Enterprise mobility management

Enterprise mobility management (EMM) is the set of people, processes and technology focused on managing mobile devices, wireless networks, and other mobile computing services in a business context. As more workers have bought smartphone and tablet computing devices and have sought support for using these devices in the workplace, EMM has become increasingly significant.

The goal of EMM is to determine if and how available mobile IT should be integrated with work processes and objectives, and how to support workers when they are using these devices in the workplace.^[1]

The discipline evolved from Mobile Device Management (MDM) in the early 2010s as the widespread adoption of smartphones, tablets, and bring your own device (BYOD) policies made device-only management insufficient. Modern EMM encompasses four integrated capability areas: Mobile Device Management (MDM), Mobile Application Management (MAM), Mobile Content Management (MCM), and Mobile Identity Management (MIM). As the scope of endpoint management expanded to include laptops, desktops, wearables, and IoT devices, many EMM platforms came to be marketed as Unified Endpoint Management (UEM).^[2]

Components

EMM is composed of four interrelated disciplines that are typically delivered within a single integrated platform.

Mobile Device Management (MDM)

Mobile Device Management (MDM) addresses the device itself, covering enrollment, configuration, operating system updates, encryption enforcement, remote lock, and remote wipe. MDM capabilities typically include device enrollment workflows, configuration profiles for Wi-Fi, VPN, email and certificates, compliance policies such as passcode complexity and jailbreak detection, OS patch management, kiosk or lockdown mode for single-purpose devices, and hardware asset inventory.^[2]

Mobile Application Management (MAM)

Mobile Application Management (MAM) controls work applications and the corporate data within them, without necessarily managing the entire device. This is particularly relevant in BYOD environments where full device management is either impractical or unwanted. MAM capabilities include managed application catalogues, app-level encryption and secure containers, copy/paste and screenshot restrictions between work and personal applications, selective wipe of corporate application data, and app-level VPN tunnels.^[2]

Mobile Content Management (MCM)

Mobile Content Management (MCM) secures documents, files, and other content accessed or stored on mobile devices. Typical MCM capabilities include encrypted document containers, controlled access to cloud storage services, data loss prevention (DLP) controls on download, sharing, printing and screenshots, document watermarking, audit trails, and selective content wipe.^[2]

Mobile Identity Management (MIM)

Mobile Identity Management (MIM) governs user authentication and access control across mobile endpoints. Capabilities include single sign-on (SSO) across managed applications, multi-factor authentication (MFA) including push notifications, biometrics and FIDO2 passkeys, conditional access policies, certificate-based authentication, device-trust signals fed into identity providers, and automated user provisioning and deprovisioning via SCIM.^[2]

Relationship to MDM and UEM

The terminology in endpoint management has evolved as the scope of management has expanded.

Mobile Device Management (MDM) refers specifically to management of device hardware and operating systems. Enterprise Mobility Management (EMM) is a broader term encompassing MDM together with application, content, and identity management capabilities. Unified Endpoint Management (UEM) extends the same policy and management controls beyond mobile devices to include laptops, desktop computers, IoT devices, wearables, and rugged equipment, typically through a single administrative console.^[2]

In practice, most leading EMM platform vendors marketed their products as UEM by the mid-2020s. The underlying goal across all three terms is consistent: a single policy engine managing all endpoints an employee uses for work.^[2]

Business use of consumer mobile technology

^[1]A 2012 study showed that about two-thirds of smartphone owners used their personal devices for enterprise-related activities.^[3] Supporting a wide variety of device types and operating systems can introduce security risks and added costs for businesses.^[4]^[5]

A 2011 survey showed that three quarters of U.K. and U.S. CIOs surveyed considered mobile technology to be a significant security problem, although consumers were generally less concerned.^[6]

According to research by Omdia, over 60% of the workforce uses mobile devices for business-critical tasks, and 67% of enterprises support BYOD as of 2024.^[2] The growth of hybrid and remote working models following the COVID-19 pandemic accelerated enterprise adoption of mobile management platforms, as employees increasingly used personal and corporate mobile devices to access organisational systems outside traditional network perimeters.^[2] Mobile cyberattacks increased significantly in the early 2020s, driven by phishing, malicious applications, network-level attacks, and operating system exploits.^[2]

Security

Because mobile devices are easily lost or stolen, data on those devices is vulnerable. Enterprise mobility management is a set of systems intended to prevent unauthorized access to enterprise applications and/or corporate data on mobile devices. These can include password protection, encryption and/or remote wipe technology, which allows an administrator to delete all data from a misplaced device. With many systems, security policies can be centrally managed and enforced. Such device management systems are programmed to support and cooperate with the application programming interfaces (APIs) from various device makers to increase security compliance.^[7]

The data transfer between mobile device and the enterprise should always be encrypted, for example through a VPN tunnel^[8] or over HTTPS.^[9]

Mobile devices in companies with "bring your own device" (BYOD) policies are often used both personally and professionally. In these cases, corporate IT has less control over whether malware is on the device and what damage may be caused to corporate data. Apart from careful user behavior, data storage on the mobile device should be limited and centrally organized.^{[citation needed]}

The diversity of Android devices appeals to consumer buyers, but is a source of anxiety for IT security experts. OpenSignal, a UK-based mobile company, recently published a survey of almost 700,000 devices and reported approximately 12,000 distinct Android devices using eight different versions of the Google operating system. For many IT organizations charting out their BYOD strategy, this translates into security risks that are tough to monitor and control.^[10]

Regulatory compliance

Regulatory frameworks in multiple jurisdictions place specific technical requirements on organisations handling personal or sensitive data on mobile devices. Relevant regulations include the General Data Protection Regulation (GDPR) in the European Union, the Health Insurance Portability and Accountability Act (HIPAA) in the United States for healthcare organisations, the Payment Card Industry Data Security Standard (PCI DSS) for organisations handling payment card data, and ISO/IEC 27001 for information security management.^{[citation needed]} EMM platforms assist organisations in satisfying these requirements through enforced encryption, access controls, audit trails, automated data deletion on device offboarding, and separation of corporate and personal data on BYOD devices.^{[citation needed]}

Implementation challenges

Organisations deploying EMM commonly encounter several challenges.

Device and OS fragmentation: The diversity of device manufacturers, operating system versions, and form factors complicates the consistent enforcement of security policies. This challenge is particularly pronounced in Android environments, where multiple manufacturers produce devices running different OS versions with varying API support.^{[citation needed]}

Employee privacy concerns: Workers subject to device management policies frequently raise concerns about employer visibility into personal activities. Modern EMM platforms address this through architectural separation — Android Work Profile, Apple User Enrollment, and app-level containers — which restrict management controls to the work partition without exposing personal content to IT administrators.^[2]

Offboarding gaps: Timely removal of corporate data and access credentials when an employee leaves an organisation is operationally critical. Integration between EMM platforms and human resources systems via automated provisioning protocols such as SCIM reduces the risk of delayed offboarding.^{[citation needed]}

Application adoption: The effectiveness of EMM controls depends partly on employees using managed applications for work tasks. Poor application usability can drive workers toward unmanaged alternatives, bypassing EMM controls and creating shadow IT environments.^{[citation needed]}

Policy management complexity: Large organisations with diverse workforce roles require granular, per-persona policies rather than uniform device-wide restrictions. Maintaining and auditing these policies across many device types and operating systems requires ongoing administrative investment.^{[citation needed]}

Trends and developments

Several developments have shaped the direction of enterprise mobility management in recent years.

Zero Trust integration: EMM platforms increasingly function as a source of device-trust signals within broader Zero Trust security architectures. Rather than granting access based on network location, Zero Trust frameworks use continuous verification of user identity, device compliance status, and contextual signals — many of which are supplied by the EMM platform — to make per-request access decisions.^[2]

Unified Endpoint Management convergence: The distinction between mobile device management and PC management has diminished as vendors have extended mobile management capabilities to laptops and desktops. Single-console UEM platforms managing all endpoint types have become the dominant commercial model.^[2]

Passwordless authentication: Device-bound passkeys and FIDO2 standards are progressively replacing traditional password and SMS one-time-password authentication in enterprise mobility contexts, reducing both user friction and phishing risk.^{[citation needed]}

AI-assisted management: Machine learning capabilities are being integrated into EMM platforms to enable behavioural anomaly detection, predictive identification of device failures, and automated policy recommendations, supplementing traditional rule-based compliance checking.^[2]

IoT and wearable device management: The expansion of connected devices in enterprise environments — including wearables, industrial sensors, and connected vehicles — has extended EMM scope beyond traditional smartphones and tablets.^{[citation needed]}

Mobile threat defense integration: EMM platforms are increasingly integrated with dedicated Mobile Threat Defence (MTD) tools that detect device, application, and network-level threats in real time, feeding threat signals back into conditional access decisions.^{[citation needed]}

Notes

^[2]

^[11]

^ ^a ^b Kietzmann, J.; Plangger, K.; Eaton, B.; Heilgenberg, K.; Pitt, L.; Berthon, P. (2013). "Mobility at work: A typology of mobile communities of practice and contextual ambidexterity" (PDF). Journal of Strategic Information Systems. 3 (4). doi:10.1016/j.jsis.2013.03.003. S2CID 3714450. Archived from the original (PDF) on 10 November 2013. Retrieved 9 November 2013.
^ ^a ^b ^c ^d ^e ^f ^g ^h ⁱ ^j ^k ^l ^m ⁿ ^o Badman, Annie; Kosinski, Matthew (2024). "What is enterprise mobility management (EMM)?". IBM Think. IBM. Retrieved 2026-06-11.
^ Ellis, Lisa; Jeffrey Saret & Peter Weed (2012). "BYOD: From company-issued to employee-owned devices" (PDF). Telecom, Media & High Tech Extranet: No. 20 Recall. Retrieved 15 May 2014.
^ Drake, Stephen (October 2008). "Embracing Next Generation Mobile Platforms to Solve Business Problems" (PDF). Computerworld Inc. IDC. Archived from the original (PDF) on October 12, 2012. Retrieved 24 August 2011.
^ Penfold, Andy (June 2011). "Sybase Warns Enterprise Over Mobile Security". Mobile Marketing. Dot Media Ltd. Archived from the original on 19 August 2011. Retrieved 24 August 2011.
^ Rashid, Fahmida Y. (9 March 2011). "Mobile Security a Headache for CIOs, Not a Concern for Users". eWeek. Ziff Davis Enterprise Holdings Inc. Retrieved 24 August 2011.{{cite web}}: CS1 maint: deprecated archival service (link)
^ Cox, John (14 February 2011). "Samsung's 90 New APIs Boost Mobile Device Management, Security". Network World. Archived from the original on 18 September 2011. Retrieved 24 August 2011.
^ Graf, Patrick Oliver (2014-10-31). "4 Essentials For Mobile Device VPNs". InformationWeek. Retrieved 2015-02-16.
^ Palmer, Kimberly (2015-01-13). "10 Ways to keep your phone safe". U.S. News Money. Retrieved 2015-02-16.
^ "The Missing IT Puzzle Piece for BYOD Mobility". CitizenTekk. 2013-09-18. Archived from the original on 2016-10-11. Retrieved 2016-10-10.
^ "What is Enterprise Mobility Management (EMM)? 2026 Guide". Digioxide. Digioxide Technologies Private Limited. 2026-05-31. Retrieved 2026-06-11.

References

Enterprise Mobility Strategies, ACS, May 2009.
O'Sullivan, Cian, More Smartphones in the Enterprise Means More Security Risk (link dead), GoMo News, June 2011.