Mobile Device Manager Cloud
ManageEngine Security Practices, Policies & Infrastructure for MDM CloudSecurity and data protection are paramount for us. We take security very seriously and have developed a comprehensive set of practices, technologies and policies to help ensure your data is secure.
If you are currently maintaining your data on personal computers or your own servers, the odds are that we offer a better level of security than what you currently have in place.
This document outlines some of the mechanisms and processes we have implemented to help ensure that your data is protected. Our security practices are grouped in four different areas: Physical Security; Network Security; People Processes and Redundancy and Business Continuity.
- 7x24x365 Security.
The data centers that host your data are guarded seven days a week, 24 hours a day, each and every day of the year by private security guards.
- Video Monitoring.
Each data center is monitored 7x24x365 with night vision cameras.
- Controlled Entrance.
Access to the ManageEngine MDM Cloud data centers is tightly restricted to a small group of pre-authorized personnel.
- Biometric, two-Factor Authentication.
Two forms of authentication, including a biometric one, must be used together at the same time to enter a ManageEngine MDM Cloud data center.
- Undisclosed locations.
ManageEngine MDM Cloud servers are located inside generic-looking, undisclosed locations that make them less likely to be a target of an attack.
- Bullet-resistant walls.
ManageEngine MDM Cloud servers are guarded safely inside bullet-resistant walls.
- Secure Communication.
All data transmission to ManageEngine Cloud services are encrypted using TLS 1.2 protocols, and we use certificates issued by SHA 256 based CA ensuring that our users have a secure connection from their browsers to our service. We use the latest and strong ciphers like AES_CBC/AES_GCM 256 bit/128 bit keys for encryption, SHA2 for message authentication and ECDHE_RSA as the key exchange mechanism
Our network is gated and screened by highly powerful and certified Intrusion Detection / Intrusion Prevention Systems.
- Control and Audit.
All accesses are controlled and also audited.
- Secured / Sliced Down OS.
ManageEngine MDM Cloud applications run inside a secured, sliced-down operating system engineered for security that minimizes vulnerabilities.
- Virus Scanning.
Traffic coming into ManageEngine MDM Cloud Servers is automatically scanned for harmful viruses using state of the art virus scanning protocols which are updated regularly.
- Select Employees.
Only employees with the highest clearance have access to our data center data. Employee access is logged and passwords are strictly regulated. We limit access to customer data to only a select few of these employees who need such access to provide support and troubleshooting on our customers' behalf.
Audits are regularly performed and the whole process is reviewed by management
- As-Needed Basis.
Accessing data center information as well as customer data is done on an as-needed only basis, and only when approved by the customer (i.e. as part of a support incident), or by senior security management to provide support and maintenance.
- Distributed Grid Architecture.
ManageEngine MDM Cloud services run on a distributed grid architecture. That means a server can fail without a noticeable impact on the system or our services. In fact, on any given week, multiple servers fail without our customers ever noticing it. The system has been designed knowing that server will eventually fail - we have implemented our infrastructure to account for that.
- Power Redundancy.
ManageEngine MDM Cloud configures its servers for power redundancy – from power supply to power delivery.
- Internet Redundancy.
ManageEngine MDM Cloud is connected to the world –and you- through multiple Tier-1 ISPs. So if any one fails or experiences a delay, you can still reliably get to your applications and information.
- Redundant Network Devices.
ManageEngine MDM Cloud runs on redundant network devices (switches, routers, security gateways) to avoid any single point of failure at any level on the internal network.
- Redundant Cooling and Temperature.
Intense computing resources generate a lot of heat, and thus need to be cooled to guarantee a smooth operation. ManageEngine MDM Cloud servers are backed by N+2 redundant HVAC systems and temperature control systems.
- Geo Mirroring.
Customer data is mirrored in a separate geographic location for Disaster Recovery and Business Continuity purposes. Please note geo mirroring is available on select products and plans.
- Fire Prevention.
The ManageEngine MDM Cloud data centers are guarded by industry-standard fire prevention and control systems.
- Data Protection & Back-up.
User data is backed-up periodically across multiple servers, helping protect the data in the event of hardware failure of disaster.
- ISO/IEC 27001
is one of the most widely recognized independent international security standards. This certificate is awarded to organizations that comply with ISO's high global standards. ManageEngine has earned ISO/IEC 27001:2013 certification for Applications, Systems, People, Technology, and Processes.
- SOC 2
ManageEngine is SOC 2 Type II compliant. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's Trust Services Principles criteria.
FAQ MDM Cloud
There is almost no difference in the feature set that is offered with MDM.
To avoid using invites, you can prefer Self Enrollment, where the users enroll the devices themselves and Admin enrollment. Admin enrollment as the name suggests, is a type of enrollment where the enrollment process is carried out by the Admin. The other advantage with Admin enrollment, is that the process is automated, requiring minimum user intervention and/or admin action. MDM supports the following types of Admin enrollment for Android:
The following types of Admin enrollment is supported in iOS:
You can compile the Android logs from the device, either using MDM app or without using MDM app and mail it to MDM Cloud support team(email@example.com)
Without using MDM app
- Navigate to Agent Log Directory.
- The file mdm*.txt contains the agent logs.
- Kindly zip these files and send it to firstname.lastname@example.org
Using MDM app
The other option is to send the logs directly from the MDM app. Open the MDM app, click on the horizontal blue bar at the top 5 times.
Provide logs@memdm as password and then specify the issue details. Click OK to send the logs.
You can compile the iOS logs from the device, using MDM app and mail it MDM Cloud support team(email@example.com)
- Open the ME MDM App in the managed device.
- Navigate to Support tab.
- Select Collect logs. A notification is shown when the logs are successfully compiled. These logs get automatically mailed to the Cloud support team.
When trying to sign up, you encounter an error stating you are part of another organization such as "Access denied for this service. Please contact your Org (
- The URLs mdm.manageengine.com and transmail.net must be white listed for enrolling a device in MDM Cloud.
- If you're enrolling devices through invitation, ensure these two e-mail addresses: firstname.lastname@example.org, email@example.com, and firstname.lastname@example.org must be white listed as well. If users don't have a Zoho account, they receive two mails. The former is used for sending join the organization mail(for creating Zoho account) and the latter is used for mailing the enrollment request. Modify the mail spam filter to ensure these mails don't fall into spam. If the user already has a Zoho account, only the enrollment request is sent.
- Create a Zoho account using e-mail and then follow the instructions provided in the enrollment request to enroll your device to MDM Cloud.
- Open this link and sign in with the Zoho account if need be.
- Specify the new e-mail address.
- A verification mail is sent to the new e-mail address.
- Once verified, MDM automatically updates the new e-mail address.
In case you need to make a secondary e-mail address as primary, click on the mail icon present against the mail address. This makes the selected e-mail address as primary.
- Open this link and sign in with the Zoho account, if need be.
- Click on Delete Organization present under Dashboard
- Click on Delete to remove the user-created MDM account. Note that, this also removes all the Zoho services which has been configured with this account. If the user is utilizing Zoho services for personal use, this also gets deleted. If the user is unsure about the services being used with the Zoho account, contact support(email@example.com)
- After the account is deleted, sign out of Zoho Accounts and close the browser window.
- Follow the instructions specified in the enrollment mail, to proceed with the enrollment.
If this page is displayed when trying to enroll a device, ensure your accessing the appropriate enrollment URL from the device to be enrolled.
If this page is displayed when trying to access MDM Cloud, ensure your MDM Cloud admin has added you as a user.
Edition Comparison Matrix
|Suitable for||Suitable for||All Round Mobile Device Management||Managing upto 25 mobile devices|
|Apple Business Manager|
|Samsung KNOX Enrollment|
|EMM Token Enrollment|
|Zero Touch Enrollment|
|Windows 10 Enrollment|
|Azure Enrollment (AutoPilot)|
|Web Content Filtering|
|Device Functionality Restrictions|
|Apple Business Manager|
|Android for Work|
|Windows Store for Business|
|Chrome Web Store|
|Find My Phone|
|Conditional Exchange Access|
|E-mail Attachment Viewer|
|Reports and Audit|
|Active Directory Authentication|
|Two Factor Authentication|
|Role based Access Control|
|OS update management|
Customer Success Story
I see OpManager as a valuable tool to provide complete network system and application monitoring at an affordable price. I found it very user-friendly, easy to deploy, and overall a comprehensive network monitoring and management tool.
After deploying ADSelfService Plus, the support calls dropped by 30 percent and now our help desk team have time to focus on other important tasks. Our employees are happy because they have a solution to help them deal with password troubles on their own!
ADManager Plus has good reporting features, connects to all parts of AD, and other information systems easily. Its ability to allow the other members of the IT team to perform any AD management or reporting operation, securely and easily, from the console is yet another advantage of the product.
ManageEngine Desktop Central is a product that combines many facets of IT management into a single product that unbelievably simple to use. Desktop Central not only saves time and effort but also lower costs by placing many tools in one place, which results in an easier IT life and automates IT inventory management.