Mobile Management Made Easy
Updated May 12, 2020

Mobile Management Made Easy

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with MobileIron

We use MobileIron Core (on-premises) to manage iOS devices for COPE (Company Owned, Personally Enabled) and single use devices. All mobile devices with access to our network or corporate services are managed by MobileIron through the IT department.

Pros

  • Security is excellent. We are able to manage and protect corporate information and it integrates with our existing requirements and practices. Enforcing secure passcodes and device lock/location services enables us to track all assets.
  • User experience is much improved as we can easily migrate users to new devices and there is consistent branding and app availability. When a user enrolls, their assigned apps are automatically deployed.
  • With iOS devices, zero-touch deployment and configuration is a reachable goal.
  • MobileIron provides excellent sales and post-sales service. In addition, their support model is excellent and we've never had a significant down.

Cons

  • The Core product's UI is very much in need of a refresh, but it doesn't get the love because most customers choose the cloud product, which looks entirely different.
  • Splunk integration does not work well and requires a lot of manual intervention. The Splunk MIApp doesn't work out of the box, at all.
  • There is no longer a mobile app for system management. It existed once upon a time, but is strangely missing in a platform that is all about mobile management.
  • We have decreased service interruptions caused by manual configuration of devices. We have one entire area that depends on a custom app and another on a custom web UI that requires a local WAN connection, and now we can pre-load and manage the configurations for these devices.
  • We are now able to enforce device compliance and security standards by requiring specific minimum OS versions based on device type, and compliance actions are available to further enhance this capability.
  • If a user needs an app or specific configuration, we simply add them to the appropriate Active Directory security groups. LDAP integration takes care of the rest.
Jamf is a great platform but does not offer the wide range of integrations. It feels like an Apple-centric product, and it is. Airwatch was pricier and did not offer enough compelling advantages when feature sets were compared, so it was hard to justify the additional cost. MobileIron has proven to be a wise investment because of their continued focus on information security, and the platform can be extended to our Macs and Windows 10 devices.
For devices that require single-app mode (iOS) deployments are easy to manage. We are also able to control which OS features are available at a very granular level. What is often lacking are good guides illustrating how to implement certain features - for example, setting up single-app mode for the first time is not intuitive and should not require opening service requests with the helpdesk.

The tools for remote support require a lot of effort and have made implementation of this capability a financial decision instead of a technical one. By this I mean that it's better to request budget for professional services than to invest mine or my team's time, which makes it far less likely to get implemented. Things that cost money and require justifications to the finance team are disadvantaged from the word go.

Using MobileIron

135 - Every employee with a COPE (Company Owned, Personally Enabled) device has MobileIron, all the way down to single-purpose/single-app devices used by line staff. We have two management profiles for personal-use devices; one has maximum restrictions applied and a second class has a less-restricted subset for staff who require extended rights to perform their job functions. For example: executives can make use of additional multimedia features for presentations and meetings, where the stricter rule set disallows most multimedia functions. No one can use the cloud, but again the extended rights profile permits some connectivity to corporate resources that are not allowed in the strict profile.

Single-app mode devices work great now that we've figured out how to deploy them. By this I mean that there is an iOS setting (Guided Access) that MUST be enabled before enrolling the device, or you're stuck with a device that needs a hard reset. This wasn't clear when we deployed the first batch of single-app devices, but now that's resolved. One great use case is an iPad that can only access one wireless network and only allows one website (internal) to be opened in Safari. I tasked my techs with breaking the security to get onto any other website, and none of them could do it. Very happy with the outcome!
5 - With well-developed device profiles, management is very simple for most cases. Our helpdesk crew manages the daily requirements, of which there are generally few. Most of what we see now are forgotten passcodes, which can be reset easily (and forced to change every 90 days). We force secondary administrative approval for email on devices for audit purposes, but staff never need to worry about their Exchange ActiveSync password.

Certificates can be a pain point, however. The application owner (myself in this case) needs to be on top of managing SSL certificates, because devices can silently fail to check in or receive updates and it isn't always clear what the root cause is. I'd love to see the MI folks add some type of reminder to update when the certificate(s) near expiry so that it doesn't catch admins by surprise.
  • Data loss prevention
  • Programatically enforced security protocols and compliance
  • Consistent deployment results
  • Blacklisting/whitelisting apps - sorry, Facebook
  • Automated and enforced policy acceptance for audit compliance
  • Enhanced license management capabilities for apps
  • Docs@Work is currently in development to provide secure access to company information
  • We are planning to deploy a cross-platform BYOD solution using MobileIron tools, something we haven't yet provided
  • Zero-touch configuration is planned for future implementation. The device will self-configure at power-on with no intervention required.
MobileIron is a constantly evolving platform that stays current with industry trends. iOS updates? No problem, they're supported almost immediately after a new iOS version comes out. If you are a Core (on-prem) customer there is ample support and assistance to migrate to the Cloud version of MobileIron (although I've yet to convince my department head to approve the request). The platform is very robust and extremely configurable. Management roles can be delegated effectively to other staff without compromising security. These in alone are important, but even more important is the company itself - they are great to work with, from support to sales. We have never had a situation where MobileIron left us on our own, and many times support has gone way beyond what is simply required in order to educate us or extend the usefulness of the product.

Evaluating MobileIron and Competitors

  • Price
  • Product Features
We wanted a mobile device management solution for single-purpose devices - employees needed access to one app, and it had specific requirements (correct SSID and configuration details) that made manual setup and maintenance painful. MobileIron was the only provider at the time who offered an on-prem solution that met all of the management requirements. Price was a secondary consideration; the management tool needed to do everything we required and we would have paid a bit more if necessary. Our single biggest mistake was thinking that the users would appreciate the consistency. They didn't (couldn't switch wireless networks and get on Facebook anymore) but it has made deployment a breeze and we know that every device goes out configured exactly the same, and new setups are just as simple. Mobileiron also helped us identify a problem with the app itself, which the vendor wanted to deny but couldn't thanks to logging and consistent application of assigned policies.
I do wish there had been some additional time for us to fully implement competing solutions - Jamf and Airwatch were both considered - but the complexity of introducing an on-prem solution required us to select a provider first and then put our resources behind it. Having worked with Airwatch in a different organization I knew that the feature set was comparable, but pre-sales conversations and working with us on pricing sealed it for MobileIron. Airwatch and Jamf weren't able to extend to Windows devices at the time; something we knew MobileIron had plans for during implementation, and this further simplified our selection based on our roadmap.

MobileIron Support

The help portal is extensive and contains a ton of good information, and it's gotten better. Support requests first go to "MobileIron Experts" who are not employees, but power users/integrators with real-world experience. They almost always resolve the challenge quickly, and you can escalate support requests to MobileIron's team at any time. I was skeptical of this model at first, and have since learned to trust it.
ProsCons
Quick Resolution
Good followup
Knowledgeable team
Problems get solved
Kept well informed
No escalation required
Support understands my problem
Support cares about my success
Quick Initial Response
None
Yes - Yes it was resolved and in a timely fashion. There was was version upgrade that caused the logs to fill up. The support team was able to get a temporary fix in place to resolve the immediate problem and a long-term fix in the form of a patch was released in short order.
When we encountered the bug mentioned elsewhere in this review, it was addressed with light speed and fixed quickly. The support team was on top of the problem and knew the product exceptionally well and handled the fix with professionalism. Follow up was most appreciated. For support to make you feel like you are the only customer that they have is a hard thing to achieve, but the pros at MI do it every time.

Comments

More Reviews of Ivanti Neurons for MDM