
Citrix provides device-level encryption and app-level encryption, and customers can enable a combination of the two. Secure Hub, an agent on the device, leverages its unique token to decrypt the package and retrieve its unique cryptographic random numbers, which will be used in the generation of the AES keys for the device. Secure Hub protects these variables in its encrypted keychain for later use as needed. The server provides random numbers, the device ID, and other unique values that are used in the AES key generation.
Citrix also enables role-based access control (RBAC), with four roles available by default:
- Administrator (full access)
- Device user (enrollment and self-help portal only)
- Support (Support access only)
- Device Provisioning (bulk provisioning
Admin and user events are audited and tracked in audit logs, which can stream to Syslog for integration with SIEM tools. Citrix also offers REST APIs that can be used to aggregate logs with third-party tools.
All transmitted data is secured using TLS. Further configuration of exact TLS versions and cyphers is possible based on security needs. For cloud deployment, AES-256 encryption algorithms are used to secure data at rest.
SOTI MobiControl also has default roles (user groups) with a predefined set of permissions. Additional roles can be created to fit business and operational needs. These roles can be assigned to local users and directory (LDAP, AD) user groups.
System, user and security logs are available and can be downloaded directly from the SOTI MobiControl web console. Additionally, SOTI MobiControl can be configured to send the logs an external Syslog server.
Workspace ONE encrypts data in use, at rest and in transit. Email attachments, content and media are encrypted. Workspace ONE technologies are FIPS 140-2 compliant. Additionally, Workspace ONE can enable native encryption services from Apple, Google, Microsoft and others across mobile and desktop operating systems.
For Windows desktops, Workspace ONE also features full BitLocker encryption lifecycle management. Admins can encrypt an entire hard disk, system volume, or used space; and use multiple encryption methods: AES CBC 128/256bit, XTS AES 128/256bit. For macOS, Workspace ONE can enable filevault2 encryption, which is XTS AES 128bit encryption with a 256bit key.
Workspace ONE features both user and admin roles for RBAC. Standard roles allow for access only to the portions of the console or workflows that match a user’s persona within a company and their industry. Workspace ONE UEM has packaged default roles and 1100+ unique permissions. All permissions are available to define custom roles.
In addition, all administrative and device actions are stored in the Event Log of the Admin Console. A user can view the events from the Workspace ONE UEM Console and also export event logs as .csv files. Workspace ONE integrates with SIEM tools by sending event logs using the Syslog protocol.
Certain events such as device wipes are subject to an additional security auditing framework. If a certain threshold of changes is exceeded in a period of time, subsequent wipes can be held for admin approval.
Additional Security Features
|Mandatory password protection||x||x||x|
|VPN configuration and management||x||x||x|
|Wi-Fi configuration and management||x||x||x|
|Secure web browser||x||x||x|
|Device compromise detection||x||x||x|
|Encrypted email messages||x||x||x|
|Single sign-on support||x||x||x|
|Behavioral biometric authentication||x|
Key Enterprise Application Integration
The ability to integrate mobile device management software with other business applications can benefit your clients with added efficiency, time-savings, and greater productivity. Integrations available for the products in our comparison include:
- Active Directory
- Azure Active Directory
- Derived Credentials
- Microsoft Exchange
- Citrix Cloud
- Citrix Workspace
- Microsoft 365
- line of business applications
- Active Directory
- Azure Active Directory
- Email (Microsoft Exchange, IMAP and POP3)
- SAML 2.0
Directory Services: Active Directory, Azure Active Directory, ADFS, Lotus Domino, Novell e-Directory, Okta, Ping Identity, Oracle, Centrify, CA, other LDAP
Certificate Authorities: Microsoft ADCS, Generic SCEP, Verisign, Symantec, OpenTrust, Entrust, Secure Auth, RSA, Global Sign, JCCH Gleas, EJBCA
Email Services: Microsoft Exchange, Office 365, Gmail, Novell GroupWise, Lotus Traveler
MDM: Apple Business Manager (DEP, VPP), Apple School Manager, Apple Configurator, Android for Work, Microsoft Graph API
Trust Network: Integration to mobile and desktop security partners including Carbon Black, Lookout, Netskope, etc.
Client Management Tools:Microsoft System Center Configuration Manager, Flexera AdminStudio, Dell Client Command Suite, Adaptiva OneSite, HP TechPulse for DaaS offering
Service Management Tools: ServiceNow; we do offer integrations through SMTP and API calls with various other Service Desk tools.
The Citrix Endpoint Management cloud offering is offered as a bundled termed subscription and must be licensed to the same set of users. Price includes both entitlement to the service as well as support services (CSS) for the duration of the term. License entitlement is offered per device or per user.
Users have their choice of:
- Citrix Endpoint Management MDM: mobile device management, enterprise app store
- Citrix Endpoint Management Advanced: Citrix Endpoint Management MDM features, plus mobile app management, Micro-VPN, Citrix Secure Apps, and Integration with Microsoft EMS/Intune
- Citrix Endpoint Management Enterprise: Citrix Endpoint Management MDM and advanced features, plus advanced content collaboration service
The Citrix Endpoint Management on-premises offering is also available as a perpetual offer with license entitlement offered per device or per user.
SOTI MobiControl’s pricing structure is defined per device per month.
Workspace ONE is available as both per user and per device subscription licensing. Perpetual licensing and support is also available for on-premises customers. The available features vary based on whether the customer purchases Workspace ONE Standard, Advanced or Enterprise tiers. The lowest tiered offer that includes unified endpoint management (UEM) features are available in Workspace ONE Standard, which starts at $3.78/device/month. For SMB/mid-market customers, a low-cost per-device MDM offer is also made available as AirWatch Express priced at $2.68/device/month.
What Makes Each MDM Software Product Stand Out Among the Competition?
In addition to asking vendors for information about specific features of their solutions, we also gave them the opportunity to tell you what makes their products unique. The responses from the mobile device management vendors in our comparison follow:
“Along with an MDM solution, we provide a full-feature UEM platform that integrates with existing Citrix infrastructure, as well as our Citrix Workspace solution to provide VPN/remote access, enterprise file sharing, mobile content management, app virtualization and desktop virtualization delivery. We also offer support for a broad range of endpoints: laptops, desktops and IoT devices. This includes the Citrix Workspace Hub which enables management and delivery of a full virtualized desktop from a raspberry pi.
We offer a MAM-only solution for BYO scenarios, so IT can manage on an app-level, as well as, highly rated enterprise-grade productivity suite of applications that include mail, web and content and collaboration.
We are first to market with Microsoft EMS/Intune integration. Our integration with EMS/Intune leverages the Microsoft Graph APIs. Most of these integrated capabilities in support of our better together with Microsoft strategy. This integration adds value for customers using Intune and provides additional security and productivity benefits to both EMS/Intune/Office 365 and Citrix Endpoint Management customers.”
In 2018, Citrix landed Leader positions in three IDC MarketScape reports focused on mobility solutions:
- The Worldwide Unified Endpoint Management Software 2018 Vendor Assessment
- The Worldwide Enterprise Mobility Management Software 2018 Vendor Assessment
- The Worldwide Enterprise Mobility Management Software for Ruggedized/IoT Device Deployments 2018 Vendor Assessment
Citrix was also ranked as a leader in Unified Endpoint Management solutions by independent research firm Forrester Research, Inc. in a report titled: The Forrester Wave™: Unified Endpoint Management, Q4 2018, The 12 Providers that Matter Most and How They Stack Up.”
“SOTI MobiControl differentiates itself by offering built-in remote control that supports over 170 device manufacturers, HTML-based advanced kiosk mode, polygon-based geofencing, flexible app (package) deployment, and Android+ technology that offers extended management capabilities on Android Enterprise.”
“Workspace ONE UEM continues to establish itself as a market leader and innovator within the MDM space, especially as today’s workforces expand their IT perimeter beyond the office. Over the past year, VMware has continued to deliver on new solutions that differentiate Workspace ONE UEM as the industry’s digital workspace platform of choice from both an IT and employee perspective. From apps to mobile devices to PCs, Workspace ONE UEM provides employees with single, secure console to access their most critical business apps and devices across all their platforms, including Windows, macOS, Chrome OS, iOS, and Android. And on the back end, Workspace ONE UEM also provides IT with the tools they need to deliver an always-on, automated and on-demand workspace environment with greater flexibility and lower costs while providing an intuitive, secure experience for all employees, both inside and outside of the office.
Workspace ONE UEM was recently recognized as a Leader in the unified endpoint management solution space by analyst firms Forrester, IDC and Gartner. Workspace ONE UEM positioned highest in both Capabilities and Strategies in the 2018 IDC MarketScape for Unified Endpoint Management Software report. Additionally, Workspace ONE UEM was positioned highest in both Ability to Execute and Completeness of Vision in the inaugural 2018 Gartner Magic Quadrant for Unified Endpoint Management Tools report.
Workspace ONE UEM can also be used to manage devices beyond mobile phones including PCs, rugged and IoT devices. VMware believes that customers benefit from having a single platform to manage all devices, which is why we’ve architected Workspace ONE UEM the way it is. We are working with many of our customers to take them through the journey of mobile device management (MDM) to enterprise mobility management (EMM) to unified endpoint management (UEM), and Workspace ONE UEM can serve as the modern management platform for all these use cases.”
Throughout the comparison, it’s apparent that MDM isn’t a stand-alone solution. It’s meant to be used as a part of a security suite, integrated with business applications, and, of course, used to support the business’ mobile devices themselves. You have a viable opportunity to offer MDM as a part of a broader scope of services that supports all of your clients IT needs. You will not only become a more valuable business partner for your clients but also grow your business with additional sources of recurring revenue.
If you’d like more information on mobile device management solutions or you’d like XaaS Journal to provide additional insights on how providing MDM as a Service can make a positive impact on your business, please reach out. We welcome your feedback.