Best practices for configuring your organization’s hierarchy using Mosyle Business MDM

5 min read

by Mosyle Team


Best practices for configuring your organization’s hierarchy using Mosyle Business MDM

Using a mobile device management (MDM) solution to manage corporate Apple devices is a great way to streamline workflows and scale deployment. By giving employees access to tools that help them complete their tasks, MDM can increase employee productivity and retention. You may be wondering how you can give your employees access to specific apps, software or sensitive information when they’re using Apple devices at work. After all, someone from the HR department might not need the same applications or configurations as someone from the Marketing department. MDM has many benefits including the ability to create an organizational hierarchy with specific user entitlements and permissions.

When you create an organizational hierarchy, you can deploy apps or profiles that apply specifically to that group or business units (such as departments, in this case). It’s important to have flexibility when creating a hierarchy, so you can even organize devices according to dynamic criteria. In this article, we’ll go over the best ways to create an organizational hierarchy using Mosyle Business, an enterprise MDM solution that tailors itself to your industry.

Organizing by user groups (business units: department, division, etc.)

When you use an MDM solution like Mosyle Business, it’s easy to create a hierarchy within the platform. One way to organize corporate devices is through user groups, and Mosyle Business has built-in functions that allow you to organize your users in this manner. Organizing end-users this way streamlines app deployment and makes your workflow more manageable.

After logging in to the Mosyle Business platform, simply navigate to the Organization tab and click on User Groups from the menu on the left. Then, add your User Group and assign it as Root, making it the main group at the top level. When you create your departments, just create another User Group and insert it into the Root group.

You can create a more in-depth hierarchy this way. For example, you can create a hierarchy that looks like this: Office > IT > developers > back-end > product.

Another added benefit of User Groups in Mosyle Business is that you can easily import groups and their associated users from your cloud-based services such as Google and Microsoft Azure AD. This can be done through integrations available in Mosyle Business. After completing the integration, you can add specific users to your User Groups.

Adding your end-users using cloud-based integrations also makes it easier to set up Single Sign-On via Mosyle Auth for identity authentication purposes.

When deploying apps that you’ve purchased in Apple Business Manager (ABM), you can send specific apps to the user groups you’ve created. If your accountants need access to Microsoft Excel in particular, you can deploy the software to the user group of accountants after ensuring that you have the correct number of licenses in ABM. To deploy apps, you would go to the Management tab in Mosyle Business and click on Install App. Create the new profile and, after selecting Apps and Books as the installation source, you can assign the profile to your desired User Group.

Organizing using device groups (criteria)

Another way to create a hierarchy in Mosyle Business is by using device criteria. This scenario is especially useful if your corporate devices aren’t assigned to specific users. For this method, you can use Device Groups in Mosyle Business to deploy apps or profiles.

When you’re in Mosyle Business, navigate to the Management tab and click on Device Groups. Then, click on Add Device Group and create the group based on the end-users (e.g. accounting). Under the device criteria section, you can create the rules and criteria that will be used to add devices to/remove devices from this Device Group. When a change occurs on a device, the changes are automatically reflected in the group.

Using Device Groups means that you can manage devices remotely according to device criteria, and you can be as specific as you want. You can then deploy certain apps or software to those criteria-specific Device Groups that you created, also referred to as “dynamic groups.”

For example, say that your group of devices used by the accounting department are all encrypted using FileVault to protect their hard drives in case of data breaches. You can create a Device Group for devices that have FileVault encryption enabled. Then, you can deploy certain sensitive corporate information specifically to those accounting department’s devices using Install App/Book/PKG in the Mosyle Business platform.

Some of the other common device criteria include Localhost name and OS update. When you choose OS update as the criteria for a dynamic group, you can send software that have specific OS requirements to devices that are running that version of MacOC, for example. This is useful if a department needs that software on their devices.

Device Group creation is extremely flexible so that you are always able to meet the needs of your specific-use cases within your organization’s hierarchy.

Using MDM can not only help you organize end-users, it’s also a great way to increase employee productivity and streamline your device deployment. With Mosyle Business by your side, you can rest assured that you’re using the most fully-featured, yet affordable solution on the market. Don’t have a Mosyle Business account yet? Sign up for your free 30-day trial here.