MDM (Mobile Device Management) is a corporate IT system that enrols devices with a centrally-managed configuration server. MDM-enrolled phones, tablets, and laptops require the original organisation's credentials at first setup, even after factory reset, before the device can be activated for normal use.
Major MDM platforms include Jamf, Mosyle, Kandji, Microsoft Intune, VMware Workspace ONE, Cisco Meraki, and Google Workspace device management. On Apple devices, MDM enrolment is reinforced by Apple's Device Enrolment Program (DEP), which baked the enrolment into Apple's activation servers. Samsung's equivalent is Knox Configure / Knox Mobile Enrolment.
MDM-locked devices cannot be removed from the organisation's account by anyone except the original organisation's IT administrator. For wholesale buyers, this is a critical risk in three categories of stock:
- Education refresh, iPad and Galaxy Tab fleets from school districts. MDM rates of 70-90 percent are typical.
- Enterprise leasing returns, Lenovo and Dell laptops, corporate iPhones. Most are wiped properly but a percentage retain MDM enrolment.
- Field-service tablets, logistics, healthcare, retail deployments.
Always verify MDM status by booting through the activation flow on a sample unit before purchasing former-corporate or former-education stock.
MDM: common questions
What is MDM (Mobile Device Management)?
MDM is a corporate IT system that enrols devices with a centrally managed configuration server. An MDM-enrolled device requires the original organisation's credentials at first setup, even after a factory reset, before it can be used normally.
Why is MDM a risk for wholesale buyers?
MDM-locked devices can only be removed from the organisation's account by the original IT administrator. It is a critical risk in education refresh stock (where MDM rates of 70 to 90 percent are typical), enterprise leasing returns, and corporate fleets.
Which platforms commonly enforce MDM?
Major platforms include Jamf, Mosyle, Kandji, Microsoft Intune, VMware Workspace ONE, Cisco Meraki, and Google Workspace. On Apple devices it is reinforced by the Device Enrolment Program, and Samsung's equivalent is Knox Configure or Knox Mobile Enrolment.