Skip to main content

Guide to Deel On-Platform Mobile Device Management (MDM)

Ophelia Boamah Ampoh
  • Updated

Deel On-Platform Mobile Device Management (MDM), powered by JumpCloud, brings device security and lifecycle control into the same place you already manage your workforce. Built for IT, HR, and Operations leaders, it helps you standardize how company devices are enrolled, configured, monitored, and supported, without bouncing between tools. With real-time fleet visibility, policy collections, automated patching, and remote actions, teams can reduce manual work and deliver a true zero-touch experience from first boot to offboarding. 

This article explains how to access and set up Deel MDM, navigate the dashboard, manage device groups and policies, and handle everyday operations with confidence.

In this Article

First steps for MDM

Deel MDM, powered by JumpCloud, integrates device management directly into the Deel platform. Its core vision is to scale your IT operations by consolidating daily work, reducing manual tasks through automation, and creating a "zero-touch" IT experience. This eliminates the need to log into JumpCloud separately, bringing your IT and HR functions closer together.

Before you can use the Deel MDM module, the following requisites must be met (with the help of a Deel representative if required).

  • MDM Enabled: MDM should be purchased. Currently, our on-platform MDM feature is powered by JumpCloud, so one of the following JC Products should be purchased through Deel: Device Management, Platform, or Platform Prime. You can find more information about these here or through one of our representatives.
  • Per-Seat Pricing (Deel IT Admin): Your organization must be on a per-seat pricing plan with at least one active paid seat.
  • JumpCloud Linking: You (or a Deel representative) must connect your organization's Deel platform to your JumpCloud instance. You can do this via the MDM page or the Integrations section in the platform. The API key will be needed for the sync. You can find this API key in your JumpCloud dashboard.

How to Access Deel on-platform MDM

MDM will be available inside the Deel IT section of your Deel account.

MDM Dashboard page

Once your JumpCloud account is connected, you can access the MDM module:

  1. From your Deel dashboard, navigate to the Deel IT tab.
  2. Click on the MDM tab in the sub-navigation header.

You will land on the Overview tab. You can switch between the other tabs at the top to navigate between Policy Management, Device Management, or the Event Log.

The Overview Tab

The Overview tab is your main dashboard for visualizing the general status of your device fleet, policy deployments, and OS releases.

It is comprised of several key widgets:

  • Devices Overview: Shows the general status of your fleet, including total, new, and inactive devices, with a 30-day trend graph. Click View all to go to the full Device Management tab.
  • Policy Deployment: A chart showing the deployment status of all policies (Successful, Pending, Failed). Click View all to go to Policy Management.
  • Fleet Distribution: A breakdown of your total devices by operating system (macOS, Windows, Linux, etc.). Clicking an OS will filter the device list to show only devices with that OS.
  • OS Releases: Displays the latest OS releases for macOS, Windows, and Linux. It will indicate if a new OS update is available for deployment.
  • Recommended for You: Provides tips and 1-click policy collections to help you secure your fleet, such as enforcing patch policies.
  • MDM First Steps: If you have no devices or policies, this special section will guide you to add your first devices and create a device group.

How to Manage Devices

The Device Management tab gives you centralized control to group devices, apply policies, and perform remote actions. It is possible to get more information on a single asset (including performing actions - like wiping, locking, or restarting the machine), or to explore device groups, with associated policies.

Overview of the Device Management Tab

Device Groups: Organize your devices. This includes default groups (e.g., all Windows devices) and custom groups you create. These groups are composed of devices and the associated policies they are enrolled in.

Devices List: A detailed list of every enrolled device, showing its name, status, OS, enrollment status, and policy compliance.

Remote Actions: From the device list, you can select a device and perform remote actions, including:

  • Lock
  • Shut down
  • Restart
  • Erase device

Note: For Mac/iOS, you will need your 6-digit security code to trigger these actions.

How to Create a Static Device Group (Manual)

A static group contains only the devices you manually add.

Start: From the Device Management tab, click Create device group. Give it a Name and Description.

Select Devices: Filter your device list and manually check the box for each device you want to add to this group.

Apply Policy Collection (Optional): You can assign an existing policy collection to this group during creation.

Review: Confirm your device selections and save the group.

How to Create a Dynamic Device Group (Rule-Based)

A dynamic group automatically adds or removes devices to a Device Group based on rules you define. 

Start: Click Create device group and provide a Name and Description.

Define Conditions: Use the conditions editor to build rules. For example:

OS = macOS AND

Architecture = Apple Silicon

Include/Exclude Devices (Optional): You can manually override the rules to include or exclude specific devices.

Apply Policy Collection (Optional): Assign an existing policy collection.

Review: Confirm your conditions and save the group.

How to Manage Policies

The Policy Management tab allows you to create, manage, and apply security policies to your devices through "Policy Collections".

Overview of the Policy Management Tab

  • Your Collections: View all collections applied to one or more device groups. You can View, Edit, or Delete collections. 
  • Deployed Policies: A list of all individual policies across all your collections. You can see the policy name, its deployment status (e.g., Applied, Failed, Pending), and which devices it targets.

How to Create a Custom Policy Collection

  • Start: From the Policy Management tab, click Add Policy Collection. See the policy gallery, then click Create a custom collection. Give your collection a unique Name and Description.
  • Add Policies: Browse the gallery and add one or more policies to your new collection (currently, there are around 264 different policies you can choose from). You can filter by Operating System or by pre-existing Policy Groups.
  • Configure Policies: Many policies require configuration (e.g., setting password complexity or Wi-Fi settings). The status indicator will show which policies are ready versus those needing configuration.
  • Deployment to Device Group(s): Select one or more target Device Groups to apply this collection to. Note: All policies must be fully configured before you can assign the collection.
  • Review & Confirm: Review your summary and click Create to deploy the policy collection to the selected groups. The new policy collection will be active by default.

OS Patch Policies

You can also create OS Patch Policies in a very convenient way. These Patch policies automatically apply updates to macOS, Windows, and Linux, reducing vulnerabilities and ensuring compliance, flexibly: from time windows to notifications, enforcement policies to builds.

It is possible to choose a pre-existing policy collection for a specific OS, or you can choose to create your own from scratch.

To create a Custom OS Patch:

Start: Click the Custom OS Patch button

OS: Select the Operating System from the dropdown. We support 3: MacOS, Windows, and Linux. Press next.

Details: In the Details page, you can configure the Settings you wish to apply. For example, you can enforce a system restart after a patch is applied, set deadlines for applying a new patch, specific times for system updates, or configure user notifications. Press Continue when ready.

Deployment: In the Deployment step, you can choose what Policy Collection you would like to apply these OS Patch settings to. You can select several collections, but at least 1 should be selected. Hit Continue when ready.

Review & confirm: Review the details and press Save Changes when ready.

How to Use the Event Log

The Event Log tab provides a comprehensive, real-time record of all MDM actions and API calls. It is a powerful tool for auditing, troubleshooting, and verifying operations.

Note: To see this tab, you need Admin permission.

Navigating the Event Log

Summary Cards: At the top, see a quick count of all Success and Error events for the selected time period.

Search & Filtering: Use the search bar, Status Type filter (Success, Error), or Date Range picker to find specific events.

Event Log Table: This table shows all events, with columns for:

  • Name / Timestamp: When the event occurred.
  • Status: A SUCCESS or ERROR tag.
  • Operation ID: A unique ID for the event. This is critical for troubleshooting.
  • Description: A technical summary of the API call.

Actor: The user or system that initiated the action.

Actions / Details: Click the Details button to open a side drawer with the full API request and response payload, which is essential for diagnosing errors.

Frequently Asked Questions (FAQs)

[ACCORDION] What does "zero-touch" IT management mean? 

It refers to the ability to have devices shipped directly to employees, which then automatically enroll and configure themselves with all company security policies and apps on their first boot-up, without any manual setup required from an IT admin.

[ACCORDION] Since this is powered by JumpCloud, do I still need to log into the JumpCloud console? 

No. The core vision of Deel MDM is to consolidate your tools. You can manage policies, devices, and remote actions directly from the Deel platform. The initial connection is all that's required.

[ACCORDION] What is the difference between a Static and a Dynamic Device Group?

A Static Group is manual. You pick which devices are in the group, and the list only changes if you manually add or remove them.

A Dynamic Group is automatic and rule-based. You set conditions (e.g., "All Windows Devices"), and the group automatically updates as new devices that meet those conditions are enrolled.

[ACCORDION] What if I don't see the "MDM" option under "Endpoint Management"? 

This likely means one of the prerequisites in the "Before You Begin" section has not been met. Please contact your Deel representative to ensure the MDM feature is enabled for your organization and that you are on a per-seat pricing plan.

[ACCORDION] Can I use another MDM provider with the Deel in-platform MDM?

At the moment, in-platform MDM supports JumpCloud only. 

Was this article helpful?
0 out of 0 found this helpful
Was this article helpful?
not helpful
very helpful
Return to top

Related articles