Functional goals for a device management solution as an organization

[ygini]

The key objective of a mobile device management protocol for an organization perspective is:

• collecting endpoint current posture (inventory and audit purpose)
• enforcing software update (for both OS and installed apps)
• installing apps
• restricting endpoint capabilities (limiting admin capabilities)
• enforcing some security posture (such as encryption at rest or device passcode complexity)

[tasiaiso]

From my notes:

Use cases

• Who's our audience ? Should we cater to homelabbers that need a lot of flexibility and allow them to move fast and break things, or to big corporations that need to provision several computers each month ? Somewhere in between ?
• What do they need to do with the tool ?

My opinion:

• SMBs, schools, associations, homelabbers with lots of devices, etc. That's where the most good could be done.
• Anywhere from 10-200 computers, something like that. I don't have a clear idea of how many endpoints a big college or medium business would have.
• Of course, we should keep in mind that the protocol should scale beyond that, but it's not a priority per se.
• Admins should be able to remotely manage their endpoints at scale.

[tasiaiso]

From my notes:

Objectives

• Keep endpoints up-to-date and free from known vulns;
• Remotely shut down or reboot machines;
• Know the status of each machine (on/off, rebuilding/operational & uptime of machine);
• Remotely control individual endpoints;
• Aggregate logs;
• Ensure compliance with security standards;
• Don't interfere with the mission of the endpoint;
• Provide a single pane of glass for all of your endpoints;
• Manage secrets, back keys up, etc.