Webinar ActiveProtect — next-generation backup Sign up →

Cybersecurity · MDM

MDM — control smartphones, tablets, and company data outside the office

A smartphone lost in a taxi. An employee leaves and still has access to corporate mail on their personal phone. A field tablet running an outdated Android version. MDM solves all these scenarios — remote configuration, policy control, separation of personal and work data, remote lock and wipe when needed.

Ask about MDM → Service scope
BYOD / COPEwork and personal
Remote wipezdalna ochrona danych
Polityki ITiOS, Android, Windows

What we deploy

MDM deployment scope

Mobile device management is an often-overlooked area — laptop security policies are mature, while smartphones and tablets remain outside IT control. MDM closes that gap.

Remote device configuration

Corporate WiFi without sharing the password, VPN, certificates, email accounts — all configured remotely before the device reaches the employee. Zero-Touch enrollment via Apple Business Manager, Samsung KME, and Android Zero-Touch — the phone configures itself on first power-on.

Security policies

Enforced PIN/biometrics, storage encryption, screenshot blocking in corporate apps, unauthorized-app blocking, current OS version requirement. Policy violation — automatic response: alert, lock, or remote device wipe.

BYOD and COPE — data separation

BYOD (Bring Your Own Device) — the employee uses a personal phone, but company data sits in a separated container. COPE (Corporate-Owned, Personally Enabled) — a company phone allowing personal use. In both models IT sees only company data — employee privacy preserved.

App distribution

Corporate app store (Managed Google Play, Apple VPP) — employees receive required apps automatically. Forced updates, blocking of unauthorized apps, allow and block lists. System and app updates pushed remotely, without waiting for the employee to click.

Remote lock and wipe

Lost phone — immediate remote lock from the IT console. Stolen or unrecoverable — selective wipe of only company data (BYOD) or full device reset (COPE). Automatic response if the phone exceeds a set number of days offline.

Kiosk mode and dedicated devices

Tablets in the field, on production, in customer service — locked to a single app or selected set (kiosk mode). No access to system settings, no ability to install other apps. Ideal for logistics, retail, healthcare branches, and hospitality.

Certified partner

Techstep — a proven MDM platform

We work with Techstep — a Polish vendor (Gdańsk) with 18 years of experience in mobility management. Their Essentials MDM platform (formerly known as FAMOC) manages over 2 million devices globally and is recognized by Gartner.

Techstep

Techstep Essentials MDM

A versatile MDM/EMM system for Android, iOS, and Windows. Management of smartphones, tablets, and rugged devices (Zebra). BYOD, COPE, and kiosk mode support. Samsung Knox Partner. Integration with Azure AD, Apple Business Manager, Managed Google Play, Samsung KME, Android Zero-Touch.

Learn more about Essentials MDM →

Three deployment models

Cloud — quick start, no infrastructure of your own. Dedicated cloud — a separated instance for your company, enhanced security. On-premise — full control, installation in your data center for regulatory requirements. Polish data residency available in all models.

A smartphone is today's main touchpoint with company data

Employees check corporate mail and Teams on personal phones.

Without MDM — IT has no control. A lost phone means a data leak. An employee leaves and retains access to the company mailbox for weeks. NIS2 and GDPR require these devices to be covered by a security policy. MDM is a standard, not a luxury.

Ask about MDM →

FAQ

MDM questions

BYOD (personal phone for work) — lower hardware cost, but requires separation of corporate data in a container and employee consent. COPE (company phone allowing personal use) — full IT control, but the company buys the devices. We recommend COPE for employees handling sensitive data (finance, HR, management) and BYOD for the rest. A good MDM supports both models concurrently.
No. In BYOD, MDM creates a separated "container" for company data — IT sees only apps and data inside the container (corporate mail, Teams, documents). Your personal SMS, photos, contacts, and apps remain invisible to IT. On remote wipe the administrator can clear only the corporate container, leaving your personal data untouched. This is a key element of GDPR compliance.
Yes. Techstep Essentials MDM has native integrations with Microsoft Exchange, Azure AD (Entra ID), Apple Business Manager, Managed Google Play, Samsung Knox, and many others. User accounts and groups can sync with Azure AD — an employee added to the "Sales" group in AD automatically gets corporate sales apps on the phone and the security policies for that role. SSO via SAML and OIDC.
NIS2 doesn't specifically require "MDM" as a product, but it requires risk management for all devices accessing company systems — including smartphones. In practice this means: enforced encryption, password policies, the ability to remotely wipe data, OS update control, compliance monitoring. MDM is the simplest way to meet these requirements. Without MDM you have to prove to the auditor that you have another control mechanism — which is usually more expensive or impossible.