Microsoft published a nice blog almost a year ago around the movement towards MDM for mobile devices. You can read it here but the crux of it is covered by this image:
The majority of enterprise customers I have seen tend to still be using traditional management with Domain join and ConfigMgr, perhaps throwing is DirectAccess or a Cloud Management Gateway to keep these devices under control. The benefit of course with DirectAccess is that you can also access your on-premises resources when connected externally meaning that your off-premise experience should mirror your on-premise experience when using mobile devices.
Modern management for BYOD makes a lot of sense, for we do not want to be joining random consumer equipment to our domains but adding a Work Account gives you some SSO and Intune can provide a portal for LoB applications and some basic security configuration.
From a CYOD perspective it gets more complicated. How I would see CYOD working in some organisations is that the equipment is purchased by the organisation but the user could choose what type of device they want and also how it is managed, rather than just always handing out the AD+ConfigMgr option but there is a much to consider. I’ll cover each of these topics in a series of blog posts, the links will appear once the posts are published:
- Where should MDM only devices sit on your network?
- How will you provision MDM devices?
- How are we going to access corporate resources when using MDM?
- How does the security of an MDM device compare to that of a Domain Joined device?
- How can we apply security policy to MDM only devices?
- How are you going to manage deploying applications to MDM and Domain Joined devices without duplicating effort?
Alex Pooley EUC Blog 