I work in the Enterprise Mobility space, as this area matures I have started to see the need for a single device, usually at board level being used in multiple organisations.
The question posed is can a device be enrolled into multiple MDM solutions?
Anyone else stumbleupon this?
...the quick answer to this is "No". You can only be enrolled to one MDM server at a time. Imagine the push notification coming to the device telling it to contact it's MDM server....and there would be multiple of them...this wouldn't work and it's not even possible to attempt enrolling into a 2nd MDM server.
I am a Security Officer at a health system where we have physicians traveling between our facilities and our competitor just blocks away from us. We both have been considering MDM solutions but doubtful they would be from the same vendor. We have considered the idea of trying to put together a "community based" solution where we all put some funding $$ into the purchase and all have rights to make changes (coordinated of course).
Any other thoughts or ideas of anything else we could do to still allow each of us to have the power to enforce our own security policies and maintain our autonomy while still allowing the physicians to travel between facilities? Neither of us issue devices to these physicians because they are not our employees. The phones we would be controlling would be their personal devices.
My question might be why can you not agree on a MDM system ? Two would be a nightmare as cape_doctor said.. Even if you had one, which policy should override ? Most restrictive ? least restrictive ?? last applied??
Is there a particular app you need to secure ? or is this just general apps ?
The ideal solution to address the issue of physicians traveling across multiple facilities is to leverage a MDM solution that provides multi-tenancy. This capability allows policies that would apply for the entire Health System to be set at a global level while empowering individual facilities to control the security policies that apply specifically to them. This grouping of the multi-tenancy architecture would even allow Health Systems to "bill back" to the appropriate group as is the concern of lovejesue2day.
Multi-tenancy would help reduce issues of devices only being able to have a single MDM as MaciekSA mentioned above. Think of this limitation like devices only able to have a single carrier plan- AT&T, Verizon, Sprint, but not connect to multiple carriers unless you changed the SIM card. Having the entire Health System in a multi-tenant solution provides additional advantages for controlling policy settings (group, location, time, etc.) and assigning the appropriate responsibility for admin users based on their role in the organization.
Please feel free to respond to this thread or contact me and I can provide any additional details about multi-tenancy and MDM.
Multi-Tenancy would only solve half the problem and that is assuming that the separate organisations would agree on a single platform for management.
The short answer is that mobile devices once managed become locked into a single organisation. I am investigating how content management which in the case of MobileIron and AirWatch are actually separate from MDM and should work on both managed (by any vendor) or unmanaged devices. It is after all the content that is critical for these organisations.
Thanks for all the responses so far.
Yes our biggest challenge is getting them to agree to a common platform. We have limited collaboration currently (common SSID on a wireless network, alpha paging system...yes are still using these dinosaurs) but the competition is part of a much larger 12 hospital system that may or may not be willing to accept a system we may select.
I think the answer (for now) may be just to use the limited options available in Exchange. We will collaborate on the settings to make them common (4 digit numeric only, non-expiring, etc).
Would application management work for you ?
MDM has moved on a little, and I think we can see scenarios where complete device control is inappropriate.
You can set policies (Copy/Paste/Only work on specific network/jailbreak detection) at app level (think of it as MDM only when the app is running).
Would this work for you ? It might drive a balance between control and user experience while preserving data integrity.
Also interested why why you cant get them to agree to one platform, maybe its easier to get them to agree to one set of content controls on one or two apps.
There are a few solutions that can offer this.
(Im not going to put the company i work for in my signature. Im here to help, not sell.).