System Center Mobile Device Manager (MDM) consists of the following four main system components:

Except for Microsoft SQL Server 2005, these components require 64-bit editions of Windows Server® 2003 with Service Pack 2. You can run Microsoft SQL Server 2005 on a 32-bit platform. However, Microsoft SQL Server 2005 SP2 or a later version is required.

The following illustration shows a high-level overview of how these components work with existing IT infrastructure to provide an authenticated connection to LOB applications, managed Group Policy, and application packages.

The following list describes these components:

With MDM in place, protected network access is available from managed devices to your company LOB applications. Additionally, you can use Group Policy and software packages to manage the enrolled Windows Mobile devices.

To manage a Windows Mobile device from the MDM system, the device must be running Windows Mobile 6.1. This version of the operating system contains the application that is required to manage the device from the MDM system, and supports the standards that enable the device to establish an authenticated and encrypted communications channel to MDM Gateway Server.


MDM is based on several open industry standards for mobile devices. By using these standards, MDM extends a company infrastructure with features to manage devices by using familiar tools and capabilities.

MDM is based on the following standards:

  • TCP/IP

  • Open Mobile Alliance Device Management (OMA DM)

  • IPsec and Internet Key Exchange Protocol Version 2 (IKEv2)

  • IKEv2 Mobility and Multihoming (MOBIKE) protocol

  • Software Component Management Object (SCOMO)


MDM components work with key IT services to give managed devices access to selected business data. The following shows the primary IT services that work with MDM:

  • Active Directory Domain Service: The Windows-based operating system directory service stores credentials for virtual private network (VPN) and 802.1X-based connections and the Group Policy settings that configure the required settings on each managed device. Examples include configuring ActiveSync® settings or enabling a “password required” policy.

  • MDM software distribution: MDM software distribution uses Windows Software Update Server (WSUS) to allow for the distribution of applications to managed devices. The administrator uses MDM software distribution to create, monitor, and push application packages to managed devices.

  • Certificate services: The MDM client and server security model requires X.509 certificates. MDM works directly with your existing Public Key Infrastructure (PKI) for client and server certificate signing. If no current PKI is in place, or if you want to maintain a separate certification authority for device authentication, you can add a Microsoft enterprise certification authority. The Windows Server® 2003 Enterprise Edition operating system certification authority is the only fully supported issuing certification authority for MDM.

  • LOB application servers: Windows Mobile devices managed by MDM can gain more secure access to your company LOB application servers. This includes the following:

    • Exchange servers: Outlook Mobile grants direct access to your company Exchange servers. This provides Windows Mobile devices access to calendar and e-mail services.

    • Custom application servers: You can make any custom-built applications for your organization that provide Web services to mobile clients, available to managed devices.

Related Links