A Mobile Device Management (MDM) Configuration Review is a security assessment designed designed to ensure the configuration deployed to company mobile devices is secure.
The review assesses the current configuration against best practice guidelines to ensure the threat posed by company devices is managed and the potential impact of a compromised corporate mobile device is reduced.


Mobile phone devices are commonly used to facilitate enterprise communication, data access and more recently feature heavily in 2-factor authentication system integration.

Emerging threats and vulnerabilities are not confined to any one device or system and as the growth of mobile devices has occurred, the identification of vulnerabilities within these devices has also grown exponentially.

Due to the increasing use and threat, it is vital to ensure that mobile devices are securely configured.

During a MDM Review we examine the configuration and operating system to determine if a secure setup has been established and to ensure there are no identifiable weaknesses. The assessment is designed to pinpoint and rectify any holes within the configuration and covers patching levels, weak authentication, application white listing, logging and auditing as well as any antivirus system in place.

As part of our approach, our Penetration Testers use a combination of the most effective automated tools and manual exploitation techniques to identify vulnerabilities across your devices. Our extensive reports provide a thorough assessment of each vulnerability and provide business context alongside each finding.

This is supplemented by technical and non-technical descriptions to assist in prompt remediation activities and provide a thorough understanding of each issue.

An MDM Configuration Review will allow your business to:

  • Receive assurance around the secure configuration of your MDM and mobile devices.
  • Make ongoing improvements to your MDM via specialist support, advice and consultancy.
  • Adhere to regulatory bodies who require an MDM Configuration Review to be performed.
  • Gain access to a dedicated team of specialist CREST Registered penetration testers who use the latest tools and techniques to accurately assess and identify emerging threats


1. Why do I need an MDM Configuration Review?

Mobile devices can be used by staff members to access company information and resources. It can often by the case that these devices connect to a wireless network which has access to your internal company network.

Due to this level of access, it is imperative that mobile devices are managed and maintained in the same manner as any other system and are configured to a secure standard.

2. What MDM systems can I have tested?

MDM Configuration reviews, are conducted using manual techniques by an experienced penetration tester, comparing configured settings against a set of best practice guidelines and aiming to identify and security issues which may be present within the organisation’s mobile devices.

As the assessment is a largely manual process, MDM configuration reviews are typically not limited by brand or manufacturer and providing the settings are accessible the MDM in use by your organisation can be reviewed.

3. What will I receive after the test has been completed?

The deliverable from any MDM Configuration Review is a complete report, detailing and contextualizing each identified vulnerability against your business and relaying the risks that each issue poses to your systems and services.

The report provides a complete description of what each identified issue is, specific remediation advice on how to address the issue, and detailed evidence, wherever necessary to verify the issues impact.