MDM Incident Response: Basics
RCCE students will learn Mobile Device Management security including device enrollment, policy deployment, application management, remote wipe capabilities, and compliance enforcement for mobile endpoints. RCCE students will learn to deploy and configure MDM solutions for enterprise mobile device management, design device enrollment workflows, create and enforce device security policies including passcode requirements, encryption, and jailbreak/root detection, manage application deployment and restrictions, configure conditional access policies for mobile devices, implement remote wipe and selective wipe procedures, monitor device compliance status, and respond to incidents involving lost, stolen, or compromised mobile devices. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. Building on core knowledge, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- Endpoint Security Engineers and EDR Analysts
- Windows and macOS Administrators managing privileges
- Identity and Access Management Engineers
- IT Security Operations Leads reducing attack surface
- Professionals implementing MDM Incident Response: Basics
- Execute hands-on tasks for security controls — covering Deploy and configure MDM solutions, conditional access policies.
- Build detections and response workflows for privilege escalation, including Respond to lost or stolen devices.
- Execute hands-on tasks for operational skills — covering Build composure during incidents.
- Execute hands-on tasks for what is mobile device management
- Execute hands-on tasks for core functions — covering Device enrollment and provisioning.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for management console
- Execute hands-on tasks for enrollment service
- Execute hands-on tasks for compliance engine — covering Web-based admin portal, Device identity verification.
- Execute hands-on tasks for device agent — covering Apple Push Notification Service (APNs).
- Design a scalable privilege management architecture with policy and enforcement, including Employee-owned devices.
| Module 01 | Security Controls |
| Module 02 | Incident Response |
| Module 03 | Operational Skills |
| Module 04 | What Is Mobile Device Management |
| Module 05 | Core Functions |
| Module 06 | MDM Architecture Components |
| Module 07 | Management Console |
| Module 08 | Enrollment Service |
| Module 09 | Compliance Engine |
| Module 10 | Device Agent |
| Module 11 | MDM Deployment Models |
| Module 12 | Device Ownership Models |
| Module 13 | Limited IT control scope |
| Module 14 | Device Enrollment Workflows |
All hands-on labs run on Rocheston Rose X OS. Students practice mdm incident response: basics by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for security controls
- Lab 2: Build detections and response workflows for privilege escalation
- Lab 3: Execute hands-on tasks for operational skills
- Lab 4: Execute hands-on tasks for what is mobile device management
- Lab 5: Execute hands-on tasks for core functions
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for MDM Incident Response: Basics, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI