KINTO Technologies' Device Management
Introduction
Hello, everyone. T.S. here, a corporate engineer in the KINTO Technologies IT Management Team. We have an IT Management Team info page here, so please take a look at that, too.
In the IT Management Team, we're working hard every day to provide an IT environment that can raise the productivity of the engineering organization that is KINTO Technologies.
Our internal IT environment is composed of various elements and it'd be difficult to cover everything all in one go, so in this article, I'm going to focus on device management.
What is device management?
Premise
At KINTO Technologies, every staff member is loaned a set that includes the following:
- A laptop (Windows or Mac)
- A smartphone
So, if we can understand and manage things like who the devices are being used by and what condition they're in, it'll be easier to support a pleasant development environment.
What is MDM?
As the premise states, all staff are using mobile devices. So, we've introduced Mobile Device Management tools.
That’s right. They're generally called things like "MDM tools."
What can you do with it?
Essentially, MDM means tools for managing and operating mobile devices like laptops, smartphones, and tablets — e.g., managing their settings and app distribution.
I imagine a lot of you might be thinking, "If that's all it's about, why do you need to work so hard to manage them?" But...
KINTO Technologies doesn't have them on-site
So, in terms of the SaaS* used on a daily basis for work, deciding whether devices can be trusted (i.e., are managed by the company) is a critical security issue. However, in order to make sure the development environment is always convenient as well as very secure, we need to think very carefully about which aspects of the devices we should manage, and which should be left to the users.
SaaS = Software as a Service: Services that are installed on clients and used via networks such as the Internet.
In terms of deciding which device aspects should be managed, which should be left up to the users, and how to not compromise convenience as a result, we pictured something like this:
Seems like these should be managed | Would be nice if these didn't have to be |
---|---|
Behavior of security-related tools ・ Data leakage measures ・ Means of erasing data if the device is lost, etc. ・ Communicating with improper connection destinations ・ Asset management |
Applications needed for work ・ User-specific environment settings ・ Keyboards, mice, and other peripherals ・ Physical device storage and management |
KINTO Technologies' device management
Overview
The upshot is that this is what KINTO Technologies' MDM consists of:
Item | Service used |
---|---|
IdP(※) | Azure Active Directory |
Windows devices Smartphones |
Microsoft Intune |
Mac devices | Jamf Pro |
IdP = Identity Provider: A mechanism for providing authentication services and managing account information.
Challenges
KINTO Technologies is in a rapid-growth phase, so lots of new staff are joining it every month. That means the number of devices is increasing at the same rate as the employees, so it's going to be extremely tough to manage them through human labor alone.
So, we ended up systematizing our device management approach to solve the following issues:
- Time spent on device kitting
- Managing device information
- Managing application installation
- Controlling OS update cycles
- Applying encryption and managing recovery keys
- Remote locking and remote wiping
The system we introduced
Thinking about the work environment again...
Work environment
- PCs -> Choice of Windows or Mac
- Smartphones -> Issued to all staff
- Environment -> Fully cloud-based
- Groupware -> Microsoft 365
Based on this, for Windows devices and smartphones, we adopted Azure Active Directory and Microsoft Intune, which are highly compatible with Microsoft 365.
We could have said, "Let's manage Macs with Microsoft Intune as well, and have a fully unified MDM platform!" However, we decided to go with Jamf Pro instead, because it has a great track record with Apple products, and boasts quick syncing of settings and good flexibility in terms of management policies and items.
Here's what our device management looks like:
Overview of our device management
Results
No. | Item | Result |
---|---|---|
1 | Time spent on device kitting → The time spent on kitting (including configuring settings) has gone down. |
△ |
2 | Managing device information → Goodbye ledgers, hello management consoles |
○ |
3 | Managing application installation → Has changed from separate to centralized management |
△ |
4 | Controlling OS update cycles → Has changed from being the device users' responsibility to being managed centrally |
○ |
5 | Applying encryption and managing recovery keys → Has changed from being done device by device to system-based management. We're especially glad to now have systemic key management! |
○ |
6 | Remote locking and remote wiping → We can do them now! |
○ |
The above results mean that we've more or less cleared the initial challenges, and should finally be able to say that we're at the starting line of device management.
We want to go on improving our device management operations in order to deliver an ever better experience to all staff.
Things we want to do in the future
1. Zero-touch kitting
We'd like to consolidate the kitting requirements, etc., achieve zero-touch kitting, and reduce the amount onboarding time spent on the devices so that more of it can be spent on actual work.
2. Streamlining application-related operations
We've achieved centralized management, but we'd like to refine these operations further so that we can respond to users in a more flexible and timely manner.
3. Managing the condition of devices
We'd like to achieve detailed control and operations that address the condition of devices in (e.g.) inventory as well as of ones registered with the MDM, so that the devices can be kept in better condition.
In conclusion
Thank you for reading my article all the way to the end. I will continue to work hard to create an in-house IT environment that can contribute to the whole company and its business.
We are hiring!
KINTO Technologies is looking for people to work with us to create the future of mobility together. We also conduct informal interviews, so please feel free to contact us if you are interested.
関連記事 | Related Posts
We are hiring!
【部長・部長候補】/プラットフォーム開発部/東京
プラットフォーム開発部 について共通サービス開発GWebサービスやモバイルアプリの開発において、必要となる共通機能=会員プラットフォームや決済プラットフォームの開発を手がけるグループです。KINTOの名前が付くサービスやTFS関連のサービスをひとつのアカウントで利用できるよう、様々な共通機能を構築することを目的としています。
【PdM】共通サービス開発G/東京
共通サービス開発グループについてWebサービスやモバイルアプリの開発において、必要となる共通機能=会員プラットフォームや決済プラットフォームなどの企画・開発を手がけるグループです。KINTOの名前が付くサービスやKINTOに関わりのあるサービスを同一のユーザーアカウントに対して提供し、より良いユーザー体験を実現できるよう、様々な共通機能や顧客基盤を構築していくことを目的としています。