Bring Your Own Device (BYOD) has become a hot topic for many industries. Lately security people are using the term BYOD like datacenter folks classify everything as Cloud. My team has advised our customers using a best practice BYOD architecture (more info HERE) and like many consultants feel Mobile Device Management aka MDM is a key factor.
A few months ago I posted about one of the market leaders, MobileIron, HERE. I have received multiple requests for another vendor and chose the current leader Zenprise according to Gartner’s Report “Critical Capabilities for Mobile Device Management”. Plus I really like Zenprise.
Zenprise offers all the popular features expected from leading MDM vendors such as controlled remote wipe, policy enforcement (passwords, etc.), flagging jailbroken devices and enabling location. A few differentiators as of today for Zenprise are the ability to remotely login into phones (similar to remote desktop for windows), secure content distribution and Mobile DLP, application-specific VPN tunnels, and SIEM integration.
The architecture of Zenprise is similar to other MDM vendors. They have a management system (Zenprise Device Manager, or ZDM) and enforcement system (Zenprise Secure Mobile Gateway (SMG)). The Zenprise SMG is what denies email services to devices that violate policy. They also have a component that sits inside the network and does advanced diagnostics and troubleshooting for Microsoft Exchange and BlackBerry Enterprise Server (Zenprise Service Manager, or ZSM). Like many MDM vendors, Zenprise has an agent that sits on endpoints to enforce policy. Most people install both the ZDM and Zenprise SMG since it makes sense to enforce policies. Licensing for cloud or on-premise is based on the number of endpoints and drops as larger quantities are purchased.
To try Zenrpise out, go to https://zencloud.zenprise.com/zencloud/cloudUser/create and fill out the form to gain access to a free trial of the cloud service. You can also request Zenprise software to setup an on-premise trial however you will have to request that from a Zenprise sales person or partner such as World Wide Technology Inc. One you gain access to the management system, login in and you should hit the main dashboard.
After logging in, the main Zenprise landing page will show devices you are managing. Details include Jailbroken / Rooted, Managed / Unmanaged, Serial numbers, IMEI/MEID, last connected, User, OS Version, etc. You can click a device and see details such as what apps are installed, how much battery life is available, installed certificates, etc.
Zenprise policies are pretty easy to setup and can be device specific. The screenshot below shows a blacklist policy for Angry Birds and Dropbox on iOS devices. 
You have a few options in Zenprise to add a new device. One option is downloading the Zenprise agent from iTunes / Google Play and enrolling. Enrolling requires the ZDM address, username and password. Once you login, it will prompt you for certificates and any profiles configurations setup by administration. 
Once Zenprise is installed, the user can access apps offered by administration and view the agent configuration. 
Other methods in Zenprise to add devices include registration using the administration dash (asks for the serial number of the device) and sending out a registration link via email or txt.
There are many options in Zenprise for reports which include inventory, software, jailbroken / rooted and hardware. Below is a screenshot from the next release coming out in June/July 2012. Check out www.zenprise.com for more info on their solution. 
