How organizations should handle mobile device lifecycles

Inside the mobile device lifecycle

While IT teams may fully oversee device management, they may outsource some or all elements of the mobile device lifecycle to a third-party services provider. Regardless, by design, a mobile device lifecycle plan provides transparency with sufficient technology and financial controls.

Don't confuse the mobile device lifecycle plan with a mobile device management platform -- MDM only focuses on data security and endpoint protection, not the entire lifecycle. However, MDM software can help with several aspects of lifecycle management, such as service settings during provisioning and security controls during offboarding.

Organizations can break down the mobile device lifecycle into the following steps to better understand the process and determine when and how to implement different policies.

Purchasing devices and services

Purchasing or leasing mobile devices as an enterprise has cost advantages. For example, Apple offers a business program that provides device sales, leasing and services spanning the entire mobile device lifecycle, targeting organizations of all sizes. Organizations have the option to buy or lease laptops, tablets and smartphones from a range of third-party vendors, and there are mobile device-focused service providers to which IT can outsource most, if not all, of the mobile device lifecycle management.

Organizations often purchase mobile device data plans as a bundle to be cost-effective, where authorized devices get a data allowance to use, typically charged to a departmental budget. Corporate-level data reporting is necessary to track spending and usage and remain within budget, so admins should pay attention to their organization's data usage trends as their teams adjust to hybrid and remote schedules.

Another consideration of this phase is the storage of procured devices that still need to be issued to employees. Corporate IT departments that directly manage their mobile devices can follow their standard operating procedures for storing IT hardware. For IT departments that rely on a third-party provider to manage their mobile devices, device storage is undoubtedly a part of the provider's services.

Onboarding, provisioning and configuring mobile devices

Preparing new devices for end users starts with enrolling them in an MDM platform, which enables IT admins to control, secure and enforce policies on devices that enter the security domain. MDM providers such as Jamf and Kandji specifically cater to Apple devices. Microsoft Intune and ManageEngine are popular MDM platforms for Android devices, although these support both Android and iOS.

Provisioning mobile devices entails using an MDM platform to deliver configuration data and service settings, such as Wi-Fi, a corporate VPN and single sign-on. Depending on the organization's strategy, IT can install standard business apps at this time, and Google Workspace or Microsoft 365 provisioning takes place if necessary.

The next step in this phase is configuring the new devices' security settings. IT can set a wide range of mobile security policies, so security and compliance programs should dictate which policies need to become standard. Some typical mobile device security policies are the following:

• device encryption to protect corporate data on the devices;
• default remote wipe settings so IT staff can use MDM to erase data off lost or stolen mobile devices; and
• app installation restrictions so employees can only download apps from a corporate mobile application management platform -- a secure and private app store for employees to download corporate-approved apps that is typically part of an MDM system.

Delivering and deploying mobile devices to employees

Deploying mobile devices usually happens at employee onboarding or shortly after that. Whether IT or a third-party provider is performing the deployment, it's critical to communicate with end users to set expectations and deadlines. Admins should consider the following communication tips:

• Take advantage of corporate general announcement channels to communicate updates to the deployment strategy and device delivery schedule.
• Offer Q&A-style online events about mobile device deployment using a collaboration platform such as Slack or Microsoft Teams.
• Keep written communications to the end-user community clear, concise, jargon-free and benefits-oriented.

Another essential element of this phase is device tracking. End users and IT staff should be able to track the device delivery status from when it leaves the IT department or third-party provider to when it arrives at the user's location.

Preparing new devices for end users starts with enrolling them in an MDM platform, which enables IT admins to control, secure and enforce policies on devices that enter the security domain.

Refreshing and repairing devices

Mobile devices are like any other technology hardware with an end of life (EOL) at which device performance, OS support and other factors jeopardize employee productivity and enterprise security.

Device refresh policies are often a judgment call for organizations due to the technical and security concerns that factor into refresh decisions. For example, there are security risks associated with running mobile devices that don't support the manufacturer's latest OS.

It's easy for employees to damage mobile devices by accident, so mobile device lifecycle plans must include policies and a process for device repair before a device is eligible for a refresh. While large enterprises may have the IT staff to conduct many laptop repairs in-house, they typically outsource smartphone and tablet repairs to a third-party repair provider.

Recovering and retiring devices

Every mobile device has an EOL, at which time the mobile device lifecycle should account for the recovery and retirement of the employee's device. Most commonly, the EOL date for the device resides in an organization's MDM.

In the past, device retirement involved employees bringing their device to the IT service desk and signing off on some paperwork. Today, it typically entails the IT department sending a prepaid shipping box to employees. Employees then send their device back to corporate HQ or the third-party firm the organization has a contract with for mobile device lifecycle support.

Security controls must be in place when deprovisioning and returning devices. The most common control is an MDM policy that locks down the device entirely, even from end users.

Other elements of the mobile device lifecycle

While MDLM is a structured process, organizations must consider some other elements when implementing it to ensure end-user productivity and device security.

Visibility

A well-executed mobile device lifecycle plan gives users and stakeholders a new level of visibility into their mobile devices' health, operability and functionality. Users can track any repairs on their devices. IT management and other stakeholders gain visibility into the devices' costs, security, compliance and operations, even as their organization's workforce model changes to remote or hybrid work.

Help desk support

Mobile device support is a specialty that requires significant IT expertise. Depending on their budget situation, organizations can hire for mobile device support and have the expertise in-house full time. Outsourcing help desk support with all or part of the mobile device lifecycle may make more sense, however, because that provides access to specialized mobile expertise that some organizations may not need full time in-house.

User self-sufficiency

As remote and hybrid work continue to alter the work model inside organizations, mobile device lifecycle management can help ensure user self-sufficiency with devices. Ordering devices online, standardizing device images and configurations, and using Automated provisioning take that overhead work off IT staff and end users. Well-maintained, clear and concise end-user documentation and just-in-time training are keys to promoting user self-sufficiency.