Your Citrix Endpoint Management environment is provisioned, you’re busy configuring policies, uploading and configuring your apps, and planning your delivery groups. That’s great! But have you started thinking about how your organization’s devices will enroll?

In my experience, I’ve found that organizations tend to focus primarily on the device policies or applications they are deploying to enrolled devices. Awesome! I’m always excited to hear that an organization is putting endpoint security first and foremost. But, what I’ve also found is discussions around the way devices will actually enroll have been put on the backburner.

To manage user devices and applications remotely and securely, the devices will first need to be enrolled in Citrix Endpoint Management. Enrollment can be done in a number of ways. Because there are several ways to enroll a device, it’s important to consider which modes devices will enroll in, the enrollment option itself, enrollment option security, and the end user experience. These considerations will ultimately help determine which enrollment option your organization chooses to use.

Before we dig into the details of different enrollment options, we need to make a decision regarding the management mode of the devices. Citrix Endpoint Management offers three management modes: MDM, MAM, and Enterprise.

Mobile device management — abbreviated MDM — should be considered for mobile devices owned by your organization. MDM mode enables your organization to configure and secure your organization’s mobile devices and data, at a system level, by utilizing Citrix Endpoint Management’s device policies and automated actions. This mode should be considered for devices issued by your organization, where system-level management of the devices is required. A few examples of system-level management include full and selective wipe capabilities, enforcement of a lock screen passcode, and automatically configuring device WiFi settings.

Mobile application management — abbreviated MAM — is often the management mode used for BYO (bring your own) device programs, or in layman’s terms, devices owned by your employees. MAM mode protects application data and enables controls related to the flow of data in to and out of MDX enabled applications. Citrix Endpoint Management uses per-app containerization, complimented by MDX policies, to enforce your organization’s desired level of security and control at the application level. This is a common enrollment mode used for BYO devices where device level management is not required, but the organization requires corporate data to remain protected on the device.

Finally, we have Enterprise mode. Enterprise mode is a combination of MDM and MAM, enabling the feature sets of both management modes, even allowing administrators to specify if users will be forced to enroll in MDM mode or allow users to opt out of device management. This mode offers greater flexibility for device and app management, especially when deploying Citrix Endpoint Management for a mix of use cases.

Defining the management mode of your users’ devices is a key and critical step to building an effective endpoint management and protection solution with Citrix Endpoint Management. This decision will ultimately determine the landscape of your Citrix Endpoint Management solution and how you manage devices and applications. However, once you’ve selected your management mode, there are still a lot of decisions to consider.

In my next post, I will be discussing various enrollment options, the security around these options, and how these options affect the end user enrollment process. Keep an eye out for part two!

JonnyLee Giard
Cloud Success Engineer