Miradore Online MDM: Expanding management with subscriptions
A lot has changed since then, rendering even my more recent second review somewhat out of date. I've watched as Miradore have slowly but surely graduated from a simple, basic MDM platform into a feature-rich EMM offering incorporating things like application management, Apple's DEP (Device Enrolment Program), Apple's VPP (Volume Purchase Program) and in the future, Android for Work under the Miradore Online umbrella.
Naturally as their platform has grown, so too has the need to monetise the product. While they have and always will offer MDM functionality for free, their ever-growing EMM feature set can only be enabled with the purchase of either a Business or Enterprise subscription.
I've enjoyed following Miradore's journey so far and am always excited to see the product evolve. They still have a way to go with features in competing, arguably more expensive, EMM platforms which are yet to be implemented, but how do they stand today? In my 3rd review near to the 2nd anniversary of discovering the platform and almost 1 year out of beta I will be focusing on two areas:
- Benefits of the Enterprise/Business plans over the basic free tier.
- Changes and improvements since my last review.
In my two previous reviews (linked above) I talked at length about the free tier. For this review however, just as I directed my attention towards the Business plan last time, I'll be completely focusing on the benefits of splashing out on a higher tier and why anyone who does will not be disappointed. Both the Business and Enterprise plans provide big EMM functionality for little MDM cost, continue below to see why.
Why should I upgrade?
There are circumstances when the free tier just isn't quite enough.
In larger groups or SMBs where day to day management of devices needs to be handled by a support team, or if application management has become a necessity as device numbers have increased, Miradore offer both Business and Enterprise plans at $0.50 and $2.00 per device per month respectively to cater for these needs - and more - which I'll discuss below.
Role-based user permissions and unlimited administators
These two features go hand-in-hand for the management of devices in larger teams. While it is possible to have one admin logon shared between many administrators, there is no reliable audit log of changes on a per-admin level. Did Rick wipe that device? Did Emma push out Angry birds to the management team? As a company grows and device management becomes increasingly critical, having a breadcrumb trail to know who did what and when becomes very useful indeed.
In addition, limiting the roles an admin can have brings additional benefits. It means safely assigning Jill in HR the ability to keep an eye on her team’s mobile devices while preventing access to devices outside of her team. Similarly Ben, the new IT intern, can have full visibility of the entire solution while he shadows his colleagues without the risk of him changing critical configurations or system settings.
While unlimited admins are available in the Business plan, Role-based administration is an Enterprise feature.
Offline reports, notifications and API integration
I talked about the ability to export reports and email notifications in my business review, however in short Miradore’s Business plan allows for both email alerts and the exportation of report information for offline use.
The type of reports available range from how many devices are currently inactive on the platform (not checked in recently) to highlighting the number of iOS devices that aren't supervised, or even how many employees have games or other non-productive apps installed. As well as being able to export these reports as an Excel spreadsheet, they can also be saved within the console for regular viewing.
Email alerts are more real-time and set up on a per-admin basis. This means the security team may get notifications when a device is detected as rooted, and the IT support desk can know when a new device is added or removed from the platform (something that comes in handy with self-service enrolment for employees).
The newer option released with the Enterprise plan is the ability to tap into the Miradore Online API in order to fetch reports on the fly. Reporting applications within the business can obtain and manipulate Miradore report data without the need for human intervention, creating opportunities for things like scheduled reports delivered with pie charts, graphs and high/low/average figures for enrolments, app installations and more - if that functionality exists in the software making the API calls of course - Miradore only supply XML formatted, basic reports by default when an API call is made.
By contrast, Miradore's free offering will only provide online reports. They too can be saved within the console for later viewing but there's no way of exporting them without either copying and pasting manually or taking screenshots. Neither are an efficient use of admin time.
Tracking the whereabouts of corporate devices is a bit of a controversial feature in the EMM world, however ethics and corporate policies aside it is a useful and cost-saving addition to any MDM platform. Devices that are lost or stolen can be found and employees can be monitored if the business feels that is justified.
Miradore's Business subscription includes location tracking using an approach different to other EMM providers; instead of turning it on or off globally, Miradore treats it as a configuration profile that can be assigned and pushed out to individual devices or groups. This makes managing the feature simpler and the legal/ethical issues less prevalent.
Even better, it's now available on iOS too!
App management is a game-changer for Miradore. It's a feature that instantly expands the platform from a standard MDM offering into EMM territory. Sure, it's not yet a full-blown EMM suite (telecoms and content management please!) but this is an excellent first step.
Along with black and white lists for applications across iOS, Android and Windows Phone which prevent the installation of unwanted applications, Miradore can now additionally push out and remove App Store/Play Store apps and in-house apps for iOS and Android devices from the console. Even better, for supervised iOS and Samsung KNOX-enabled devices this can be done silently without end-user involvement.
This is an Enterprise subscription feature. Under the free subscription application management is unavailable, but inventory data will always show what applications devices have installed.
Confusingly this is an Enterprise subscription feature and is not available under the Business subscription. With that out of the way, Business policies are effectively automated, dynamic assignments of pre-configured policies based on a matching criterion set within the console.
Similar to Mobile Iron Labels or AirWatch Groups, business policies can be assigned to tags within Miradore Online. Once set up, any device assigned the relevant tag will have all associated policies pushed down to their device automatically. Along with the recent addition of tagging before a device is enrolled, this means all policies can be pushed down to a device the moment enrolment finishes. This feature has the potential to save administrators an awful lot of time in comparison to the free subscription where policies have to be pushed out manually.
Sound good? Find out more
The features provided in the subscriptions are designed to make life easier for a relatively low cost. At $2 per device, per month for the more expensive Enterprise subscription Miradore are still a good deal cheaper than the competition. What's more, as new features are added having a subscription means getting the newest, best features as soon as they become available. The free subscription makes for an excellent starting point, but as a business grows and administration becomes more hands-on, considering an upgrade is well worth it; with ~73% of all devices on Miradore Online being managed under a business or enterprise subscription, clearly I'm not the only one with that opinion!
It is worth keeping in mind devices can be enrolled across many different sites (site1.online.miradore.com, site2..., etc) therefore if you feel some teams may need application management, while others do not, managing them across different Miradore Online sites may reduce the cost of using a subscription. It will however require switching between sites to support different devices and can end up causing additional overhead.
For more information on the Business and Enterprise subscriptions, click below. For a quick and simple guide to upgrading to a new subscription, check out my previous review.
Still unsure, or want to speak to someone before making a decision? Email Miradore or leave me a comment at the bottom of the article and I'll help you out.
Without a doubt it's been a good year for iOS. Since my last review Miradore have added:
- Bulk enrolment support through Apple Configurator
- App management (mentioned above)
- Additional restrictions (more to enable/disable)
- Location tracking
- Apple DEP support
- Apple VPP support
- Web clip support
Bulk enrolment and DEP support are two big upgrades that will save hours upon hours that would otherwise be spent manual enrolment. With Apple Configurator the only limit to the amount of devices which can be enrolled in one go is the number of USB ports on the Mac being used. I spent a lot of time with Apple Configurator last year provisioning iOS devices, working with up to 16 at a time using a giant, powered USB sync & charge station which only required one port on the Apple Mac Mini I was using.
DEP is even easier. The devices come directly from Apple (or a certified partner) already pre-setup to enrol directly into Miradore, this means to get up and running on the new device could be as simple as supplying a name, iTunes account, and potentially a server name before the device then enrols.
With VPP, managing paid applications after enrolment becomes substantially easier. For years I've listened to, read about, and taken part in discussions about ownership of applications, rights to expense purchases, loss of licenses when the employee leaves, etc. VPP fixes this by providing one central location for all app purchases, licenses can be pushed out to devices remotely and retrieved when no longer required, meaning employees no longer have to purchase apps themselves, and employers no longer have to approve app expenses they'll never be able to re-use.
Miradore have from the start been incredibly Apple friendly. Even today Android is only supported to a relatively small degree in comparison, and the more granular restrictions rely on using Samsung devices. That said, Android has been given a little TLC also, with new features such as:
- Improved application management, including silent installation/removal
- Additional Android (Samsung KNOX) restrictions
- Messaging functionality for devices
- Encryption support
- Web shortcut support
Encryption support, although only one-way at the moment (you can enable it, but not turn it off from the console) is another great addition for security-driven customers. Although some recent flagships have come with this enabled out of the box, the ability to turn this on for all supported devices guarantees just a little more peace of mind should a device fall into the wrong hands.
Messaging is a quirky little feature. A lot of MDM platforms support this and it makes it easy to send messages directly to an Android device. In support situations where an email profile may not have deployed (and as such the user doesn't have access to emails), a quick message from the console will pop up as a notification on the device in question, offering a one-way communication channel between an admin and end-user.
Hopefully as time goes on we'll see support for other manufacturers like HTC, LG, Sony - all of which have some basic management capabilities over and above AOSP.
Windows phone hasn't been excluded either, being already more fully supported than Android, WP got the following new functionality:
And finally, to the system itself:
- Improved Active Directory support
- An updated console with a more responsive layout, allowing for improved mobile administration
- Expanded tagging functionality (which now allows for tagging before a device is enrolled)
Trials were added back in the 2nd half of 2015 and it's great to see that option available. This is only for the Enterprise subscription, but it's fairly easy to see what is and isn't included between the different subscriptions and test accordingly. Here's a handy comparison.
A few items have been ticked off my requested features list since I put it together in 2014, I'm particularly pleased about the responsive layout (which I think is due in part to my mentioning of it in my last review, and this article I wrote which caught their attention). They've done a great job of adapting the layout to mobile devices without impacting on that nice, clean and simple interface.
Hopefully I'll see a few more of these ticked off in the future: (NB: I've stated location tracking for all platforms, but I'm happy to cross it off with the support of both Android and iOS).
- Improved device management including Android for Work support
- Telecoms & content management
- Location tracking for all platforms
- User-friendly naming on reports
- A mobile-friendly administration client (native or web)
- Scheduled reports
- Active Directory enrolment
- More Android vendor support
- Business plans without a VAT number requirement
Do you use Miradore Online? Are you considering their subscriptions? Let me know in the comments or tweet me @jasonbayton with the tag #MiradoreSubs