Appearance
MDM Integration Overview
Mobile Device Management (MDM) integration allows you to securely enroll and manage mobile devices into your Pradeo Security fleet with granular control over security policies and device groups.
What You Can Do
- Enroll Devices: Add mobile devices to your fleet securely using provisioned device slots
- Organize Fleet: Group devices by department, location, or security level
- Apply Policies: Enforce consistent security policies across device groups
- Monitor Status: Track device health, compliance, and security metrics
- Control Access: Manage device capabilities and respond to threats
Core Concepts
Device Groups
Device groups organize your devices and apply consistent security policies:
- Logical Organization: Group by department, location, or device type
- Policy Application: All devices in a group share the same security settings
- Agent Configuration: Define monitoring, detection, and response strategies
- Bulk Management: Update settings for multiple devices simultaneously
Learn more about Device Groups →
Provisioned Devices
Provisioned devices (device slots) are placeholders created via the API:
- Device Slots: Reserved spaces in your fleet for physical devices
- Single Enrollment Key: Unique key that allows exactly one device to enroll
- API-Managed: Created and managed through the REST API
- Group-Assigned: Automatically part of a device group
Learn more about Provisioned Devices →
Provisioning Workflow
The MDM provisioning process follows these steps:
┌─────────────────────────────────────────────────────────────┐
│ PROVISIONING WORKFLOW │
└─────────────────────────────────────────────────────────────┘
Step 1: Create Device Group
└─ Define logical group (department, location, etc.)
└─ Configure agent settings
└─ Set security policies
Step 2: Create Provisioned Devices (Device Slots)
└─ POST /v2/devices with groupId and enrollmentKey
└─ Provisioned device created in "agentless" status
└─ Enrollment key generated for physical device
Step 3: Physical Device Enrollment
└─ Install Pradeo Security app on mobile device
└─ Device uses singleEnrollmentKey to enroll
└─ Provisioned and physical devices couple
Step 4: Monitor & Manage
└─ Device reports security status
└─ Policies enforced automatically
└─ Track compliance and healthDevice Status Lifecycle
Devices progress through these states:
agentless → enrolled → online/offline- agentless: Provisioned device created, awaiting enrollment
- enrolled: Physical device has coupled with provisioned device
- online: Device is actively reporting and receiving updates
- offline: Device is enrolled but not currently connected
Provisioning Methods
1. API-Based Provisioning (Recommended)
Best for: Bulk operations, automated workflows, corporate devices
Create provisioned devices via API with unique enrollment keys, then distribute keys to users.
2. Enrollment Code Method
Best for: BYOD scenarios, simple user onboarding
Generate a group enrollment code that multiple devices can use to join the group automatically.
3. Manual MDM Interface
Best for: Small deployments, testing
Use the web console to create devices and generate enrollment links.
Security Considerations
Enrollment Key Security
⚠️ Critical Security Points:
- Each
singleEnrollmentKeycan only be used once - Never share enrollment keys in insecure channels
- Generate new keys for each device
- Revoke unused keys to prevent unauthorized enrollment
Device Group Security
- Define separate groups for different security levels
- Apply restrictive policies to sensitive departments
- Start with stricter policies, relax if needed
- Test policy changes with a test group first
Next Steps
- Device Groups - Learn to create and configure device groups
- Provisioned Devices - Learn to provision and manage devices
- API Reference - Explore all available endpoints