MDM and Enterprise Device Management: From Mobile to IoT | Hardik Kanajariya

MDM and Enterprise Device Management: From Mobile to IoT

Understanding Mobile Device Management (MDM) and enterprise device management — Android Device Owner mode, MQTT communication, remote management, and the future of IoT control.

Development

Mar 28, 2026

What is MDM?

Mobile Device Management (MDM) allows organizations to:
  
  ✅ Enroll and configure devices remotely
  ✅ Push apps and updates silently
  ✅ Enforce security policies
  ✅ Lock, wipe, or locate lost devices
  ✅ Monitor device health and compliance
  ✅ Restrict features (camera, USB, settings)
  ✅ Create kiosk mode (single-app lock)

Android Device Owner Mode

Our HK AIR IoT Controls ($149) uses Android's Device Owner mode — the most powerful level of device control:

Android management levels:
  
  1. Device Admin       → Basic policies (password rules)
  2. Profile Owner      → Work profile (managed apps)
  3. Device Owner       → FULL device control (our level)
  
  Device Owner capabilities:
    - Silent app installation (no user prompt)
    - Factory reset protection
    - System app control

┌─────────────┐       MQTT        ┌──────────────┐
│  Web Portal  │ ──────────────▶  │ MQTT Broker   │
│ (Dashboard)  │ ◀──────────────  │ (Mosquitto)   │
└─────────────┘                   └──────┬───────┘
                                         │
                    ┌────────────────┬────┴────────────┐
                    ▼                ▼                  ▼
              ┌──────────┐   ┌──────────┐       ┌──────────┐
              │ Device 1  │   │ Device 2  │  ...  │ Device N  │
              │ (Android) │   │ (Android) │       │ (Android) │
              └──────────┘   └──────────┘       └──────────┘

Feature	REST API	MQTT
Connection	Request-response	Persistent
Latency	200-500ms	10-50ms
Battery	High (polling)	Low (push)
Offline queue	No	Yes (QoS 1/2)
Bidirectional	No (need webhooks)	Yes
Bandwidth	Headers per request	Minimal overhead

Scenario: Office building with 50 AC units
  
  Traditional:
    - Each AC has its own remote
    - No centralized control
    - Energy waste (AC running in empty rooms)
    - No scheduling
  
  With HK AIR:
    - Android devices connected to AC IR blasters
    - Central dashboard controls all units
    - Schedule-based automation
    - Temperature monitoring
    - Energy consumption analytics
    - Zones and groups

Scenario: Retail chain with 200 digital displays
  
  - Push content updates remotely
  - Schedule different content by time/day
  - Monitor display health
  - Reboot unresponsive devices
  - Kiosk mode prevents tampering

Scenario: Delivery company with 100 driver tablets
  
  - Lock devices to delivery app
  - Push route updates
  - Track GPS location
  - Restrict personal app usage
  - Remote wipe if device is lost

// Android Device Admin Receiver
class DeviceAdminReceiver : android.app.admin.DeviceAdminReceiver() {
    
    override fun onEnabled(context: Context, intent: Intent) {
        // Device admin enabled
        val dpm = context.getSystemService(DevicePolicyManager::class.java)
        
        // Set password requirements
        dpm.setPasswordMinimumLength(componentName, 6)
        
        // Disable camera
        dpm.setCameraDisabled(componentName, true)
        
        // Lock to kiosk app
        dpm.setLockTaskPackages(
            componentName,
            arrayOf("com.example.kioskapp")
        )
    }
    
    override fun onDisabled(context: Context, intent: Intent) {
        // Admin privileges removed
    }
}

Device Owner enrollment:
  
  1. NFC Bump        → Tap enrollment device to new device during setup
  2. QR Code         → Scan QR during initial device setup
  3. Google Zero-Touch → Cloud-based automatic enrollment
  4. Samsung KME      → Samsung-specific bulk enrollment
  5. ADB Command      → Developer enrollment for testing
  
  adb shell dpm set-device-owner com.example.mdm/.DeviceAdminReceiver

MDM Security Layers:
  
  1. TLS 1.3 for all communication
  2. MQTT over TLS (MQTTS port 8883)
  3. Certificate pinning on device
  4. Device attestation (verify genuine hardware)
  5. Encrypted local storage
  6. Tamper detection (root/bootloader)
  7. Compliance checks (policy enforcement)
  8. Audit logging (who did what, when)

Component	Technology	Purpose
Android Agent	Kotlin	Device-side MDM agent
Web Dashboard	React/Next.js	Central management portal
MQTT Broker	Mosquitto	Real-time communication
API Server	Node.js	Business logic and auth
Database	PostgreSQL	Device registry and logs

Emerging patterns (2026):
  
  Predictive maintenance → AI detects device anomalies before failure
  Smart scheduling      → ML optimizes AC/heating based on usage patterns
  Voice control         → "Hey Google, set all office ACs to 24°C"
  Edge computing        → Process data on-device, reduce cloud dependency
  Digital twins         → Virtual replicas for simulation and testing

MDM and Enterprise Device Management: From Mobile to IoT

What is MDM?

Android Device Owner Mode

MQTT Communication Architecture

Real-World Use Cases

Building an MDM Agent

Enrollment Methods

Security Considerations

HK AIR IoT Controls Platform

The Future: IoT + AI

Subscribe to my newsletter