Introduction

Hello, everyone. T.S. here, a corporate engineer in the KINTO Technologies IT Management Team. We have an IT Management Team info page here, so please take a look at that, too.

In the IT Management Team, we're working hard every day to provide an IT environment that can raise the productivity of the engineering organization that is KINTO Technologies.

Our internal IT environment is composed of various elements and it'd be difficult to cover everything all in one go, so in this article, I'm going to focus on device management.

What is device management?

Premise

At KINTO Technologies, every staff member is loaned a set that includes the following:

• A laptop (Windows or Mac)
• A smartphone

So, if we can understand and manage things like who the devices are being used by and what condition they're in, it'll be easier to support a pleasant development environment.

What is MDM?

As the premise states, all staff are using mobile devices. So, we've introduced Mobile Device Management tools.

That’s right. They're generally called things like "MDM tools."

What can you do with it?

Essentially, MDM means tools for managing and operating mobile devices like laptops, smartphones, and tablets — e.g., managing their settings and app distribution.

I imagine a lot of you might be thinking, "If that's all it's about, why do you need to work so hard to manage them?" But...

KINTO Technologies doesn't have them on-site

So, in terms of the SaaS* used on a daily basis for work, deciding whether devices can be trusted (i.e., are managed by the company) is a critical security issue. However, in order to make sure the development environment is always convenient as well as very secure, we need to think very carefully about which aspects of the devices we should manage, and which should be left to the users.

SaaS = Software as a Service: Services that are installed on clients and used via networks such as the Internet.

In terms of deciding which device aspects should be managed, which should be left up to the users, and how to not compromise convenience as a result, we pictured something like this:

Seems like these should be managed	Would be nice if these didn't have to be
Behavior of security-related tools ・ Data leakage measures ・ Means of erasing data if the device is lost, etc. ・ Communicating with improper connection destinations ・ Asset management	Applications needed for work ・ User-specific environment settings ・ Keyboards, mice, and other peripherals ・ Physical device storage and management

KINTO Technologies' device management

Overview

The upshot is that this is what KINTO Technologies' MDM consists of:

Item	Service used
IdP(※)	Azure Active Directory
Windows devices Smartphones	Microsoft Intune
Mac devices	Jamf Pro

IdP = Identity Provider: A mechanism for providing authentication services and managing account information.

Challenges

KINTO Technologies is in a rapid-growth phase, so lots of new staff are joining it every month. That means the number of devices is increasing at the same rate as the employees, so it's going to be extremely tough to manage them through human labor alone.

So, we ended up systematizing our device management approach to solve the following issues:

1. Time spent on device kitting
2. Managing device information
3. Managing application installation
4. Controlling OS update cycles
5. Applying encryption and managing recovery keys
6. Remote locking and remote wiping

The system we introduced

Thinking about the work environment again...

Work environment

• PCs -> Choice of Windows or Mac
• Smartphones -> Issued to all staff
• Environment -> Fully cloud-based
• Groupware -> Microsoft 365

Based on this, for Windows devices and smartphones, we adopted Azure Active Directory and Microsoft Intune, which are highly compatible with Microsoft 365.

We could have said, "Let's manage Macs with Microsoft Intune as well, and have a fully unified MDM platform!" However, we decided to go with Jamf Pro instead, because it has a great track record with Apple products, and boasts quick syncing of settings and good flexibility in terms of management policies and items.

Here's what our device management looks like:

Overview of our device management

Results

No.	Item	Result
1	Time spent on device kitting → The time spent on kitting (including configuring settings) has gone down.	△
2	Managing device information → Goodbye ledgers, hello management consoles	○
3	Managing application installation → Has changed from separate to centralized management	△
4	Controlling OS update cycles → Has changed from being the device users' responsibility to being managed centrally	○
5	Applying encryption and managing recovery keys → Has changed from being done device by device to system-based management. We're especially glad to now have systemic key management!	○
6	Remote locking and remote wiping → We can do them now!	○

The above results mean that we've more or less cleared the initial challenges, and should finally be able to say that we're at the starting line of device management.

We want to go on improving our device management operations in order to deliver an ever better experience to all staff.

Things we want to do in the future

1. Zero-touch kitting

We'd like to consolidate the kitting requirements, etc., achieve zero-touch kitting, and reduce the amount onboarding time spent on the devices so that more of it can be spent on actual work.

2. Streamlining application-related operations

We've achieved centralized management, but we'd like to refine these operations further so that we can respond to users in a more flexible and timely manner.

3. Managing the condition of devices

We'd like to achieve detailed control and operations that address the condition of devices in (e.g.) inventory as well as of ones registered with the MDM, so that the devices can be kept in better condition.

In conclusion

Thank you for reading my article all the way to the end. I will continue to work hard to create an in-house IT environment that can contribute to the whole company and its business.

We are hiring!

KINTO Technologies is looking for people to work with us to create the future of mobility together. We also conduct informal interviews, so please feel free to contact us if you are interested.

https://www.kinto-technologies.com/recruit/