Mobile Device Manager Cloud

MDM cloud is SaaS version of the MDM on-premises version. With MDM cloud, all you have to do is register the product and you are all set to manage the mobile device. The data and server configuration is managed by Zoho.

ManageEngine Security Practices, Policies & Infrastructure for MDM Cloud

Security and data protection are paramount for us. We take security very seriously and have developed a comprehensive set of practices, technologies and policies to help ensure your data is secure.
If you are currently maintaining your data on personal computers or your own servers, the odds are that we offer a better level of security than what you currently have in place.
This document outlines some of the mechanisms and processes we have implemented to help ensure that your data is protected. Our security practices are grouped in four different areas: Physical Security; Network Security; People Processes and Redundancy and Business Continuity.

Features

Physical Security
Our data centers are hosted in some of the most secure facilities available today in locations that are protected from physical and logical attacks as well as from natural disasters such as earthquakes, fires, floods, etc.
  • 7x24x365 Security.
    The data centers that host your data are guarded seven days a week, 24 hours a day, each and every day of the year by private security guards.
  • Video Monitoring.
    Each data center is monitored 7x24x365 with night vision cameras.
  • Controlled Entrance.
    Access to the ManageEngine MDM Cloud data centers is tightly restricted to a small group of pre-authorized personnel.
  • Biometric, two-Factor Authentication.
    Two forms of authentication, including a biometric one, must be used together at the same time to enter a ManageEngine MDM Cloud data center.
  • Undisclosed locations.
    ManageEngine MDM Cloud servers are located inside generic-looking, undisclosed locations that make them less likely to be a target of an attack.
  • Bullet-resistant walls.
    ManageEngine MDM Cloud servers are guarded safely inside bullet-resistant walls.
Network Security
Our network security team and infrastructure helps protect your data against the most sophisticated electronic attacks. The following is a subset of our network security practices. These are intentionally stated in a very general way, since even knowing what tactics we use is something hackers crave. If your organization requires further detail on our network security, please contact us.
  • Secure Communication.
    All data transmission to ManageEngine Cloud services are encrypted using TLS 1.2 protocols, and we use certificates issued by SHA 256 based CA ensuring that our users have a secure connection from their browsers to our service. We use the latest and strong ciphers like AES_CBC/AES_GCM 256 bit/128 bit keys for encryption, SHA2 for message authentication and ECDHE_RSA as the key exchange mechanism
  • IDS/IPS.
    Our network is gated and screened by highly powerful and certified Intrusion Detection / Intrusion Prevention Systems.
  • Control and Audit.
    All accesses are controlled and also audited.
  • Secured / Sliced Down OS.
    ManageEngine MDM Cloud applications run inside a secured, sliced-down operating system engineered for security that minimizes vulnerabilities.
  • Virus Scanning.
    Traffic coming into ManageEngine MDM Cloud Servers is automatically scanned for harmful viruses using state of the art virus scanning protocols which are updated regularly.
People Processes
Designing and running data center infrastructure requires not just technology, but a disciplined approach to processes. This includes policies about escalation, management, knowledge sharing, risk, as well as the day to day operations. ManageEngine MDM Cloud's security team has years of experience in designing and operating data centers and continually improves our processes over time. ManageEngine MDM Cloud has developed world class practices for managing security and data protection risk.
  • Select Employees.
    Only employees with the highest clearance have access to our data center data. Employee access is logged and passwords are strictly regulated. We limit access to customer data to only a select few of these employees who need such access to provide support and troubleshooting on our customers' behalf.
  • Audits.
    Audits are regularly performed and the whole process is reviewed by management
  • As-Needed Basis.
    Accessing data center information as well as customer data is done on an as-needed only basis, and only when approved by the customer (i.e. as part of a support incident), or by senior security management to provide support and maintenance.
Redundancy and Business Continuity
One of the fundamental philosophies of cloud computing is the acknowledgment and assumption that computer resources will at some point fail. We have designed our systems and infrastructure with that in mind.
  • Distributed Grid Architecture.
    ManageEngine MDM Cloud services run on a distributed grid architecture. That means a server can fail without a noticeable impact on the system or our services. In fact, on any given week, multiple servers fail without our customers ever noticing it. The system has been designed knowing that server will eventually fail - we have implemented our infrastructure to account for that.
  • Power Redundancy.
    ManageEngine MDM Cloud configures its servers for power redundancy – from power supply to power delivery.
  • Internet Redundancy.
    ManageEngine MDM Cloud is connected to the world –and you- through multiple Tier-1 ISPs. So if any one fails or experiences a delay, you can still reliably get to your applications and information.
  • Redundant Network Devices.
    ManageEngine MDM Cloud runs on redundant network devices (switches, routers, security gateways) to avoid any single point of failure at any level on the internal network.
  • Redundant Cooling and Temperature.
    Intense computing resources generate a lot of heat, and thus need to be cooled to guarantee a smooth operation. ManageEngine MDM Cloud servers are backed by N+2 redundant HVAC systems and temperature control systems.
  • Geo Mirroring.
    Customer data is mirrored in a separate geographic location for Disaster Recovery and Business Continuity purposes. Please note geo mirroring is available on select products and plans.
  • Fire Prevention.
    The ManageEngine MDM Cloud data centers are guarded by industry-standard fire prevention and control systems.
  • Data Protection & Back-up.
    User data is backed-up periodically across multiple servers, helping protect the data in the event of hardware failure of disaster.
Security Certifications
  • ISO/IEC 27001
    is one of the most widely recognized independent international security standards. This certificate is awarded to organizations that comply with ISO's high global standards. ManageEngine has earned ISO/IEC 27001:2013 certification for Applications, Systems, People, Technology, and Processes.
  • SOC 2
    ManageEngine is SOC 2 Type II compliant. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's Trust Services Principles criteria.

FAQ MDM Cloud

1What is the difference between MDM Cloud and MDM on-premises?
MDM cloud is SaaS version of the MDM on-premises version. With MDM cloud, all you have to do is register the product and you are all set to manage the mobile device. The data and server configuration is managed by Zoho. Whereas in the case of the on-premises version you have to install the application and configure along the network setup to manage the mobile devices.
There is almost no difference in the feature set that is offered with MDM.
2Does MDM support migration from Cloud to On-Premises?
No, MDM doesn't support migration from Cloud to On-Premises. Everything from uploading APNs, enrolling devices to distributing apps and/or profiles has to be done again for MDM On-Premises.
3I do not want to create a new account to be created for every device enrolled in MDM Cloud. Is there any other alternative type of enrollment?

To avoid using invites, you can prefer Self Enrollment, where the users enroll the devices themselves and Admin enrollment. Admin enrollment as the name suggests, is a type of enrollment where the enrollment process is carried out by the Admin. The other advantage with Admin enrollment, is that the process is automated, requiring minimum user intervention and/or admin action. MDM supports the following types of Admin enrollment for Android:

The following types of Admin enrollment is supported in iOS:

4How do I send Android device logs to MDM Cloud support?

You can compile the Android logs from the device, either using MDM app or without using MDM app and mail it to MDM Cloud support team(mdmcloud-support@manageengine.com)

Without using MDM app

Using MDM app

Without using MDM app

  • Navigate to Agent Log Directory. /memdm/agent/logs
  • The file mdm*.txt contains the agent logs.
  • Kindly zip these files and send it to mdmcloud-support@manageengine.com

Using MDM app

The other option is to send the logs directly from the MDM app. Open the MDM app, click on the horizontal blue bar at the top 5 times.

Provide logs@memdm as password and then specify the issue details. Click OK to send the logs.

5How do I send iOS device logs to MDM Cloud support?

You can compile the iOS logs from the device, using MDM app and mail it MDM Cloud support team(mdmcloud-support@manageengine.com)

  • Open the ME MDM App in the managed device.
  • Navigate to Support tab.
  • Select Collect logs. A notification is shown when the logs are successfully compiled. These logs get automatically mailed to the Cloud support team.
6Why am I unable to sign up with MDM Cloud service?

When trying to sign up, you encounter an error stating you are part of another organization such as "Access denied for this service. Please contact your Org () administrator [admin@org.com], it implies you are already a registered user as your organization has registered for Zoho Services. There is a super admin assigned for Zoho Services, who is the only who can sign up for any other Zoho service including MDM Cloud. If the super admin has signed up for Zoho services, you may request the super admin to add yourself as a technician to use MDM Cloud. In case you want to try MDM Cloud, you can use an alternate e-mail address to sign up and use the service. If you get redirected to https://mdm.manageengine.com/enroll.do, then you may request the super admin to add yourself as a technician to use MDM Cloud.

7What are the pre-requisites for enrolling a device in MDM Cloud?
  • The URLs mdm.manageengine.com and transmail.net must be white listed for enrolling a device in MDM Cloud.
  • If you're enrolling devices through invitation, ensure these two e-mail addresses: noreply@notifications.mobiledevicemanagerplus.com, noreply@zohoaccounts.com,  and noreply-mdmcloud@manageengine.com must be white listed as well. If users don't have a Zoho account, they receive two mails. The former is used for sending join the organization mail(for creating Zoho account) and the latter is used for mailing the enrollment request. Modify the mail spam filter to ensure these mails don't fall into spam. If the user already has a Zoho account, only the enrollment request is sent.
  • Create a Zoho account using e-mail and then follow the instructions provided in the enrollment request to enroll your device to MDM Cloud.
8I want to change the e-mail address with which I signed up on MDM Cloud. How to do that?
  • Open this link and sign in with the Zoho account if need be.
  • Specify the new e-mail address.
  • A verification mail is sent to the new e-mail address.
  • Once verified, MDM automatically updates the new e-mail address.

In case you need to make a secondary e-mail address as primary, click on the mail icon present against the mail address. This makes the selected e-mail address as primary.

In case you want to change the e-mail address of any technician, you follow the same process to change the e-mail address of the technician,
9One of my organization users signed up with MDM Cloud, instead of enrolling the device. How to have the device enrolled?
  • Open this link and sign in with the Zoho account, if need be.
  • Click on Delete Organization present under Dashboard
  • Click on Delete to remove the user-created MDM account. Note that, this also removes all the Zoho services which has been configured with this account. If the user is utilizing Zoho services for personal use, this also gets deleted. If the user is unsure about the services being used with the Zoho account, contact support(mdmcloud-support@manageengine.com)
  • After the account is deleted, sign out of Zoho Accounts and close the browser window.
  • Follow the instructions specified in the enrollment mail, to proceed with the enrollment.
10Why do I get a page titled "Welcome to Device Enrollment", when I try to access MDM Cloud or try enrolling a device?

If this page is displayed when trying to enroll a device, ensure your accessing the appropriate enrollment URL from the device to be enrolled.
If this page is displayed when trying to access MDM Cloud, ensure your MDM Cloud admin has added you as a user.

Edition Comparison Matrix

Standard, Professional and Free edition Cloud
Feature Standard Professional Free
Suitable for Suitable for All Round Mobile Device Management Managing upto 25 mobile devices
Device Enrollment
Apple Business Manager
Apple Configurator
Samsung KNOX Enrollment
EMM Token Enrollment
Zero Touch Enrollment
NFC Enrollment
Chromebook Enrollment
Windows 10 Enrollment
Azure Enrollment (AutoPilot)
Profile Management
Wi-fi
VPN
Per-App VPN
Kiosk Mode
Restrictions
Web Content Filtering
E-mail
Exchange ActiveSync
Enterprise SSO
Certificates
Device Functionality Restrictions
Content Distribution
FileVault Encryption
App Management
Apple Business Manager
Android for Work
Windows Store for Business
Chrome Web Store
Blacklisting Apps
Security Management
Remote Alarm
Geo-tracking
Remote Lock
Remote Wipe
Find My Phone
Reset Passcode
Remote Control
E-mail Management
Conditional Exchange Access
E-mail Attachment Viewer
Reports and Audit
Pre-defined Reports
Query Reports
Scheduled Reports
Miscellaneous
Active Directory Authentication
Two Factor Authentication
Role based Access Control
OS update management

Customer Success Story

  • Customer Prodata
    I see OpManager as a valuable tool to provide complete network system and application monitoring at an affordable price. I found it very user-friendly, easy to deploy, and overall a comprehensive network monitoring and management tool.
    IT General Manager
    PT. Indopoly Swakarsa Industry Tbk.
  • Prodata sistem teknologi
    After deploying ADSelfService Plus, the support calls dropped by 30 percent and now our help desk team have time to focus on other important tasks. Our employees are happy because they have a solution to help them deal with password troubles on their own!
  • Prodata sistem teknologi
    ADManager Plus has good reporting features, connects to all parts of AD, and other information systems easily. Its ability to allow the other members of the IT team to perform any AD management or reporting operation, securely and easily, from the console is yet another advantage of the product.
  • ManageEngine Desktop Central is a product that combines many facets of IT management into a single product that unbelievably simple to use.  Desktop Central not only saves time and effort but also lower costs by placing many tools in one place, which results in an easier IT life and automates IT inventory management.
    Andri Lesmana Wanasurya, S.T., M.T. (CIO)
    Atma Jaya Catholic University of Indonesia, Jakarta