I’ve recently done an extensive review of MDM solutions (where I compared Microsoft [SCCM and Intune], AirWatch, and MobileIron).
Everything that supports Exchange ActiveSync (which includes Windows laptops/desktops starting with Win8) can be managed by those solutions. If they support OMA-DM 1.2.1 (which iOS 6+ and Android 4+ and WP8+ and Win8.1+ support), even better. However, EAS and OMA-DM only provide (in comparison to domain-joined laptops) light-weight management capabilities. These include: Hardware and software inventory Configuration of SOME specific settings Installation and configuration of LOB applications (some platforms) Certificate provisioning and deployment Data protection (Remote Business Data Removal) This information I provide to you for free. It cost a certain client over $10K. ☺ P.S. – They did get more info than that for their money. ☺ P.P.S. – Mobile Device Management (MDM) is based on device enrollment and device capabilities. PC/Laptop management is (usually) based on domain membership and device capabilities. When comparing the two, PC/Laptop management will always win (based on today’s platforms). From: [email protected] [mailto:[email protected]] On Behalf Of Richard Stovall Sent: Wednesday, February 12, 2014 6:10 PM To: [email protected] Subject: Re: [NTSysADM] Whole Disk Encryption I'm thinking about things like this as well these days, though principally on the mobile device front. We have, literally, three laptops (with no plans to add more), so TrueCrypt is the current choice for us there. Interestingly, recent iDevices are all encrypted by default, IIUC. But it's essentially useless until you enforce passcodes. http://support.apple.com/kb/ht4175 Do you have Exchange? Can you enforce your mobile device encryption requirements by choosing the appropriate settings in your ActiveSync policy(ies). Coming at it from the other side (less emphasis on laptops, more on mobile), it seems that most MDM solutions of any prominence do not also include laptop/PC management.[1] (I'm happy to be corrected if wrong about this.) [1] At least not yet. On Wed, Feb 12, 2014 at 5:22 PM, Matt Plahtinsky <[email protected]<mailto:[email protected]>> wrote: Hi guys, I need to start looking into whole disk encryption for about 70 laptops and workstation. Doing some quick googling brings up a ton of options. Does anyone have experience managing WDE. I've played with TrueCrypt but quickly realized that it's not meant for the enterprise and gets to be a pain if you need it for more than a few devices. I want software that is centrally managed. A plus would be if it could also be deployed to mobile devices like company phones and ipads. I'm going to start playing with different products but hoped that you guys might be able to help me narrow down the search to a few good contenders. Thanks Matt
