MDM - Mobile Device Management; pro's, con's and best practices

This page describes security measures that may be taken by organizations to protect data, and the impact it may have on subjects.


Goals of Security Measures

Security measures are typically taken to protect sensitive data in organizations and/or to comply with law. The requirements that the security of an endpoint must  meet:

And in general:

Organisations typically revert to MDM solutions from particular vendors to implement and enforce policies. A good description is on WikipediA:

Using any enforcement system to control and enforce this on employees requires trust, integrity, benevolence, competence and reputation. This article says it clearly:

Mobile device management requires a level of trust between the end users in your organization and the people responsible for managing the MDM platform. There needs to be clear communication between the parties to ensure that expectations are properly set. There also needs to be reasonable policies in place to reduce the risk of administrative error (or malicious action) causing a data loss or breach of privacy for the user of a managed device. This means that you should have, at a minimum:


Microsoft InTune

One popular tool to control company devices is Microsoft InTune. The website for what it does:



What Can Microsoft Intune See On Your Managed Mobile Devices?

What Can Microsoft Intune with some scripting do Your Managed Devices?

Authoriteit persoonsgegevens & Privacy Issues

Data Protection Impact Assessment (DPIA) zakelijke microsoft intune dienst; vijf lage privacyrisicos

Never accept an MDM policy on your personal phone

Transparency examples

NCSC advise when moving to cloud