MDM vs. MAM: Top 5 differences – IBM Blog

It looks like an easy day for James, an IT Administrator. It is vacation time and most of his end users are out of the office, so he thinks it is time to have a look at some of the backlog tasks—maybe even procrastinate a bit. But then, the phone rings.

It’s Robert, one of the end users in his company. Robert is very nervous—he’s calling from the hotel because he has lost his iOS smartphone on the beach. Their company has both corporate devices and a BYOD (bring your own device) policy. Robert is enrolled in the BYOD program, so it was his personal device but with corporate data stored, including the latest financial projections he has shared with his team for a presentation.

James opens the mobile device management software that his company is using, immediately finds Robert’s iOS smartphone in the tool, and does a remote wipe. He wants to get back to the backlog tasks.

But, it’s not over. He sees a real-time notification that a user has tried to download a gaming app on the corporate device, which is not in policy. An automatic notification to the end user was left. It is his friend, Mary; Mary’s flight was delayed and her kid was bored and asked for her Android smartphone to watch YouTube. He clicked on an ad promoting a gaming app and tried to download it.

What James has done with Robert’s lost iOS smartphone is part of mobile device management (MDM). In Mary’s case, the access settings for apps that are not in policyare part of mobile application management (MAM). Both MDM and MAM are part of unified endpoint management solutions. Whether a company has BYOD policies, uses only corporate-owned devices or both, and whether the users have iOS smartphones, Android smartphones or tablets, all devices and apps need to be managed and protected. Mobile security strategies need to be put into place, otherwise one can lose corporate data, personal data and sensitive data.

What is mobile device management (MDM)?

Mobile device management (MDM) is a solution that manages smartphones and tablets—no matter the operating system—and protects them against cyber threats and data loss. MDM has become a very popular technology after Apple launched the first iPhone. As the technology has evolved, MDM has transformed into enterprise mobility management (EMM) and is now part of unified endpoint management (UEM).

MDM software is used to manage both BYOD devices and corporate-owned devices that run on any mobile operating system (iOS, Android, iPadOS, Windows or purpose-built devices). MDM solutions use containerization—which separates the corporate apps and data from the personal ones—to maintain device security and the security of mobile apps.

What is mobile application management (MAM)?

Mobile application management (MAM) has emerged with the rise of mobile app usage. It is software used to manage and protect the mobile apps available on users’ devices. It is usually part of MDM software and UEM (unified endpoint management) solutions.

When using MAM software to protect company data either on BYOD policies or company-owned devices, James and other IT admins use the containerization features and security policies to make sure that the right users have the right access to the right enterprise apps—usually part of an app store available in the MAM solutions. This comes with features like access management, multi-factor authentication, granular permissions and control to protect users and ensure data security and control.

James has MDM and MAM software available at hand, which made sure that the data available on Robert’s and Mary’s smartphones are safe. When thinking about MDM vs. MAM, IT admins would need to think about their objectives. They both offer granular control, both have containerization and both use access management and identity management technologies.

So what sets them apart?

Top 5 differences between mobile device management (MDM) and mobile application management (MAM)

1. What they manage:

• MDM is performed at the device level for enrolled devices and users, including device settings, security policies and apps.
• MAM focuses on managing and protecting mobile enterprise applications and the business data available to them.

2. What they control:

• MDM controls the entire device, allowing actions like wipe, selective wipe, lock, locate, enforce passwords and more.
• MAM has control over the apps themselves. While it also enforces security policies, it does so at the application level.

3. What they secure:

• MDM focused on device security, user security, encryption, VPN and app security. MDM solutions use functions like wipe, remote wipe and geo-location, and may have threat management features against SMS and email phishing, jailbroken and rooted devices, and many more.
• MAM focuses on app security, including functions like setting up automatic app removal conditions to prevent unauthorized access. Some MAM software has app wrappers or software development kits (SDK) as security add-ons.

4. How they handle app deployment:

• MDM technologies usually allow IT teams to push and install apps.
• MAM technologies allow IT teams push and install apps from an app catalog, but also allow end users to install the approved enterprise apps.

5. How they manage:

• MDM has standard app management capabilities related to installation and updates. There are also UEM solutions that have MDM and mobile application management capabilities included.
• MAM offers granular and advanced app management spanning across all the application lifecycles. For example, it enables actions like installation, deployment, patching, integration with public app stores (like the iOS App Store and Google Play Store). IT Admins can also distribute apps and track the installation of apps remotely, over-the-air (OTA), to all users, groups of users or personal devices.

Get started

Mobile device management (MDM) and mobile application management (MAM)are both used in mobile management but for different purposes. They are both very useful for IT administrators to make sure that the mobile devices, users and data remain protected.

IBM Security MaaS360 is a modern, advanced unified endpoint management platform that merges MDM with MAM, helping IT teams be both efficient and effective and keeping the total cost of ownership under control.

Learn more about IBM Security MaaS360