ForeScout MDM Enterprise


ForeScout MDM supports the mobile device lifecycle: provision devices, manage device configuration, secure, monitor, support, manage applications, manage expenses, manage documents, secure email, integration with corporate email, secure document editing and sharing, mobile application security and secure browser.

IT organizations today need visibility and control over the mobile devices that are entering the enterprise, whether they are employee-owned or provided by your organization. ForeScout MDM Enterprise, powered by MaaS360, provides a comprehensive set of capabilities to get devices configured for enterprise access and ensure that corporate data stored on these devices is secure.

ForeScout MDM Enterprise supports the mobility lifecycle including provisioning, management, security, monitoring and help desk support. Comprehensive features include application management, expense management, document management, secure email, secure applications and secure browser.

Provision Devices
ForeScout MDM Enterprise streamlines the configuration and device enrollment process using SMS, email or a custom URL to make life simple for IT and mobile employees. Device enrollment takes just minutes. When combined with ForeScout CounterACT, provisioning is highly automated for any new device that accesses the network. Users can be authenticated over the network using Active Directory/LDAP, using a one-time passcode, or with SAML.

Manage Device Configuration
OTA configuration management provides simple delivery and maintenance of corporate device profiles, including Wi-Fi and VPN settings. Create custom groups for granular management. Define role-based administrative portal access rights. Decommission devices by removing corporate data and MDM control.

ForeScout MDM Enterprise provides dynamic, end-to-end security and compliance management. Enforcement of passcode policies and strong encryption keys protects sensitive business and personal data on mobile devices. Through real-time compliance management, ForeScout MDM Enterprise can detect when users opt out of your MDM program, install prohibited applications, jailbreak/root their mobile devices, or initiate SIM changes. Take automated actions such as messaging the user, blocking email, wiping corporate data from the device, or removing it from the network.


ForeScout MDM Enterprise provides integrated reporting and analytics to provide a high level view into your mobile device landscape across your enterprise with detailed hardware and software inventory reports, plus configuration and vulnerability details. Mobility Intelligence dashboards deliver an interactive, graphical summary of your mobile device operations and compliance.

ForeScout MDM Enterprise provides robust help desk capabilities for support procedures such as locating a device with GPS, resetting a user’s passcode, and sending a direct message to a device. ForeScout MDM Enterprise also provides an end-user support portal that allows users to do basic self-management of their device, such as wiping or resetting the password on a lost device.

Manage Applications
ForeScout MDM Enterprise lets you have your own centrally managed Application Catalog of approved or recommended public applications and in-house developed applications. Within the catalog users can instantly view apps available to them, install apps, and be alerted to update apps. IT administrators can set policies for blacklisted, whitelisted and required apps.

Manage Expenses
ForeScout MDM Enterprise enables organizations to set corporate-wide expense policies, and to proactively monitor and track mobile data and application usage. This lets you optimize your mobile spend and shift the accountability to business units and/or individual employees.

Manage Documents
ForeScout MDM Enterprise lets you distribute business documents to users of mobile devices while providing total manageability and control. Each document can have its own security policy, including required authentication, share restriction and time-based expiration, and be distributed to users, selected groups, or individual devices. Documents are distributed to the ForeScout MDM Enterprise Document Catalog on mobile devices, which is an encrypted document container that provides security, including data loss prevention controls and protection from unauthorized distribution. Integrate with content in SharePoint or Box, or leverage the MaaS360 Doc Cloud, a globally optimized distribution network which reduces network load and increases scalability and performance.

Secure Email
ForeScout MDM Enterprise delivers a secure office productivity app with email, calendar and contacts to allow employees to securely collaborate with colleagues while preserving the mobile experience on their personal devices. This addresses key risk management and data loss concerns.  Through authentication and authorization, only approved, valid users can access sensitive emails and data. With policies to control the flow of data, you can restrict sharing by users, forwarding of attachments and copying and pasting. Devices that are lost, stolen or compromised can be selectively wiped to remove the secure email container, attachments and profiles.

Integration with Corporate Email
With ForeScout MDM Enterprise Cloud Extender, you can securely integrate with email, calendar and contacts platforms including Exchange, Lotus Notes, and Microsoft Office 365, plus Active Directory and any required Certificate Authorities.


Secure Document Editing and Sharing
ForeScout MDM Enterprise allows users to edit and share documents on-the-go with colleagues and customers. This capability works with Secure Email for easy viewing and sharing of attachments while providing security.

Mobile Application Security
ForeScout MDM Enterprise provides a Software Development Kit (SDK) or app wrapper, which can be used to develop in-house apps that include key functions such as authentication, updates and usage reporting. Organizations can enforce device compliance checks prior to launching the app, and receive real-time alerts of compliance violations. Restrictions on copy and paste, as well as local and cloud data backups can be enforced. App-level tunnels can be provisioned for secure access to corporate data without needing a device VPN.

Secure Browser
ForeScout MDM Enterprise includes a Secure Browser application which reduces the vulnerability your mobile devices have to risky websites that may contain malware, violate HR policies, or simply waste your users’ precious time. The Secure Browser blocks known malware and malicious websites using a scanning engine and reputation database. IT administrators can specify categories of web content that are blocked, for example social networking sites, download sites, and explicit sites. When users try to access prohibited sites they can be sent custom text or HTML notifications, or redirected to a specific URL, and administrators can be alerted in real time. Optionally, native or third party browsers can be disabled. Secure access to corporate intranet sites and enterprise networks can be setup with no VPN required.

Integration with ForeScout CounterACT
Mobile Device Management (MDM) can help secure mobile devices and the sensitive corporate data that is frequently stored on such devices. But by itself, MDM is not a complete security solution for the following reasons:

  1. MDM systems can only see and manage devices that have already been enrolled in the MDM system.
  2. MDM systems typically do not control access to the network.
  3. MDM systems are often operated as another management silo, with another set of reports.

ForeScout MDM Enterprise integrates with ForeScout CounterACT through a simple plug-in module. Through this integration, you gain the following features:

  • Automated real-time detection of mobile devices the moment they try to connect to your network, including unmanaged and unknown devices.
  • Improved security by blocking unauthorized users and devices from the network.
  • Unified compliance reporting for endpoint devices—PCs, smartphones, and tablets.
  • Automated installation of MDM agents by directing unmanaged devices to an installation web page.
  • Unified network access control policy enforcement options
    • Allow compliant and managed devices onto the network
    • Limit network access based on device type, ownership, time of day, and compliance
    • Block non-compliant or certain types of devices from your network completely
  • Guest registration for personal mobile devices that are not owned by employees, Once a guest has registered and been approved, ForeScout CounterACT can restrict the user’s access to just the Internet.
  • Continuous protection. If malware on a mobile device tries to propagate or interrogate your network, ForeScout CounterACT will block the threat, and remove the device from your network.

Product Tours

Product Screenshots

Click image to enlarge.

MDM Watch List

View a summary of the status of devices.

Secure Document Sharing

Centrally manage documents, users, access controls, distribution, and policies.

Android MDM Policies

Manage the configuration for Android devices.

iOS MDM Policies

Manage the configuration for iOS devices.

MDM Actions

From within the ForeScout MDM Enterprise management console, take actions to protect data and the device over-the-air.

Send Enrollment Request

ForeScout MDM Enterprise discovers new users and devices, and allows IT to launch a simple end user self-service OTA enrollment process.

Cloud Extender

Integrate mobile devices with email, calendar, and contacts platforms such as BlackBerry Enterprise Server, Microsoft Exchange 2007 and 2010 Server, Lotus Notes, Active Directory or Microsoft’s upcoming Office 356.

Secure Mail screen shot imageSecure Mail

Secure office productivity app with email, calendar and contacts to allow employees to securely collaborate with colleagues while preserving the mobile experience on their personal devices.

Mobile Application Security screen shot imageMobile Application Security

Develop in-house apps using the SDK or app wrapper with full operational and security management to protect against data leaks.

Secure Browser screen shot imageSecure Browser

A fully functional web browser to enforce compliance and control access to content.


= Best = Good = Fair = Poor*
ForeScout CounterACT ForeScout CounterACT + ForeScout Mobile Security Module ForeScout CounterACT + MDM Integration + MDM MDM
Operational Management
Expense management
Inventory management
App management, app store
Network Security
Access control
Block threats
Detect on access
Profile device
Device and Data Security
Configuration enforcement
Containerization / encryption
Pll data privacy screening
Unified visibility and network access policy
User impact
Transparent Lightweight Lightweight Lightweight
$ $$ $$$* $$$$

*Assumes that high risk devices/users are enrolled in ForeScout MDM and lower risk devices/users are managed by ForeScout Mobile Security Module.



ForeScout MDM Enterprise, powered by MaaS360, is entirely cloud-based. It requires no on-premises installation, so deployment is quick and easy. In just a few clicks, IT can start enrolling devices and managing the entire mobile device lifecycle. It supports the following smartphone operating systems:

  • iOS version 4.3 and higher
  • Android version 2.2 and higher
  • BlackBerry Enterprise Server (BES) version 5.0 and higher
  • Windows Phone 7.5 and 8 devices when integrated with Exchange ActiveSync and Lotus Traveler