MDM vs. MAM: What are the main differences? | TechTarget (2023)

BYOD represents a huge productivity gain for employees and a major challenge for IT staff. IT departments must protect corporate apps and data on personal mobile devices without compromising personal data. They also have to provide devices, patches and updates, and pay for lost devices.

Apple's introduction of the iPhone in 2007 led to a paradigm shift in the way IT departments workManage user devices in a corporate environment. IT staff took full control of PCs, laptops and tablets and enforced security, hardware and software policies. smartphones, sophisticated mobile devices and related applicationsBYOD, where employees use their personal mobile devices for work.

Mobility management products have evolved over the years to protect mobile devices, apps and software, content, and address other security concerns. Unified Endpoint Management (UEM) products combine the ability to manage desktops, laptops, and tablets along with mobile devices and software. Mobile management product categories include:

  • Mobile Device Management (MDM) for managing corporate devices;
  • Mobile Application Management (MAM) to control proprietary software;
  • mobile email management (MEM) to enforce security and policies for corporate email on mobile devices;
  • Enterprise Mobility Management (EMM) for all mobile management, including MDM and MAM;
  • UEM for EMM plus desktops, laptops and tablets under IT oversight;
  • Mobile Information Management (MIM) for device-independent mobile data security; And
  • Identity and access management to handle login and security configuration and management.

MDM and MAM are at the heart of mobility management tools (see Figure 1). IT management needs to determine what products they need based on the capabilities, strengths, and weaknesses of MDM versus MAM. Understand how these mobile strategies can differ and complement each other.

This article is part of

The ultimate guide to mobile device security in the workplace

  • Which also includes:
  • mobile security (wireless security)
  • 4 types of mobile security models and how they work
  • 7 Best Practices for Mobile Device Security for Enterprises
MDM vs. MAM: What are the main differences? | TechTarget (1)

What is MDM?

MDM products have evolved as a means of centrally controlling mobile devices. For years, IT had mature tools like Microsoft Group Policy Object for Windows PCs, but lacked comprehensive policy enforcement on mobile devices.

(Video) 2 Minute Explainers - MDM and MAM

MDM products are deployed to enforce policies on company-owned mobile devices, but they also work in BYOD settings. MDM products are becoming more flexible as optionsback up personal data on devices. MDM can ensure device encryption, strong PIN code and device screen lock after a period of inactivity. IT organizations can use an MDM tool to do thisErase a mobile device remotelyif it is lost or stolen. With a BYOD strategy, this could be the limit of what IT staff can do with MDM.

The full range of MDM functionality includes GPS tracking and an inventory of installed apps and other items. Employees resist this type of corporate surveillance on their personal devices. Conversely, with corporate-owned devices, an MDM strategy could integrate these superior features. Mobile platforms in education are another good example of where managing heavier devices makes sense.

Many companies have some form of MDM in the corporate environment. MDM, an industry with $1.69 billion in revenue in 2017, grew to $4.3 billion in 2020 and is projected to reach $15.7 billion by 2025Markets and Market Research. This growth is being driven in part by the exponential increase in the mobile workforce during the global COVID-19 pandemic.

Cloud-based SaaS versions of MDM products are expected to increase over the next five years. Cloud-based MDM tools are accessed over the internet instead of being installed and maintained in the corporate data center.

What is MOM?

IT organizations can set policies at a more granular level with MAM vs. MDM. MAM products address the shortcomings of MDM in BYOD as MAM places less emphasis on the device and focuses on the application layer.

MAM tools protect web browsers, email clients, and other applications so employees can perform work tasks on personal devices. You can also provide an internal app store with private, approved, and licensed public apps like Evernote and Salesforce.

Other MAM features include:

  • application settings;
  • application catalog;
  • volume license support;
  • application update;
  • application performance monitoring;
  • default and custom policies; And
  • Application security through the separation of company and personal data.

Mobile users who need access to the company intranet or another internal website can do so via a protected web browser that does not require a VPN client. You can work on a containerized email client managed by the organization, regardless of where the client is running and who owns the device.

(Video) Difference between MDM User Scope and MAM User Scope, Intune, Windows 10

Vendors can offer a MAM product that focuses on email as a MEM tool. MEM products can offer a vendor-supplied email client or a management framework around the native email clients built into iOS and Android. MEM technologies set policies for email routing and encryption, and protect corporate data.

MDM vs. MAM: differences and similarities

The line between MDM and MAM is blurring as the enterprise mobility market matures. Although these two technologies were originally marketed as separate products, both are typically included in EMM or UEM product suites. While MDM often appears as a role in EMM and UEM products, MAM can only be identified by roles.

The main differences and similarities between MDM and MAM include the following.

use caseMDM makes sense when the company's IT organization has full control over the device. For example, a company-owned smartphone or tablet is simply a mobile version of the company-owned laptop. This typically does not apply to BYOD devices. MAM is common for BYOD devices and only controls certain apps, such as B. Business apps and those used solely for business purposes.

application management.MDM controls the applications by controlling the device. MAM controls applications with specific functions, such as a vendor-supplied catalog of applications, which customers are typically free to change.

Both MAM and MDM offerapplication wrapperjapplication containerizationCharacteristics. These technologies enable IT staff to control, secure, and update apps on managed devices.

Authentication and authorization of users and groups.Access management, including third-party product integrations, is typically included in enterprise mobility product suites. These features are part of MAM and MDM.

InUEM and EMM products, MAM and MDM are not typically purchased separately. Both MDM and MAM belong to these product lines along with security and other packages. Examples for this are:

(Video) Intune MAM vs MDM: What's the Difference?

  • IBMMaaS360;
  • ManageEngine Desktop Central;
  • Microsoft Intune;
  • Citrix endpoint management;
  • VMware Workspace Uno; j
  • Hexnodo MDM.

Jamf for Apple devices also has MDM and MAM specific offerings.

One of the purported benefits of MDM and MAM is improved security. However, CISOs and other information security professionals recognize that MDM and MAM are not a panacea for the complex issue of mobile security. Data is the price of hacking any device, and portability changes that little. MDM and MAM ensure data security by encrypting the specific device or document at rest. However, once the device is unlocked and the data is in use, there is little to prevent data leakage. Organizations must encourage the safe use of data, regardless of where it resides or where it is used.

Application security for BYOD and COPE

BYOD challenges enterprise IT staff to protect business applications on potentially insecure devices. Allowing an employee to install personal email and other software on company-owned devices, whether personally activated or not, is just as difficult. How should IT protect company data on bothBYOD and corporate-owned, personally enabled(COPE) scenarios?

IT teams may be confused about the approach and whether MDM or MAM is the answer. Myths include the following:

  • MDM does not allow users to place apps and personal data on the device.
  • MAM only applies to BYOD devices.
  • Containers and application containers only exist in MAM configurations.

Part of this confusion is due to the rapid development of mobile technology. Not so long ago, the above statements were true.

The following statements are currently facts:

  • COPE devices can use MDM or other device-centric management strategies and tools and still allow users to run personal apps.
  • Personal devices, primarily populated with personal apps and data, can securely house corporate apps and data.
  • IT admins can remotely update, control, and delete apps and data from a mobile device without affecting a user's personal apps. This applies to COPE and BYOD setups.
  • Application packaging and application containerization are available for MDM and MAM.
  • MAM provides tools for regulatory controls and enforcement.

Application wrappers and application containers

Application packaging and application containerization (see Figure 2) allow flexibility in MAM and MDM for the coexistence of personal and enterprise applications and data. Although wrappers and containers are similar, there are differences between these approaches.

MDM vs. MAM: What are the main differences? | TechTarget (2)

application containerization.Some UEM products provide an SDK for customers to integrate code-based containers directly into applications. Tool suppliers can also supply the containers.

(Video) MDM vs MAM- How Are They Different?

These containers allow the mobility management tool to work with the applications. They securely separate the app from the personal data of the device user.

application wrapper.Containers work through dynamic libraries that are overlaid on top of your application's compiled code. Customers can define custom security encryption for an application. Some mobility management tools provide clients with an SDK for building containers.

Containerization works with a group of applications, while containers work with a single application. Containers do not require access to the source code through the administration console. While packaging is an easy way to increase application security, it lacks containerization features and capabilities.

Table 1 shows complete UEM products that provide application packaging and containerization.

MDM vs. MAM: What are the main differences? | TechTarget (3)

Comparing these products shows that both MDM and MAM can solve an enterprise's mobility management problems through application packaging and containerization. The choice depends, among other things, on whether IT wants to control the devices.

virtualized mobile access

Another approach to mobile management is an enterprise workspace accessed through a virtualized remote desktop or Windows application.Desktop VirtualizationProducts like Citrix Virtual Apps and Desktops or VMware Horizon work on mobile devices. With these products, data is never accessed directly or left on the device. The appeal of desktop virtualization lies in this security.

A downside of virtualized mobile access is that many of the custom platforms don't offer an optimal experience on portable devices. Remote desktops or applications often require a keyboard, mouse, and large screen to be used effectively. The presented application or desktop is practically not available offline, but mobile workers usually find themselves without Internet access. Even if the data starts in the remote workspace, there is no guarantee that it will stay there. For example, a user can simply copy a file to Dropbox or forward a confidential document to Gmail and bypass IT controls.

MIM for user information and policies

Mobile Information Management manages information and how it is used by mobile devices. The information in the form of data can be almost anything: e-mails, documents, photos or videos. Organizations that comply with local, state, and international regulations have many concerns when this data is breached or leaked.

(Video) MDM user scope vs MAM user scope

A combination of MDM, MAM and MIM functionality is summarized as Enterprise Mobility Management or Unified Mobility Management. Many products blur the lines between device, application, and information management, making them effective for a variety of use cases. Carefullyreview productsto meet business needs.


1. What's The Difference Between MAM & MDM?
2. Why MDM or MAM?
(User IT Training)
3. Intune Tutorial 10 - What is MDM and MAM in Intune
(Harvansh Singh)
4. What is Microsoft Intune | Microsoft Intune Architecture | What is MDM and MAM
(Office 365 Concepts)
5. Intune: MDM und MAM
6. MVPDays - MDM and MAM: Better Together
Top Articles
Latest Posts
Article information

Author: Trent Wehner

Last Updated: 01/05/2023

Views: 6225

Rating: 4.6 / 5 (76 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Trent Wehner

Birthday: 1993-03-14

Address: 872 Kevin Squares, New Codyville, AK 01785-0416

Phone: +18698800304764

Job: Senior Farming Developer

Hobby: Paintball, Calligraphy, Hunting, Flying disc, Lapidary, Rafting, Inline skating

Introduction: My name is Trent Wehner, I am a talented, brainy, zealous, light, funny, gleaming, attractive person who loves writing and wants to share my knowledge and understanding with you.