Water-falling policies on mobile devices
You may have heard the term before ‘water-falling’ when it comes to mobile device management. It might create questions as to what it is, and what does it do. In this article I will describe the feature and the benefits it has to mobile device management. Firstly, to understand the feature lets look at how desktop environments can be managed.
With a desktop estate it is very easy to deploy policies and applications to endpoints. If a machine has been moved in an Active Directory domain, policies and applications can be deployed or revoked. With mobile devices however, this causes a problem. These are not in Active Directory but we still need the same level of control and ease of management.
When mobile devices are provided, a user might have to install their own applications on the device. They will set their own passcode, set their own themes and settings and will personalise the device to their own needs. This may not be in line with company policy and can cause issues with security, data and access. Depending on the department, users may have different requirements for their roles. They might need a higher security passcode if they work in HR with access to certain applications. Compare that to someone working in support who do not keep any personal data on a device and might require a different passcode policy and technical applications and documents. It would be a lot easier if just like the desktop you could add a device to an organisation unit and allow systems to then deploy and manage the device.
Water-falling allows for devices to move through Organisation Units configured in a mobile platform, and either accept or remove policies depending on where they sit. This effect is known as water-falling due to how policies can cascade downwards to cover all devices under a hierarchy. Going back now to our HR and Support employees, by simply moving the device from ‘HR’ and moving it to ‘Support’ we have already removed all policies and apps given to it by the HR unit, and now supplied it with all policies and apps provided by the Support structure. This can also be done at a very top company level for policies that are essential for security and work. A good example is email. By deploying this at top level unit, this will cascade onto all devices that fall under, so everyone in the business gets work emails deployed as soon as their devices are provisioned and enrolled. They also get to keep these settings no matter where they sit in the business with no risk of removal if the employee’s role changes.
OU Specific water-falling:
There are some scenarios where you may have rules that can conflict or have very specific rules that might apply to just 1 person in an entire unit. Policies can be tailored, and you can be very specific adding policies to single devices in a unit or more.
The benefits of water-falling is that it allows companies to easy and quickly configure mobile devices with very little input. The time saved by using these features can build up, and the end user experience will never suffer. Things such as the starters and leavers programs may change drastically and with each new device you also have the ability to have it already shown in your mobile management platform. The greater level of control and visibility, as well as reduced time resourcing and positive end user experiences means this feature can be essential for a mobile management platform.