Mobile Device Management with Coro
Coro's Mobile Device Management (MDM) module enables you to manage iOS/iPadOS and Android mobile devices for end users across your organization. You can use MDM to report on mobile device activity and usage, enforce app policies across your company-owned devices, and remotely wipe sensitive data if devices are compromised.
MDM works with device enrollment in the following categories:
| Category | Description |
|---|---|
| Manual enrollment - company owned (supervised) devices | For devices supplied and pre-configured directly by your organization to allow remote monitoring and policy-based control. Your IT teams can enforce application allowlists, access specific device details, and remotely reset compromised devices to factory default settings. |
| Manual enrollment - Bring Your Own Device (BYOD) | For devices owned by individual employees, but used for work-related reasons under the terms of an organizational compliance policy. For iOS and iPadOS, devices are not remotely configurable or policy controlled, but can be monitored in a limited way after the user installs a provided profile. For Android, devices are configured with a separate switchable Work profile for device monitoring, policy-controlled application usage, and remote deletion of sensitive profile data. The device owner's original Personal profile remains unaffected. |
| Apple Device Enrollment Program (DEP) (iOS/iPadOS devices only) |
For devices owned by an organization and enrolled in/deployed through an Apple Device Enrollment Program (DEP) such as Apple Business Manager (ABM) or Apple School Manager (ASM). Coro can be configured as a designated MDM service in your ABM or ASM account. This means you can assign Coro as the MDM server for one or more devices deployed under your DEP. Coro can also be set as the default MDM server for all new devices. Devices deployed through this method are synchronized to your Coro workspace and appear in your managed devices list. |
| Managed Apple ID (MAID) identity-driven enrollment (iOS/iPadOS devices only) |
For devices owned by an organization or by individuals, but configured for remote management by users with an organization-provided Managed Apple ID. Coro is configured as the designated MDM solution for your organization's MAID domain, and each MAID user identity is validated in Coro before they are entitled to enroll devices for remote management. Each user receives by email a short-lifespan password for authenticating their identity with Coro during the registration process. Device enrollment is initiated by users signing into a work or school account on the device with their MAID credentials. This triggers the device into contacting Coro MDM, and the user then validates their MAID identity with Coro using the authentication password sent to them. Finally, the user signs into the organization's iCloud for Work/School service using their normal iCloud credentials. MAID enrollment offers an additional layer of security over manual enrollment methods whereby the enrolling user must be authenticated through Coro before they can register a device. |
In all cases, monitoring is limited to device information (model, serial number, and so on), connection status (the device is on and connected to the internet), and in most cases the list of applications installed on the device.
Through Coro MDM, you can:
- Add and manage the required certificates and connections to authorize device management from your Coro workspace. See Configuring connected services .
- Enroll iOS, iPadOS, and Android devices. See Enrolling iOS and iPadOS devices or Enrolling Android devices .
- View and manage enrolled devices, including device and application monitoring. See Managing devices .
- Configure, manage, and apply device policies. See Managing policies .
To access the MDM module, select Mobile Device Management from the Coro Actionboard:
Alternatively, access the Control panel and select Mobile Device Mgmt.:
note
If Mobile Device Management is not enabled, contact your Coro sales representative.