How Apple's MDM options can support enterprise endpoints

Copyright TechTarget - All rights reserved https://cyber.law.harvard.edu/rss/rss.html Techtarget Feed Generator en Mon, 27 Apr 2026 01:47:44 GMT https://www.techtarget.com/searchmobilecomputing editor@techtarget.com <p>As organizations increasingly adopt Apple devices, it is essential to effectively manage these endpoints to ensure device security and regulatory compliance. Fortunately, Apple makes it possible to effectively manage these devices through various mobile device management (MDM) platforms.</p> <section class="section main-article-chapter" data-menu-title="Device enrollment options"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Device enrollment options</h2> <p>To manage Apple devices, organizations must first enroll them in their MDM platform. If an organization <a href="https://www.techtarget.com/searchmobilecomputing/tip/BYOD-policy-basics-Defining-and-enforcing-a-successful-policy">permits the use of personal devices</a>, users can manually enroll them through a dedicated web portal. Conversely, an organization can enroll corporate-owned devices automatically using either Apple School Manager or Apple Business Manager.</p> <p>Apple School Manager is a cloud-based tool that can automate the initial provisioning of Apple devices. This service enables organizations to complete the enrollment process without physically handling the devices. However, to do so, devices must be associated with the organization at the time of purchase.</p> <p>As its name suggests, Apple School Manager is intended primarily for use in schools, and much of that platform's functionality reflects that focus. For example, organizations can use Apple School Manager to create user accounts from student rosters, purchase apps and textbooks in bulk, and deploy them to managed devices.</p> <p>Like Apple School Manager, Apple Business Manager is a cloud-based tool enterprise organizations use to enroll Apple devices and purchase apps and content in bulk. Organizations can also use it to manage their Apple IDs. In addition, Apple Business Manager supports <a href="https://www.techtarget.com/searchsecurity/definition/role-based-access-control-RBAC">role-based access control</a>, enabling administrators to assign roles based on job responsibilities.</p> <p>Although Apple Business Manager can manage an organization's Apple IDs, this does not mean users must use an Apple ID to sign in to their devices. Instead, Apple lets users link the Apple Business Manager to an identity provider, such as <a href="https://www.techtarget.com/searchwindowsserver/definition/Active-Directory">Active Directory</a>. Doing so enables users to log on using their normal credentials -- typically, an email address and password -- even though they are working from an Apple device.</p> <p>If an organization chooses to support federated authentication, it must add its domain to Apple Business Manager and complete domain verification. The organization must then establish an OpenID Connect connection before testing and fully enabling federated authentication.</p> <p>It is worth noting that while Apple School Manager and Apple Business Manager are both designed to assist with the enrollment and management of Apple Devices, these services are designed to work with, not replace, other MDM tools being used. Apple Business Manager, for example, is designed to enable users to add their Apple device inventory to their organization's MDM offering.</p> <p>Not surprisingly, numerous third-party MDM platforms are designed to work with Apple School Manager or Apple Business Manager. Microsoft, for example, provides a comprehensive <a target="_blank" href="https://learn.microsoft.com/en-us/intune/device-enrollment/apple/tutorial-automated-ios" rel="noopener">tutorial</a> explaining how to set up Microsoft Intune enrollment for devices listed in Apple Business Manager. Other MDM tools that work with Apple endpoints include Kandji, Jamf Pro, JumpCloud and ManageEngine.</p> <p>Although all third-party MDM tools use the same APIs to integrate with Apple's management tools, some will inevitably provide a better, more seamless experience than others.</p> <p></p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/g4TMM7FrmzI?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="Considerations for selecting an MDM platform"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Considerations for selecting an MDM platform</h2> <p>Organizations already using an MDM platform to manage PCs and mobile devices should evaluate whether it adequately supports Apple devices before considering a change. Replacing an existing MDM platform could introduce additional expenses, increase implementation efforts and expand training requirements for IT staff.</p> <p>For organizations shopping for a new MDM platform, ease of use is important. Some MDM tools are easier to use than others. Likewise, there are tools that work well with PCs, but provide a subpar experience for managing other types of devices.</p> <p>Scalability is also important. Some MDM tools are specifically designed for use in smaller environments. Similarly, tools can become cost-prohibitive as the number of managed devices increases.</p> <p>Finally, it is essential to consider the total cost of ownership, which goes beyond the license cost to include other hidden costs such as training or support contracts.</p> </section> <section class="section main-article-chapter" data-menu-title="Declarative management"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Declarative management</h2> <p>In addition to traditional MDM approaches, Apple supports declarative device management (DDM), which extends existing MDM capabilities, enabling devices to asynchronously apply settings, reducing the need for continuous server communication and enabling more timely status reporting.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Managing Apple devices is no longer just an IT task -- it is a core part of enterprise endpoint security and governance. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>However, the benefits and capabilities of DDM are not consistent across all Apple devices. Some configurations require newer OS versions, and certain capabilities are dependent on devices being enrolled through Automated Device Enrollment, Device Enrollment or a similar method.</p> <p>Declarative device management enables organizations to define desired states using declarations that devices evaluate locally. The following four primary types of declarations are used:</p> <ul class="default-list"> <li><b>Configurations.</b> These define settings, restrictions and account configurations. They are like traditional configuration profiles but are evaluated on the device.</li> <li><b>Assets. </b>These<b> </b>provide reusable reference data used by configurations, such as user identity details or authentication credentials.</li> <li><b>Activations.</b> These group configurations and define the conditions under which they are applied. For example, an activation might apply only to devices of a certain type or OS version.</li> <li><b>Management.</b> This communicates the device's state and support status, enabling it to share details on its current configuration and compliance status.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Strategies for getting started"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Strategies for getting started</h2> <p>For organizations considering implementing MDM for Apple devices, there are several broad strategies they can adopt to make deployment more successful:</p> <ol class="default-list"> <li><b>Standardize Apple environments.</b> Align device types, security configurations and applications. Greater consistency simplifies deployment and ongoing maintenance.</li> <li><b>Segment users by role.</b> A single device profile rarely fits all use cases. Divide users into groups based on their job roles and apply role-specific configurations.</li> <li><b>Align security policies with compliance requirements.</b> Determine and enforce Apple device policies that <a href="https://www.techtarget.com/searchmobilecomputing/tip/Enterprise-mobile-compliance-is-critical-but-often-neglected">align with compliance mandates</a>.</li> <li><b>Build an enterprise app store, if one is not in place.</b> Manage app access through an app store rather than relying on a public app store to improve governance and visibility.</li> <li><b>Use MDM to monitor the organization's Apple endpoints.</b> Use MDM tools to detect deviations from security baselines and take corrective action.</li> </ol> <p><em>Brien Posey is a former 22-time Microsoft MVP and Commercial Astronaut Candidate. During his 30+ year IT career, Posey has served as the CIO for a national chain of hospitals and healthcare facilities and as the lead network engineer for the U.S. Department of Defense at Fort Knox. He has also worked as a network administrator for some of the largest insurance companies in America.</em></p> </section> Explore how mobile device management platforms streamline Apple device enrollment, security, compliance and deployment for organizations of all sizes. https://cdn.ttgtmedia.com/rms/onlineimages/mobile_g1182604339.jpg https://www.techtarget.com/searchenterprisedesktop/tip/How-Apples-MDM-options-can-support-enterprise-endpoints Fri, 24 Apr 2026 11:53:00 GMT How Apple's MDM options can support enterprise endpoints <p data-end="6102" data-start="5935">BYOD can lower hardware costs and give workers more flexibility, but it also pushes corporate data onto endpoints the business does not fully own.</p> <p data-end="6361" data-start="6104">The modern BYOD security question is not simply whether a personal phone can reach work resources. It is how the organization will protect identities, apps and data on a device that also contains personal accounts, personal apps and personal cloud services.</p> <p data-end="6634" data-start="6363">That requires a more layered control model than older BYOD programs used. Organizations can now combine app protection, <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-use-Intune-app-protection-without-MDM-enrollment">Conditional Access</a>, privacy-preserving enrollment methods, minimum OS requirements and <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-remove-a-management-profile-from-an-iPhone">selective wipe</a> rather than relying only on full-device control.</p> <section class="section main-article-chapter" data-menu-title="Why BYOD presents unique risks"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why BYOD presents unique risks</h2> <p data-end="8598" data-start="8265">BYOD creates unique risk because work data, personal apps and personal accounts all sit on the same endpoint. The threat model is not limited to malware. It also includes oversharing through personal cloud services, unauthorized apps, weak identity controls and inconsistent patch levels across personal devices.</p> <p data-end="8598" data-start="8265"></p> <p data-end="8791" data-start="8600">The three biggest BYOD risks usually show up in these areas: unclear security protocols and shadow IT, data leakage through unmanaged or malicious apps, and device loss, theft or compromise.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">The three layers of BYOD security</h3> <p>BYOD security works best when organizations separate controls into three layers. Identity and access controls decide who gets in and under what conditions. App and data controls keep work information inside approved apps and block risky sharing behavior. Device compliance and response controls set minimum OS requirements, monitor posture and define what IT can do when a device is lost, stolen or out of compliance. Microsoft explicitly supports app protection with or without enrollment, while Apple User Enrollment and <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-create-a-work-profile-on-Android-devices">Android work profiles</a> help keep work and personal data separated on employee-owned devices.</p> </div> </div> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The modern BYOD security question is not simply whether a personal phone can reach work resources. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <h3>Unclear security protocols</h3> <p data-end="9676" data-start="9273">Many BYOD breaches start with behavior, not malware. Employees use unapproved apps because they are convenient, reuse personal identities and sign in from devices that might not meet corporate security or patch standards. That makes shadow IT, oversharing and credential theft just as important as classic device compromise.</p> <p data-end="9955" data-start="9678">Organizations should not rely on policy documents alone. They should pair user training with enforcement, including strong authentication, approved-app guidance and access controls that block unsupported clients or require app protection before users reach corporate resources. </p> <p data-end="10292" data-start="9957">In Microsoft environments, Conditional Access can require app protection before access is granted, and Intune <a href="https://www.techtarget.com/searchmobilecomputing/tip/Navigating-app-protection-policies-with-Intune-MAM">app protection policies</a> can keep work data protected even when the device itself is not fully managed. That lets organizations reduce risk without assuming every personal device must be treated like a company-owned endpoint.</p> <h3>Mobile malware</h3> <p data-end="11087" data-start="10712"><a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-detect-and-remove-malware-from-an-iPhone">Malware targeting mobile devices</a> remains a risk, but unmanaged apps and personal cloud sync are just as dangerous in BYOD environments. The problem is not only whether an app is malicious. It is also whether work data can move into personal storage, personal messaging or consumer apps that the organization does not control.</p> <p data-end="11438" data-start="11089">Modern BYOD controls should focus on containment as much as detection. App protection policies can restrict copy and paste, data sharing and save-as behavior inside managed apps. Apple User Enrollment and Android work profiles can also separate work from personal data, so can organizations manage the work side without exposing personal apps and usage.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/top_mobile_security_threats-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/top_mobile_security_threats-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/top_mobile_security_threats-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/top_mobile_security_threats-f.png 1280w" alt="Graphic showing common mobile security threats such as ransomware, phishing, lost or stolen devices, open Wi-Fi and biometric spoofing." height="206" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Common mobile security threats in BYOD environments include phishing, device loss, insecure connections and malware. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>Device hacking, loss or theft</h3> <p>Lost, stolen or compromised devices still demand a clear response plan.</p> <p>BYOD devices are easy to lose and hard to recover, and the risk is worse when work and personal data are mixed together. Security teams need a response plan for lost devices, employee departures and devices that fall out of compliance.</p> <p>That plan should cover encryption, screen-lock requirements, minimum OS or patch levels, selective wipe rights and the point at which stronger device action becomes justified. Employees should know in advance what the business can remove, how quickly IT might act and what steps they must take when a device disappears.</p> </section> <section class="section main-article-chapter" data-menu-title="How to manage BYOD security risks"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to manage BYOD security risks</h2> <p data-end="13219" data-start="12971">BYOD security is no longer just a device-management problem. Organizations need controls at three layers: identity and access, app and data protection, and device compliance and response.</p> <p data-end="13580" data-start="13221">For some organizations, app protection, Conditional Access and selective wipe will be enough. Others will still need deeper MDM or UEM enrollment to meet compliance and reporting expectations. The key is to make that control model explicit in policy, communicate it clearly to employees and use the least invasive approach that still protects corporate data.</p> <p data-end="13580" data-start="13221"><strong>Editor's note:</strong> <em>This article was originally published in 2022 and was updated in 2026 to reflect current BYOD security controls, app-protection practices and privacy-preserving enrollment models.</em></p> </section> BYOD security risks now extend beyond lost phones and malware. Organizations should focus on identity, app protection, device compliance and clear response plans for personal endpoints. https://cdn.ttgtmedia.com/rms/onlineimages/mobile_g890698790.jpg https://www.techtarget.com/searchmobilecomputing/tip/3-BYOD-security-risks-and-how-to-prevent-them Thu, 23 Apr 2026 08:52:00 GMT 3 BYOD security risks and how to prevent them <p data-end="5561" data-start="5330">BYOD programs can improve employee flexibility and reduce hardware costs, but they also force IT, security and business leaders to define clear privacy boundaries on devices the organization does not fully own.</p> <p data-end="5844" data-start="5563">The real privacy question is not whether IT can manage a personal device at all. It is how much visibility and control the organization actually needs to protect corporate data, maintain compliance and respond to events such as employee departure, device loss or suspicious access.</p> <p data-end="6120" data-start="5846">Modern BYOD programs now have more options than they did a few years ago. Organizations can use privacy-preserving enrollment models, work containers and app-level protections to secure corporate data without treating every personal phone like a fully managed company asset.</p> <p data-end="6390" data-start="6122">BYOD can also blur the line between work and personal life. If employees feel pressure to stay connected after hours, privacy concerns often overlap with work-life balance, support expectations and compensation questions such as stipends or mobile data reimbursement.</p> <section class="section main-article-chapter" data-menu-title="The challenges with privacy and BYOD"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The challenges with privacy and BYOD</h2> <p>BYOD privacy concerns usually come down to a few recurring tradeoffs between security, control and employee autonomy, including the following:</p> <ul class="default-list"> <li>Company data security vs. employee device and information privacy.</li> <li>Employee access to work data vs. work-life balance.</li> <li>Device freedom vs. <a href="https://www.techtarget.com/searchsecurity/tip/How-to-manage-BYOD-security-policies-and-stay-compliant">forcing security compliance measures</a> like OS updates.</li> <li>Employer cost savings vs. employee compensation for using personal mobile data plans to access corporate resources.</li> </ul> <p>Security and privacy concerns factor into every decision that an organization makes, especially when taking the <a href="https://www.techtarget.com/searchmobilecomputing/tip/3-BYOD-security-risks-and-how-to-prevent-them">unique risks that come with BYOD</a> into account. For example, allowing email on a personal device is a seemingly simple decision. However, it can be difficult to enable proper security controls, such as <a href="https://www.techtarget.com/whatis/definition/data-loss-prevention-DLP">data loss prevention</a> and restrictions on data sharing between corporate and personal apps. While organizations must take steps to secure corporate data, employees are often concerned about how much personal data their company can see and control on their devices.</p> <p data-end="9285" data-start="8976">IT administrators often use MDM, UEM or <a href="https://www.techtarget.com/searchmobilecomputing/tip/Understanding-MDM-vs-MAM-in-Microsoft-Intune">app management tools</a> to distribute apps, enforce policies and protect corporate data on personal devices. The privacy concern is not just that these tools exist. It is whether employees understand what the organization can actually see and control.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The real privacy question is not whether IT can manage a personal device at all. It is how much visibility and control the organization actually needs. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p data-end="9602" data-start="9287">That visibility now varies significantly by platform and enrollment method. In privacy-preserving BYOD models, organizations can usually see and manage work-related settings, managed apps, device compliance state and certain basic device details. They can also remove corporate apps and data through <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-remove-a-management-profile-from-an-iPhone">selective wipe</a>.</p> <p data-end="10139" data-start="9604">What organizations generally cannot see in these models is just as important. With<a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-enable-User-Enrollment-for-iOS-in-Microsoft-Intune"> Apple User Enrollment</a>, IT manages only the organization's accounts, settings and provisioned information, not the user's personal account. On Android work profiles, the organization can manage the work profile, but personal apps, data and usage details remain private. Microsoft likewise tells users that Intune enrollment does not expose personal information, though administrators can still see limited device inventory such as model and serial number.</p> <p data-end="10359" data-start="10141">This is why BYOD privacy policy should not stop at saying that MDM is in place. It should explain the enrollment method, what data IT can view, what actions IT can take and when selective wipe or other controls apply.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/what_mdm_can_see-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/what_mdm_can_see-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/what_mdm_can_see-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/what_mdm_can_see-f.png 1280w" alt="A chart comparing the IT visibility and control available in Apple User Enrollment and Android work profile BYOD deployments." height="297" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>This chart highlights how modern BYOD models can limit what IT sees on employee-owned Apple and Android devices while still enabling management of work apps, data and compliance. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Actions organizations can take"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Actions organizations can take</h2> <p data-end="12155" data-start="11929">Organizations can reduce BYOD privacy concerns by making three decisions explicit: what the policy requires, what management model the business will use and what IT can and cannot see on a personal device.</p> <p data-end="12449" data-start="12157">Those decisions work together. A written BYOD policy sets the privacy and security rules, the enrollment or app protection model determines how much control IT applies, and transparent communication helps employees understand how work data will be separated, protected and removed if needed.</p> <h3>Build a BYOD policy</h3> <p data-end="13425" data-start="13082">The first thing that any organization should do after deciding to allow the corporate use of employee-owned devices is create a BYOD policy. That policy should define <a href="https://www.techtarget.com/searchmobilecomputing/feature/Why-a-mobile-security-policy-is-a-must-have-corporate-policy">mobile security requirements</a>, privacy boundaries, enrollment expectations, support responsibilities and the organization's rights to remove corporate data.</p> <p data-end="13744" data-start="13427">IT teams should also build clear enrollment procedures and user-facing documentation. Employees should know how enrollment works, what data IT can view, what happens if a device is lost or the employee leaves, and whether the organization expects off-hours access or offers any reimbursement for personal device use.</p> <p data-end="14172" data-start="14103">Policy considerations can include the following:</p> <ul class="default-list"> <li data-end="14225" data-start="14174">Supported device types and minimum OS requirements.</li> <li data-end="14272" data-start="14227">Approved enrollment or app protection models.</li> <li data-end="14318" data-start="14274">Privacy boundaries and corporate visibility.</li> <li data-end="14352" data-start="14320">Lost, stolen or damaged devices.</li> <li data-end="14407" data-start="14354">Selective wipe and employee departure procedures.</li> <li data-end="14461" data-start="14409">Stipends, reimbursement and off-hours expectations.</li> </ul> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">What IT can usually see on a personal device</h3> <p>On privacy-preserving BYOD deployments, IT can usually see basic device details, compliance state, managed apps and work-related configurations. What it typically cannot see is equally important: personal apps, personal browsing activity, personal messages, personal email accounts and most personal data outside the managed work area. That distinction should be spelled out in the BYOD policy, not left to employee guesswork.</p> </div> </div> <h3>Remember that BYOD does not mean Bring Your Own Everything</h3> <p data-end="15852" data-start="15537">While BYOD smartphones make sense for many organizations, BYOD should not mean employees can use any aging device, account or service they prefer. Unsupported devices create both security risk and privacy complications because IT might need to apply stricter controls when supportability is weak.</p> <p data-end="16160" data-start="15854">Organizations should define minimum OS versions, supported enrollment methods and eligibility rules for devices that access corporate data. A recommended device list can still help, but the more important question is whether the endpoint can support the organization's chosen privacy-preserving BYOD model.</p> <p data-end="16452" data-start="16162">For Android, the <a href="https://www.techtarget.com/searchmobilecomputing/feature/7-mobile-device-security-best-practices-for-businesses">Android Enterprise Recommended program</a> remains a useful starting point because Google verifies devices against enterprise requirements. Current requirements call for security updates within 90 days and five years of security update availability from the initial ship date.</p> <h3>Implement selective management, not blanket control</h3> <p data-end="17663" data-start="17591">Implement selective management, not blanket control</p> <p data-end="17871" data-start="17665">Many organizations still need MDM or UEM to enforce device compliance, distribute certificates, apply restrictions and support selective wipe. But full device enrollment is no longer the only path for BYOD.</p> <p data-end="18219" data-start="17873">In many cases, organizations can reduce privacy concerns by pairing app protection with identity-based access controls and privacy-preserving enrollment models such as Apple User Enrollment or Android work profiles. That gives IT a way to protect corporate data without applying the same level of control it would use on a company-owned endpoint.</p> <p data-end="18556" data-start="18221">When IT does enroll a personal device, it should be deliberate about which controls are justified. Selective wipe, managed app controls and minimum compliance requirements usually make sense. More invasive controls, such as aggressive restrictions or full-device actions, require clearer justification and stronger user communication.</p> <p data-end="18556" data-start="18221"><strong>Editor's note:</strong> <em>This article was originally published in 2022 and was updated in 2026 to reflect current BYOD privacy practices, enrollment models and app protection approaches.</em></p> <p data-end="18556" data-start="18221"><em>Michael Goad is a freelance writer and solutions architect with experience handling mobility in an enterprise setting.</em><em></em></p> </section> BYOD privacy concerns focus on the extent of IT's access to personal devices. Clear policies, selective management, and transparent enrollment can balance privacy and security. https://cdn.ttgtmedia.com/rms/onlineimages/mobile_g692819506.jpg https://www.techtarget.com/searchmobilecomputing/tip/What-can-organizations-do-to-address-BYOD-privacy-concerns Wed, 22 Apr 2026 11:25:00 GMT What can organizations do to address BYOD privacy concerns? <p data-end="4333" data-start="4085">Bring your own device programs can expand workforce flexibility and reduce hardware spend, but they also force IT and security leaders to decide how corporate data will be protected on endpoints the business does not fully own.</p> <p data-end="4623" data-start="4335">For most organizations, the key <a href="https://www.techtarget.com/whatis/definition/BYOD-bring-your-own-device">BYOD</a> question is no longer whether personal devices can reach corporate apps. It is how the organization will govern access, separate work and personal data, enforce minimum controls and respond when a user leaves, loses a device or falls out of compliance.</p> <section class="section main-article-chapter" data-menu-title="Defining a BYOD policy"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Defining a BYOD policy</h2> <p>The first step in creating a BYOD policy is defining the scope of control that the organization expects to maintain over employee-owned devices. Organizations could take plenty of different approaches here. On one extreme, an organization could treat personal devices like corporate assets in return for allowing employees access to IT resources from those devices. The other extreme is to assume no control over the devices themselves and instead focus on access controls and limiting risks such as leaving corporate data on BYOD devices. The optimal BYOD policy might lie somewhere between these two limits.</p> <p>A BYOD policy should address acceptable use of corporate apps and data, minimum device and app security controls, authentication requirements, certificate or identity-based access controls, and the organization's rights to remove or restrict corporate data. In practice, the most sensitive parts of the policy usually involve lost or stolen devices, employee departure, selective wipe rights and the limits of what IT can see or change on a personal device.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> For most organizations, the key BYOD question is no longer whether personal devices can reach corporate apps. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Acceptable-use policies could require a <a href="https://www.techtarget.com/searchnetworking/definition/virtual-private-network">VPN</a> when accessing corporate systems and prohibit the storage of passwords to business applications. Security controls might also require encryption for stored data, device password protection and registration of devices with a mobile device management (<a href="https://www.techtarget.com/searchmobilecomputing/definition/mobile-device-management">MDM</a>) platform or a more comprehensive platform such as unified endpoint management (UEM), which includes MDM capabilities. IT administrators should ensure that employees understand all aspects of the BYOD policy and consent to them.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/g4TMM7FrmzI?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <p>However, written policies and employee consent are not enough to protect an organization's information assets. Even well-intentioned employees can make mistakes, such as forgetting to set a device password or downloading confidential information over an unencrypted session. Mobile device policies should have an enforcement mechanism to ensure that these policies prevent such actions.</p> </section> <section class="section main-article-chapter" data-menu-title="Enforcing a BYOD policy"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Enforcing a BYOD policy</h2> <p data-end="7515" data-start="7300">Many organizations can enforce part of a BYOD policy with tools they already license, but they should first determine whether they need app-level data protection, full device management or both.</p> <p data-end="8084" data-start="7517">In Microsoft environments, that decision often comes down to Microsoft Intune, Microsoft Entra ID and Conditional Access. Intune <a href="https://www.techtarget.com/searchmobilecomputing/tip/Navigating-app-protection-policies-with-Intune-MAM">app protection policies</a> can protect corporate data inside supported apps even when a personal device is not enrolled in MDM. Conditional Access can then require approved client apps or app protection before users reach corporate resources. If the organization needs deeper control over device settings, compliance posture, configuration and reporting, it should move beyond app protection alone and require enrollment through MDM or UEM.</p> <p>Third-party MDM platforms can support a wider array of BYOD policy enforcement operations, including full lifecycle management, app inventory control, data protection, certificate distribution, device configuration and lockdown.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/mobilecomputing-eum_byod-f.png"> <img data-src="https://www.techtarget.com/rms/onlineImages/mobilecomputing-eum_byod-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/mobilecomputing-eum_byod-f_mobile.png 960w,https://www.techtarget.com/rms/onlineImages/mobilecomputing-eum_byod-f.png 1280w" alt="Diagram showing BYOD enforcement options across app protection, MDM, UEM and corporate access controls." height="301" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>BYOD enforcement can combine app protection, identity controls, MDM or UEM, depending on how much control the organization needs over personal devices. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>BYOD policy enforcement begins with provisioning. MDM platforms can ensure consistent device configuration, install applications and create accounts on self-service management portals. If existing policies limit the apps that IT can deploy to a BYOD device, the IT department can use an MDM system that accounts for unauthorized app detection.</p> <p>Most MDM applications support remote wiping, but completely wiping a device is drastic and, in many cases, might not be necessary. MDM apps can <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-remove-a-management-profile-from-an-iPhone">selectively wipe data</a>, letting device administrators delete corporate data while leaving personal data intact.</p> <p>A BYOD policy might also require that all devices accessing corporate systems be registered with the IT department and configured with an <a href="https://www.techtarget.com/searchsecurity/definition/SSL-certificate-Secure-Sockets-Layer-certificate">SSL certificate</a> for authentication. MDMs that support certificate distribution can minimize management headaches for this operation. MDM systems can further ease that burden by reporting on expired certificates, revoked certificates and other certificate management concerns.</p> <p>MDM systems also enable IT admins to recommend, and in some cases enforce, device OS updates and patches. While forcing an OS update on an end user's personal device might walk the line between privacy and security, ensuring that devices accessing corporate data are on a minimum OS or patch level might be required to provide a strong security posture. MDM systems let IT admins create OS compliance policies, such as minimum OS versions, for devices to enroll and be granted continued access to corporate applications.</p> <p>Finally, look for MDM platforms for device configuration and lockdown functions. IT might want to lock down cameras, Bluetooth, GPS and Wi-Fi for some users. If the mobile admins specify an encryption policy, look for an MDM that can enforce this policy.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/mobile_computing-mdm.jpg"> <img data-src="https://www.techtarget.com/rms/onlineImages/mobile_computing-mdm_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/mobile_computing-mdm_mobile.jpg 960w,https://www.techtarget.com/rms/onlineImages/mobile_computing-mdm.jpg 1280w" alt="Diagram" height="451" width="520"> <figcaption> <i class="icon pictures" data-icon="z"></i>Modern mobile management platforms support provisioning, compliance, selective wipe and policy enforcement across both managed and personal devices. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Major mobile platforms now offer established BYOD enrollment models that are designed to separate work and personal use more cleanly. Apple's User Enrollment is built for BYOD deployments and is designed to let IT manage the organization's accounts, settings and data without exposing the user's personal account or personal data. <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-create-a-work-profile-on-Android-devices">Android Enterprise work profiles</a> likewise keep corporate apps, data and policies inside a separate work container on employee-owned devices.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">App protection vs. full device enrollment</h3> <p>BYOD enforcement does not always require full device enrollment. Some organizations can protect work data with app-level controls, Conditional Access and selective wipe. Others need full MDM or UEM enrollment to enforce device settings, compliance posture and reporting. The right model depends on how much control the business needs and how much privacy it wants to preserve on personal endpoints.</p> </div> </div> </section> <section class="section main-article-chapter" data-menu-title="What devices are acceptable for BYOD management?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What devices are acceptable for BYOD management?</h2> <p>Having a BYOD policy is important, but it's equally important to have a strategy for the types of devices IT allows under that policy. Not all devices are created equal.</p> <p>End users have a lot of choices regarding the type of device they want to use, which also means that IT cannot control an important security layer: the device's software and security update level. It also can't determine for sure if that device will see update support down the road. An MDM system can retain some control by <a href="https://www.techtarget.com/searchsecurity/tip/How-to-manage-BYOD-security-policies-and-stay-compliant">enabling IT to create compliance policies</a> around minimum software versions for device enrollment and application access.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> A strong BYOD program depends on two decisions: how much privacy the organization will preserve on personal devices, and how much control it truly needs at the app, access and device layers. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>IT administrators should give users clear eligibility guidance for Apple and Android devices based on support status, enrollment compatibility and minimum OS requirements. The goal is not just to recommend popular devices. It is to ensure that personal endpoints can support the organization's chosen BYOD model, whether that means <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-enable-User-Enrollment-for-iOS-in-Microsoft-Intune">Apple User Enrollment</a>, Android Enterprise work profiles, app protection policies or compliance-based access controls.</p> <p>These policies can be frustrating for end users with devices that do not meet the minimum requirements for OS version or other criteria. IT can often help these users through steps such as validating if their device runs the latest OS, and there might be other avenues to get their device to a compliant state. However, users might need to either upgrade their personal device -- perhaps with a subsidy from their organization -- or enroll in a corporate-owned device program.</p> <p><strong>Editor's note:</strong> <em>This article was originally published in 2022 and was updated in 2026 to reflect current BYOD enforcement models, platform enrollment options and Microsoft identity and app protection terminology.</em></p> <p><span style="box-sizing: border-box; margin: 0px; padding: 0px;"><em>Michael Goad is a freelance writer and solutions architect with experience handling mobility in an enterprise setting.</em></span></p> <p><span style="box-sizing: border-box; margin: 0px; padding: 0px;"><em>Dan Sullivan, M.Sc., is an author, systems architect and consultant with more than 20 years of IT experience across advanced analytics, systems architecture, database design, enterprise security and business intelligence. </em></span></p> </section> A modern BYOD policy should balance user privacy with app, access and device controls that protect corporate data on personal endpoints. https://cdn.ttgtmedia.com/rms/onlineimages/mobile_g1022892890.jpg https://www.techtarget.com/searchmobilecomputing/tip/BYOD-policy-basics-Defining-and-enforcing-a-successful-policy Wed, 22 Apr 2026 10:26:00 GMT Understanding BYOD policy enforcement and creation <p>Contact center fraud is a reality that organizations must prepare for or else risk considerable losses due to security lapses in customer data protection. Successful fraud schemes can damage a brand's reputation and result in compliance liability, especially in heavily regulated industries, such as financial services and healthcare.</p> <p>As contact centers expand into digital channels and remote operations, fraud detection has become a critical component of customer experience and data security strategies.</p> <p>Companies can mitigate their vulnerability to unauthorized access or disclosure of confidential information with the right blend of <a href="https://www.techtarget.com/searchcustomerexperience/tip/Best-practices-for-call-center-agent-training-programs">comprehensive agent training</a>, well-documented authentication and data security processes, and contact center fraud detection technologies.</p> <section class="section main-article-chapter" data-menu-title="What is contact center fraud?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is contact center fraud?</h2> <p>At many businesses, traditional call centers and customer service and support operations have <a href="https://www.techtarget.com/searchcustomerexperience/feature/History-and-evolution-of-contact-centers">evolved into contact centers</a> to handle customer communications across multiple channels, including phone calls, live chats, email, social media, text messaging (SMS), mobile apps and video calls.</p> <p>Cybercriminals target contact centers to gain access to sensitive customer information by exploiting agents and weak authentication processes. These bad actors can then use personally identifiable information (<a href="https://www.techtarget.com/searchsecurity/definition/personally-identifiable-information-PII">PII</a>) and other account data -- Social Security numbers, financial institutions and credit card numbers -- to commit identity theft, set up fake accounts and participate in bank and credit card fraud.</p> </section> <section class="section main-article-chapter" data-menu-title="Why do bad actors target contact centers?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why do bad actors target contact centers?</h2> <p>Contact centers are popular targets for fraud because poorly trained agents are often vulnerable to manipulation. A toll-free number used for customer service and transactions such as purchases can allow criminals to initiate numerous fraud attempts while maintaining anonymity, provided they use caller ID spoofing techniques. Unsuspecting agents, especially in call centers, make excellent attack vectors since they're all that stand between a fraudster and customer accounts.</p> <p>The expansion of <a href="https://www.techtarget.com/searchcustomerexperience/tip/How-to-manage-remote-call-center-agents">hybrid and remote contact center operations</a> has introduced new fraud detection challenges. Remote work has made it increasingly difficult for agents to receive proper fraud detection training or guidance from co-workers. As a result, they may struggle with using anti-fraud tools remotely.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f.png 1280w" alt="Graphic showing a contact center compliance checklist, including securing networks, authenticating customers, recording conversations and managing sensitive information." height="266" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Contact center compliance programs help organizations reduce fraud risk by securing networks, authenticating customers, protecting sensitive data and following privacy and consumer protection regulations. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Common types of contact center fraud"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Common types of contact center fraud</h2> <p>While contact centers encounter many types of fraud, the most common are identity theft, account takeover, stolen credit card information and finagling free merchandise.</p> <p><b>Identity theft.</b> Criminals use stolen personal information of legitimate customers to access accounts for monetary gain. Contact center agents might struggle to detect identity theft because the bad actors have accurate customer information. Many fraud schemes use personal information found on the dark web after a data breach. Synthetic identity fraud occurs when criminals combine real PII, such as a mobile phone number and email address, with falsified data to create a manipulated or false identity. They then use the information to open accounts and initiate transactions.</p> <p><b>Account takeover.</b> To transfer a customer account to their account, fraudsters might change an email address or login information to reset customer portal passwords. These criminals can use automated tools to create username and password combinations in a technique known as credential stuffing to gain access to customer accounts.</p> <p><b>Use of stolen credit card information.</b> Fraudsters bombard contact centers with attempts to buy goods and services with stolen credit card information. Because contact centers don't require physical cards, criminals can more easily make purchases with stolen information, a tactic known as card-not-present fraud.</p> <p><b>Attempt to receive free replacement items.</b> Criminals act as legitimate customers who purchased goods, then claim to have problems and request replacements. Retailers are the most common victims of this type of fraud, especially those with loose warranty and replacement policies.</p> <p><b>Phishing and vishing scams. </b>Cybercriminals have long targeted consumers with phishing scams, sending fraudulent emails that contain malicious URLs or hyperlinks to download malware or steal passwords. Another tactic is <i>voice phishing</i>, or <i>vishing</i>, using urgent phone calls that demand victims to update company or personal data supposedly to protect bank accounts and other financial transactions. Similar fraudulent methods are used on contact center agents. A criminal vishing about problems with an account can dupe an unsuspecting agent into sharing sensitive customer data.</p> <p>Many contact centers have been hit with ransomware attacks, locking up communications systems until the problem is resolved or the ransom is paid. <a href="https://www.techtarget.com/searchsecurity/definition/distributed-denial-of-service-attack">Distributed denial-of-service attacks</a> have also been used to disrupt communications services. More recently, AI-generated voice cloning and deepfake audio can be used to impersonate legitimate customers.</p> </section> <section class="section main-article-chapter" data-menu-title="Tips for identifying fraudulent customers"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Tips for identifying fraudulent customers</h2> <p>Criminals use different fraud methods depending on their motivation or the <a href="https://www.techtarget.com/searchcustomerexperience/feature/Types-of-contact-centers-explained">type of contact center</a> they target. Common warning signs of fraud include the following:</p> <ul type="disc" class="default-list"> <li>Social engineering methods to falsely extract information.</li> <li>Inability to verify recent transactions.</li> <li>Long pauses before answering questions.</li> <li>Communication to evoke an immediate reaction based on urgency, familiarity or authority.</li> <li>Attempts to establish a relationship or rapport with a specific contact center agent or manager.</li> <li>Inconsistency in customer history and documentation.</li> <li>Attempts to bypass regular customer service procedures.</li> <li>Red flags and suspicious activity identified by anti-fraud technologies.</li> <li>Attempts to bypass anti-fraud processes and technologies.</li> <li>Automated speech patterns that may indicate AI-generated voice fraud.</li> </ul> <ul class="default-list"></ul> </section> <section class="section main-article-chapter" data-menu-title="Tools to identify fraud"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Tools to identify fraud</h2> <p>Enterprises that take contact center fraud detection and prevention seriously shouldn't rely solely on agent training. Contact center managers can integrate several technologies into most on-premises, cloud or distributed workforce contact centers to block or flag suspicious activities and enhance fraud detection.</p> <p><b>Identity verification. </b>Technologies like automatic number identification can verify a customer's identity based on their phone number ahead of automated or interactive voice response (<a href="https://www.techtarget.com/searchcustomerexperience/definition/Interactive-Voice-Response-IVR">IVR</a>) interactions. Some of these fraud detection technologies track phone numbers based on information like possession (authenticating the mobile number and the device), reputation (risk score) and ownership. If additional verification is needed, layered authentication controls can help prevent fraud by sending one-time verification codes via text or email to a customer's device. In the future, individuals could have additional ways to prove their identity with mobile devices as more states offer digital driver's licenses and government IDs. Some identity verification platforms now combine device fingerprinting, behavioral analytics and risk scoring.</p> <p><b>Contact source analytics. </b>Emerging technologies can more accurately confirm a contact's true source as well as the type of device used. These attributes can tip off contact center agents about whether the caller is a real customer or a criminal in a known fraud location or using equipment common among fraudsters, such as caller ID spoofing and IVR probing tools.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/ai_sharpens_contact_center_features_and_actions-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/ai_sharpens_contact_center_features_and_actions-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/ai_sharpens_contact_center_features_and_actions-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/ai_sharpens_contact_center_features_and_actions-f.png 1280w" alt="Diagram showing how AI improves contact center features such as IVR systems, self-service chatbots, agent performance analytics and post-call summaries." height="355" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>AI technologies can strengthen contact center operations by improving IVR systems, enabling self-service chatbots, supporting agent performance monitoring and generating automated post-call summaries. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p><b>Multilayered authentication.</b> Multifactor authentication, AI and knowledge-based platforms can identify bad actors who impersonate legitimate customers. The technology platform inputs various data points and calculates a fraud risk score to inform the agent about next steps in the fraud prevention process. A one-time pin or passcode sent by text or email to an individual's device can add a dynamic layer of security before a login session or transaction. Based on risk assessments, businesses must find the right balance between frictionless customer experience and layered security measures.</p> <p><b>Voice biometrics.</b> Advanced audio biometrics can analyze a caller's voice, creating a new authentication layer for contact centers and customers. Voice biometric SaaS providers let remote agents access these authentication services regardless of where they work. These technologies will soon have to contend with AI-driven voice cloning and deepfake audio, which might require reevaluation of fraud protection and other security measures.</p> <p><b>Suspicious behavior detection.</b> <a href="https://www.techtarget.com/searchcustomerexperience/feature/Important-contact-center-AI-features-and-their-benefits">AI and machine learning techniques</a> combine with fraud detection analytics tools to detect suspicious behavior such as unusual calling patterns, IVR usage anomalies and other behavior-based indicators. The tool then decides whether the contact is legitimate. Behavioral analytics can also be used to monitor agent behavior for insider threats by flagging multiple account redirects or password resets.</p> <p>Organizations that combine agent training with layered authentication and AI-driven fraud detection tools are better positioned to protect customer data and maintain trust.</p> <p><b>Editor's note:</b> <i>This article was updated to reflect the latest developments in contact center fraud detection and prevention tools, techniques and practices.</i></p> <p><i>Kathleen Richards is a freelance journalist and industry veteran. She's a former features editor for TechTarget's </i>Information Security <i>magazine.</i></p> <p><i>Andrew Froehlich is founder of InfraMomentum, an enterprise IT research and analyst firm, and president of West Gate Networks, an IT consulting company. He has been involved in enterprise IT for more than 20 years.</i></p> </section> Scammers may target contact centers, but comprehensive agent training, authentication techniques and advanced technologies can protect businesses and customers. https://cdn.ttgtmedia.com/rms/onlineimages/customer_service02.jpg https://www.techtarget.com/searchcustomerexperience/tip/How-to-train-agents-on-call-center-fraud-detection Tue, 14 Apr 2026 11:02:00 GMT How contact centers detect and prevent fraud <p>Contact centers and their agents are a critical part of customer service. They're the ambassadors of the organization, responding to large call volumes daily, interacting with customers and collecting feedback to pass on to the business.</p> <p>Modern contact center platforms increasingly use AI-driven analytics, speech recognition and sentiment analysis tools to monitor interactions in real time and identify opportunities to improve both agent performance and customer experience (CX).</p> <p>A contact center monitoring program can help businesses <a href="https://www.techtarget.com/searchcustomerexperience/feature/The-ultimate-guide-to-contact-center-modernization">transition the contact center from an expense center to a strategic asset</a> by ensuring representatives effectively resolve customer issues along with capturing valuable customer feedback. Many companies have a basic QA monitoring program but often struggle with transitioning to a more advanced one. Businesses should identify the benefits of an advanced quality monitoring program and implement key best practices to ensure the program's success.</p> <section class="section main-article-chapter" data-menu-title="What is a contact center monitoring program?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is a contact center monitoring program?</h2> <p>A basic contact center quality monitoring program consists of listening to phone calls between customers and contact center agents and <a href="https://www.techtarget.com/searchcustomerexperience/answer/5-ways-to-improve-call-center-agent-performance">providing feedback to improve agent performance</a>.</p> <p>An advanced QA monitoring program adds three key elements:</p> <ol class="default-list"> <li>Provides insight into why customers call and facilitates action plans to address the root cause of customer inquiries.</li> <li>Identifies <a href="https://www.techtarget.com/searchcustomerexperience/tip/Contact-center-challenges-and-how-to-overcome-them">customers who are frustrated with the company</a> and might decide to do business with a competitor.</li> <li>Analyzes the tools that agents use and implements enhancements to those tools that improve the agent experience and provide more accurate and timely responses to customers.</li> </ol> <p> Many organizations now augment traditional QA monitoring programs with AI-driven analytics tools that automatically analyze call transcripts and customer sentiment.</p> </section> <section class="section main-article-chapter" data-menu-title="What are the benefits of contact center monitoring?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are the benefits of contact center monitoring?</h2> <p>A contact center is the place where the voice of the customer is heard. It's the one place in the organization where a large number of customers reach out and, in most cases, provide unsolicited feedback to the company. A well-designed contact center monitoring program provides a valuable opportunity to identify customer pain points and gather intelligence with the goal of improving products, services and overall CX.</p> <p>Retaining existing customers is typically less expensive than acquiring new ones, so it's critical to <a href="https://www.techtarget.com/searchcustomerexperience/tip/How-to-improve-the-contact-center-experience-for-customers">identify areas for improvement in the current customer</a> base to increase retention and reduce costs. Contact center monitoring also provides real-time information at a much more granular level than either customer satisfaction or Net Promoter Score surveys, which are performed after the fact and have some level of bias, depending on who does or doesn't respond to a survey request.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/crm-call_center_agent_characteristics.png"> <img data-src="https://www.techtarget.com/rms/onlineImages/crm-call_center_agent_characteristics_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/crm-call_center_agent_characteristics_mobile.png 960w,https://www.techtarget.com/rms/onlineImages/crm-call_center_agent_characteristics.png 1280w" alt="Graphic listing key qualities of a contact center agent, including knowledgeable, detail-oriented, organized, flexible, empathetic and effective communicator." height="288" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Successful contact center agents combine interpersonal and organizational skills such as communication, empathy, flexibility and problem-solving to deliver strong customer service. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="How to start a contact center monitoring program"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to start a contact center monitoring program</h2> <p>Starting and developing a contact center monitoring program require several steps, including the following:</p> <ol class="default-list"> <li>Identify the criteria that is monitored and scored, such as greeting, tone, call documentation and adherence to procedures.</li> <li>Develop a scorecard that measures the items to be monitored.</li> <li>Determine who performs the monitoring, such as a supervisor or QA analyst.</li> <li>Set the frequency of monitoring per agent and when the monitoring occurs.</li> <li>Develop a process to provide feedback to agents.</li> <li>Let the agents know the purpose of the monitoring program and how it works.</li> <li>Test the quality monitoring process end to end.</li> </ol> </section> <section class="section main-article-chapter" data-menu-title="Contact center monitoring best practices"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Contact center monitoring best practices</h2> <p>Successful quality monitoring programs typically include the following best practices.</p> <h3>1. Define quality and the ideal customer interaction</h3> <p>Contact center agents can't provide the proper service to customers if they don't know what the company expects of them. So, it's important for <a href="https://www.techtarget.com/searchcustomerexperience/definition/contact-center-management">contact center management</a> to train employees on what to say and do during a customer interaction before beginning the monitoring process. Scripts for agents are sometimes a contact center practice and other times a legal requirement, but they can help agents start off on the right foot by giving them a roadmap of what to say and how an interaction should be done. When scripts aren't a legal requirement, it's often beneficial to modify and use them as a guideline and make them less robotic-sounding to better serve customers.</p> <h3>2. Decide what customer service metrics are most important</h3> <p>Businesses shouldn't try to measure everything. Contact center managers need to <a href="https://www.techtarget.com/searchcustomerexperience/tip/Top-7-call-center-agent-performance-metrics-to-track">decide what metrics they value the most</a> and communicate them to their teams before beginning the quality monitoring process. Some metrics include first-contact resolution (<a href="https://www.techtarget.com/searchcustomerexperience/definition/first-call-resolution-FCR">FCR</a>), average handle time (AHT), average speed to answer, repeat call rate, calls answered per hour and agent utilization rate. If a contact center, for example, strives for FCR but also expects low AHT, it might be disappointed. The goal of FCR is to resolve customer issues with one phone call, eliminating the need for repeat calls and increasing customer satisfaction. But AHT might be longer as agents work to address the problem.</p> <h3>3. Provide feedback to agents on 100% of monitored calls</h3> <p>For calls that businesses monitor via analytics, a scorecard, which measures customer service and agent performance, should be sufficient. However, companies should <a href="https://www.techtarget.com/searchcustomerexperience/tip/How-to-manage-remote-call-center-agents">provide agents with timely feedback and coaching</a> on monitored calls instead of waiting for a monthly review. It's also important for companies to provide agents direct feedback from customers. Companies need to offer agents feedback and coaching in areas of strength and opportunity. Some contact center platforms now use AI-driven coaching tools that automatically identify performance trends and recommend targeted training opportunities for agents.</p> <h3>4. Enable agents to listen to and score their own phone calls</h3> <p>In many cases, agents are the toughest critics of their own work. They should have the opportunity to hear how they sound and interact with customers.</p> <h3>5. Include side-by-side monitoring</h3> <p>Side-by-side monitoring enables analysts and supervisors to interact with agents and ask questions immediately following a phone call. Contact center management can then gather additional valuable insight into specific actions during the customer interaction, including any gaps in the tools agents use.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/searchcrm_callcenter.jpg"> <img data-src="https://www.techtarget.com/rms/onlineImages/searchcrm_callcenter_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/searchcrm_callcenter_mobile.jpg 960w,https://www.techtarget.com/rms/onlineImages/searchcrm_callcenter.jpg 1280w" alt="Two contact center agents wearing headsets review information on a computer screen while other agents work at nearby stations."> <figcaption> <i class="icon pictures" data-icon="z"></i>Supervisors and analysts often review agent interactions together during contact center monitoring to evaluate performance and identify coaching opportunities. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>6. Use a different quality form for each customer service channel</h3> <p>Contact centers interact with customers across multiple channels, including phone, email, mobile apps, chat and social media. It's necessary to <a href="https://www.techtarget.com/searchcustomerexperience/tip/Best-practices-for-contact-center-quality-assurance">create different QA forms for each channel</a> to gather appropriate insights. On a QA monitoring form for phone calls, for example, one question might be about an agent's active listening skills. While that question is appropriate for a phone call, it might not provide any value for an email interaction.</p> <h3>7. Save examples of excellent customer interactions</h3> <p>Contact center managers monitoring agent performance inevitably come across some examples of excellent service and support that should be saved for later review and shared during training sessions. Contact centers can use these gold-standard examples as training tools for new agents and <a href="https://www.techtarget.com/searchcustomerexperience/answer/Nine-skills-every-call-center-agent-job-requires">agents who need to brush up on their skills</a> by highlighting the language and techniques that helped create outstanding CX.</p> </section> <section class="section main-article-chapter" data-menu-title="Technologies to support advanced contact center monitoring"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Technologies to support advanced contact center monitoring</h2> <p>A basic contact center monitoring program requires a technical foundation of quality monitoring software, which is included in many <a href="https://www.techtarget.com/searchcustomerexperience/definition/contact-center-as-a-service-CCaS">contact center-as-a-service</a> platforms and provided as a standalone tool by many vendors. This technology enables a team to listen to a sample of recorded phone calls and score each one using an electronic form.</p> <p>The first step in enhancing a monitoring program is to add the capability of capturing contact center agents' computer screens when recording a call. Screen captures enable analysts to do the following:</p> <ul type="disc" class="default-list"> <li>Observe how agents interact with desktop tools.</li> <li>Identify areas where agents can improve a process or transaction.</li> <li>Determine how businesses can improve desktop systems and tools to streamline processes and improve CX.</li> </ul> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/crm-call_center_technologies.jpg"> <img data-src="https://www.techtarget.com/rms/onlineImages/crm-call_center_technologies_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/crm-call_center_technologies_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineImages/crm-call_center_technologies.jpg 1280w" alt="List of technologies aiding contact center monitoring" height="292" width="279"> <figcaption> <i class="icon pictures" data-icon="z"></i>Speech analytics software facilitates contact center monitoring. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The next step is to use <a href="https://www.techtarget.com/searchcustomerexperience/definition/speech-analytics">speech analytics</a> software to increase the number of calls monitored without requiring more staff to perform the function. Speech analytics can help increase the volume of quality monitors, especially at the agent level, and automate the call scoring process. With an increased number of monitors, patterns showing where an agent may be struggling with a specific type of inquiry can be more easily identified. </p> <p>Speech analytics provides several benefits beyond the ability to monitor a higher volume of calls. It can be used to identify the root cause of phone calls, which is more effective than analyzing disposition codes entered by an agent. Businesses can run a query, for example, that provides 100 calls in which customers have similar issues with a product. Analysts can listen to those calls, identify the root cause of a problem with a product or service, and resolve it. </p> <p>Speech analytics can also analyze phone calls for specific words, phrases, patterns and tones and provide reports. A word cloud, for example, is a collection of words depicting the frequency they appear in calls so companies can better identify customer expectations and sentiment communicated during calls. In more advanced real-time speech analytics, AI analytical capabilities are used in real time to identify calls in which the agent or <a target="_blank" href="https://www.dialora.ai/blog/ai-voice-frustration-detection-call-centers" rel="noopener">customer is becoming frustrated</a> and notify a supervisor to assist in handling the call.</p> <p>Many modern contact center platforms also incorporate real-time agent assist tools that analyze conversations during live calls and recommend next best actions.</p> <p>As contact center technology evolves, monitoring programs are becoming more data-driven and automated. Organizations that combine traditional monitoring practices with modern analytics tools can gain deeper insight into customer behavior and service gaps.</p> <p><b>Editor's note:</b> <i>This article was updated to reflect the latest developments in contact center monitoring tools, techniques and practices.</i></p> <p><i>Scott Sachs is president and founder of SJS Solutions, a consultancy that specializes in contact center strategy assessments and technology selection.</i></p> </section> A well-designed monitoring program identifies customer pain points and gathers valuable intelligence that can improve agent performance and CX, as well as products and services. https://cdn.ttgtmedia.com/rms/onlineimages/customer_service03.jpg https://www.techtarget.com/searchcustomerexperience/tip/Best-practices-for-call-center-monitoring Thu, 09 Apr 2026 10:00:00 GMT Contact center monitoring best practices for CX leaders <p>Executive leaders should treat compliance as an integral part of organizational strategic planning rather than the cost of doing business.</p> <p>Organizations can face major penalties if they don't comply with laws and regulations that protect customer data, like GDPR and HIPAA. Additionally, customers can lose confidence in an organization if their personal information is not protected properly.</p> <p>A significant number of <a href="https://www.techtarget.com/searchcustomerexperience/tip/How-to-improve-the-contact-center-experience-for-customers">customer interactions occur in the contact center</a>. Therefore, contact center leaders need to comply with regulatory requirements and smart business practices to protect customers' rights. A combination of following legislative rules and thoughtful internal practices -- such as call monitoring -- can protect sensitive customer data while improving the customer experience.</p> <p>Establishing and following a contact center compliance checklist provides a strong foundation of good practices that lead to successful compliance.</p> <section class="section main-article-chapter" data-menu-title="What is contact center compliance and why is it important?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is contact center compliance and why is it important?</h2> <p>Contact center compliance is critical. A failure, such as a data breach, can have significant negative effects on a customer's life and devastate an organization's brand image and reputation. Customers don't want to buy services from organizations that can't protect their personal information from bad actors. And, if there's a security incident, organizations don't want to pay fines and penalties to regulatory agencies.</p> <p>Compliance requires participation from every individual in an organization. Contact center managers shouldn't assume that documented processes always work or that agents always follow proper procedures. <a href="https://www.techtarget.com/searchcustomerexperience/tip/Best-practices-for-call-center-monitoring">Ongoing monitoring and reporting must be in place</a> to ensure things are working properly. Additionally, all employees must keep their eyes and ears open. Controls must be in place, and if something does not seem right, they must raise the issue with the appropriate individual.</p> <p>Before the COVID-19 pandemic, most contact centers were on-premises, which, in many ways, made compliance easier to implement and monitor. For example, employees had to swipe their key cards to enter the contact center. Compliance became more of a challenge when contact centers began to operate remotely, so checklists can help contact center managers follow proper guidelines.</p> </section> <section class="section main-article-chapter" data-menu-title="Contact center compliance checklist"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Contact center compliance checklist</h2> <p>Organizations can't achieve compliance with a single tool or process. Compliance requires a multifaceted approach that integrates technology, processes and procedures.</p> <p>The following contact center compliance checklist can serve as a starting point for contact center managers as they seek to comply with internal and external requirements.</p> <h3>1. Secure the network</h3> <p>Organizations should use network <a href="https://www.techtarget.com/searchsecurity/definition/access-control">access control</a> to limit who can physically and logically access system hardware and software. Physical security protects the physical components of a network, such as devices, modems or routers, from physical harm. Logical security uses passwords and system permissions to protect a network's software and data from unauthorized individuals.</p> <h3>2. Lock down workstations</h3> <p>For remote workers, organizations must ensure workstation equipment adheres to pre-defined specifications or that the organization provides the proper tools.</p> <p>Physical workstation audits enable an organization to inspect both on-site and remote employees' work environments and ensure they support basic controls and meet compliance requirements. As physical visits to employees' remote workstations aren't always feasible, supervisors can use video conferencing to perform high-level audits. Beware: A video conferencing audit is limited in its scope and timing.</p> <h3>3. Authenticate customers</h3> <p>Customer authentication is a process where individuals prove they are who they claim to be. In some cases, single-factor authentication, where customers provide a single piece of information to confirm their identity, can suffice. However, many organizations have adopted <a href="https://www.techtarget.com/searchsecurity/definition/multifactor-authentication-MFA">multifactor authentication</a>, which asks customers to provide distinct pieces of information -- such as a password and a code sent to a mobile device -- to confirm their identity. Additionally, some companies are using voice and <a href="https://www.techtarget.com/searchenterpriseai/definition/facial-recognition">facial recognition</a> technologies to authenticate customers.</p> <h3>4. Record customer conversations</h3> <p>Call recording lets organizations review telephone conversations between customers and agents. Managers can review recordings through a QA program and AI tools to determine if agents fulfilled external requirements, such as appropriate disclosures and authentication processes. Managers can also review recordings to determine if an agent fulfilled internal requirements, such as providing a customer with accurate information or following the correct internal procedures.</p> <h3>5. Provide mandatory disclosures</h3> <p>Contact center agents must provide mandatory disclosures, which are legal statements to explain specific processes, rules and options to callers. For example, if a contact center in the U.S. wants to record a customer call, it must be disclosed to the caller, and consent must be provided, which is passive consent in most cases. Regulations require mandatory disclosures when agents record customer calls, perform collection functions or make financial transactions.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f.png 1280w" alt="Contact center compliance checklist image" height="266" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>This compliance checklist can help contact centers adhere to important standards and regulations. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>6. Adhere to local privacy legislation</h3> <p>Organizations must adhere to various global and local legislation on customer privacy, depending on the geographic reach of the business. Due to legislation, organizations can't manage all customer information in the same way. <a href="https://www.techtarget.com/searchsecurity/tip/State-of-data-privacy-laws">Data privacy laws vary by country and region</a>, so organizations must know where each customer resides before they transmit, process and store customer information.</p> <p>Examples of location-based privacy legislation include the following:</p> <ul type="disc" class="default-list"> <li><b>General Data Protection Regulation.</b> GDPR provides guidance on how organizations can collect and process personally identifiable information (PII) for individuals who live in the European Union.</li> <li><b>California Consumer Privacy Act. </b>CCPA provides guidance on how organizations can collect and process personal and household information for individuals who live in California.</li> </ul> <p>Because privacy legislation is always evolving, organizations must be proactive to ensure they're up to date on laws affecting their contact center operations.</p> <h3>7. Adhere to the Telephone Consumer Protection Act</h3> <p>Organizations in the U.S. must adhere to the Telephone Consumer Protection Act, which sets rules for how an organization can use outbound calls for solicitation. <a target="_blank" href="https://www.fcc.gov/sites/default/files/tcpa-rules.pdf" rel="noopener">TCPA</a> regulations state that telemarketing contact centers cannot use predictive dialers to contact a wireless phone without prior consent from the customer. It also ensures telemarketers adhere to the National Do Not Call Registry and special regulations, which may include restricted calling hours in a particular geographic location after a natural disaster event.</p> <h3>8. Manage sensitive information</h3> <p>To comply with standards, such as the <a href="https://www.techtarget.com/searchsecurity/definition/PCI-DSS-Payment-Card-Industry-Data-Security-Standard">Payment Card Industry Data Security Standard</a> and HIPAA, organizations must protect sensitive customer data at rest and in motion. Sensitive information can include PII, credit card numbers or protected health information. To protect sensitive information, organizations should encrypt all data, minimize the amount of stored data and use automation, such as <a href="https://www.techtarget.com/searchcustomerexperience/definition/Interactive-Voice-Response-IVR">interactive voice response</a>, to perform sensitive transactions.</p> <h3>9. Provide ongoing training</h3> <p><a href="https://www.techtarget.com/searchcustomerexperience/tip/Best-practices-for-call-center-agent-training-programs">Organizations should provide annual training</a> on proper compliance procedures and guidelines to all employees. All employees should be up to date on specific compliance rules and understand how they can protect their organization and its customers.</p> <h3>10. Promote self-service</h3> <p>Organizations should maximize <a href="https://www.techtarget.com/whatis/definition/customer-self-service-CSS">customer self-service</a> procedures through secured portals to limit the sharing of information with other individuals and reduce security risks.</p> <h3>11. Test, monitor and act on a continuous basis</h3> <p>Organizations can and should implement all the items on this checklist. However, business leaders shouldn't assume everything is working properly or that bad actors have not found ways to bypass established controls. Organizations should continually test and monitor the various compliance controls, whether through automated processes, such as reporting unauthorized attempts to access customer data, or human processes, like placing test calls.</p> <p>When something doesn't seem right, organizations should analyze the issue and take action to ensure the controls in place are performing as expected.</p> <p>A contact center compliance checklist can help organizations <a href="https://www.techtarget.com/searchcio/feature/9-common-risk-management-failures-and-how-to-avoid-them">avoid compliance failures</a>. Contact center managers can use this checklist to evaluate their organization's current compliance protocols and ensure their teams follow proper guidelines.</p> </section> <section class="section main-article-chapter" data-menu-title="Common contact center compliance issues and malpractices"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Common contact center compliance issues and malpractices</h2> <p>If strong compliance controls and practices are not in place, the following negative events can occur:</p> <ul type="disc" class="default-list"> <li>Calling customers who requested not to be called, which violates <a href="https://www.techtarget.com/searchcustomerexperience/definition/outbound-call">outbound calling</a> restrictions.</li> <li>Allowing PII to be stolen due to incorrectly accessing customer information.</li> <li>Improperly recording customer conversations by not adhering to call recording and consent rules.</li> <li>Providing incomplete information to customers by not adhering to scripting requirements.</li> </ul> <p>If these events occur, an organization can be liable for financial penalties, along with other legal consequences. Just as important is the potential for negative customer perception, which can lead to degraded customer loyalty and customer defections.</p> <p>Leadership in all areas of an organization must keep in mind that a compliance checklist only provides a template of best practices. It must be more than a written document. The organization must translate the document into reality and embed it into the corporate culture by focusing on the following actions:</p> <ul class="default-list"> <li>Invest in technology to support key items on the checklist.</li> <li>Promote accountability.</li> <li>Reward adherence to policies and address any gaps that arise.</li> </ul> <p>A contact center compliance checklist might not stop all unauthorized activities, but it's a solid start to implementing a strategy that adheres to legal, organizational and customer requirements.</p> <p><i>Scott Sachs is president and founder of SJS Solutions, a consultancy that specializes in contact center strategy assessments and technology selection.</i></p> </section> A contact center compliance checklist can serve as a starting point for contact center managers as they seek to comply with internal and external regulations. https://cdn.ttgtmedia.com/rms/onlineimages/check_g1268128622.jpg https://www.techtarget.com/searchcustomerexperience/tip/Call-center-compliance-checklist-for-hybrid-workforces Thu, 02 Apr 2026 09:00:00 GMT Contact center compliance checklist for modern workforces <p data-end="5698" data-start="5574">Users and IT administrators might need to restore access to a deleted work profile for several reasons.</p> <p data-end="6089" data-start="5700">A user might accidentally remove the profile, or they might be moving from an old Android phone to a new one. In practice, that usually means reenrolling the device through the organization's management platform rather than restoring the profile from a standard Android backup. Google says backup can't be used when setting up a personal device with a work profile or a company-owned device.</p> <p data-end="6338" data-start="6091">For IT teams, the priority is to give users a clear reenrollment path, confirm that work apps and settings return correctly, and reduce repeat help desk tickets when devices are replaced or self-unenrolled.</p> <section class="section main-article-chapter" data-menu-title="Prerequisites for restoring an Android work profile"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Prerequisites for restoring an Android work profile</h2> <p>To restore a deleted work profile, organizations need an Android Enterprise-compatible <a href="https://www.techtarget.com/searchmobilecomputing/definition/mobile-device-management">MDM</a> or <a href="https://www.techtarget.com/searchenterprisedesktop/definition/unified-endpoint-management-UEM">unified endpoint management</a> platform integrated with managed Google Play. The product can vary, but the key requirement is that it can enroll Android Enterprise devices, create or recreate work profiles, apply policies and confirm enrollment status.</p> </section> <section class="section main-article-chapter" data-menu-title="How to restore a deleted Android work profile"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to restore a deleted Android work profile</h2> <p>Restoring a work profile, in most cases, is a task the end user completes. To help guide users through the process of restoring a deleted work profile, it is important to provide screenshots and documentation wherever possible. This makes it easier for end users to understand how they should complete the task and can reduce help desk tickets related to this process.</p> <p>This example <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-Intune-fits-into-the-Microsoft-Endpoint-Manager-console">uses Microsoft Intune</a>, but the general flow is similar across Android Enterprise-capable management platforms. The accompanying screenshots show one example of this process in Intune, but the exact prompts can vary by platform, device and Android version.</p> <ol data-end="8699" data-start="8145" class="default-list"> <li data-end="8243" data-start="8145" data-section-id="1ao9low">Install the organization's management app from Google Play and sign in with the work account.</li> <li data-end="8323" data-start="8244" data-section-id="w5y8ew">Start the enrollment flow and follow the prompts to create a work profile.</li> <li data-end="8466" data-start="8324" data-section-id="cv8mkr">Review the privacy information and accept the required Google terms. On some Samsung devices, users might also see Knox-specific prompts.</li> <li data-end="8589" data-start="8467" data-section-id="siewsr">Wait while the work profile is created and activated, then complete any required device settings or compliance steps.</li> <li data-end="8699" data-start="8590" data-section-id="w3gu2h">Open the <strong>Work</strong> tab or work-badged app list to confirm that work apps are present and the profile is active.</li> </ol> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/restore_android_profile_1-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/restore_android_profile_1-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/restore_android_profile_1-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/restore_android_profile_1-h.jpg 1280w" alt="Microsoft Intune screen on an Android device showing the sign-in and work profile setup flow."> <figcaption> <i class="icon pictures" data-icon="z"></i>In Intune, users typically begin reenrollment by opening the management app, signing in and starting the work profile setup flow. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>If a user sets up the Android work profile as a new user, they only need to download the MDM agent, open it and then tap <strong>Begin</strong>.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/restore_android_profile_2-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/restore_android_profile_2-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/restore_android_profile_2-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/restore_android_profile_2-h.jpg 1280w" alt="Android settings screen showing that a work profile is present on the device." height="605" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Users can confirm that a work profile is active by checking Work profile settings and work-badged apps. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p data-end="9864" data-start="9544">Once setup is complete, users should confirm that their work apps appear with the briefcase badge and that the device shows Work profile settings under Settings > Passwords and accounts > Work. Google notes that on Android 14 and later, users can also search Settings for <strong>Work profile settings</strong>.</p> <p data-end="10070" data-start="9866">This can vary by Android version, device model and management platform, so IT should maintain device-specific screenshots and user documentation wherever possible.</p> <p>This helps users return to work without unnecessary delays, but IT should also confirm that the device is syncing and shows the expected status in the MDM console. Enrollment, compliance and pending-action reports can help identify devices that failed to finish reenrollment or still need user action.</p> </section> <section class="section main-article-chapter" data-menu-title="How to temporarily turn off an Android work profile"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to temporarily turn off an Android work profile</h2> <p>If users remove their work profile simply because they want a break from work apps, IT should remind them that Android supports pausing a work profile without deleting it.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/restore_android_profile_4-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/restore_android_profile_4-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/restore_android_profile_4-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/restore_android_profile_4-h.jpg 1280w" alt="Android interface showing the work profile toggle turned on." height="276" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Users can pause a work profile instead of deleting it when they want to stop work apps and notifications temporarily. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Google says users can pause the profile from the <strong data-end="1695" data-start="1687">Work</strong> tab in the app drawer or from the <strong>Quick Settings</strong> work tile. Some devices also support a schedule for turning the profile on and off automatically. On company-owned devices, admins can set limits on how long a work profile can stay paused. If the profile stays paused longer than that limit, access to personal apps and data can be suspended until the user turns the work profile back on.</p> <p>For everyday support, this distinction matters: Deleted profiles usually require reenrollment, while paused profiles usually just need to be turned back on.</p> <p>For IT teams, the goal is not only to restore work access, but also to document reenrollment paths, clarify ownership-based support rules and reduce repeat help desk tickets when users replace devices or remove profiles on their own.</p> <p><strong>Editor's note:</strong> <em>This article was updated in March 2026 to reflect current Android Enterprise reenrollment guidance and improve the reader experience.</em></p> <p><em>Michael Goad is a freelance writer and solutions architect with experience handling mobility in an enterprise setting. </em></p> </section> If a user deletes an Android work profile or moves to a new phone, IT usually needs to reenroll the device. Here's how to restore work access and reduce support tickets. https://cdn.ttgtmedia.com/rms/onlineimages/mobile_g1097898396.jpg https://www.techtarget.com/searchmobilecomputing/tip/How-to-restore-a-deleted-Android-work-profile Fri, 27 Mar 2026 09:43:00 GMT How to restore a deleted Android work profile <p>Mobile hotspots provide essential connectivity for a mobile and hybrid workforce, but inconsistent performance or security misconfigurations can disrupt operations and create compliance risks.</p> <p>When a user's iPhone hotspot isn't working as intended, there are various quick fixes they can try. If there's no internet connection, they can check their cellular data and reset the network settings. If they receive an error message saying the password is incorrect, they can verify and update the Personal Hotspot password. If they receive an error message saying a device is unable to join the network, they can restart the iPhone and the connected device.</p> <p>However, sometimes the troubleshooting process is more complicated. IT managers should have a plan for proactive management and troubleshooting to handle iPhone Personal Hotspots in the enterprise.</p> <section class="section main-article-chapter" data-menu-title="What causes iPhone hotspot issues?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What causes iPhone hotspot issues?</h2> <p>Several factors could cause an iPhone hotspot to fail. Frequent culprits include connectivity issues, misconfigurations and human error.</p> <h3>Connectivity issues</h3> <p>Connectivity issues are among the most common challenges when supporting iPhone hotspots in an enterprise environment. These issues show up as inconsistent performance, slow speeds and dropped connections. <a href="https://www.techtarget.com/searchnetworking/tip/Wireless-network-troubleshooting-Connectivity">Resolving connectivity issues</a> starts with troubleshooting cellular connection problems and ensuring the hotspot is set up correctly.</p> <p>Another typical connectivity problem is with the <a href="https://www.techtarget.com/searchmobilecomputing/definition/Bluetooth">Bluetooth</a> on devices pairing to an iPhone hotspot. Bluetooth is generally slower than Wi-Fi, and therefore potentially more prone to performance issues.</p> <p>Bluetooth connectivity issues tend to be related to two main factors. First, other nearby Bluetooth devices can sometimes interfere with the Bluetooth signal, degrading hotspot performance or even preventing connectivity altogether. Second, outdated software can cause pairing issues. If either the iPhone or the device connecting to it is outdated, the mismatch can result in poor performance or an inability to connect.</p> <h3>Misconfigurations</h3> <p>Even with the support of MDM tools, configuration problems can affect iPhone hotspot connectivity. If a user has connectivity problems, make sure that the iPhone is running the latest version of iOS. Then, check that the hotspot is configured correctly.</p> <h3>Human error</h3> <p>Human error is often a cause of mobile device issues. As an example, a user might forget their password or accidentally turn off the hotspot on their phone. In some cases, a user might mistakenly try to connect to someone else's iPhone hotspot rather than the one on their own phone.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> IT managers should have a plan for proactive management and troubleshooting to handle iPhone Personal Hotspots in the enterprise. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> </section> <section class="section main-article-chapter" data-menu-title="How to fix Personal Hotspot issues on an iPhone"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to fix Personal Hotspot issues on an iPhone</h2> <p>If the source of the problem isn't immediately clear or easy to solve, an admin might have to walk a user through fixing the iPhone hotspot. The following troubleshooting tips reflect Apple's current Personal Hotspot guidance for recent iPhone versions.</p> <h3>Step 1. Check cellular data on the user's iPhone</h3> <p>The first thing users should do is <a target="_blank" href="https://support.apple.com/en-us/HT201415" rel="noopener">check</a> whether their iPhone has a cellular data connection. They can do this by opening Settings > Cellular and seeing whether cellular data is toggled on, as shown in Figure 1. If the user's cellular data is turned off and can't be turned back on, then the user must contact their carrier to ensure their account is active and in good standing.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/personal_hotspot_1-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/personal_hotspot_1-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/personal_hotspot_1-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/personal_hotspot_1-f.jpg 1280w" alt="The Cellular tab in iPhone settings." data-credit="Brien Posey" height="1210" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. Make sure that the iPhone's cellular data is active. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>Step 2. Check Personal Hotspot settings on the user's iPhone</h3> <p>The user should also verify their Personal Hotspot feature is turned on and that the settings are configured correctly. They can do this by going to Settings > Personal Hotspot and checking that the feature is turned on.</p> <p>The next step in the process is to make sure that the hotspot is configured correctly. To do so, tap on <b>Personal Hotspot</b> and then toggle on the <b>Allow Others to Join</b> option (Figure 2).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/personal_hotspot_2-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/personal_hotspot_2-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/personal_hotspot_2-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/personal_hotspot_2-f.jpg 1280w" alt="The Personal Hotspot tab in iPhone settings." data-credit="Brien Posey" height="1210" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. Be sure to enable the option to allow others to join. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The iPhone automatically associates a random password with the hotspot. A user can change this password by tapping it and then entering a new password. However, if the iPhone is being managed by the organization, the user might not have the necessary permissions to change the password. On supervised corporate devices, IT can also restrict users from modifying Personal Hotspot settings altogether.</p> <p>On iPhone 12 and later devices, Apple provides a Maximize Compatibility option under the Personal Hotspot settings. This can help some devices connect more easily, but Apple says it can reduce performance. Apple's security documentation also notes that this mode prioritizes compatibility by restricting the hotspot to 2.4 GHz and WPA2 Personal. Use it when a client device is having trouble connecting, not as the default setting.</p> <h3>Step 3. Restart the iPhone and connected devices</h3> <p>As with many minor software glitches, sometimes the key to resolving a hotspot problem is to perform a full reboot of the iPhone. It's also a good idea to reboot the device that is trying to connect to the hotspot.</p> <p>If Wi-Fi hotspot sharing still fails and the user only needs to connect one computer, IT can also test a USB connection to determine whether the problem is specific to wireless hotspot sharing.</p> <h3>Step 4. Reset network settings</h3> <p>The best way to refresh an iPhone's network settings is to reboot the phone. However, another method is to enable Airplane Mode for a few seconds and then turn it back off.</p> <p>If the issue persists, the user can try resetting their iPhone's <a href="https://www.techtarget.com/searchnetworking/answer/What-are-the-3-most-common-network-issues-to-troubleshoot">network settings</a>. This step should be performed with extreme caution since it's easy to accidentally reset all of the phone's settings. To reset the phone's network connections, go to Settings > General > Transfer or Reset iPhone > Reset. At this point, the phone will display a menu containing various reset options (Figure 3). Choose the Reset Network Settings option. This will remove saved Wi-Fi networks and passwords, cellular settings, and previously used VPN and APN settings. If the iPhone is used on a business-managed network, users should check with IT before resetting network settings.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/personal_hotspot_3-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/personal_hotspot_3-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/personal_hotspot_3-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/personal_hotspot_3-f.jpg 1280w" alt="The Transfer or Reset iPhone tab in iPhone settings." data-credit="Brien Posey" height="1210" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 3. Users must be careful when resetting network connectivity. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>Step 5. Contact carrier support</h3> <p>If no other steps have worked, the last option is to contact the wireless carrier's support team for further assistance. If the user works in a BYOD environment and owns the phone themselves, they would need to call their carrier. With corporate-owned devices, the service desk might have to contact the <a href="https://www.techtarget.com/searchmobilecomputing/tip/Finding-the-best-cellphone-plans-for-small-businesses">organization's carrier support</a>. If the organization uses a mobility MSP, the service desk can escalate the issue to them.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">BYOD vs. corporate-owned iPhone hotspot support: Who handles what?</h3> <p data-end="324" data-start="144">When an iPhone Personal Hotspot fails, the first question for IT is whether the device is user-owned or company-owned. That distinction shapes the support path.</p> <p data-end="654" data-start="326">For BYOD users, the issue might not start with the device at all. Personal Hotspot availability can depend on the user's wireless plan, carrier settings and account eligibility. In those cases, the employee might need to confirm that hotspot access is included in their plan before IT spends time troubleshooting the phone itself.</p> <p data-end="947" data-start="656">For corporate-owned iPhones, the support path is usually more direct. The service desk can check whether hotspot use is allowed under company policy, whether any MDM settings or restrictions are interfering and whether the issue should be escalated to a carrier or managed mobility provider.</p> <p data-end="1156" data-start="949">In practice, IT teams should document both paths clearly. That helps remote workers know where to go first, reduces repeat tickets and makes hotspot problems easier to resolve when connectivity matters most.</p> </div> </div> </section> <section class="section main-article-chapter" data-menu-title="Common error messages when using an iPhone hotspot"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Common error messages when using an iPhone hotspot</h2> <p>When iPhone Personal Hotspot issues occur, it's often accompanied by an error message that can help determine the cause of the problem.</p> <p>A common error message is "Personal Hotspot Not Available." This often means the carrier has not enabled hotspot on the line, the user's wireless plan does not support it, or the account needs carrier-side attention. As such, the user or organization should review the wireless plan to confirm hotspot access is enabled. If the plan does include hotspot access, check to make sure that the user hasn't exceeded their data allotment.</p> <p>Another error users might encounter is "Unable to Join the Network." If this error message, or a variation of it, appears on the device that the user is trying to connect to the hotspot, make sure that the iPhone is powered on. Additionally, check that it doesn't have <a href="https://www.techtarget.com/searchmobilecomputing/answer/What-smartphone-battery-tips-can-help-IT-improve-mobile-UX">low battery power</a> and hasn't gone into sleep mode. Users can also try toggling the hotspot off and back on again. Keep the iPhone on the Personal Hotspot screen until the other device completes the connection.</p> <p>If a user receives an error message stating that the hotspot password is incorrect, they should make sure they're connecting to their iPhone and not someone else's. If they are connecting to the correct phone, they can try temporarily changing the password to something less complicated to make sure they're typing it in correctly.</p> <p>To troubleshoot a "No Internet Connection" error message, open a browser directly on the iPhone to make sure it can access the internet. If internet access is working on the phone, check whether cellular data settings or carrier limits are restricting connectivity. If the user is in an area with spotty coverage, they should also check to make sure that roaming is enabled.</p> <p>Users might also receive an error message indicating that the hotspot is not accepting new connections, or that it's hosting the maximum number of devices. This issue can occur with certain data plans, as some plans limit hotspots to a single connection. If the user isn't exceeding the connection limits, try disconnecting any unused clients to see if that makes the problem go away.</p> <p>For enterprise IT teams, the goal is not just to restore an iPhone hotspot connection, but to give remote workers a clear support path, align hotspot use with carrier and BYOD policy, and reduce repeat service desk tickets through better documentation and user guidance.</p> <p><strong>Editor's note:</strong> <em>This article was updated in March 2026 to reflect current troubleshooting guidance and improve the reader experience. </em></p> <p><i>Brien Posey is a former 22-time Microsoft MVP and a commercial astronaut candidate. In his more than 30 years in IT, he has served as a lead network engineer for the U.S. Department of Defense and a network administrator for some of the largest insurance companies in America. </i></p> <p><i>Will Kelly is a freelance writer and content strategist who has written about cloud, DevOps, AI and enterprise mobility.</i></p> </section> Hotspot issues can disrupt remote work and IT support. Here are the key fixes for connectivity, settings, carrier access and enterprise troubleshooting on an iPhone. https://cdn.ttgtmedia.com/rms/onlineimages/mobile_g1097898396.jpg https://www.techtarget.com/searchmobilecomputing/tip/How-to-fix-an-iPhone-Personal-Hotspot-thats-not-working Thu, 26 Mar 2026 13:12:00 GMT How to fix an iPhone Personal Hotspot that's not working <p>When home internet problems strike, a mobile hotspot can work as an easy fix, so admins and users must know how to troubleshoot any issues with this backup option.</p> <p>Android devices can give remote and hybrid workers quick backup connectivity, but hotspot support can vary by carrier policy, device model, Android version and whether the phone is corporate-owned or BYOD. For IT teams, that means troubleshooting should start with plan eligibility and cellular service before moving to local settings, software updates and escalation paths.</p> <section class="section main-article-chapter" data-menu-title="Challenges for supporting Android remote work hotspots"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Challenges for supporting Android remote work hotspots</h2> <p>Supporting Android phone hotspots can present some challenges from both a technical and a security standpoint. IT administrators should understand the problems that sometimes come with mobile hotspots and how they can cause performance issues.</p> <h3>Compatibility with different Android versions</h3> <p>The Android OS is available on several different smartphones and tablets from several <a href="https://www.techtarget.com/searchitchannel/definition/OEM">OEMs</a>, and that can be both a strength and a weakness for the operating system. The large OEM ecosystem running different OS versions can make it challenging to support hotspots, primarily for organizations that have a <a href="https://www.techtarget.com/whatis/definition/BYOD-bring-your-own-device">BYOD</a> program. Compatibility issues show up as dropped connections and slow speeds.</p> <h3>Security risks</h3> <p>Android hotspots should be <a href="https://www.techtarget.com/searchsecurity/tip/Adopt-5-best-practices-for-hybrid-workplace-model-security">secured with strong settings</a> and current software, especially on devices used for work. For example, an attacker could intercept sensitive data that a user transmits over their Wi-Fi hotspot. Hackers could also use the hotspot to launch attacks against other devices on the network.</p> <h3>Bandwidth limitations</h3> <p>Hotspot connectivity is meant for situational internet access, not as a full-time substitute for an internet connection. Like iPhone hotspots, Android devices have limited bandwidth for hotspot use. The ideal hotspot use case for end users is to send a quick email or Slack message telling coworkers that they've lost power or their internet is down.</p> <p>Bandwidth limitations mean slow speeds or dropped Wi-Fi connections when a user connects multiple devices to an Android hotspot. <a href="https://www.techtarget.com/searchnetworking/answer/What-are-the-3-most-common-network-issues-to-troubleshoot">Poor network coverage</a> or high demand for data usage also contribute to bandwidth issues.</p> <h3>Battery drain</h3> <p>Using an Android device as a hotspot can quickly drain the battery, especially if users turn it on for extended periods or connect multiple devices to it. Battery drain can significantly limit the value of the hotspot for users who need to rely on their device for other functions.</p> <h3>End-user education</h3> <p>Many users might not be <a href="https://www.techtarget.com/searchsecurity/post/4-ways-to-build-a-thoughtful-security-culture">aware of the security risks</a> associated with using an Android hotspot. They also might not know how to secure their device and network properly. This lack of awareness can lead to the inadvertent exposure of sensitive information or the sharing of the hotspot with unauthorized users.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/5_reasons_to_update_software-h.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/5_reasons_to_update_software-h_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/5_reasons_to_update_software-h_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/5_reasons_to_update_software-h.png 1280w"> <figcaption> <i class="icon pictures" data-icon="z"></i>Hotspot failures often trace back to plan restrictions, mobile-data issues, settings conflicts or outdated software. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The other user training element to consider is the costs associated with hotspot data usage. A BYOD user resorting to their hotspot for business connectivity could easily blow through their personal account's data allotment, leading to an unexpectedly high bill from their carrier. Such a high charge might exceed their corporate cellphone or <a href="https://www.techtarget.com/searchmobilecomputing/tip/BYOD-policy-basics-Defining-and-enforcing-a-successful-policy">BYOD expense allotment</a> if not planned correctly. Users with an Android hotspot on their corporate-issued phone will need training on corporate hotspot usage policies, managing cellular data and troubleshooting.</p> </section> <section class="section main-article-chapter" data-menu-title="6 steps to fix an Android smartphone hotspot"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6 steps to fix an Android smartphone hotspot</h2> <p>Troubleshooting an Android smartphone hotspot can be tricky for service desks and end users. <a href="https://www.techtarget.com/searchitoperations/tip/How-to-build-a-successful-IT-service-desk">Creating troubleshooting documentation</a> for the service desk and even providing users with basic hotspot training is worth the extra time to help save the productivity of remote and hybrid workers. Service desk teams should start with their carrier's troubleshooting documentation for reliable instructions.</p> <p>When dealing with an unexpected Android hotspot issue, there are a few steps that IT admins and users can follow that will typically fix the problem. Before moving into deeper settings, restart the phone, confirm mobile data works on the handset itself and toggle airplane mode on and off. If the device does not have a working cellular connection, the hotspot will not be reliable either.</p> <h3>1. Check for compatibility and availability</h3> <p>Verify that the device trying to connect to the hotspot is compatible with the Android device's hotspot feature. Some older devices might not be compatible with newer hotspot features.</p> <p>Not every Android device is eligible to use the hotspot feature in the same way. Carrier restrictions, account entitlements and plan limits still matter. Hotspot availability and settings can vary by carrier, phone model and software version, and some providers require a hotspot or tethering plan. For enterprise fleets, IT should confirm hotspot eligibility in carrier contracts, <a href="https://www.techtarget.com/searchhrsoftware/news/252521455/Stipends-for-remote-work-emerge-as-polarizing-issue">reimbursement rules</a> and BYOD policy before treating a hotspot failure as a device issue.</p> <p>Android device hotspot usage should be a discussion point for any BYOD initiative to ensure that employee devices meet the requirements for running a hotspot.</p> <h3>2. Check network and hotspot settings</h3> <p>Look over the network settings on the device that's attempting to connect to the hotspot. Ensure the device is set to connect to a Wi-Fi network and that the hotspot is listed as an available network. Make sure that the hotspot is turned on and configured correctly.</p> <p>Additionally, confirm that the hotspot is protected with a password, that the security setting is not left open for convenience, and that the Wi-Fi band fits the client device. If the hotspot is not visible or connections are unstable, try switching between 2.4 GHz and 5 GHz.</p> <p><a target="_blank" href="https://www.samsung.com/us/support/troubleshooting/TSG01212956/" rel="noopener">Samsung</a> and <a target="_blank" href="https://support.google.com/pixelphone/answer/2926415?hl=en" rel="noopener">Google</a> both provide documentation for checking network settings on their devices.</p> <h3>3. Verify standard Android device settings</h3> <p>Sometimes it's the simplest of settings that cause trouble for mobile devices. IT should walk users through checking and adjusting some standard device settings, including the following:</p> <ul class="default-list"> <li>Verify mobile data is enabled and ensure healthy network coverage bars are at the top.</li> <li>Turn off power saver mode on the user's device.</li> <li>Turn off data saver mode.</li> <li>Disable the device's <a href="https://www.techtarget.com/searchnetworking/definition/virtual-private-network">VPN</a>.</li> <li>Check whether Data Saver, carrier plan limits or hotspot allotment restrictions are blocking tethering.</li> <li>Switch between 2.4 GHz and 5 GHz to test range, stability and device compatibility.</li> </ul> <h3>4. Reset network settings</h3> <p>The process to reset network settings on an Android device is another example of why supporting Android devices can be challenging. There can be variations between vendors and mobile service providers for the steps a user must follow to erase all saved Wi-Fi passwords, VPNs and Bluetooth pairings. Consulting the appropriate phone carrier's documentation is a good place to start.</p> <p>Service desks should warn users that they might need to reconnect home Wi-Fi, re-pair Bluetooth devices and re-enter VPN settings after the reset.</p> <h3>5. Update the OS and software</h3> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Troubleshooting an Android smartphone hotspot can be tricky for service desks and end users. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Ensure the Android device's software is up to date, as <a href="https://www.techtarget.com/whatis/feature/5-reasons-software-updates-are-important">outdated software can cause issues</a> with the hotspot. Full Android and OEM updates can still roll out on vendor- and carrier-specific timelines, but Android's tethering stack also receives some modular updates outside full OS releases. When hotspot behavior changes, admins should check both the device software level and the vendor or carrier's current support guidance.</p> <p>Likewise, medium- to large-sized organizations using an MDM platform will often orchestrate OS updates to their devices under management.</p> <p>As with checking or resetting network settings, users should look for documentation from their carrier to find the best way to update their device.</p> <p>Simply turning off the hotspot and restarting the Android device can also resolve minor software glitches that could be affecting it.</p> <h3>6. Contact customer support</h3> <p>If the above steps do not resolve the issue, it's time to contact the device's customer support for further assistance. Corporate users need an escalation path for resolving issues, starting with their organization's service desk. Often, it makes more sense to have service desk technicians communicate with the carrier, but this depends on the organization's relationship with its mobile carrier. If an organization contracts with a third-party mobile <a href="https://www.techtarget.com/searchitchannel/definition/managed-service-provider">MSP</a>, then most likely, user issue escalation starts and ends with them.</p> <p>Supporting Android users who need to use hotspots as part of their jobs requires a bit of strategy and preparation. Organizations must ensure that the service desk or other support staff have all the right knowledge and troubleshooting documentation to help remote and hybrid workers with ease. It's also important to prepare users with some basic Android troubleshooting. This should enable them to communicate with technical support more easily and, better yet, resolve mobile hotspot issues on their own.</p> <p><strong>Editor's note</strong>: <em>This article was updated in March 2026 to reflect current Android hotspot troubleshooting steps, carrier-plan restrictions and security guidance.</em> <br><i></i></p> <p><i>Katie Fenton is site editor for Informa TechTarget's Mobile Computing, Enterprise Desktop and Virtual Desktop sites.</i></p> <p><i>Will Kelly is a freelance writer and content strategist who has written about cloud, DevOps, AI and enterprise mobility.</i></p> </section> Android hotspots can fail because of carrier limits, settings conflicts, weak signal or security controls. Here are the quickest fixes IT teams should check first. https://cdn.ttgtmedia.com/rms/onlineimages/legal_g1169668297.jpg https://www.techtarget.com/searchmobilecomputing/tip/How-to-troubleshoot-when-a-hotspot-is-not-working-on-Android Thu, 26 Mar 2026 11:29:00 GMT How to troubleshoot when a hotspot is not working on Android <p data-end="1545" data-start="1280">Apple devices have a strong security reputation, but they are not immune to malware, phishing-based compromise or other mobile threats. That matters for IT teams supporting corporate-owned devices and BYOD programs, especially when iPhones hold sensitive business data.</p> <p data-end="1917" data-start="1552">While Apple's security model helps limit risk, <a href="https://www.techtarget.com/searchmobilecomputing/definition/mobile-malware">mobile malware</a>, malicious websites, social engineering and risky device changes can still expose organizations to data loss or account compromise. To reduce that risk, IT teams need to know how to spot signs of infection, remove suspicious software and use management and threat-detection tools to keep devices secure.</p> <p data-end="1917" data-start="1552">Malware, <a href="https://www.techtarget.com/searchsecurity/tip/10-common-types-of-malware-attacks-and-how-to-prevent-them">such as ransomware and spyware</a>, has long affected desktop systems, and it can also affect smartphones. There are also mobile-specific attack vectors, such as <a href="https://www.techtarget.com/searchmobilecomputing/definition/SMiShing">SMS phishing</a>, that target users through text messages. To reduce that risk, IT teams should know how to prevent, detect and remove malware on iPhones.</p> <section class="section main-article-chapter" data-menu-title="Are iPhones susceptible to malware?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Are iPhones susceptible to malware?</h2> <p>Apple devices have traditionally had a reputation for being <a href="https://www.techtarget.com/searchmobilecomputing/tip/Are-iPhones-more-secure-than-Android-devices">less susceptible to malware than other OSes</a>. This is primarily due to two factors: the closed nature of the Apple ecosystem and the company's strong focus on security. By controlling app signing, distribution and runtime protections, Apple can limit what code runs on its devices. Most iPhone users install apps through the App Store, where Apple uses automated and human review, code signing and sandboxing to reduce malware risk. That model has historically limited malicious apps, though alternative app distribution is now possible in some markets.</p> <p>Second, Apple has incorporated many security features into its devices and software. For example, Apple relies on built-in encryption, code signing and app sandboxing to help protect against malware and other security threats. Apple has also built enterprise tools, such as Automated Device Enrollment, to ensure devices are always managed. Other enterprise security features include supervised mode, which gives IT admins the highest privileges on corporate-owned devices for management.</p> <p>Apple's close-knit ecosystem provides some degree of protection against certain types of attacks, but it isn't foolproof. For example, there have been instances where malware authors have exploited <a target="_blank" href="https://www.computerweekly.com/news/365534220/Apple-security-updates-fix-33-iPhone-vulnerabilities" rel="noopener">vulnerabilities in iOS</a> or other software components to gain access to user data. Apple frequently has to disclose and release patches for zero-day security flaws as a part of software updates.</p> <p>Although iOS devices continue to have a strong reputation for security, users and IT teams need to take steps to prevent malware and remediate any threats. Measures include using strong passwords, keeping software up to date and <a href="https://www.techtarget.com/searchmobilecomputing/tip/Top-7-mobile-device-management-tools-to-consider">investing in MDM tools</a> and mobile threat detection.</p> </section> <section class="section main-article-chapter" data-menu-title="6 signs of malware on an iPhone"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6 signs of malware on an iPhone</h2> <p>Users and IT should pay attention to iPhone and iPad performance, as many issues can appear because of a malware infection. To check for malware on an iPhone, look for signs such as odd notifications, unusual apps and poor device performance before the issue becomes a larger problem.</p> <h3>1. Unfamiliar apps</h3> <p>One of the telltale signs of malware on an iPhone is the presence of unfamiliar third-party apps or programs. Malicious hackers can install malware to access a user's device, steal data and even hijack accounts. If users notice any apps that they did not install, the phone might be compromised.</p> <h3>2. Unfamiliar messages being received or sent</h3> <p>For malware to send text messages, it needs access to the device's messaging system and permissions, which can be challenging for cybercriminals to get without the user's knowledge or consent. However, through methods such as social engineering, malicious actors can find ways to obtain users' iCloud information, granting them access to services such as iMessage. If a user notices unfamiliar sent or received messages on their device, IT must investigate the source and possible infection.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Some MDM systems can monitor data usage and provide IT admins with tools and reports for it. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <h3>3. Excessive data usage</h3> <p>Another sign of a malware infection on an iPhone is excessive data usage. Malware often has to send information back to its <a href="https://www.techtarget.com/whatis/definition/command-and-control-server-CC-server">command-and-control server</a>, resulting in high data consumption levels. If a user notices unusually high data usage, it might be time to check if any malicious programs have been installed onto the device. Some MDM systems can monitor data usage and provide IT admins with tools and reports for it.</p> <h3>4. Unusual battery drain</h3> <p>Malware can also drain battery life significantly. This is because it runs in the background, consuming energy without the user's knowledge. If a phone's battery is draining more quickly than usual, it might be a good idea to check for any suspicious software running in the background.</p> <h3>5. Unexpected notifications</h3> <p>Unusual notifications from unknown sources or apps can also indicate malware presence on an iPhone. Some malicious programs are <a href="https://www.techtarget.com/searchcustomerexperience/tip/Common-malvertising-examples">designed to send out spam messages and pop-up ads</a>. If users spot anything abnormal coming through, it could mean that the device has a malware infection.</p> <h3>6. Erratic performance and crashes</h3> <p>Malware can cause iPhones to behave unexpectedly. The device might abruptly restart or shut down, and apps might crash or freeze, even if they've been working without issues in the past. Similar to battery drain, overheating and slow performance can be a sign that malware is using system resources in the background.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Jailbreaking a device can lead to many different security concerns, as it gives malware easy access to the device. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> </section> <section class="section main-article-chapter" data-menu-title="How to remove malware from iPhones"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to remove malware from iPhones </h2> <p>If an iPhone shows signs of malware, IT teams and users should take a few clear steps to remove suspicious software, check for risky device changes and determine whether the device needs to be wiped or escalated for more help.</p> <ol class="default-list"> <li><b>Check whether the iPhone is jailbroken. </b>While jailbreaking has become more difficult to do in recent versions of iOS, if users are motivated enough, they can usually find a way. Jailbreaking a device can lead to many different security concerns, as it gives malware easy access to the device. To <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-detect-and-fix-a-jailbroken-iPhone">check if an iPhone is jailbroken</a>, look for any unfamiliar apps on the device. Additionally, check under Settings > General > VPN & Device Management to see if any unknown profiles are installed on the device. IT admins can also use MDM tools to monitor an iPhone's jailbroken status. These tools can automate compliance policies to quarantine devices until they are remediated.</li> <li><b>Remove suspicious apps.</b> If a user notices an unfamiliar app on their device, they should remove it and see whether that resolves malware-related issues. To delete an app from an iPhone, press and hold the app icon until menu options appear. Next, select <b>Remove App</b>. When a confirmation screen appears, select <b>Delete App</b>, then confirm again by selecting<b> Delete</b>.</li> <li><b>Update mobile devices regularly. </b>It's important to make sure that users have the latest software installed on their devices. If an iPhone shows signs of a malware infection, one of the first steps IT and users should take is to update iOS. Go to Settings > General > Software Update and install the latest version of the OS. For users who face a higher risk of targeted attacks, IT can also evaluate Lockdown Mode under Settings > Privacy & Security. Apple describes Lockdown Mode as an extreme optional protection, and notes that while previously managed devices remain managed, a device can't newly enroll in MDM while Lockdown Mode is turned on.</li> <li><b>Clear the iPhone's browsing history and data. </b>A malware infection can come from malicious websites in the iPhone's browser. To address this possibility, navigate to Settings > Safari > Clear History and Website Data. When a confirmation screen appears, select <b>Clear History and Data</b>.</li> <li><b> Review configuration profiles. </b>Unknown configuration profiles can be a sign of compromise or risky device changes. Navigate to Settings > General > VPN & Device Management and review any profiles listed there. If a profile isn't expected, confirm with IT before deleting it on a work device, because removing a profile also removes the settings, apps and data associated with it.</li> <li><b>Escalate if signs persist.</b> If suspicious behavior continues after these steps, users should contact Apple Support or their IT team for additional help. If malware is still present, admins might have to wipe the iPhone with a factory reset. This restores the device's factory settings and erases whatever the source of the malware might be.</li> </ol> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/mobile_computing-mobile_security-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/mobile_computing-mobile_security-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/mobile_computing-mobile_security-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/mobile_computing-mobile_security-f.png 1280w" alt="Graphic showing mobile security threats including malware, phishing, lost devices, data sharing and unpatched OSes." height="220" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>While malware is only one mobile security threat, IT teams should also watch for phishing, unpatched OSes and other risks that can expose iPhones and corporate data. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="How to secure iPhones from malware"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to secure iPhones from malware</h2> <p>Once immediate remediation steps are complete, IT teams should focus on prevention. Security controls, user training and ongoing monitoring can reduce the likelihood of future malware infections and limit the impact when something goes wrong.</p> <ul class="default-list"> <li>Monitor and take control with MDM and mobile threat detection.</li> <li>Educate and train end users.</li> <li>Make sure connections are secure.</li> <li>Enable two-factor authentication.</li> <li>Monitor device activity.</li> </ul> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">What MDM can and can't do when an iPhone looks infected</h3> <p data-end="308" data-start="171">Mobile device management can help IT respond when an iPhone starts showing signs of trouble, but it's not a cure-all.</p> <p data-end="606" data-start="310">On the plus side, MDM gives IT a way to enforce software updates, check device compliance, restrict risky settings and, in some cases, remove managed apps and corporate data. That can make it easier to contain a problem and protect business information while the team figures out what's going on.</p> <p data-end="900" data-start="608">But MDM has limits. It can't magically tell IT everything happening on a device, and it doesn't replace user reporting, threat detection tools or basic security awareness. If a user clicks a bad link, installs something risky or ignores signs of compromise, MDM alone won't solve the problem.</p> <p data-end="1111" data-start="902">That's why the best approach is usually layered. MDM can help enforce policy and reduce exposure, but IT still needs a plan for detection, investigation and, when necessary, full device reset or reenrollment.</p> </div> </div> <h3>Educate and train end users</h3> <p>While MDM can do a lot to bar employees from making mistakes that enable malware to spread, end users still play a role in protecting mobile data. <a href="https://www.techtarget.com/searchsecurity/tip/Cybersecurity-employee-training-How-to-build-a-solid-plan">Provide cybersecurity training</a> to educate users on mobile security best practices and how to spot untrustworthy apps and websites.</p> <p>End users should know to be especially wary of emails and messages, including iMessages, that ask them to click on a link or download an attachment. Even if they claim to be from a legitimate source, these could be <a href="https://www.techtarget.com/searchsecurity/feature/How-to-avoid-phishing-hooks-A-checklist-for-your-end-users">phishing attempts</a> and can put devices at risk of malware infection.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/LrFarFrzbD4?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <h3>Make sure connections are secure</h3> <p>Only connect to trusted sources when accessing public Wi-Fi networks. Do not share any information or access any sensitive data when connected to an insecure network. Additionally, IT admins can use MDM to build secure per-app VPN connections. With this feature, an organization can configure a VPN connection for specific apps on managed devices.</p> <h3>Enable two-factor authentication</h3> <p><a href="https://www.techtarget.com/searchsecurity/definition/two-factor-authentication">Two-factor authentication</a> is a security measure that requires users to provide two forms of authentication -- typically a password and a verification code -- to access their accounts or devices. This provides an extra security layer and helps prevent unauthorized access, even if a password is compromised.</p> <h3>Monitor device activity</h3> <p>Keep an eye on what apps are running. IT admins can use MDM to help generate reports around device application inventory and ensure app compliance. Additionally, many MDM systems can integrate with mobile threat detection and other security tools. This enables them to quarantine devices based on how the device or apps are behaving and any potential threats.</p> <p>For IT teams, the goal is not only to remove malware after an infection appears, but also to reduce the chance of compromise in the first place. A combination of fast reporting, timely updates, MDM enforcement, mobile threat detection and end-user training can help organizations contain threats quickly and better protect corporate data on iPhones.</p> <p><b>Editor's note:</b> <em>This article was updated to reflect changes in the best practices for malware removal and to improve the reader experience.</em></p> <p><em>Michael Goad is a freelance writer and solutions architect with experience handling mobility in an enterprise setting.</em></p> </section> iPhones are not immune to malware. Learn the warning signs, removal steps and prevention controls IT teams can use to protect corporate data on managed devices. https://cdn.ttgtmedia.com/rms/onlineimages/mobile_g1164126635.jpg https://www.techtarget.com/searchmobilecomputing/tip/How-to-detect-and-remove-malware-from-an-iPhone Wed, 25 Mar 2026 12:46:00 GMT How to detect and remove malware from an iPhone <p>IT administrators have different tools available for making sure that corporate data stays secure and protected at all times. An important aspect of those tools is mobile application management (<a href="https://www.techtarget.com/searchmobilecomputing/definition/mobile-application-management-MAM">MAM</a>). MAM addresses the management and protection of corporate data within a specific app on a mobile device.</p> <p>For organizations that use Microsoft Intune, this functionality comes in the form of Intune MAM. A clear understanding of how Intune MAM applies and enforces app protection policies is key to building a secure and consistent mobile management framework.</p> <section class="section main-article-chapter" data-menu-title="What is Intune MAM?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is Intune MAM?</h2> <p>Within Microsoft Intune, MAM is the tool to configure, manage and protect apps. Intune MAM is mainly focused on mobile devices, and support for Windows devices is in its early stages, only covering Microsoft Edge currently. On mobile devices, apps become eligible for Intune MAM when they either integrate the <a target="_blank" href="https://learn.microsoft.com/en-us/intune/intune-service/developer/app-sdk-get-started" rel="noopener">Intune App SDK</a> or are processed with the Intune App Wrapping Tool. These approaches enable the necessary features to safeguard corporate data within the app.</p> <p>Intune provides app protection policies (APP) and app configuration policies (ACP) through its MAM capabilities. App protection policies are designed to protect data within the managed app, while app configuration policies are designed to configure specific settings within the managed app. Together, these policies enable IT to protect corporate data and deliver an optimal user experience. Organizations can then ensure data security across a wide range of scenarios -- whether Intune MAM is used on its own or alongside Intune MDM.</p> </section> <section class="section main-article-chapter" data-menu-title="Intune app protection policy considerations"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Intune app protection policy considerations</h2> <p>App protection policies and app configuration policies should be the main focus of IT admins when configuring Intune MAM.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> App protection policies and app configuration policies should be the main focus of IT admins when configuring Intune MAM. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>The app protection policies are the component that is often directly associated with Intune MAM. Enforcement of these policies is based on the identity of the user. So, any data related to the work account of the user is protected, while any data related to the user's personal account remains untouched. To create that <a href="https://www.techtarget.com/searchmobilecomputing/tip/BYOD-policy-basics-Defining-and-enforcing-a-successful-policy">separation of work and personal data</a>, IT can use the different aspects of an app protection policy.</p> <p>Within an app protection policy, IT should configure the data protection settings, access requirements and conditional launch settings. This means that before creating an app protection policy, admins should think about what data is allowed to move between which apps, what access requirements should be met to open a managed app, and which app or device conditions should apply. At the same time, admins should review any app configuration policies needed to streamline app behavior, since APP and ACP settings often affect each other during deployment. These decisions require careful consideration and planning.</p> <p>On top of that, Intune MAM should always be used in combination with conditional access, a <a href="https://www.techtarget.com/searchwindowsserver/tip/What-should-admins-know-about-Microsoft-Entra-features">Microsoft Entra ID feature</a>. In that combination, Intune MAM protects corporate data within the app, while conditional access policies make sure that only a protected app -- one with app protection policies applied -- is able to access that data.</p> </section> <section class="section main-article-chapter" data-menu-title="How to create and configure Intune app protection policies"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to create and configure Intune app protection policies</h2> <p>After planning the implementation and configuration of the Intune app protection policy, the actual setup is fairly straightforward. Keep in mind that the exact configuration options might differ slightly per platform, however.</p> <p>IT can use the following steps to create an app protection policy in Microsoft Intune:</p> <ol type="1" start="1" class="default-list"> <li>Open the Microsoft Intune admin center portal and navigate to Apps > Protection.</li> <li>On the Apps | Protection page, click <b>Add</b> and select either <b>iOS/iPadOS</b> or <b>Android.</b></li> <li>On the Basics page, provide the basic policy information and click <b>Next.</b></li> <li>On the Apps page, open the drop-down menu next to <b>Target policy to</b> and choose the group of apps that should be included in the policy scope -- <b>Selected apps</b>, <b>All Apps</b>, <b>All Microsoft Apps</b> or <b>Core Microsoft Apps</b>. Then, click <b>Next.</b></li> <li>On the Data protection page, specify the required data protection settings across the categories of Data Transfer, Encryption and Functionality. Then, click <b>Next.</b></li> <li>On the Access requirements page, specify the necessary access requirements, like minimum PIN length, and click <b>Next</b>.</li> <li>On the Conditional launch page, specify the required app and device conditions, like app and platform version, and click <b>Next</b>.</li> <li>On the Scope tags page, specify the required scope tags and click <b>Next.</b></li> <li>On the Assignments page, specify the required assignment and use filters to differentiate the targeting between managed apps and managed devices. Then, click <b>Next.</b></li> <li>On the Review + create page, click <b>Create.</b></li> </ol> </section> <section class="section main-article-chapter" data-menu-title="Troubleshooting Intune app protection policies"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Troubleshooting Intune app protection policies</h2> <p>When the Intune app protection policies are carefully planned and implemented, and users are licensed, admins can use the available reporting to verify that the deployment was successful. For a clear overview, they can rely on the <a target="_blank" href="https://learn.microsoft.com/en-us/intune/intune-service/apps/app-protection-policies-monitor" rel="noopener">App protection status</a> report. This report provides insight into the compliance status of app protection policies, affected users and any issues those users might be experiencing. It even shows the applied app protection policy. For IT, this should be the starting point for validating the implementation.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/application_lifecycle_management_with_intune-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/application_lifecycle_management_with_intune-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/application_lifecycle_management_with_intune-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/application_lifecycle_management_with_intune-f.png 1280w" alt="A graphic showing application lifecycle management with Intune as a cycle that includes 5 phases: adding, configuring, deploying, protecting and retiring." data-credit="Informa TechTarget" height="514" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Intune MAM's app protection policies are important for protecting corporate apps and data on mobile devices. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>If a user experiences issues that aren't clearly reflected in the available reports, local diagnostic logs can provide additional insight. To access these logs, users can open the Microsoft Edge browser app on Android or iOS and type <i>edge://intunehelp</i> into the address bar. This page launches troubleshooting mode and displays an overview of the applied policies for each app. It also lets users share diagnostic logs directly with Microsoft or store them locally for <a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-to-troubleshoot-Intune-app-deployments">support by IT</a>. These options are available for all mobile devices, whether they're managed or unmanaged.</p> <p><i>Peter van der Woude works as a mobility consultant and knows the ins and outs of the ConfigMgr and Microsoft Intune tools. He is a Microsoft MVP and a Windows expert.</i></p> </section> With Intune MAM, IT leaders can enforce app‑level protection policies that secure corporate data across devices while maintaining a seamless user experience. https://cdn.ttgtmedia.com/rms/onlineimages/security_a218339023.jpg https://www.techtarget.com/searchmobilecomputing/tip/Navigating-app-protection-policies-with-Intune-MAM Mon, 23 Mar 2026 16:52:00 GMT Navigating app protection policies with Intune MAM <p>A work profile is an important feature of Android devices because it enables users to keep their personal lives separate from their work lives.</p> <p>If any corporate data resides on a device, IT administrators must be able to remotely wipe the endpoint or apply restrictions for work apps. If the device belongs to the user, IT must perform these actions without affecting their personal data. Android work profiles completely separate personal and corporate data, enabling IT to enforce security policies <a href="https://www.techtarget.com/searchmobilecomputing/tip/What-can-organizations-do-to-address-BYOD-privacy-concerns">without compromising user privacy</a>.</p> <p>Once a user or IT professional enrolls an Android phone into their organization's <a href="https://www.techtarget.com/searchmobilecomputing/tip/Top-7-mobile-device-management-tools-to-consider">MDM platform</a>, the device creates the work profile. Through the Android work profile settings, IT can make decisions about data and network usage, notifications, apps, privacy and security.</p> <p>When an employee leaves or changes roles within an organization, however, it's common practice for the employer to perform a selective wipe, deleting any associated work profiles installed on the device. This secures work data by preventing unauthorized access to sensitive files stored in the profile. To ensure users don't lose personal data, removing an Android work profile does not erase anything outside of the profile, including non-work-related files, apps and content stored on the device.</p> <p>When the time comes to delete a work profile, either the device's owner or an IT staff member can take steps to remove it.</p> <section class="section main-article-chapter" data-menu-title="How can a user remove an Android work profile?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How can a user remove an Android work profile?</h2> <p>End users can remove their Android device's work profile themselves in many cases. The key requirement is that the device must belong to them. If it's corporate-owned, users' only options are to contact IT or perform a full wipe of the device, also known as a factory reset. This action erases virtually everything from the device, including the user's personal data and preferred settings.</p> <p>Performing a selective wipe as a user is only possible when their device is BYOD or their organization has otherwise relinquished <a href="https://www.techtarget.com/searchmobilecomputing/tip/BYOD-policy-basics-Defining-and-enforcing-a-successful-policy">ownership of the device</a> to them. In other words, if an Android device is personally owned, the end user can delete their work profile without affecting other data.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/wipe_options_for_different_android_ownership_scenarios-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/wipe_options_for_different_android_ownership_scenarios-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/wipe_options_for_different_android_ownership_scenarios-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/wipe_options_for_different_android_ownership_scenarios-f.png 1280w" alt="Wipe options for different Android ownership scenarios. Personally owned work profile devices: IT can wipe an account, but not the full device. Corporate-owned work profile devices: IT can only wipe the full device, not an account on its own. Corporate-owned fully managed devices: IT can only wipe the full device, not an account on its own. Corporate-owned dedicated devices: IT can only wipe the full device, not an account on its own." data-credit="Informa TechTarget" height="274" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Organizations' ability to remove a user account or fully wipe a device depends on the device's management type and ownership status. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The end-user process to remove an Android work profile is relatively simple. The main methods are easily accessible on the mobile device, using either the native Settings app or the organization's MDM app.</p> <h3>Method 1. Removing a work profile through Settings</h3> <p>One way for a user to remove their work profile is through the Settings menu on their device. In Android, the process involves the following steps:</p> <ol type="1" start="1" class="default-list"> <li>Open <b>Settings</b> on the device and select <b>Accounts</b> or<b> Users & accounts</b>.</li> <li>Select the <b>Work</b> tab and scroll down to find work profile options.</li> <li>Select <b>Remove work profile</b>. When a pop-up window appears to confirm the selection, tap <b>Delete</b>. If the <b>Remove work profile </b>option isn't visible, there might be multiple accounts on the device. In that case, select the account for the work profile and select Remove account > Remove account > OK.</li> <li>The user might receive a prompt to enter a security PIN or password. If an error occurs, the user should contact their organization's IT team.</li> <li>The device then begins removing all data associated with the work profile, including apps, settings and other information stored within it. This process can take several minutes, depending on how much data is stored within the profile. Once this process is complete, the work profile is fully removed.</li> </ol> <h3>Method 2. Removing a work profile through an MDM application</h3> <p>Users can also remove a work profile through the MDM platform they enrolled their device into. With this method, employees must open the app they used for their initial MDM and work profile setup.</p> <p>For example, in organizations <a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-to-add-and-enroll-devices-to-Microsoft-Intune">using Microsoft Intune</a>, users can complete this process in the Intune Company Portal app. Work profile removal in the Company Portal app involves the following steps:</p> <ol type="1" start="1" class="default-list"> <li>Open the MDM app on the device and sign in.</li> <li>Under <b>Devices</b>, select the device.</li> <li>In the top-right corner of the screen, select the <b>Menu</b> button, which looks like three dots. Then, select <b>Remove Device</b>.</li> <li>Once a confirmation screen appears, select <b>OK</b> to proceed with work profile removal.</li> <li>After confirmation, the device removes the MDM platform and work profile, and all associated data is deleted.</li> </ol> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/delete_android_work_profile_2-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/delete_android_work_profile_2-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/delete_android_work_profile_2-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/delete_android_work_profile_2-h.jpg 1280w" alt="The end user's view of the Intune Company Portal app with the relevant steps to remove a device from the work profile program." data-credit="Michael Goad"> <figcaption> <i class="icon pictures" data-icon="z"></i>The steps for a user to remove their device from management through the Company Portal app. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Another option is to disable the MDM agent application directly. Within the Company Portal app, an end user can simply open the main menu and select <b>Remove Company Portal</b>, followed by <b>OK </b>at the confirmation screen.</p> <p>After completing either of these processes, the user should be able to uninstall the MDM app from their device's home screen. To do this, find and press down on the app icon until an app menu prompt appears, and then tap <b>Uninstall</b>.</p> <p>If the user sees some indication that a work account is still on their device, they should contact their organization's IT team. A factory reset is another option, but it's only advisable if the user also wants to delete all their personal data and revert the device to its default settings.</p> </section> <section class="section main-article-chapter" data-menu-title="How can an IT administrator remove an Android work profile?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How can an IT administrator remove an Android work profile?</h2> <p>IT administrators might want to delete a profile from an Android device themselves. From an IT perspective, removing a work profile protects corporate data without <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-perform-a-full-remote-wipe-on-an-Android-device">wiping the user's device completely</a>. This is especially helpful when an employee leaves the organization or a device is lost or stolen.</p> <p>This process requires an IT admin to log in to their MDM system and remove the device. The location of different settings varies based on the MDM platform. However, the process generally consists of the following steps, with Microsoft Intune as an example:</p> <ol type="1" start="1" class="default-list"> <li>Log in to the MDM admin console and open the <b>Devices</b> section.</li> <li>Select <b>All devices</b>.</li> <li>Find and select the desired device.</li> <li>Select <b>Retire</b> or <b>Delete</b>. In Intune, <a target="_blank" href="https://learn.microsoft.com/en-us/intune/intune-service/remote-actions/devices-wipe" rel="noopener">both options</a> remove the same data, but deleting the device also immediately removes it from the admin center's record of devices.</li> <li>Click <b>Yes</b> to confirm.</li> </ol> <p>If an IT admin is having trouble removing an Android work profile through their MDM platform, they should try a few troubleshooting steps. First, make sure the device is online and syncing with MDM. Ask the user to open the MDM app and manually sync the device.</p> <p>Next, confirm the device is still visible in the MDM console. If it appears to be offline for an extended time, it might not be able to receive the removal command. If the work profile removal is stuck, try forcing a reenrollment. Then, retry work profile removal once the device is back online.</p> <p>If these steps don't work, look over the MDM policy permissions. Some MDM policies block users or even IT admins from removing a work profile. Check whether the work profile removal option is enabled in the MDM policy settings. If multiple policies are applied to the device, one might be preventing the removal. Modify the compliance policy to allow work profile removal. If necessary, create a temporary "Allow Removal" policy and push it to the device.</p> <p><b>Editor's note:</b> <i>This article was originally written by Michael Goad and updated by Helen Searle-Jones to improve the reader experience.</i></p> <p><i>Michael Goad is a freelance writer and solutions architect with experience handling mobility in an enterprise setting.</i></p> <p><i>Helen Searle-Jones holds a group head of IT position in the manufacturing sector. She draws on 30 years of experience in enterprise and end-user computing, utilizing cloud and on-premises technologies to enhance IT performance.</i></p> </section> When a user leaves their organization or loses their device, it's time to remove their Android work profile. Learn three methods to delete a work profile on an end-user device. https://cdn.ttgtmedia.com/rms/onlineimages/mobile_g692819506.jpg https://www.techtarget.com/searchmobilecomputing/tip/How-to-delete-or-disable-an-Android-work-profile Thu, 19 Mar 2026 09:00:00 GMT How to remove a work profile from an Android device <p>Mobile device management gives IT the control, security and visibility necessary to protect modern workplaces.</p> <p>Mobile devices are especially vulnerable to loss, theft and unauthorized access, which complicates data security and regulatory compliance for most organizations. IT administrators need to think about getting devices to a securely managed and productive state while ensuring the onboarding process is simple, minimally invasive and streamlined for end users. Mobile device management is not only a tactical IT chore but a strategic issue.</p> <section class="section main-article-chapter" data-menu-title="What is mobile device management (MDM)?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is mobile device management (MDM)?</h2> <p>Mobile device management (<a href="https://www.techtarget.com/searchmobilecomputing/definition/mobile-device-management">MDM</a>) software enables IT to control, secure and enforce policies on mobile devices such as smartphones, tablets and laptops.</p> <p>It provides administrators with tools to apply consistent security settings, deploy updates, monitor device health and remotely lock or wipe devices if they are lost, stolen or noncompliant. MDM is a foundational <a href="https://www.techtarget.com/searchenterprisedesktop/feature/Understand-how-UEM-EMM-and-MDM-differ-from-one-another">element of enterprise mobility management and unified endpoint management</a>.</p> <p>An MDM platform can manage various devices, including iOS, Android, Windows, macOS and even ChromeOS, in some cases. MDM is a flexible tool that gives admins many controls to ensure devices are secured and properly supported. Additionally, IT can consider programs such as Apple Business Manager and Android Enterprise, which integrate with MDM to give organizations more privileges on a device. Admins can then enforce higher-level security configurations, including advanced restrictions and settings controls, home screen layout, single app mode, multi-user and shared modes, and zero-touch enrollments.</p> <h3>BYOD and MDM</h3> <p>Device ownership is an important factor in MDM. In particular, BYOD policies can add a layer of complexity to management. Under these policies, employees store corporate data and carry out work tasks on personal devices. The challenge with BYOD is that user devices are unmanaged by default, which can expose the organization to security and compliance risks.</p> <p><a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-to-successfully-implement-MDM-for-BYOD">MDM platforms help organizations manage BYOD endpoints</a> using containerization mechanisms that enable app‑level controls and the separation of personal and work data. Admins can configure an MDM platform to define acceptable use, privacy boundaries and enforcement policies for devices based on their ownership status. This balances flexibility and security.</p> </section> <section class="section main-article-chapter" data-menu-title="1. Manage mobile devices with an MDM policy"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. Manage mobile devices with an MDM policy</h2> <p>An MDM platform is only as effective as the policies that are configured and enforced by the organization using it. An <a href="https://www.techtarget.com/searchmobilecomputing/feature/Why-a-mobile-security-policy-is-a-must-have-corporate-policy">MDM policy framework</a> should define device enrollment requirements, security configuration standards and compliance monitoring procedures. Rather than implementing MDM as a purely technical tool, the strongest device management strategies establish clear, documented MDM policies that align technical controls with organizational security objectives.</p> <p>MDM's role is to provide the organization with the ability to enforce security compliance controls on devices. Figure 1 shows an example of these controls for an iOS device.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_1.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_1_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_1_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_1.jpg 1280w" alt="Compliance policies for iOS." data-credit="Michael Goad" height="303" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. Device compliance policies that IT admins can enforce for iOS devices through MDM. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Some of the most common profile and compliance settings include the following:</p> <ul class="default-list"> <li>PIN code and device encryption.</li> <li>Certificate-based authentication.</li> <li>Email configuration.</li> <li>Wi-Fi configuration.</li> <li>Device feature permissions and restrictions.</li> <li>Blocklist and allowlist applications.</li> <li>Single sign-on (SSO).</li> <li>Enforcement and automation of iOS and Android updates.</li> <li>Data loss prevention (DLP) configurations.</li> <li><a href="https://www.techtarget.com/searchmobilecomputing/answer/Whats-the-difference-between-jailbreaking-and-rooting">Jailbreak/root detection</a> and remediation.</li> <li>Remote lock and device wipe capabilities for lost or compromised devices.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="2. Manage authentication and access"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Manage authentication and access</h2> <p>Access management on mobile devices should include strong PIN and multifactor authentication (MFA) controls, enforced through MDM.</p> <h3>PIN code management</h3> <p>The PIN often serves as a password for mobile devices, preventing bad actors from gaining unauthorized access to a device. Organizations should enforce a PIN policy, which might include minimum length standards or require automatic lock after a short period of inactivity. Using MDM, IT can enforce these settings consistently across corporate-owned and BYOD devices enrolled in the environment.</p> <h3>Multifactor authentication</h3> <p>Once a device leaves the corporate network, it's exposed to untrusted networks and higher risk conditions that IT can't fully control. MFA provides more comprehensive protection by confirming that the end user logging on is who they claim to be. It requires two or more authentication methods, which can include PIN or password, SMS verification and biometric authentication. An admin can then set parameters for when to require MFA based on the device's trust and risk conditions.</p> <p>MDM can distribute and enforce these MFA requirements by integrating with the organization<span dir="RTL">'</span>s identity and access management (<a href="https://www.techtarget.com/searchsecurity/definition/identity-access-management-IAM-system">IAM</a>) platform during enrollment and device compliance checks. This approach aligns mobile authentication with the broader zero-trust and IAM strategy.</p> </section> <section class="section main-article-chapter" data-menu-title="3. Enable data loss prevention policies"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. Enable data loss prevention policies</h2> <p>Users rely on multiple apps on their mobile devices to get work done, so IT admins must ensure any corporate data is not copied to, or accessed from, unmanaged or untrusted applications. App protection and <a href="https://www.techtarget.com/searchdatamanagement/tip/Steps-to-create-a-data-loss-prevention-policy">DLP policies</a> can prevent corporate data from being saved locally to the device storage or exported to personal locations. IT admins can also restrict data transfer -- for example, the <i>Open in</i> or <i>Share</i> options -- to only approved or managed apps, and limit specific capabilities such as copy, paste, download or local file export. Figure 2 shows an example of these settings for an Android device with a work profile.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_2.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_2_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_2_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/Mobile_sec_best_practices_figure_2.jpg 1280w" alt="Work profile device controls." data-credit="Michael Goad" height="438" width="558"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. Capabilities that IT admins can limit on personally owned devices with a work profile. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Platforms such as Microsoft Intune can even <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-use-Intune-app-protection-without-MDM-enrollment">apply app protection policies to Microsoft apps</a> without requiring admins to enroll devices in an MDM. For devices enrolled in an organization's MDM, the MDM is the mechanism to create and enforce these security restrictions to ensure data loss protection.</p> </section> <section class="section main-article-chapter" data-menu-title="4. Set corporate and BYOD remote lock, device wipe policies"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. Set corporate and BYOD remote lock, device wipe policies</h2> <p>What happens if an employee loses a device or leaves the company? Every business should develop a corporate-owned and <a href="https://www.techtarget.com/searchmobilecomputing/tip/BYOD-policy-basics-Defining-and-enforcing-a-successful-policy">BYOD policy</a> to handle device loss and data wipes.</p> <p>Under this type of policy, whenever a mobile device is lost or stolen, the organization can take actions to secure data, including a data wipe, reset or device lock.</p> <p>This type of policy gets messy with BYOD environments; not every user likes the idea of giving IT this type of control over their devices. However, both Google and Apple have addressed this issue with capabilities in their platforms. On Apple devices, User Enrollment limits what an MDM platform can do on a personal iPhone or iPad, focusing management on the work container. For Android devices, Google's <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-create-a-work-profile-on-Android-devices">Android Enterprise work profile feature</a> enables users to keep work and personal apps and data distinct from each other. Each profile is entirely separate; the organization manages the work apps and data, while the end user's apps, data and usage remain untouched. This restricts invasive management tasks, such as factory resets.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/what_mdm_can_see-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/what_mdm_can_see-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/what_mdm_can_see-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/what_mdm_can_see-f.png 1280w" alt="What MDM can and can't see on Apple and Android devices." data-credit="Informa TechTarget" height="297" width="560"> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="5. Enable remote access management and monitoring"> <h2 class="section-title"><i class="icon" data-icon="1"></i>5. Enable remote access management and monitoring</h2> <p>Remote access management lets IT troubleshoot and control devices remotely, without physical access. Monitoring uses centralized dashboards to provide real-time visibility into compliance, OS version, security status and other indicators of device posture, such as location, usage and threats.</p> <p>These capabilities support enterprise security by enabling rapid incident response. IT can lock geofenced devices, quarantine threats or remotely wipe lost assets.</p> <p>Implementation requires strong security measures to protect sensitive data and ensure functionality. Use secure channels with Transport Layer Security encryption, certificate authentication and MFA for admins. Cross-platform support must cover iOS, Android, Windows and macOS. Role-based access control (RBAC) limits admin access to sensitive actions, reducing the risk of accidental or unauthorized changes, such as wiping devices or locking them remotely. Security information and event management (<a href="https://www.techtarget.com/searchsecurity/definition/security-information-and-event-management-SIEM">SIEM</a>) systems integrate with remote access tools to monitor and log security events, detect anomalies and provide real-time alerts about potential threats. Together, these measures ensure that remote access management is secure and effective across devices.</p> <p>Other best practices include the following:</p> <ul class="default-list"> <li>Enforce the principle of least privilege for admin access.</li> <li>Automate alerts for noncompliance or jailbreak detection.</li> <li>Be transparent about <a href="https://www.techtarget.com/searchmobilecomputing/tip/What-can-organizations-do-to-address-BYOD-privacy-concerns">BYOD privacy</a> and monitor only corporate data.</li> <li>Set up regular compliance reporting for audits.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="6. Keep BYOD and corporate devices updated"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6. Keep BYOD and corporate devices updated</h2> <p>Keeping devices updated isn't an easy task, but it's extremely important. Mobile devices are a growing target for malware and other attacks, and one of the best ways to fight against that is to ensure that all managed devices are fully up to date.</p> <p>There are plenty of different approaches IT admins can take to keep devices updated in a timely manner. Asking users to implement updates is a simple approach, but it's not always a successful one. A better approach is to enforce controls through the MDM. For devices enrolled with an MDM platform, an IT admin can schedule a mobile OS update for all users -- ideally during a low-use time, such as the middle of the night. On corporate-only devices, IT can take that a step further, and the MDM can schedule, download and auto-install the updates.</p> <p>With BYOD environments, it can be a bit trickier. Mobile IT admins can schedule a prompt for the user to download and install the update, but it's still up to the end user to trigger the process. However, there are mechanisms IT can put in place through MDM. One <a target="_blank" href="https://learn.microsoft.com/en-us/intune/intune-service/protect/compliance-policy-create-ios" rel="noopener">mechanism</a> is a compliance policy, which enables admins to create an "if this, then that" automation for devices.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Asking users to implement updates is a simple approach, but it's not always a successful one. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>An example of this would be a compliance policy that targets devices with a specific version of iOS. IT can create an action that would send a notification to a user to update; then, after two days, if that device hasn't updated, an admin can take steps such as quarantine or removal of corporate email and access from the device. These restrictions would remain in place until the user updates the device OS.</p> <p>These compliance policies help keep corporate data safe while also encouraging end users to stay up to date. The same approach applies to Android, ChromeOS and Windows devices, with platform-specific grace periods and remediation actions defined in the organization's MDM policy.</p> </section> <section class="section main-article-chapter" data-menu-title="7. Integrate MDM with other IT and IAM systems"> <h2 class="section-title"><i class="icon" data-icon="1"></i>7. Integrate MDM with other IT and IAM systems</h2> <p>IAM is a system that manages user identities and controls user access. It includes features like SSO and RBAC. Integrating IAM with MDM synchronizes user identity with device compliance for unified security across endpoints.</p> <p>This integration can help enable conditional access, which is critical for effective MDM policy. With conditional access, only MDM-enrolled, compliant devices associated with verified user identities can access corporate email, VPN or SaaS apps. It can also help automate user provisioning and deprovisioning. New hires get compliant devices instantly, offboarded users lose access and corporate data is selectively wiped.</p> <p>Implementation involves API connectors between MDM and IAM platforms. <a href="https://www.techtarget.com/searchmobilecomputing/tip/Understanding-Android-certificate-management">Device certificates</a> and unique identifiers establish trust, while continuous device posture feeds into IAM risk decisions.</p> <p>Beyond IAM, MDM integrates with email servers, SIEM tools and endpoint detection platforms to help provide visibility and automated response across IT systems.</p> </section> <section class="section main-article-chapter" data-menu-title="8. Monitor device compliance and automate with mobile threat defense"> <h2 class="section-title"><i class="icon" data-icon="1"></i>8. Monitor device compliance and automate with mobile threat defense</h2> <p>MDMs provide device-level security controls, but they can lack the ability to detect and prevent attacks from malicious apps, networks and phishing campaigns. To keep mobile data secure, organizations should supplement MDM with mobile threat defense (<a href="https://www.techtarget.com/searchmobilecomputing/definition/Mobile-Threat-Defense-MTD">MTD</a>).</p> <p>MTD platforms detect man-in-the-middle attacks over Wi-Fi, identify suspicious behavior on a device and proactively search for malware, harmful applications and mobile phishing attacks. It can then remediate issues with various methods, such as killing the device's Wi-Fi or cellular connection to prevent further data leakage, or working in tandem with an MDM to quarantine a device. At a high level, an MTD platform can perform the following functions:</p> <ul class="default-list"> <li>Monitor a device's activity to detect cyberattacks in real time.</li> <li>Monitor device applications for suspicious behavior that might leak user data to untrusted sources.</li> <li>Monitor for OS vulnerabilities and kernel exploits.</li> <li>Monitor device networking activity for man-in-the-middle, Secure Sockets Layer (SSL) stripping and SSL decryption attempts.</li> </ul> <p>Together, MTD and MDM platforms provide stronger security for mobile devices and users. MTD threat signals feed MDM compliance policies, automatically marking high-risk devices as noncompliant and blocking corporate access until remediation. This provides continuous threat detection with automated policy enforcement.</p> </section> <section class="section main-article-chapter" data-menu-title="9. Keep your end users informed"> <h2 class="section-title"><i class="icon" data-icon="1"></i>9. Keep your end users informed</h2> <p>IT admins can put as much technology as they want toward fixing a problem, but end users hold the keys to success. It is vital to train end users and keep them informed on current threats and vulnerabilities.</p> <p><a href="https://www.techtarget.com/searchmobilecomputing/tip/Building-mobile-security-awareness-training-for-end-users">Mobile security training</a> should emphasize the importance of updates, recognizing phishing attempts, using MFA and securing devices on public Wi-Fi. This empowers users to make security-conscious decisions that protect both personal and corporate data.</p> <p>Helping end users understand the importance of updates -- and how they can affect corporate data -- should help them make the right decisions related to device security.</p> <p><b>Editor's note:</b> <i>This article was originally written by Michael Goad and updated by Sean Michael Kerner to improve the reader experience.</i></p> <p><i>Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He has pulled Token Ring, configured NetWare and been known to compile his own Linux kernel. He consults with industry and media organizations on technology issues.</i></p> <p><i>Michael Goad is a freelance writer and solutions architect with experience handling mobility in an enterprise setting.</i></p> </section> Organizations can't deploy mobile devices without accounting for their management complexity. IT should follow these nine best practices to manage mobile devices in the enterprise. https://cdn.ttgtmedia.com/visuals/searchWindowsServer/op_systems_microsoft_apps/windowsserver_article_011.jpg https://www.techtarget.com/searchmobilecomputing/feature/7-mobile-device-security-best-practices-for-businesses Mon, 16 Mar 2026 16:03:00 GMT 9 mobile device management best practices for businesses <p data-end="1836" data-start="1569">Organizations developing mobile applications must choose between two dominant platforms: Apple's iOS ecosystem and Google's Android ecosystem. Each platform offers different programming languages, development environments, distribution models and user expectations.</p> <p data-end="2034" data-start="1843">Understanding the differences between iOS and Android app development helps IT teams select the right platform strategy, control development costs and deliver a better mobile user experience.</p> <p>To effectively develop an app for iOS or Android, IT teams must understand how the development environments differ.</p> <p>It's easy to get started in mobile software development -- administrators just have to pick the platform and language that their programmers already know, preferably the one that is free. But that choice doesn't take the cost of tools, the viability of the platform and various other factors into consideration. Which mobile devices are most popular with users? Is the team able to provide sufficient support? What is best for the organization?</p> <p>Android and iOS both have different style guides. As a result, writing for both requires two teams. Otherwise, the app will have a look and feel that is unfamiliar to at least one user base. Organizations might be able to lock support down to a specific device and OS version for internal apps, but public-facing apps will have much more demanding users. Then there are watches and tablets to consider, along with the costs of training and long-term support.</p> <p>Several decisions go into mobile app development, from design guidelines and layouts to distribution and monetization strategies. The OS the app caters to affects many of these decisions. Making conscious choices about what platforms to develop on can help <a href="https://www.techtarget.com/searchmobilecomputing/feature/Simplify-mobile-app-development-for-the-enterprise">ensure a smooth development process</a>.</p> <section class="section main-article-chapter" data-menu-title="Key differences between iOS and Android app development"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Key differences between iOS and Android app development</h2> <p data-end="698" data-start="377">Organizations evaluating mobile platforms often compare how iOS and Android differ across development tools, programming languages, device ecosystems and distribution models. Understanding these differences can help IT teams choose the platform strategy that best aligns with their development resources and target users.</p> <h3 data-end="2523" data-start="2498" data-section-id="1vaqj3y">Programming languages</h3> <p data-end="2761" data-start="2525">Android development primarily relies on Java and Kotlin, while iOS development uses Swift and Objective-C. Kotlin has become the preferred language for Android development, while Swift is the modern standard for Apple platforms.</p> <h3 data-end="2790" data-start="2763" data-section-id="1c8563k">Development environment</h3> <p data-end="2946" data-start="2792">Android developers typically use Android Studio, Google's official IDE, while iOS developers build applications using Xcode, which runs only on macOS.</p> <h3 data-end="2968" data-start="2948" data-section-id="hkltzm">Device ecosystem</h3> <p data-end="3129" data-start="2970">Android devices are manufactured by hundreds of vendors, which leads to device fragmentation and requires testing across many screen sizes and OS versions.</p> <p data-end="3249" data-start="3131">Apple controls both hardware and software for iOS devices, resulting in a more consistent development environment.</p> <h3 data-end="3277" data-start="3251" data-section-id="1d20srm">App store distribution</h3> <p data-end="3353" data-start="3279">Both platforms require store review before apps become publicly available:</p> <ul data-end="3466" data-start="3355" class="default-list"> <li data-end="3408" data-start="3355" data-section-id="2i1yr1"> <p data-end="3408" data-start="3357">Google Play reviews most updates within hours to roughly 24 hours, while entirely new applications typically face a review period of several days.</p> </li> <li data-end="3466" data-start="3409" data-section-id="bk31ux"> <p data-end="3466" data-start="3411">Apple reviews most submissions within 24 hours, though review can take longer for complex or nonstandard apps.</p> </li> </ul> <p data-end="3637" data-start="3468">However, Android developers can distribute apps through third-party stores or direct installation, while Apple primarily distributes apps through the App Store, though alternative marketplace and web-distribution options now exist in some markets.</p> <h3 data-end="3667" data-start="3639" data-section-id="13d64m2">User interface standards</h3> <p data-end="3719" data-start="3669">Android and iOS have different design conventions.</p> <p data-end="3733" data-start="3721">For example, iOS navigation typically relies on hierarchical navigation and tabs. Android, on the other hand, uses a navigation bar and back button.</p> <p data-end="3934" data-start="3862">Apps that ignore platform conventions can create friction for users.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">When organizations prioritize iOS vs. Android development</h3> <p data-end="488" data-start="293">Most organizations don't pick a mobile platform based only on technology. The decision usually depends on the target audience, internal development skills and the type of application being built.</p> <p data-end="682" data-start="490">In many cases, teams lean toward iOS development first when the application targets North American users or internal enterprise deployments where device environments are more standardized.</p> <p data-end="841" data-start="684">Android development is often prioritized when organizations need to support a broader global user base or a wider range of device types and price points.</p> <p data-end="1067" data-start="843">For public-facing apps, many organizations ultimately support both platforms. In those cases, teams either maintain separate native development efforts or use cross-platform frameworks to share code between environments.</p> </div> </div> </section> <section class="section main-article-chapter" data-menu-title="Understanding Google Android app development"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Understanding Google Android app development</h2> <p>The Android OS is free and open source. It comes with the Chrome browser, along with Gmail, Calendar and other Google apps. Hundreds of brands build Android devices, and they need to innovate on both features and price to stay relevant. This <a href="https://www.techtarget.com/searchmobilecomputing/tip/Is-Android-fragmentation-still-a-problem-for-IT-teams">device fragmentation</a> also means that organizations have to consider the different screen sizes and OS versions on the Android phones their users might have. With both initial app design and subsequent updates, Android developers must take extra time to ensure compatibility for different devices across their user base.</p> <p>Because it is open source, developers can also compete to make development environments and compilers for Android. While Android has a strong Java tradition, Android apps do not run on the Java mirtual machine. Instead, they run on the Android Runtime. Android's free integrated development environment (IDE), <a href="https://www.techtarget.com/searchmobilecomputing/definition/Android-Studio">Android Studio</a>, supports both Java and Kotlin. The two programming languages are similar, but Kotlin is now Google's preferred language for new Android development, while Java remains widely used across existing enterprise applications.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The idea of ‘write once, run anywhere’ is attractive, but it has a few major drawbacks. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>The workflow for Android starts out in much the same way as traditional development. Programmers write code in an IDE and commit it to version control. A <a href="https://www.techtarget.com/searchsoftwarequality/CI-CD-pipelines-explained-Everything-you-need-to-know">continuous integration/continuous delivery</a> tool then builds the code into a package and deploys it. With deployment, the Android app becomes available in the Play Store once Google has reviewed and approved it, which can take a few days. Because Android is open, developers can build and deploy apps independently or on a third-party store. Still, those options lack the discoverability of the main Play Store.</p> <p>If an IT team finds a bug on Monday and fixes it on Tuesday, the fix will not be live on the Google Play Store until Friday. Unlike a web deployment, which could take minutes, a new app deployment tends to involve more communication and coordination. To mitigate this challenge, it helps to be able to do separate releases for beta testers. This way, teams can keep both a "stable" version in the Play Store and a "latest" version in a special release.</p> <h3 data-end="4130" data-start="4096" data-section-id="1y45np2">Android development advantages</h3> <p>Android's open ecosystem gives developers greater flexibility and access to a wide range of devices and deployment options.</p> <ul class="default-list"> <li data-end="4164" data-start="4148">Open ecosystem.</li> <li data-end="4198" data-start="4167">Multiple distribution options.</li> <li data-end="4228" data-start="4201">Broad global device reach.</li> <li data-end="4259" data-start="4231">Flexible development tools.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Understanding Apple iOS app development"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Understanding Apple iOS app development</h2> <p>Because Apple is the only manufacturer of an integrated, closed system, it offers richer commercial support, as well as less choice for developers. The main development environment for iOS applications is Xcode, which runs on Apple platforms only. Organizations that live and breathe Microsoft Windows and .NET must purchase Mac computers for their programmers. The other option is to outsource, which will require a support plan when the main development contract ends.</p> <p>While it is possible to program for Kotlin on iOS, this is a <a href="https://www.techtarget.com/searchmobilecomputing/definition/cross-platform-mobile-development">cross-platform mobile development</a> approach, which has some drawbacks. Swift has become the standard programming language for iOS, which Apple touts as intuitive and easy to learn. Perhaps more importantly, Swift places an emphasis on code safety. This <a href="https://www.techtarget.com/searchsoftwarequality/feature/Learn-5-defensive-programming-techniques-from-experts">prevents the common C and C++ programming mistakes</a> with object references, null pointers and out-of-bounds index references.</p> <p>Developing for iOS in the Apple ecosystem offers several advantages. For example, launching an app on an Apple Watch is as simple as clicking "Show App on Apple Watch" from its paired iPhone. Xcode also supports VisionOS, the operating system for Apple's VR headset. SwiftUI, the UI extension for Swift, runs on all the platforms, which means developers can code for the Apple Watch, the iPhone, the iPad and the Vision Pro in the same environment.</p> <p>Apple reports that 90% of submissions are reviewed in less than 24 hours on average, though review can take longer for complex or nonstandard apps, especially those requesting numerous permissions. Apple's beta testing tool, which lets users try versions of software before they reach the App Store, is called TestFlight. Again, Android offers choices, while Apple offers one straightforward, prechosen experience.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/qt6gSW-uYKI?si=4udY1aOj58s8Lyvn?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <h3 data-end="4374" data-start="4337" data-section-id="162kh62">Advantages of the Apple ecosystem</h3> <p>Developing within Apple's ecosystem offers several advantages because the company controls both the hardware and software environment.</p> <ul class="default-list"> <li data-end="4432" data-start="4392">Consistent hardware and OS environment.</li> <li data-end="4462" data-start="4435">Strong commercial support.</li> <li data-end="4509" data-start="4465">Integrated tools such as Xcode and SwiftUI.</li> <li data-end="4579" data-start="4512">Unified ecosystem across iPhone, iPad, Apple Watch and Vision Pro.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Alternatives to iOS or Android application development"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Alternatives to iOS or Android application development</h2> <p>Some organizations choose alternatives to native development to reduce development complexity or maintain a single codebase across platforms. Three alternatives to consider are cross-platform mobile development, <a href="https://www.techtarget.com/searchsoftwarequality/definition/hybrid-application-hybrid-app">hybrid applications</a> and progressive web applications (PWAs).</p> <p>Cross-platform mobile development involves creating source code in a single programming platform, then having that platform build from the single set of source code across different OSes. Examples of cross-platform development tools include React Native and Flutter. React Native is a mobile and web app framework where programmers write code using a JavaScript library. Flutter is an open source framework where programmers <a href="https://www.techtarget.com/searchapparchitecture/tip/4-reasons-Dart-is-still-a-language-worth-learning">write code in Dart</a>, which compiles down to target iOS, Android, web, Mac, PC or even Linux applications. Microsoft also offers the .NET toolchain to write mobile apps in C# for iOS or Android.</p> <p>Another option is to develop a hybrid app. Hybrid apps combine a traditional application with an embedded, possibly full-sized web browser, pointing to a website. This cross between native and web development enables programmers to write in HTML5, CSS and JavaScript, like they would with a web app. Users then download the application from an app store, like they would with a native app. Hybrid apps can also use some device-specific resources via internal APIs.</p> <p>Developers can also build a PWA, or a website that acts as if it is a mobile app. Similar to a hybrid app, a PWA uses web technologies such as HTML and JavaScript. To provide a suitable UX for mobile users, it will resize to fit the device's screen. It can also appear on the device's home screen, send push notifications and work offline. The user feels like they are double-clicking a mobile app, but the programmer only has to write one webpage that works for both desktop and mobile. Unlike a hybrid app, though, a PWA doesn't use OS-specific APIs and wouldn't be available on an app store, instead running in a browser.</p> <p>Both hybrid apps and PWAs can create challenges around security and consistency for login. Most mobile apps enable cached auto-login or at least the use of Face ID. Making the hybrid web experience seamless can require extra precautions, such as using Apple's Keychain services or the AccountManager <a target="_blank" href="https://developer.android.com/reference/android/accounts/AccountManager" rel="noopener">functionality</a> in the Android API.</p> <p>The idea of "write once, run anywhere" is attractive, but it has a few major drawbacks. First, the user interface standards between iOS and Android are different. Android typically uses a navigation bar and back button, while iOS relies on hierarchical navigation and tabs. Android typically includes a system-level back button or gesture, while iOS relies on navigation controls within the application interface. Programmers will need to code to one standard or the other. The users who are left behind might experience friction and discomfort. In addition, cross-compiled frameworks are inevitably written by an external provider, addressing at least two moving targets. They're designed to help an organization take shortcuts.</p> <p>One thing to consider for cross-platform support is what that software will do. It might, for example, call other APIs for login, search and other commands. In that case, the app could mostly be a user interface, glue code and display code. If teams can create the APIs and UI design once, it might not be too much effort to write the UI and API client code twice. This does mean adding two <a href="https://www.techtarget.com/searchsoftwarequality/feature/Five-approaches-to-mobile-app-developer-software">sets of programming knowledge</a> to the organization. However, in the age of online training and approachable tool sets, that might be a solvable problem.</p> </section> <section class="section main-article-chapter" data-menu-title="Android vs. iOS app development pros and cons"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Android vs. iOS app development pros and cons</h2> <p>Both platforms offer advantages and tradeoffs for development teams. While iOS provides a tightly controlled ecosystem with consistent hardware and tools, Android offers a more open platform with broader device reach and distribution flexibility. Understanding the strengths and limitations of each approach can help organizations determine which platform best fits their development resources and user base.</p> <h3>Pros and cons of Android app development</h3> <p>Android development provides flexibility and a broad device ecosystem, but the platform's openness can create additional complexity for development and testing.</p> <p><b>Pros</b></p> <ul type="disc" class="default-list"> <li>Open source platform.</li> <li>Flexible distribution options.</li> <li>Large global user base.</li> <li>Wide range of devices and price points.</li> </ul> <p><b>Cons</b></p> <ul type="disc" class="default-list"> <li>Device fragmentation.</li> <li>More complex testing requirements.</li> <li>Inconsistent hardware capabilities.</li> </ul> <h3>Pros and cons of iOS app development</h3> <p>Development in iOS offers a controlled ecosystem with consistent hardware and strong commercial support. However, the closed platform also introduces limitations organizations must consider.</p> <p><b>Pros</b></p> <ul type="disc" class="default-list"> <li>Consistent hardware and OS ecosystem.</li> <li>Easier device testing environment.</li> <li>Strong monetization opportunities.</li> <li>Unified developer tools.</li> </ul> <p><b>Cons</b></p> <ul type="disc" class="default-list"> <li>Development requires macOS hardware.</li> <li>Limited distribution options.</li> <li>Stricter app review process.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="How to choose a development approach"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to choose a development approach</h2> <p>To find the right approach, admins should evaluate the demographics of their customer base and the needs of their IT team. According to <a href="https://gs.statcounter.com/os-market-share/mobile/worldwide">StatCounter</a>, Android holds roughly two-thirds of the global mobile OS market share, making the platform a strong option for organizations with a large international user base. Market share varies by region, however. In the U.S., iOS accounts for about 60% of the market, while Android holds roughly 40%.</p> <p>Large Java shops might want to start with Android, with its tradition and support of Java. Likewise, a .NET shop might also consider Microsoft's cross-platform toolchain to build mobile apps in C#, though some Apple platforms, such as WatchOS or VisionOS, still require native development tools. Marketing and creative agencies might have Apple devices on every desk or find it easier to get started with Xcode and iOS.</p> <p data-end="811" data-start="505">Choosing between iOS and Android development ultimately requires both a business and technical evaluation. Organizations should consider their target user demographics, the development tools and programming languages their teams already support, and the long-term maintenance requirements of each platform.</p> <p data-end="1222" data-start="813">In many cases, organizations prioritize one platform based on their audience or internal expertise. Others adopt cross-platform frameworks or progressive web applications to reach users across devices while managing development complexity. By evaluating both the technical tradeoffs and the business goals for the application, IT teams can select a mobile development approach that supports long-term success.</p> <p data-end="1222" data-start="813"><strong>Editor's note</strong>: <em>This article was updated to reflect current mobile development tools and platform differences, and to expand coverage of key comparisons between iOS and Android app development. </em></p> <p><b>Author's note: </b><em>The author would like to thank Michelle Bernardon and Rob Vander Sloot for their peer review and feedback. They made the article better.</em></p> <p><em>Matt Heusser is managing director at Excelon Development, where he recruits, trains and conducts software testing and development.</em></p> </section> Organizations building mobile apps must weigh iOS vs. Android development differences, including programming languages, tools, device fragmentation and deployment models. https://cdn.ttgtmedia.com/rms/onlineimages/competition_a299069360.jpg https://www.techtarget.com/searchmobilecomputing/tip/Comparing-mobile-development-in-iOS-vs-Android Thu, 12 Mar 2026 13:49:00 GMT Android vs. iOS app development: Key differences to know <p>Many organizations across various sectors rely on <a href="https://www.techtarget.com/searchenterprisedesktop/definition/kiosk-mode">kiosk devices</a>, but configuring and managing them can sometimes be challenging.</p> <p>Healthcare organizations, for example, use kiosks as <a href="https://www.techtarget.com/searchhealthit/tip/3-technologies-to-improve-the-patient-check-in-process">part of their check-in process</a> to confirm personal data and collect payments, while retail organizations may use them as point-of-sale devices. Kiosks are also widely used in restaurants and quick-service retail environments for self-service ordering. Kiosk configurations also help organizations secure shared devices by limiting user access to approved applications and system features.</p> <p>Organizations that want to deploy kiosk devices have several endpoint options from which to choose, including Android tablets, iPads and Windows devices. For enterprises that choose Windows devices for kiosk deployments, administrators can configure Windows 11 kiosk mode using several different management methods depending on the number of devices, management tools and security requirements involved.</p> <section class="section main-article-chapter" data-menu-title="4 methods for deploying Windows 11 kiosk mode"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4 methods for deploying Windows 11 kiosk mode</h2> <p>Windows 10 was the first OS to support Kiosk mode natively, so IT pros can lock down the OS and only allow users to use one or a few applications on any Windows 10 device. In many environments, administrators configure multi-app kiosks that allow a small set of approved applications while preventing access to the rest of the operating system.</p> <p>Organizations can still deploy Windows 10 kiosks on legacy hardware, but Microsoft ended support for Windows 10 in October 2025. Most new kiosk deployments should use Windows 11 to ensure ongoing security updates and long-term support.</p> <p>Here are four distinct methods IT professionals can use when setting up Windows 11 kiosk mode.</p> <h3>Setting up Windows 11 kiosk mode from the machine's local settings</h3> <p>Kiosk mode in Windows 11, or Assigned Access, requires <a href="https://www.techtarget.com/searchenterprisedesktop/tip/Understanding-the-features-of-Windows-11-Enterprise">Windows 11 Pro</a>. Assigned Access is Microsoft's built-in feature for locking a Windows device to one or more applications in a kiosk configuration. IT should only choose this option if they plan to set up one or two Windows 11 devices in kiosk mode, as manually setting up multiple kiosks can be time-consuming and prone to human error.</p> <p>When setting up a kiosk in Windows 11, a desktop admin is also creating a kiosk user account. They must turn kiosk mode on by going into <b>Accounts </b>under the desktop settings. Then, the desktop admin must choose <b>Set up a Kiosk</b> from the <b>Other Users</b> option. Next, the admin must click <b>Get started</b>. Then they must enter a name for the new account. There's also an option to use a local standard user account already on the device.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windowskiosk_image1-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windowskiosk_image1-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windowskiosk_image1-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windowskiosk_image1-h.jpg 1280w" alt="Screenshot of Windows 11 Assigned Access settings showing where administrators configure kiosk applications." height="222" width="279"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. Windows 11 Assigned Access settings allow administrators to choose which application runs when a kiosk user signs in. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The desktop admin must next choose the app to run when the kiosk account signs in. They can only select apps that run above the lock screen, as shown in the list of available apps. Here are some guidelines for choosing an app for a kiosk:</p> <ul class="default-list"> <li>Windows apps must be provisioned or installed for the assigned access account before a Windows admin can select them as the assigned access app.</li> <li>Updating a Windows app can sometimes change the Application User Model ID (AUMID) of the app, requiring the desktop Aadmin to update the assigned access settings to launch the updated app.</li> <li>Apps that the IT department created using the Desktop App Converter (Desktop Bridge) can't be used as kiosk apps.</li> </ul> <p>Once the admin selects an app, the desktop admin must choose <b>Close</b>.</p> <h3>Setting up Windows 11 kiosk mode with Windows PowerShell</h3> <p>The next option IT admins can choose to set up and configure kiosk mode on Windows 11 is the <a href="https://learn.microsoft.com/en-us/windows/configuration/kiosk-single-app#powershell" target="_blank" rel="noopener">PowerShell</a> cmdlets method. PowerShell cmdlets are command-line instructions that allow administrators to script kiosk deployments and apply consistent configurations across multiple devices. This method provides a flexible, scripted and repeatable approach to configure and deploy kiosk devices.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/redakiosk_02.jpg"> <img data-src="https://www.techtarget.com/rms/onlineImages/redakiosk_02_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/redakiosk_02_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineImages/redakiosk_02.jpg 1280w" alt="Screenshot showing PowerShell commands used to configure Windows kiosk mode." height="192" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. PowerShell cmdlets can automate the deployment and management of Windows kiosk mode across multiple devices. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>IT admins must sign into the kiosk as an administrator, then create a user account for Assigned Access. After the admin signs in as the Assigned User account, they can install the Universal Windows apps that meet the assigned access/above the lock guidelines. When the installation is complete, they sign out of Assigned User account and back in as an administrator.</p> <p>The PowerShell approach is especially effective for organizations that need to deploy several types of devices. Figure 2 shows some of the cmdlets that IT must use during the setup.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> PowerShell provides a flexible, scripted and repeatable approach to configure kiosk devices. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Removing Assigned Access with PowerShell requires running the following cmdlet: Clear-AssignedAccess.</p> <h3>Use the kiosk wizard in Windows Configuration Designer</h3> <p>Microsoft offers another way to manage and configure Windows devices without having to create a base image for them: the Windows Configuration Designer application, available for free from the Microsoft Store. IT admins can more easily define a kiosk configuration with the app and deploy it to any managed device because the app's kiosk wizard is user-friendly.</p> <p>However, it's important to note that only one instance of Windows Configuration Designer can run on a computer at a time. And while it can open multiple projects, it can build only one project at a time.</p> <h3>Deploy kiosk settings from an MDM platform or Microsoft Intune</h3> <p>Another method is to use mobile device management (<a href="https://www.techtarget.com/searchmobilecomputing/definition/mobile-device-management">MDM</a>) tools to deploy and manage kiosk devices. This option works well for organizations with many kiosks in different physical locations, such as retail stores or restaurants, that require centralized IT management.</p> <p>MDM-based kiosk deployments are especially useful for organizations that manage kiosks across multiple locations and need centralized configuration, updates and security monitoring.</p> <p>Many organizations now deploy kiosk devices using automated provisioning workflows such as Windows Autopilot combined with <a href="https://www.techtarget.com/searchitchannel/definition/Microsoft-Intune">Microsoft Intune</a> policies, allowing administrators to configure kiosk mode remotely during device setup.</p> <p>Platforms such as <a href="https://www.techtarget.com/searchvmware/tip/VMware-pitches-in-on-Workspace-ONE-UEM">VMware Workspace ONE UEM</a> and Microsoft Intune provide MDM capabilities that allow desktop admins to set up Windows 11 kiosk mode to manage devices remotely. These remote commands include the ability to lock some elements of Windows 11, turning these devices into kiosks.</p> <p>These tools can proactively alert IT when device problems require attention relating to storage, CPU usage, system errors or going offline. Using an MDM for remote kiosk management also helps IT ensure the kiosk devices receive the security patches and OS updates they need to remain secure and compliant.</p> <p>Windows kiosk mode provides organizations with a reliable way to deliver controlled user experiences on shared devices. Whether administrators configure kiosks locally, through scripts or with centralized device management platforms, the right deployment method depends on the number of devices and the level of control required.</p> <p><em>Will Kelly is a freelance writer and content strategist who has written about cloud, DevOps, AI and enterprise mobility.</em></p> <p><em>Reda Chouffani runs a consulting practice he co-founded, Biz Technology Solutions Inc., and is CTO at New Charter Technologies. He is a technology consultant with a focus on healthcare and manufacturing, cloud expert and business intelligence architect who helps enterprises make the best use of technology.</em></p> </section> Windows 11 kiosk mode allows IT to restrict devices to specific apps. There are four deployment methods: local setup, PowerShell, Windows Configuration Designer, and MDM tools. https://cdn.ttgtmedia.com/rms/onlineimages/keyboard_g1077903946.jpg https://www.techtarget.com/searchenterprisedesktop/tip/Setting-up-Windows-10-kiosk-mode-with-4-different-methods Wed, 11 Mar 2026 19:30:00 GMT Setting up Windows 11 kiosk mode with 4 different methods <p>Organizations that support remote and hybrid work often rely on mobile hotspots to maintain connectivity for employees who are traveling, working from temporary locations or responding to network outages. For IT teams, understanding the strengths and limitations of different hotspot options is important when deciding how to support remote workers.</p> <p>There are two types: dedicated hotspot devices and personal hotspots. Dedicated devices are hardware specifically made to provide a hotspot connection, and they come with their own data plans. A personal hotspot is a common smartphone feature that enables the phone to act as a wireless router, broadcasting a wireless network name -- service set identifier, or <a href="https://www.techtarget.com/searchmobilecomputing/definition/service-set-identifier">SSID</a> -- and enabling devices such as laptops and tablets to connect to it. Remote workers who lack reliable Wi-Fi can enable a <a href="https://www.techtarget.com/searchmobilecomputing/tip/How-to-troubleshoot-when-a-hotspot-is-not-working-on-Android">smartphone's hotspot</a> and connect laptops or tablets to restore internet access.</p> <p>Personal hotspots also have several limitations:</p> <ul class="default-list"> <li>Using a personal hotspot can quickly drain the smartphone battery, so users should plug their device into a power source while using it.</li> <li>While it can effectively support two or three devices, depending on network usage, using it to support an individual device will provide the best performance.</li> <li>The mobile phone hosting the hotspot must support the latest cellular and Wi-Fi technology.</li> <li>Hotspots use up a lot of cellular data.</li> </ul> <p>Because of these limitations, dedicated hotspot devices might be a better fit for certain use cases. While using a smartphone's hotspot feature is more cost-effective, there are features and capabilities that can make a mobile hotspot device more advantageous. Organizations should evaluate these options and their capabilities when deciding between personal hotspots and dedicated hotspot devices. For many organizations, the best strategy might be a combination of the two.</p> <p>IT managers should assess organizational needs to determine which tools to use. The following table outlines the differences between personal hotspots and dedicated hotspot devices.</p> <table class="main-article-table"> <thead> <tr style="height: 18px;"> <td style="width: 124.838px; height: 18px;"><b>Feature</b></td> <td style="width: 310.575px; height: 18px;"><b>Personal hotspot</b></td> <td style="width: 387.038px; height: 18px;"><b>Dedicated hotspot device</b></td> </tr> <tr></tr> </thead> <tbody> <tr style="height: 18px;"> <td style="width: 124.838px; height: 18px;"><b>Individual use</b></td> <td style="width: 310.575px; height: 18px;">Cost-effective.</td> <td style="width: 387.038px; height: 18px;">Usually too costly for an individual.</td> </tr> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>Multiple users</b></td> <td style="width: 310.575px; height: 50px;">Can handle a few users, but performance might be an issue.</td> <td style="width: 387.038px; height: 50px;">Many devices offer 10-30 connections, making it excellent for groups or team collaboration and remote meetings.</td> </tr> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>Battery life</b></td> <td style="width: 310.575px; height: 50px;">Drains the smartphone's battery.</td> <td style="width: 387.038px; height: 50px;">Offers 6-24 hours of continuous use for multiple users, depending on the device.</td> </tr> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>Data plan</b></td> <td style="width: 310.575px; height: 50px;">Usually built into the phone's data plan, but some plans exclude hotspot access.</td> <td style="width: 387.038px; height: 50px;">Wide variety of data plans, with some that come built into the device. More extensive offerings than phone plans.</td> </tr> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>International access</b></td> <td style="width: 310.575px; height: 50px;">Use the carrier's SIM. Unlocked to ensure local country SIM is often available.</td> <td style="width: 387.038px; height: 50px;">Some devices are locked to a carrier, but most are unlocked. Some devices only work in certain global areas.</td> </tr> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>Cost</b></td> <td style="width: 310.575px; height: 50px;">Included in the cost of the phone.</td> <td style="width: 387.038px; height: 50px;">Range in cost from $20-$1,000. Some are pocket-sized for individual use; others are large devices connecting 32 users.</td> </tr> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>Versatility</b></td> <td style="width: 310.575px; height: 50px;">Limited but simple to set up, and easier to use than a separate device.</td> <td style="width: 387.038px; height: 50px;">Some include Ethernet ports, external antenna ports, management software, or advanced security options. Various devices support Wi-Fi 4, Wi-Fi 5 and Wi-Fi 6. Flexible based on carrier network.</td> </tr> </tbody> </table> <p>For sales staff who operate on their own, the smartphone might be the best option. But for a team of auditors that need stronger security, an external hotspot device with multiple connections and more management would be best. If a user's smartphone doesn't have a hotspot feature or if their data plan excludes it, they might consider purchasing an inexpensive hotspot device. Overall, the choice should match the need.</p> <section class="section main-article-chapter" data-menu-title="Key factors when choosing a mobile hotspot device"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Key factors when choosing a mobile hotspot device</h2> <p>When selecting a dedicated hotspot device, IT teams should evaluate several factors, including cost, battery life and available features.</p> <h3>Cost of the device and data plan</h3> <p>Costs can range anywhere from $20 -- such as with small pocket hotspots for individual users -- to nearly $1,000 for hotspots that can connect over 30 devices and offer several additional features. These hotspots come with their own data plans as well. Some have plans built into the device, while others have separate plans.</p> <h3>Wireless standard connectivity</h3> <p>When purchasing a Wi-Fi hotspot, note which of the following wireless standards it supports:</p> <ul class="default-list"> <li><b>802.11ax (Wi-Fi 6).</b> This is the newest standard with the fastest speeds.</li> <li><b>802.11ac (Wi-Fi 5).</b> This standard has slower speeds and is found on most 4G LTE hotspots.</li> <li><b>802.11n (Wi-Fi 4).</b> This standard has the slowest speeds and is not ideal for connecting multiple devices.</li> </ul> <p>Compare the network frequencies of the device with the network provider. Note that <a href="https://www.techtarget.com/searchnetworking/answer/Does-Wi-Fi-6-have-better-range-than-previous-wireless-standards">wireless speeds vary</a> based on the carrier's availability in certain locations. Speeds might also vary across a country, but a Wi-Fi 6 device will connect to a Wi-Fi 4 network at the Wi-Fi 4 speed. Download speeds depend on the carrier's network in a given location.</p> <h3>Battery life</h3> <p>Battery life varies greatly, generally ranging from 6 to 24 continuous service hours. If the device is only used intermittently, battery life will be longer. Users should realistically be able to keep the device plugged in most of the time, so battery life isn't a top issue in many cases.</p> <h3>SIM card lock</h3> <p>This is one of the most important hotspot considerations. A locked device comes with a <a href="https://www.techtarget.com/searchmobilecomputing/definition/SIM-card">SIM card</a> from a carrier, and the customer is bound to that carrier. Thus, when using it internationally, it's not possible to shop around for a local SIM card to get a better rate. Verizon, AT&T and T-Mobile all provide locked versions that are available on Amazon or through the carrier. <a href="https://www.techtarget.com/searchmobilecomputing/definition/unlocked-cell-phone">Unlocked<i> </i>devices</a> do not come with a SIM -- or they come with a replaceable one -- so customers can purchase a SIM and separate data plan, which many manufacturers offer with their device.</p> <h3>International connections</h3> <p>This aspect is complicated, as international capability can mean different things. Some Huawei hotspots, for example, are built for Europe, Africa and parts of Asia, and they actually won't work in the U.S. If users need support for uncommon countries, check the list of countries the device supports.</p> <h3>5G range</h3> <p>There are <a href="https://www.techtarget.com/searchnetworking/feature/The-3-different-types-of-5G-technology-for-enterprises">three ranges for 5G</a>: low-band, mid-band and high-band. These bands operate at specific frequencies and provide varying speeds and areas of coverage. Low-band 5G has the best coverage of the three but the slowest speed. High-band 5G has the fastest connection speeds, but at a cost of limited coverage. Mid-band 5G provides a balance between the two, offering good speed and coverage. C-band, which the Federal Communications Commission <a target="_blank" href="https://www.fcc.gov/document/fcc-grants-c-band-spectrum-licenses" rel="noopener">granted</a> licenses for in 2021, is a frequency range on the mid-band spectrum that offers the best performance. Because it is new, however, few hotspot devices currently support it.</p> <p>IT administrators should also ask the following questions:</p> <ul class="default-list"> <li>Is the hotspot device commonly available? Devices should be easy to obtain for replacement and expansion.</li> <li>How many devices can the hotspot support simultaneously?</li> <li>Does the hotspot include a TS-9 port or other external antenna support? An antenna provides better coverage.</li> <li>Does the hotspot include an Ethernet port? This provides additional connectivity.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="10 mobile hotspot devices to consider"> <h2 class="section-title"><i class="icon" data-icon="1"></i>10 mobile hotspot devices to consider</h2> <p>It is important to review and compare the capabilities of mobile hotspot devices to determine which one fits an organization's requirements. The following table highlights key specifications for several mobile hotspot devices commonly used in enterprise and remote-work deployments.</p> <table class="main-article-table"> <thead> <tr style="height: 18px;"> <td style="width: 124.838px; height: 18px;"><strong>Device model</strong></td> <td style="width: 310.575px; height: 18px;"><strong>Cellular standard</strong></td> <td style="width: 387.038px; height: 18px;"><strong>Wireless standard</strong></td> <td style="width: 124.838px; height: 18px;"><strong>Devices supported</strong></td> <td style="width: 310.575px; height: 18px;"><strong>Battery life</strong></td> <td style="width: 387.038px; height: 18px;"><strong>SIM / Carrier flexibility</strong></td> <td style="width: 124.838px; height: 18px;"><strong>Notes</strong></td> </tr> </thead> <tbody> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>Alcatel Linkzone 2</b></td> <td style="width: 310.575px; height: 50px;">4G LTE</td> <td style="width: 387.038px; height: 50px;">Wi-Fi 4</td> <td style="width: 124.838px; height: 50px;">Up to 16</td> <td style="width: 310.575px; height: 50px;">Up to ~24 hours</td> <td style="width: 387.038px; height: 50px;">Unlocked; nano SIM</td> <td style="width: 124.838px; height: 50px;">Budget LTE hotspot widely used for basic connectivity</td> </tr> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>Franklin JEXtream RG2100</b></td> <td style="width: 310.575px; height: 50px;">5G, 4G LTE</td> <td style="width: 387.038px; height: 50px;">Wi-Fi 6</td> <td style="width: 124.838px; height: 50px;">Up to 30 (carrier limits might vary)</td> <td style="width: 310.575px; height: 50px;">~12 hours</td> <td style="width: 387.038px; height: 50px;">Carrier variants available</td> <td style="width: 124.838px; height: 50px;">Commonly offered through enterprise mobility programs</td> </tr> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>GlocalMe U50 Numen Air 5G</b></td> <td style="width: 310.575px; height: 50px;">5G, 4G LTE</td> <td style="width: 387.038px; height: 50px;">Wi-Fi 5</td> <td style="width: 124.838px; height: 50px;">Up to 16</td> <td style="width: 310.575px; height: 50px;">~12-15 hours typical</td> <td style="width: 387.038px; height: 50px;">CloudSIM plus nano SIM</td> <td style="width: 124.838px; height: 50px;">Designed for global connectivity and international travel</td> </tr> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>Inseego MiFi X Pro 5G</b></td> <td style="width: 310.575px; height: 50px;">5G, 4G LTE</td> <td style="width: 387.038px; height: 50px;">Wi-Fi 6</td> <td style="width: 124.838px; height: 50px;">Up to 32</td> <td style="width: 310.575px; height: 50px;">Up to ~10 hours (battery); supports continuous AC-powered operation</td> <td style="width: 387.038px; height: 50px;">Carrier variants available</td> <td style="width: 124.838px; height: 50px;">Includes Ethernet port and enterprise management/security features</td> </tr> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>Keepgo Lifetime World Mobile Hotspot</b></td> <td style="width: 310.575px; height: 50px;">4G LTE</td> <td style="width: 387.038px; height: 50px;">Wi-Fi 4</td> <td style="width: 124.838px; height: 50px;">Up to 15</td> <td style="width: 310.575px; height: 50px;">Up to ~7 hours</td> <td style="width: 387.038px; height: 50px;">Global SIM / prepaid data</td> <td style="width: 124.838px; height: 50px;">Designed for international use with prepaid data bundles</td> </tr> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>Netgear Nighthawk M6 Pro</b></td> <td style="width: 310.575px; height: 50px;">5G, 4G LTE</td> <td style="width: 387.038px; height: 50px;">Wi-Fi 6E</td> <td style="width: 124.838px; height: 50px;">Up to 32</td> <td style="width: 310.575px; height: 50px;">Up to ~13 hours</td> <td style="width: 387.038px; height: 50px;">Unlocked; nano SIM/eSIM</td> <td style="width: 124.838px; height: 50px;">High-performance hotspot with 2.5 GbE Ethernet port</td> </tr> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>Netgear Nighthawk M7</b></td> <td style="width: 310.575px; height: 50px;">5G</td> <td style="width: 387.038px; height: 50px;">Wi-Fi 7</td> <td style="width: 124.838px; height: 50px;">Up to 32</td> <td style="width: 310.575px; height: 50px;">Up to ~13 hours (estimated)</td> <td style="width: 387.038px; height: 50px;">eSIM plus nano SIM</td> <td style="width: 124.838px; height: 50px;">Next-generation hotspot designed for high-performance deployments</td> </tr> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>Orbic Speed 5G UW</b></td> <td style="width: 310.575px; height: 50px;">5G</td> <td style="width: 387.038px; height: 50px;">Wi-Fi 6</td> <td style="width: 124.838px; height: 50px;">Up to 30</td> <td style="width: 310.575px; height: 50px;">Up to ~12 hours</td> <td style="width: 387.038px; height: 50px;">Carrier locked (Verizon)</td> <td style="width: 124.838px; height: 50px;">Designed for Verizon Ultra Wideband network</td> </tr> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>SIMO Solis 5G</b></td> <td style="width: 310.575px; height: 50px;">5G, 4G LTE</td> <td style="width: 387.038px; height: 50px;">Wi-Fi 6</td> <td style="width: 124.838px; height: 50px;">Up to 16</td> <td style="width: 310.575px; height: 50px;">Up to ~24 hours</td> <td style="width: 387.038px; height: 50px;">CloudSIM global data</td> <td style="width: 124.838px; height: 50px;">Global hotspot with flexible international data plans</td> </tr> <tr style="height: 50px;"> <td style="width: 124.838px; height: 50px;"><b>SIMO Solis Lite</b></td> <td style="width: 310.575px; height: 50px;">4G LTE</td> <td style="width: 387.038px; height: 50px;">Wi-Fi 4</td> <td style="width: 124.838px; height: 50px;">Up to 10</td> <td style="width: 310.575px; height: 50px;">Up to ~16 hours</td> <td style="width: 387.038px; height: 50px;">CloudSIM global data</td> <td style="width: 124.838px; height: 50px;">Lower-cost global hotspot that can also function as a power bank</td> </tr> </tbody> </table> <p>Analyzing where the device will be in use, necessary features and performance expectations can help IT managers match up user requirements with devices. However, the cost of the data plan will be a key factor in determining the strategy that is the best fit. Consider existing corporate data plans and any benefits that might come with current network carriers to make a cost-effective decision. Pre-owned hotspot devices or hotspots that don't offer international capability are also affordable options to look into.</p> <p>The following devices illustrate several types of mobile hotspot deployments, including budget LTE models, enterprise-grade 5G hotspots and globally focused connectivity options.</p> <h3>Alcatel Linkzone 2</h3> <p>Alcatel's Linkzone 2 is a budget-friendly LTE hotspot widely available through carriers and third-party sellers. It's designed for long runtimes, with a 4,400 milliampere-hour battery rated for up to 24 hours of use in some scenarios, and it can connect up to 16 devices.</p> <h3>Franklin JEXtream RG2100</h3> <p>The Franklin JEXtream RG2100 is a portable 5G hotspot designed for mobile and remote connectivity. It supports 5G and 4G LTE networks and uses Wi-Fi 6 to share internet access with up to 30 devices. Carrier variants are commonly offered through enterprise mobility programs.</p> <h3>GlocalMe U50 Numen Air 5G</h3> <p>GlocalMe's U50 Numen Air is a portable hotspot that supports 4G LTE and 5G connectivity and can share access with up to 16 devices. It uses an integrated CloudSIM approach and also supports a physical nano SIM card for situations where organizations prefer to supply their own carrier plan.</p> <h3>Inseego MiFi X Pro 5G</h3> <p>The MiFi X Pro 5G is built for business use cases that require higher performance and stronger management/security features. It supports Wi-Fi 6 and up to 32 connected devices, and it includes a Gigabit Ethernet port for wired connectivity. Carrier variants are available through major providers.</p> <h3>Keepgo Lifetime World Mobile Hotspot</h3> <p>Keepgo's Lifetime World Mobile Hotspot is aimed at travel and distributed workforces that need flexible, prepaid connectivity. Keepgo markets it as a compact device (3.2 oz; 4.1 x 2.5 in) that can connect up to 15 devices and work across 100+ countries, with "lifetime"/valid-forever data bundles that require periodic top-ups to remain active.</p> <h3>Netgear Nighthawk M6 Pro</h3> <p>Netgear's Nighthawk M6 Pro is a premium hotspot designed for high-performance deployments. Netgear specifies Wi-Fi 6E support, connectivity for up to 32 devices and a 2.5 Gig Ethernet port for wired use cases.</p> <h3>Netgear Nighthawk M7</h3> <p>The Nighthawk M7 is a newer-generation hotspot that Netgear positions around emerging Wi-Fi 7 performance and flexible connectivity via eSIM plus physical SIM support. Netgear also markets it for global use and specifies support for up to 32 devices.</p> <h3>Orbic Speed 5G UW</h3> <p>The Orbic Speed 5G UW is a carrier device offered through Verizon, which specifies that it can connect up to 30 Wi-Fi devices and run for up to 12 hours of continuous use.</p> <h3>SIMO Solis 5G</h3> <p>SIMO's Solis 5G is positioned as a global hotspot that supports dual-band Wi-Fi 6, connectivity for up to 16 devices and up to 24 hours of battery life, with flexible data plan options.</p> <h3>SIMO Solis Lite</h3> <p>The Solis Lite is a smaller, lower-end hotspot that SIMO also markets as a power bank. SIMO specifies up to 10 connected devices and a 16-hour battery life.</p> </section> <section class="section main-article-chapter" data-menu-title="Choosing the right mobile hotspot deployment strategy"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Choosing the right mobile hotspot deployment strategy</h2> <p>Organizations that support remote work should evaluate how employees use hotspot connectivity and what level of reliability and security is required. For individual users who occasionally need backup connectivity, a smartphone's personal hotspot might be sufficient. However, teams that depend on consistent mobile connectivity -- such as field staff, auditors or traveling professionals -- might benefit from dedicated hotspot devices with stronger performance and management capabilities.</p> <p>When selecting hotspot options, IT teams should consider factors such as device capacity, wireless standards, carrier compatibility, battery life and data plan costs. In many organizations, a combination of personal hotspots and dedicated devices can provide the flexibility needed to support remote workers while maintaining reliable connectivity.</p> <p><b>Editor's note:</b><i> This article was originally published in 2024 and updated in March 2026 to reflect newer mobile hotspot devices, updated specifications and current remote work connectivity practices.</i></p> <p><i>Gary Olsen has worked in the IT industry since 1983 and holds a Master of Science in computer-aided manufacturing from Brigham Young University. He was on Microsoft's Windows 2000 beta support team for Active Directory from 1998 to 2000 and has written two books on Active Directory and numerous technical articles for magazines and websites.</i></p> </section> Organizations that support remote work should understand how personal hotspots and dedicated hotspot devices differ. Compare these mobile hotspot options. https://cdn.ttgtmedia.com/rms/onlineimages/mobile_g1097898396.jpg https://www.techtarget.com/searchmobilecomputing/feature/Finding-the-best-mobile-hotspot-option-for-remote-work Mon, 09 Mar 2026 11:00:00 GMT How to choose the best mobile hotspot for remote work <p>Many company executives and contact center leaders know about the struggles to protect customer data. With increased distractions or assessing how new technology, like AI, can improve contact center services, company leaders can't lose focus on emerging security threats that could compromise data.</p> <p>Contact center security must remain a focal point to protect customer data and enhance customer confidence when interacting with an organization, which is key to <a href="https://www.techtarget.com/searchcustomerexperience/tip/How-to-improve-the-contact-center-experience-for-customers">better customer relationships and experiences</a>.</p> <section class="section main-article-chapter" data-menu-title="The increasing importance of contact center security"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The increasing importance of contact center security</h2> <p>Contact center security must be front and center when developing and implementing a strategic customer experience framework. Organizations that don't employ proper security controls could risk serious negative consequences, such as the following:</p> <ul type="disc" class="default-list"> <li><b>Financial.</b> A security or data breach can result in lost business revenue and fines levied by various entities that significantly affect the bottom line.</li> <li><b>Reputation.</b> Customers who feel their personal data isn't secure or who have been <a href="https://www.techtarget.com/searchsecurity/feature/10-types-of-security-incidents-and-how-to-handle-them">affected by security incidents</a>, such as identity theft, might no longer do business with the organization or post their concerns on various social channels. The goodwill and positive reputation an organization builds over time is one of the biggest drivers to acquiring and retaining customers.</li> <li><b>Business disruption.</b> Resources dedicated to running the business must be redirected to research and resolve the incident and improve security protocols.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Types of contact center security best practices"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Types of contact center security best practices</h2> <p>To avoid security problems, businesses need to implement a contact center security checklist that covers three categories: technology, customer and business best practices.</p> <h3>Technology best practices</h3> <p>In order to protect customer data and maintain security, companies and their contact centers should implement the following technology checklist:</p> <p><b>Encrypt data.</b> <a href="https://www.techtarget.com/searchsecurity/definition/encryption">Encryption</a> translates an organization's stored or transmitted data into different forms, which require a specific key to translate it back into its original format. Organizations often encrypt data to protect specific customer records, including medical, credit card or personal information.</p> <p><b>Update technology.</b> Keeping technology current ensures systems and components have the latest safeguards in place. Bad actors continuously test systems, looking for cracks that let them access data. Key practices to update technology include antivirus software, <a href="https://www.techtarget.com/searchsecurity/answer/Testing-a-security-patch">installing software patches</a> and eliminating legacy systems that vendors no longer support.</p> <p><b>Minimize data availability and access. </b>More data is being stored each day. And, with more individuals given access to that information, an organization multiplies its risk of a potential data breach. Best practices to minimize availability and access to data include the following:</p> <ul type="disc" class="default-list"> <li>Restrict the number of people who can access sensitive information.</li> <li>Use system permissions to manage who can access specific data.</li> <li>Automate session timeout rules.</li> <li>Delete employee access to accounts as soon as the person leaves the organization.</li> <li>Mask sensitive data to limit the information displayed to employees. For example, place asterisks over the first five digits of a Social Security number.</li> <li>Use alternate technologies to capture sensitive information. For example, send a caller to an <a href="https://www.techtarget.com/searchcustomerexperience/definition/Interactive-Voice-Response-IVR">interactive voice response</a> system to enter credit card information.</li> <li>Limit the storage of critical information. For example, delete data after a customer provides a credit card number in a transaction. This scenario represents a tradeoff between customer convenience and data security.</li> <li>Use firewalls and intrusion detectors to prevent and report attempted and unauthorized activity.</li> </ul> <p><b>Perform regular data backups. </b>Regular <a href="https://www.techtarget.com/searchdatabackup/definition/backup">data backups</a> should be established to minimize data loss and provide the ability to recreate customer records in the event of a security breach.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/https://youtu.be/SuNtmCgIhiM?si=2yJAWZLY8lMdBmBy?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <h3>Customer best practices</h3> <p>Businesses should institute the following <a href="https://www.techtarget.com/searchcustomerexperience/tip/How-to-fit-customer-experience-security-into-your-strategy">customer-related best practices to protect customer data</a>:</p> <p><b>Maintain transparency. </b>Companies must be transparent with customers, including telling them why the business requires sensitive data and how it uses and protects that information. Effective transparency goes beyond typical privacy statements, and organizations should share this information in an easy-to-understand format.</p> <p>Transparency improves customer confidence, which instills a higher level of trust in the organization. Additionally, if an organization can teach its customers how to protect themselves -- like how to monitor credit card usage -- they feel better about sharing information.</p> <p><b>Use authentication protocols. </b>Authentication aims to prove somebody is the person they claim to be. In the past, typical <a href="https://www.techtarget.com/searchsecurity/tip/Use-these-6-user-authentication-types-to-secure-networks">authentication protocols</a> used single-factor authentication that required users to enter a single piece of identifying information, such as a password. Many organizations have shifted to multifactor authentication, where users must enter multiple pieces of identifying information, like a password and an additional code. In many cases, the system sends the code to a user's mobile device.</p> <p>Voice authentication is a lesser-used technology. As the technology improves, it should become a more viable customer identification tool.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f.png 1280w" alt="Contact center checklist for data security and compliance." height="266" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>This compliance checklist ensures contact center agents keep customer data safe. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>Business best practices</h3> <p>Organizations should adhere to the following business-related procedures to protect customer data:</p> <p><b>Train employees. </b>Organizations need to <a href="https://www.techtarget.com/searchcustomerexperience/tip/Best-practices-for-call-center-agent-training-programs">continuously train contact center agents</a> to ensure they understand how easily bad actors can steal customer data. Employee training should focus on specific behaviors to protect customer data along with understanding the process to communicate suspicious activity. Training should include the following:</p> <ul type="disc" class="default-list"> <li>Follow smart practices to maximize password strength, like avoiding easily identifiable information.</li> <li>Shred documents with personal information and don't leave written notes around. Eliminate the need for paper documents wherever possible.</li> <li>Limit the information sent electronically to customers, like personal medical information.</li> <li>Don't open attachments or access links unless they come from a reliable source.</li> <li>Follow facility physical security protocols whether working on-site or remotely.</li> </ul> <p><b>Implement improved remote work practices.</b> Remote employees create new security gaps that can be addressed by the following measures:</p> <ul class="default-list"> <li>Require the use of company-issued devices.</li> <li>Develop requirements and monitor compliance for home network security and data access.</li> <li>Don't allow third-party listening systems in the remote workplace.</li> </ul> <p><b>Share responsibility for data security. </b>Everyone, even individuals outside of the contact center, is responsible for customer data security. Organizations can practice broad ownership of customer data security in many ways, including the following:</p> <ul type="disc" class="default-list"> <li>Monitor and <a href="https://www.techtarget.com/searchcustomerexperience/tip/How-to-train-agents-on-call-center-fraud-detection">report suspicious activity</a>.</li> <li>Restrict unauthorized hardware or software and access to questionable websites and documents.</li> <li>Bring unattended sensitive documents to leadership.</li> </ul> <p><b>Use security expertise. </b>Security expertise is critical to stay ahead of malicious actors. Organizations must bring on staff or use consulting firms that specialize in cybersecurity and other security-related matters.</p> <p>Protecting an organization from security breaches and managing sensitive information isn't a part-time job, and ensuring the proper controls are in place -- and keeping an eye on the future -- requires dedicated effort and expertise.</p> <p><b>Test security controls. </b>Organizations must continuously test their technologies and processes to protect customer data. Business leaders should never assume everything will work as planned, especially when dealing with human behaviors and sophisticated bad actors. Examples of testing security controls include the following:</p> <ul type="disc" class="default-list"> <li>Implement <a href="https://www.techtarget.com/searchcio/definition/security-audit">security audits</a>, including security log reviews if a breach occurs.</li> <li>Scan for malware and other unauthorized software regularly.</li> <li>Perform office and home workstation reviews to ensure agents follow security best practices.</li> <li>Include the testing of security controls and the recovery process as part of the overall business continuity planning.</li> </ul> <p><b>Prepare for a security breach. </b>Customers are more likely to feel confident in the recovery process if an organization quickly controls a breach and has an action plan to protect customers. Security breach preparation should be included in <a href="https://www.techtarget.com/searchdisasterrecovery/definition/Business-Continuity-and-Disaster-Recovery-BCDR">disaster recovery and business continuity plans</a> with specific actions outlining how and when to notify employees and customers, and how to support continued operations.</p> <p>Business executives and contact center leaders should not get distracted by other initiatives. As security threats become more sophisticated, CX leaders should always prioritize contact center security.</p> <p><i>Scott Sachs is president and founder of SJS Solutions, a consultancy that specializes in contact center strategy assessments and technology selection.</i></p> </section> Follow this comprehensive contact center security checklist that encompasses technology safeguards, customer data protection procedures and common business sense. https://cdn.ttgtmedia.com/rms/onlineimages/security_a135187239.jpg https://www.techtarget.com/searchcustomerexperience/tip/Call-center-security-best-practices-to-protect-customer-data Fri, 06 Mar 2026 02:30:00 GMT A guide to contact center security best practices <p>Remote and hybrid workers often rely on mobile hotspots when home internet fails or public Wi-Fi isn't available. But a hotspot can only provide internet access when the host device has a cellular data connection.</p> <p>No. In most cases, a mobile hotspot cannot provide internet access without cellular service. A hotspot works by sharing a device's cellular data connection with nearby devices over Wi-Fi. If the device has no signal or data connection, it can still broadcast a wireless network, but that network won't have internet connectivity.</p> <p><a href="https://www.techtarget.com/whatis/definition/mobile-hotspot">Mobile hotspot</a> technology has evolved over the years to provide greater reliability and better security features. With improved cellular coverage and modern hotspot hardware, users can connect to the internet from many locations where traditional Wi-Fi networks aren't available. As such, hotspots have become invaluable for those who need reliable internet access while on the go.</p> <p>However, users might not always have cellular service on the device they want to use as a hotspot. IT administrators should understand why hotspots can't work without service and how to troubleshoot when those issues occur.</p> <section class="section main-article-chapter" data-menu-title="How do mobile hotspots work?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How do mobile hotspots work?</h2> <p>When turned on, hotspots create a <a href="https://www.techtarget.com/searchnetworking/answer/Wireless-vs-Wi-Fi-What-is-the-difference-between-Wi-Fi-and-WLAN">wireless LAN</a>, acting as a wireless access point with a unique name and password. The device hosting the hotspot communicates with the cellular network carrier to establish an internet connection. Then, it shares that connection with the other devices connected to the hotspot.</p> <p>Hardware, such as routers and modems; mobile devices, such as iPhones and Android phones; and desktop OSes, such as macOS and Windows, often have built-in hotspot hardware and software. There are also <a href="https://www.techtarget.com/searchmobilecomputing/feature/Finding-the-best-mobile-hotspot-option-for-remote-work">dedicated mobile hotspot devices</a>, which exclusively offer hotspot functionality and come with their own data plans. In any case, hotspot hardware and software can broadcast a Wi-Fi signal that is picked up by other nearby devices. This creates a hotspot where those devices can access the internet without connecting directly to Ethernet or locally shared or secured Wi-Fi service set identifiers.</p> <p>Hotspots are useful in providing secure remote Wi-Fi access when secured networks aren't available. They're also a great way to <a href="https://www.techtarget.com/searchcio/post/How-IT-can-enable-long-term-hybrid-remote-work">enable remote work</a> and stay connected while on the go. For businesses, they provide a secure connection for employees to access corporate resources without worrying about risks on public Wi-Fi networks.</p> <p>With this technology, anyone can access the internet in places where traditional Wi-Fi connections aren't available or where an organization needs its data separated from an employee's home wireless network. In some scenarios, this can even eliminate a VPN on a personal network, routing all traffic through corporate-owned data plans and hotspots. However, hotspot performance still depends heavily on cellular signal strength and network coverage.</p> </section> <section class="section main-article-chapter" data-menu-title="Can a hotspot work without cellular service?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Can a hotspot work without cellular service?</h2> <p>No. A mobile hotspot cannot provide internet access without cellular service. A hotspot can technically function without cellular service, but only in a limited way. The device can still create a local wireless network, enabling nearby devices to connect to each other, but it cannot provide internet access without a cellular data connection.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> A mobile hotspot cannot provide internet access without cellular service. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Outside of local networking, however, a hotspot isn't useful without service because it relies on a cellular carrier to establish an internet connection. Without an active service plan or mobile data connection, the device hosting the hotspot cannot establish or share an internet connection over Wi-Fi.</p> <p>Cellular service is essential for hotspot internet access. Portable hotspot devices and phone-based hotspots both rely on a carrier's network to establish the internet connection that is shared with other devices. Without cell service, the user cannot access any of the hotspot's capabilities, including internet access, Wi-Fi calling and messaging. Therefore, users must ensure their device has an active service plan with hotspot services. Most mobile carriers provide hotspots as part of their <a href="https://www.techtarget.com/searchmobilecomputing/tip/Finding-the-best-cellphone-plans-for-small-businesses">cellular packages</a>, usually with monthly data caps.</p> </section> <section class="section main-article-chapter" data-menu-title="How to troubleshoot hotspot connection issues"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to troubleshoot hotspot connection issues</h2> <p>If a remote user is experiencing issues with their mobile hotspot, there are a few troubleshooting steps IT admins can recommend to reestablish the connection. In some cases, users might see a hotspot connection but still have no internet access or only limited connectivity because the host device doesn't have a usable cellular signal.</p> <p>Start with basic connectivity checks before moving on to deeper device or carrier troubleshooting.</p> <h3>Check the Wi-Fi settings</h3> <p>Make sure the user's device is connected to the correct Wi-Fi hotspot and the password is entered correctly. On most mobile and desktop OSes, the device hosting the hotspot sets a default password for it, but the user can change that manually. The steps to check the password of a hotspot depend on the device's OS.</p> <p>On Android devices, navigate to Settings > Network & internet > Hotspot & tethering (Figure 1). Some Android <a target="_blank" href="https://www.verizon.com/support/knowledge-base-304007/" rel="noopener">versions</a> differ in the location of this setting.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/hotspot_no_service_1-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/hotspot_no_service_1-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/hotspot_no_service_1-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/hotspot_no_service_1-h.jpg 1280w" alt="Android Settings showing the Network & internet menu with Hotspot & tethering highlighted."> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. In Android, navigate to Settings > Network & internet > Hotspot & tethering to view or configure hotspot settings. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>On iOS devices, go to Settings > Personal Hotspot > Wi-Fi Password (Figure 2).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/hotspot_no_service_2-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/hotspot_no_service_2-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/hotspot_no_service_2-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/hotspot_no_service_2-h.jpg 1280w" alt="iOS Personal Hotspot settings showing the Wi-Fi Password option."> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. In iOS, go to Settings > Personal Hotspot to view the Wi-Fi password and other hotspot settings. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>On macOS devices, go to Settings > General > Sharing and verify that <b>Internet Sharing</b> is toggled on (Figure 3).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/hotspot_no_service_3-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/hotspot_no_service_3-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/hotspot_no_service_3-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/hotspot_no_service_3-h.jpg 1280w" alt="macOS Sharing settings showing the Internet Sharing option."> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 3. In macOS, go to Settings > General > Sharing, turn on Internet Sharing and verify the password and other configurations. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>On Windows devices, go to Settings > Network & internet > Mobile hotspot (Figure 4).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/hotspot_no_service_4-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/hotspot_no_service_4-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/hotspot_no_service_4-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/hotspot_no_service_4-f.jpg 1280w" alt="Windows Settings showing the Mobile hotspot option under Network & internet." height="377" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 4. In Windows, go to Settings > Network & internet > Mobile hotspot to view or configure hotspot settings. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>Restart the mobile device</h3> <p>Sometimes, simply restarting the mobile device can help resolve issues with the wireless connection and hotspot services. Have the user turn off their device, wait a few seconds and then turn it back on.</p> <h3>Reset network settings</h3> <p>In extreme cases, resetting the network settings on the user's device can resolve <a href="https://www.techtarget.com/searchnetworking/tip/Wireless-network-troubleshooting-Connectivity">issues with the wireless connection</a>. To do this, navigate to the device's settings and select <b>Reset Network Settings</b>.</p> <p>Because a network reset removes all network settings, the user then has to reenter network passwords on personal networks. To reset networking settings on iOS devices, go to Settings > General > Transfer or Reset iPhone > Reset > Reset Network Settings. On Android devices, go to Settings > System > Reset options.</p> <h3>Check hotspot data allowance</h3> <p>Many cellphone plans come with hotspot services, but it's common for them to have specific limits on the amount of data available per month. The organization or user can check with their carrier to verify if they've exceeded their cellular data allowance. Carriers might block hotspot data or throttle internet speeds after a data overage.</p> <h3>Contact the service provider</h3> <p>If none of these steps work, the user might need to contact their service provider for further assistance. They can check for any known issues or outages in the area and help to troubleshoot the problem remotely.</p> </section> <section class="section main-article-chapter" data-menu-title="Why a hotspot might appear connected but still have no internet"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why a hotspot might appear connected but still have no internet</h2> <p>Sometimes a device can successfully connect to a hotspot but still be unable to access the internet. This happens because the hotspot can broadcast a Wi-Fi network even when the host device has little or no cellular signal. In these situations, the device connects to the hotspot network but cannot reach the internet because there is no underlying cellular data connection.</p> <p><b>Editor's note:</b> Michael Goad originally wrote this article<i> in June 2023. Katie Fenton later updated it to include more information on hotspot devices and improve readability.</i></p> <p><i>Michael Goad is a freelance writer and solutions architect with experience handling mobility in an enterprise setting.</i></p> <p><i>Katie Fenton is site editor for Informa TechTarget's Mobile Computing, Enterprise Desktop and Virtual Desktop sites.</i></p> </section> Hotspots rely on cellular service for internet access. Learn why a hotspot won't work without service and how IT admins can troubleshoot connection issues. https://cdn.ttgtmedia.com/rms/onlineimages/mobile_g1097898396.jpg https://www.techtarget.com/searchmobilecomputing/answer/Does-a-hotspot-work-when-a-mobile-device-has-no-service Thu, 05 Mar 2026 21:26:00 GMT Can a hotspot work without cellular service? <p>Apple <a target="_blank" href="https://www.apple.com/newsroom/2026/03/say-hello-to-macbook-neo/" rel="noopener">announced</a> the MacBook Neo this week, and its $599 price is something I didn't think I'd ever see from Apple. It's built on the A18 Pro chip (not an M-series processor, and not even the latest mobile processor), comes with only 8 GB of RAM, a 13-inch display and what can only be described as a budget spec sheet by Mac standards. Here's a quick interpretation of what this is, and what it isn't.</p> <section class="section main-article-chapter" data-menu-title="The specs are … ok"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The specs are … ok</h2> <p>The $599 base model gets you 256 GB of storage, two USB 3 ports (not Thunderbolt), no backlit keyboard and no Touch ID. If you want Touch ID and 512 GB of storage, that's the $699 configuration. Either way, you're getting 8 GB of memory and an iPhone-class processor, which puts this somewhere between a discounted MacBook Air and an iPad with the keyboard case that runs MacOS, though without a touchscreen. I'm sure this will be more than enough for the student or the end user who just does lightweight stuff in the browser. But with an older mobile processor and 8 GB of RAM, I don't expect this to be a machine that you can keep using for years and years.</p> <p>The specs are what they are. I found it interesting that the product page read like an intro-to-Mac guide written for someone who has never touched one, or who always wanted a Mac but didn't have the budget for one. It walks you through what the trackpad does, advertises Safari and FaceTime by name, and assures you that Microsoft 365 and Zoom work on Mac. It literally says, "even if you've never used a Mac before." There's even a section advertising "free antivirus protections," which is just Apple's <a href="https://www.techtarget.com/searchenterprisedesktop/tip/Does-macOS-need-third-party-antivirus-in-the-enterprise">existing XProtect and Gatekeeper</a> positioned against Defender.</p> <p>Apple has done competitive marketing before (remember "I'm a Mac?"), but those ads positioned Mac as cooler and better for people who were already cross-shopping. For the Neo, Apple is saying "we're equal" at the same volume as "we're cool." The whole page is designed to make that person comfortable with the idea of switching over.</p> <p>They're also leaning hard on the iPhone-plus-Mac story here, highlighting handoff, texting from your laptop, universal clipboard, AirDrop and iPhone mirroring. Anyone who has <a href="https://www.techtarget.com/searchenterprisedesktop/opinion/My-2-months-switching-from-Mac-to-Windows">tried to make Phone Link work on Windows</a> knows the pain Apple is solving, and the pitch is simple: If you already carry an iPhone -- and a lot of people do -- the ecosystem argument at $599 is suddenly very compelling. Plus, the laptop is literally cheaper than the cost of the phone. For some, that might be a no-brainer.</p> </section> <section class="section main-article-chapter" data-menu-title="Not really an enterprise device"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Not really an enterprise device</h2> <p>That said, this isn't going to rock the boat in the enterprise, and I'm not going to try to force it through that lens. With 8 GB of RAM and a mobile processor, I don't think that IT is going to add these to the list of machines that a user can pick from. Enterprise organizations will likely continue to buy MacBook Airs and Pros. The Neo might show up as a BYOD endpoint here and there, though, which does increase endpoint diversity. Past <a target="_blank" href="https://research.esg-global.com/reportaction/515202053/Toc" rel="noopener">research</a> of mine has shown that increasing endpoint diversity across both managed and unmanaged (including BYOD) devices is a driver of management and security complexity. I've got some research planned later this year to dig into that a bit more, and the MacBook Neo will definitely be on my mind then.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Enterprise organizations will likely continue to buy MacBook Airs and Pros. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Still, the implications of this are interesting, even if they're contained to the consumer market. Dell, HP, Lenovo, Acer and ASUS have had the under-$800 laptop market to themselves for as long as I can remember. They competed with each other at that level but never had to worry about Apple showing up. Now they do, and while Windows OEMs might be able to tell a better spec story at $599, specs aren't the whole picture, and Apple knows it. For the person who wanted a Mac but couldn't justify the price, whether that's a student or a parent who mostly does email and web browsing, Apple just removed the largest remaining barrier. It'll be interesting to see how (or if) the PC vendors react, and if any other barriers emerge.</p> <p><i>Gabe Knuth is the principal analyst covering end-user computing for Omdia.</i></p> <p><i>Omdia is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.</i></p> </section> The $599 MacBook Neo marks Apple's push into budget laptops, offering basic specs but a strong ecosystem pitch to first‑time Mac users. https://cdn.ttgtmedia.com/rms/onlineimages/keyboard_g164210754.jpg https://www.techtarget.com/searchmobilecomputing/opinion/Apple-just-went-down-market-with-MacBook-Neo Thu, 05 Mar 2026 17:02:00 GMT Apple just went down-market with MacBook Neo Search Mobile Computing Resources and Information from TechTarget 60 webmaster@techtarget.com