4 min read

7 Best Practices for Deploying MDM: Part 2

Part 2 of our article on MDM covers 3 essential best practices for success: communicate changes, know compliance objectives, and pick the right tool.
Written by
Josh Zweig
Published on
March 2, 2023

In Part 1 of this post, we shared a few best practices for managing MDM at your company. In this Part 2, we’re picking up right where we left off!

Encryption policy

Best Practice 5: Communication + Expectation Setting is Key

You’re rolling out changes for a reason. You should trust your team to support you in pursuing whatever business win you’re targeting with your MDM rollout. To build camaraderie among your users, send an email to the team before a big change that answers the following questions:

  • What changes are we making?
  • Why are we making these changes, and what business win are we targeting?
  • What manual action do employees need to take to support this business outcome?
  • What will the impact be on employees and their devices?

Be sure to leave time for people to ask questions in a dedicated forum before rolling changes.

Best Practice 6: Know your Compliance Objectives + Requirements Beforehand

MDM solutions are rich with functionality, and getting lost in the weeds is easy. Before clicking around in your MDM tool, list the security controls you want to implement. Your list might look something like this:

  • Deploy an antivirus solution
  • Ensure firewalls are enabled
  • Enforce disk encryption
  • Enforce password complexity requirements

Remember that you're probably not special when it comes to security: someone has done this before! Thankfully, you don’t need to reinvent the wheel.

Best Practice 7: Pick the Right Tool for the Job

Every company has different needs. A company with mostly Macs and only a few Windows machines is likely better off with a best-in-class tool for Macs paired with a lightweight tool for Windows machines because configuring more complex software like Intune to manage only one or two devices may not be the best use of time and money. Similarly, many companies do not want to provision company-owned phones for all of their employees, but at the same time, their employees don’t want to give their employer full management access to their phones. Fair enough. In these cases, consider some lightweight ways to enable key security properties from employee phones like OS Version, encryption status, passcode status, etc., without overdoing it.


Solving a lot of these challenges is much harder than it should be. We hope these best practices help you make the right security decisions and make it easy to achieve some basic security at your company. Don’t hesitate to contact us, or schedule a demo, if we can help!

Get started with Zip
Learn more about Zip's MDM, EDR, IT, and Compliance solutions and we'll find the right fit for you.