This section describes how System Center Mobile Device Manager (MDM) works.

In This Section

Device Enrollment with MDM

Before a device can use MDM to connect to the company network, it follows a process of authentication and provisioning that helps make sure that it is a recognized and verified member of the Active Directory® domain in your company.

Mobile VPN with MDM

This is the authenticated and encrypted connection established between a managed Windows Mobile device and MDM Gateway Server. After the Mobile virtual private network (VPN) is established, all network traffic from the device cellular wireless wide-area network (WWAN) or its Wi-Fi connection redirects through it and back to MDM Gateway Server.

Device Management with MDM

A managed device can communicate with MDM Device Management Server after it successfully negotiates the authenticated network access connection with MDM Gateway Server. The server collects information about the device and then pushes the appropriate Group Policy settings and software packages to it.

LOB Access with MDM

Device-based applications can use an authenticated network access connection to create communication sessions with the e-mail and LOB applications for your company. This communication requires that users provide account information to authenticate their account on the servers in your company network. MDM denies the connection if the user account does not have permissions to your company LOB servers.

Group Policy Application on MDM

By using Group Policy, an administrator can enable or disable any device capability. For example, an administrator could disable all cameras as a default setting and the end-user could not override this setting.

Software Distribution on MDM

MDM Device Management Server regularly checks with MDM software distribution for newly published software packages, evaluating all managed devices against package applicability rules and approval information.

Application Authentication on MDM

After a managed Windows Mobile device establishes an authenticated network access connection, it can gain access to IT services on your company network.