Mobile Device Management


important

ESET PROTECT Mobile Device Management/Connector (MDM/MDC) component (on-premises only) is scheduled for End of Life. Read more.

The following diagram demonstrates communication between ESET PROTECT components and a mobile device:

MDM

Click to view the image larger


note

Security recommendation for MDM: MDM host device requires internet access. We recommend that the MDM host device is behind a firewall and only the required ports for the MDM are open. You can also deploy an IDS/IPS to monitor the network for anomalies.


Mobile Device Connector (MDC) is a ESET PROTECT component that allows for Mobile Device Management with ESET PROTECT; permitting management of Android and iOS mobile devices and administration of mobile security.

MDC provides an agent-less solution where Agents are not running directly on mobile devices (to save battery and performance of a mobile device). MDC serves as a host of these virtual agents. MDC store data for/from mobile devices in its dedicated SQL database.

HTTPS certificate is required to authenticate communication between mobile devices and MDC. To authenticate communication between ESET PROTECT Server and MDC, a Proxy certificate is used.

Managing Apple devices have some additional requirements. Using ESET PROTECT MDC to manage iOS devices requires an Apple Push Notification service certificate. APN service enables ESET MDC to securely communicate to Apple mobile devices. This certificate must be signed directly by Apple (using Apple Push Certificates Portal) and delivered to the MDC via policy. Subsequently, iOS devices might be enrolled at ESET PROTECT MDC.

In certain countries, Apple Business Manager (ABM) is available. ABM is a new powerful method for enrollment of corporate iOS devices. With ABM you can enroll devices automatically to MDC without any direct contact with the device and also with minimal interaction from the user. ABM extends the capabilities of iOS MDM dramatically and allows complete customization of the device setup.

After the successful installation and setup of the Mobile Device Connector, mobile devices can be enrolled. After successful enrollment, the mobile device can be managed from ESET PROTECT Web Console.