News Stay informed about the latest enterprise technology news and product updates.

New MDM service ties Apple, Android devices to Active Directory

Centrify mobile security supports Apple iOS and Google Android devices and can connect them to Microsoft Active Directory, but it lacks the robust management features found in major MDM suites, analyst says.

Centrify Corp., a security vendor that enables Linux, Unix and Mac machines to tie into Microsoft Active Directory (AD) for IT management, is launching a new mobile device management (MDM) services that it says can do the same thing for smartphones and tablet devices.

This fills a niche, but it doesn’t compete in the MDM space and they fully acknowledge that it lacks full blown MDM capabilities.

Mark Diodati

The new services, called Centrify DirectControl for Mobile and Centrify Express for Mobile, is being rolled out in Beta and can be tested for free. It currently supports the Apple iPhone and iPad and Google Android devices. The company claims it’s the first service of its kind to connect Android and Apple devices to Active Directory.

The service gives IT the ability to set a limited number of security policies allowing IT administrators the ability to lock or remotely wipe devices and enforce password protection for access to corporate email, VPN and Wi-Fi networks.  It uses Active Directory infrastructure for applying group policy management and enforcing mobile security settings.

Employees can also self-enroll their devices without requiring IT staff to deploy additional infrastructure. It also provides reporting capabilities to display an inventory of devices. It provides information on installed applications, software versions and updates and whether a device has been jailbroken. Centrify said devices do not need to be connected to the corporate network to enforce group policies, according to Tom Kemp, CEO of Centrify. The company’s mobile service is Web-based, meaning devices can be managed through Centrify and the device’s mobile carrier connection. The service also acts as a secure connection or gateway back into the enterprise’s on-premise AD infrastructure.

Centrify has had a strong presence in the Active Directory bridge market with its ability to manage devices and extend single sign-on capabilities to Mac, Linux and Unix systems, said Mark Diodati, a research vice president at Gartner Inc. Diodati said the service has major limitations and doesn’t address the bring-your-own-device (BYOD) problems enterprises face. Users would have to bind their devices to Active Directory and adhere to group policy at all times. Unregistering a device would remove its ability to access corporate services.

“Their solution is the only one that goes to Active Directory, but it’s inevitable that other vendors will pick up on that and begin launching AD support,” Diodati said. “This fills a niche, but it doesn’t compete in the MDM space and they fully acknowledge that it lacks full blown MDM capabilities.” 

Under Centrify’s service, IT administrators can decide how stringent they want to be with device policy, forcing employees to use PKI credentials to access corporate Wi-Fi or the VPN. Policies can also restrict the use of certain applications such as YouTube.

“Our paradigm of managing Windows, Unix and Mac Systems is to allow customers to leverage their existing infrastructure, IT skill sets and process they already have,” Kemp told “Once these devices are joined in the AD domain you can use the existing Windows management tools to start managing them.”

Kemp said Centrify’s strategy is to enable its customers to provide authentication and limited group policies for mobile and then add more authorization and auditing capabilities in the future. The company also plans to partner with major MDM vendors for companies needing more robust device management capabilities, he said.

Kemp said most MDM platforms – there are at least 40 vendors selling MDM software – require enterprises to install in-house infrastructure. Some MDM platforms offer cloud-based and hybrid deployment options, but none offer a direct connection to AD. In some cases, organizations are rolling out MDM platforms alongside their existing BlackBerry Enterprise Server.

Centrify said the mobile service is an integrated component of its full Active Directory security, compliance and auditing suite. The company competes with its software suite against Aliso Viejo, Calif.-based Quest Software and Carlsbad, Calif.-based BeyondTrust.

The service will be provided in a paid subscription version of $24 per device per year with full support and the free Centrify Express for Mobile, which gives enterprises access to a help forum for technical support questions. 

Dig Deeper on BYOD and mobile device security best practices

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.