User- or Device-based Management, which approach is better?
Have you ever wondered what is better, managing devices or users? The known Enterprise Mobility Management Solutions either offer both options or specialize in one approach. What are the benefits of either method and how should you decide?
Well, as it is often the case, it depends on the use case.
The user-based approach
A user-based approach means that the administrator manages the user, independent from the device that is in use. The user is in the center and the administrator determines user rights, for example document access, on a user level. Often, the user groups from active directory can be taken over and the rights that are defined for them. The goal is that no matter where the user is, they can take any device, login and do their work. It is also a good approach for fast “re-activation” of lost devices. Users can simply get a new device, install their MDM profile and the device is set up equally to the old one. The user-based approach is a good method for scenarios where users always use the same device, or own the device like in BYOD (bring your own device) scenarios. In addition, in a BYOD scenario, theoretically, the devices are unknown. In practice, companies often rather go with CYOD (choose your own device) where they provide a list of devices that can be used for corporate access. The decisive point with the user-based approach is that the user is in the center and the device “does not matter”.
Another point to take into consideration is licensing. With a user-based management approach, a user can have several or even an unlimited number of devices. Thus, if your users own the devices or you hand out devices to specific users and there is a chance that they own several types of devices, like a smartphone and a tablet, then the user-based approach is recommended.
Typical use cases for a user-based approach are:
- business travelers who need remote access to their data
- field workers who use certain apps to fulfill their tasks
- any kind of BYOD approach
- home office workers
- insurance representatives who input customer data digitally
- internal mobilization of existing business processes (e-learning, expenses, approval, file sharing, collaboration etc.)
The device-based approach
With the device-based approach, the devices are managed independently from the user. This approach is mostly selected when devices should be locked down or only have a single purpose. It is also chosen when devices are shared among users, or even rented out, like at schools, for example. This is the approach most EMM vendors came from as they developed their solution with a security thought in mind. While above mentioned user-based approaches mostly target productivity improvements through higher flexibility and faster processes, with a device-based approach, devices mostly have a certain task, like functioning as displays, or replacing specific hardware, or helping certain groups to gain information by using certain apps that are installed on the device. While with the user-based approach, the user is in the center. With the device-based approach, the device is in the center and its users can change.
From a licensing perspective, device-based licensing makes sense when several users share a device and when the device is solely owned by the organization.
Typical use cases for device-based approaches are:
- learning at schools and universities
- handing out devices with healthcare apps to doctors and patients
- using mobile devices as displays at retail stores, often in kiosk mode (only one app can be used)
- any devices “rental” scenario (for example for visitors who receive mobile devices instead of paper)
- at car rentals where the device is used to check-in and out cars
- in gastronomy where mobile devices are used to take the order or as digital menu for the customers
You can see that there is not one perfect approach but that it depends on the use case. Apple has realized that too and made device enrolment possible without having to enter an iTunes ID. This way, enterprise customers can easily use Apple devices without needing the admin to enter iTunes IDs into every device. This was a very important move.
In summary, it us up to you to understand what your use case is and if the users or the devices are in the center. According to this use case, you decide what management approach is best for you.
Are you already deploying mobile devices? What is your use case and what management approach did you choose? I would be happy to read your feedback in the comments area below.
Have a great day!