Review: Hexnode MDM

I am on the hunt for a mobile device management solution (MDM) that can manage Windows 10 devices for free or for a low cost with little or no minimums.

If I can find this type of MDM solution, then I will use it to improve our ability to support client hardware for our small businesses customers.

The basic features that I’m most interested are pretty simplistic:

  • Profiles – allow for custom XML policies
  • Applications – inventory including version and the ability to remotely install an MSI (because I want to be able to remotely install teamviewer)
  • Updates – ability to view which OS updates have been installed
  • Antivirus – ability to view antivirus status
  • Encryption – ability to view encryption status
  • Organizational Groups – ability to establish a hierarchy for managing multiple customers

Nice to have would be:

  • Scripting – ability to run a powershell script
  • Encryption – ability to enforce encryption and harvest keys

Today, I signed up for a free trial of Hexnode. Hexnode has a low per device fee, fairly low minimums (15 devices per month), and allows for a 30 day free trial.

First Impressions

My device enrolled into Hexnode MDM

The UI is not my favorite, but that really wouldn’t make or break my opinion of a tool. My real complaint is that there isn’t as much device information available as I would have liked. On the good side, I could see the version of the build that is on the device including monthly patch. On the bad side, I couldn’t see simple things like drive space and importantly I couldn’t see whether or not the Defender AV was up to date.

I don’t need a fabulous UI, but I do need to see a minimal amount of information about the device in order to provide adequate management.

Can it do what I need it to do?

Here are the results for each task that I attempted:

Policies – There are quite a few Windows 10 policies available but unfortunately this didn’t include Windows Update or Microsoft Defender Settings. That is a non-starter.

Applications – This tool was great for deploying a simple MSI but the inventory didn’t show everything that was installed on the device which is a big issue.

Updates – I was not able to push any update settings. I could see the build version, but without the ability to force the clients to install updates automatically it would be difficult to manage a fleet.

Antivirus – I was not able to see the antivirus or definitions status for Defender and I couldn’t push any settings so it would be difficult to manage a fleet with this tool.

Encryption – I could see the encryption status which is great. I could also push encryption policies, however I could not escrow the key.

Scripting – There was no scripting option so I would have to find another way to do troubleshooting (for example – renaming the software distribution folder)

Organizational Groups – There wasn’t a way to establish an organizational hierarchy, but you could use dynamic groups to allow for management of multiple organizations within the same environment.

In Summary

My favorite thing about this solution is how quickly you can spin up a new environment. However, the minimum of 15 devices along with the missing management capabilities for Windows 10 makes this tool not a very good fit for managing small business. As always, my suggestion to MDM providers is that they should provide the ability to use Custom XML for robust policies management without the need for policy UI development.

Has anyone else tried this tool yet? Let me know what you think about it…

Leave a Reply

%d bloggers like this: