Mobile Device Management (MDM) is a type of security software used by an IT department to monitor, manage, and secure employees' mobile devices, including laptops, that are deployed across multiple mobile service providers and across multiple mobile operating systems. A core function of MDM is to enforce corporate policies, which includes application management. This allows administrators to create whitelists of approved software and blacklists of forbidden software, thereby ensuring that only company-approved applications can be installed on user laptops, meeting the specified compliance requirement.

A. EDR (Endpoint Detection and Response) is a cybersecurity tool focused on detecting and investigating threats on endpoints, not primarily on enforcing software installation policies.

B. VPN (Virtual Private Network) provides secure, encrypted access to a private network over a public one; it does not manage software on the client device.

D. SaaS (Software as a Service) is a cloud-based software delivery model, not a management tool for controlling software installations on user endpoints.

1. National Institute of Standards and Technology (NIST). (2021). Special Publication 800-124 Rev. 2: Guidelines for Managing the Security of Mobile Devices in the Enterprise. Section 3.2

"Mobile Device Management (MDM) Systems

" states that MDM systems can be used for "managing applications" and "enforcing configuration settings" on devices. (Page 10).

2. Allen

J.

et al. (2014). A Survey of Mobile Device Management Security. Carnegie Mellon University Software Engineering Institute. CMU/SEI-2014-TN-009. Section 2.2

"Application Management

" describes MDM's capability to "enforce policies on which applications are allowed to be installed on a device (whitelisting/blacklisting)." (Page 5).

3. Microsoft Corporation. (2023). Application management with Microsoft Intune. Microsoft Learn Documentation. This official vendor documentation outlines how endpoint management solutions (the evolution of MDM) are used to "assign and manage apps on devices your company manages

" including enforcing policies for app installation.