Must-have MDM solutions RFP template in 2025
In this article
Mobile device management isn’t just a nice-to-have for companies in 2025. With distributed workforces, global hiring, and tons of employees using their own devices for work (checking Slack from your phone, anyone?), IT teams need to secure laptops, phones, and tablets from anywhere in the world.
The wrong MDM solution creates bottlenecks, leaves devices unpatched, and forces IT staff into constant fire drills. The right one automates onboarding and offboarding, enforces compliance policies, integrates seamlessly with HR and identity systems, and provides real-time visibility across your fleet.
To choose wisely, many companies run a structured procurement process with a Request for Proposal (RFP). An RFP ensures vendors are evaluated consistently, surfacing differences in capabilities that might not appear in a demo.
This guide outlines the five most important areas to consider when evaluating an MDM solution, with subtopics for each and targeted RFP questions—plus, a downloadable template to help you get started.
1. Device onboarding and provisioning
Zero-touch deployment
Onboarding should not require IT to manually image laptops or configure mobile devices. A strong MDM supports zero-touch programs (Apple ADE, Android Enterprise, Windows Autopilot) so devices are secure and ready from the moment they’re unboxed.
Rippling supports zero-touch provisioning across macOS, Windows, iOS, and iPadOS, and uniquely ties setup to employee data so devices are automatically configured by role, team, or location.
Questions to ask
Do you support zero-touch enrollment programs like Apple ADE, Android Enterprise, and Windows Autopilot?
Can devices be configured and shipped directly to employees without IT handling?
Can you enforce security baselines (encryption, password, OS version) during enrollment?
Do you integrate enrollment with HRIS to automatically assign policies by role or department?
How do you handle remote and global shipping logistics?
Automated provisioning
Beyond the device itself, MDM must install required software, assign credentials, and apply policies automatically. Systems that integrate with SSO/IdPs can dynamically assign access.
Rippling goes further by unifying HR and IT: when a new hire joins, their apps, devices, and access policies are all provisioned automatically from a single source of truth.
Questions to ask
Can you automatically assign software and apps by role, team, or geography?
Do you support custom scripts for device configuration (e.g., macOS profiles, Windows GPOs)?
How are license assignments and revocations managed when employees move roles?
Can IT set baseline OS patching and update policies during provisioning?
Are provisioning workflows automated across devices, apps, and access policies?
Maui Oil had a patchwork of IT systems that slowed onboarding and created constant errors. Employees often waited days for devices and permissions, while IT wasted hours manually configuring accounts across Microsoft 365, Active Directory, and other tools. New hires even found their names misspelled or job titles incorrect due to disconnected processes.
RFP criteria: Automate device provisioning and app access based on employee role, enforce encryption and password policies by default, integrate natively with Microsoft 365 for account setup, generate audit logs for compliance, and streamline device returns and reassignment
Offboarding and device recovery
Offboarding is where many security gaps occur. Companies need to instantly revoke access, lock or wipe devices, and recover assets. Rippling automates the entire offboarding process: offboarding in HR deactivates accounts, revokes app access, and triggers device return workflows with prepaid shipping kits.
Questions to ask
Can devices be remotely locked, wiped, or disabled when an employee leaves?
Do you support automated workflows for revoking app access and licenses?
How do you track device return status and recover assets globally?
Can you reassign devices securely after inspection and wiping?
Do you generate audit logs for all offboarding actions for compliance review?
2. Policy enforcement and compliance
Automated compliance baselines
MDM must enforce key requirements automatically: encryption, OS patching, password standards, and MFA. Without this, IT wastes time chasing exceptions. Rippling enforces these policies by default and flags drift in real time. Because it’s connected to HR, enforcement can be scoped by role or region automatically.
Questions to ask
What compliance policies can be enforced automatically (e.g., encryption, password complexity, OS patching)?
Can policies be applied dynamically by role, department, or location?
Does the system provide a real-time compliance dashboard?
How are non-compliant devices flagged, remediated, or quarantined?
Can policy enforcement integrate with identity systems to block non-compliant devices from accessing apps?
SurrealDB was rapidly expanding across eight countries, juggling a patchwork of systems. This left them vulnerable to compliance gaps and legal oversights—from missed pension obligations to mishandled terminations—undermining their ability to scale internationally.
RFP criteria: Provide automated compliance workflows for international employment laws, enforce role-based access and permissions consistently across countries, generate audit-ready logs, integrate with payroll and benefits systems to meet local regulations, and centralize global employee data into one system of record to reduce errors.
Dynamic enforcement by role
Policies should not be static. A senior engineer may need SSH access, while a contractor should have restricted permissions. Rippling uses HRIS data as the source of truth, so policies update automatically when someone joins, changes roles, or moves teams.
Questions to ask
Can device and access policies update automatically when employees change roles?
Can policies be scoped by team, seniority, or location?
Are app access permissions tied to device compliance status?
Does the system support exceptions with approval workflows?
How are temporary elevated privileges managed and revoked?
Audit readiness
When auditors request evidence, pulling logs manually is painful. Your MDM should store immutable audit logs and generate compliance evidence instantly. Rippling does this out of the box, with built-in integrations for compliance tools like Drata and Vanta.
Questions to ask
Does the system generate immutable logs of all device and access activity?
Can you export evidence instantly for audits?
Are integrations available with compliance tools like Drata or Vanta?
How long are logs retained, and can retention be extended?
Does the system provide built-in templates for SOC 2, ISO, or HIPAA audits?
3. Application and software management
App deployment
Your MDM should streamline app distribution. Employees should receive the right software automatically, and IT should be able to push updates remotely. Rippling supports pre-built integrations with 800+ apps, allowing policies to assign and revoke access dynamically as roles change.
Questions to ask
Can apps be auto-installed by role, department, or geography?
Does the system support version pinning and update enforcement?
Can custom or private apps be deployed securely?
Are app installs tracked in compliance reports?
How are licenses reclaimed when an employee leaves?
App restrictions and security
MDM should block unauthorized apps and detect shadow IT. Rippling enables IT to enforce app allow/deny lists and monitor usage in real time, reducing risk from unapproved tools.
Questions to ask
Can you block unapproved apps from being installed?
Do you provide real-time alerts for suspicious app activity?
Can policies restrict access to apps based on device compliance status?
Is app usage visible at both user and team level?
Can restrictions be applied differently for corporate-owned vs BYOD devices?
Remote updates and patching
Software updates are critical for security. Rippling automates OS and app patch management across your fleet, so IT doesn’t need to push patches manually.
Questions to ask
Can IT enforce OS update deadlines with user deferrals?
Does the platform support staged rollouts of updates?
Can you exclude mission-critical devices from automatic updates?
Are patch compliance reports available for audits?
How quickly are vendor patches available for deployment?
4. Security and threat detection
Remote lock and wipe
Lost or stolen devices pose serious risks. Your MDM should allow instant lock or wipe from a central console. Rippling lets IT do this in one click, with audit logs captured for compliance.
Questions to ask
Can devices be remotely locked or wiped instantly?
Does the system provide confirmation when a device is secured?
Are remote actions logged for audits?
Can devices be put into a restricted “lost mode”?
Can devices be wiped selectively (corporate data only) vs full wipe?
Endpoint protection
Many MDMs require separate EDR solutions. Rippling includes endpoint protection (SentinelOne) out of the box, ensuring every device is covered by default.
Questions to ask
Is endpoint protection included or an add-on?
Does endpoint protection deploy automatically at enrollment?
How are threats detected and remediated?
Are alerts surfaced in the same dashboard as MDM compliance?
Does the system integrate with SIEM or SOC tools?
Threat alerts and monitoring
Security teams need real-time visibility into device posture to be able to detect threats quickly and efficiently. Rippling provides live dashboards and automated alerts when devices drift out of compliance, reducing response times.
Questions to ask
Does the platform provide real-time alerts for policy drift?
Can alerts be customized by severity and device group?
Are alerts delivered via integrations (e.g., Slack, email, SIEM)?
How does the system handle false positives?
Can alert history be exported for audits?
5. Reporting, analytics, and support
Real-time inventory and visibility
IT leaders need to know who has what device, where it is, and whether it’s compliant. Rippling provides live inventory dashboards tied directly to employee records, so you always have accurate data across different users, locations, roles, and departments.
Questions to ask
Does the platform provide live inventory of all devices by user?
Can reports be segmented by department, OS, or geography?
Are compliance metrics available in dashboards?
Can reports be exported to BI or SIEM tools?
Is inventory updated automatically when devices are reassigned?
Audit logs and exports
Audit trails must be immutable and easy to export. Rippling automatically collects device and access logs and integrates with Drata and Vanta to streamline compliance.
Questions to ask
Are device and access logs immutable?
Can logs be exported on demand?
Are log exports compatible with SIEM tools like Splunk or Datadog?
How long are logs retained?
Can IT customize log retention periods?
Implementation and support
An MDM solution is only as good as its rollout. Rippling can be deployed in days because it’s unified with HR and IT data. Dedicated support teams help configure policies, onboard employees, and train admins.
Questions to ask
What is your average implementation timeline?
Do you provide a dedicated implementation manager?
What SLAs exist for support response and resolution?
What support channels are available (chat, email, phone)?
Do you offer admin training and certification programs?
How Rippling helps enterprises
Rippling’s IT management software unifies MDM with HR, payroll, and IT in one platform. Unlike standalone point solutions, Rippling ties device management directly to employee data, automating the entire lifecycle: provisioning, policy enforcement, compliance, and offboarding.
With Rippling’s mobile device management software, enterprises can:
Provision laptops and apps automatically during onboarding
Enforce encryption, MFA, and patching by default
Lock or wipe devices instantly from a central dashboard
Manage device inventory across global warehouses
Automate audits with built-in compliance logs
Replace expensive point solutions and MSP contracts with one unified platform
By consolidating identity, device, and inventory management into one system, Rippling reduces costs and complexity while improving security and compliance.
Rippling RFP for MDM solutions example
Device onboarding and provisioning
Questions to ask | Example answers (Rippling) |
|---|---|
Do you support zero-touch enrollment programs like Apple ADE, Android Enterprise, and Windows Autopilot? | Yes. Rippling supports cross-OS MDM, including macOS, Windows, iOS, and iPadOS, with zero-touch deployment for each. |
Can devices be configured and shipped directly to employees without IT handling? | Yes. Rippling’s Device Store allows IT to ship pre-configured laptops and devices directly to employees anywhere in the world. |
Can you enforce security baselines (encryption, password, OS version) during enrollment? | Yes. Rippling enforces encryption, MFA, password policies, and OS patch levels automatically at enrollment. |
Do you integrate enrollment with HRIS to automatically assign policies by role or department? | Yes. Rippling uses HRIS data as the source of truth, automatically assigning apps, devices, and security policies by role, team, and location. |
How do you handle remote and global shipping logistics? | Rippling operates global warehouses (US, CAN, UK, EU, AUS) for device storage, shipping, and retrieval, ensuring secure logistics for distributed teams. |
Can you automatically assign software and apps by role, team, or geography? | Yes. Rippling auto-assigns apps and devices by role, department, and geography, leveraging HRIS as the source of truth. |
Do you support custom scripts for device configuration (e.g., macOS profiles, Windows GPOs)? | Yes. Rippling supports custom scripts and profiles for device configuration across OSs. |
How are license assignments and revocations managed when employees move roles? | Licenses are auto-assigned and revoked dynamically when roles or departments change in HRIS. |
Can IT set baseline OS patching and update policies during provisioning? | Yes. Rippling enforces patch baselines at provisioning and monitors compliance continuously. |
Are provisioning workflows automated across devices, apps, and access policies? | Yes. Rippling automates provisioning end-to-end, unifying devices, apps, and access policies. |
Can devices be remotely locked, wiped, or disabled when an employee leaves? | Yes. Rippling supports one-click remote lock and wipe from the admin console. |
Do you support automated workflows for revoking app access and licenses? | Yes. Rippling automatically revokes app access and reclaims licenses at offboarding. |
How do you track device return status and recover assets globally? | Rippling manages device returns with prepaid shipping kits and global warehouses. |
Can you reassign devices securely after inspection and wiping? | Yes. Devices can be inspected, wiped, and reassigned via Rippling workflows. |
Do you generate audit logs for all offboarding actions for compliance review? | Yes. Rippling generates exportable audit logs for all device and access events. |
Policy enforcement and compliance
Questions to ask | Example answers (Rippling) |
|---|---|
What compliance policies can be enforced automatically (e.g., encryption, password complexity, OS patching)? | Rippling enforces MFA, encryption, OS patching, and password policies automatically across all devices. |
Can policies be applied dynamically by role, department, or location? | Yes. Policies are scoped automatically by role, department, and location via HRIS integration. |
Does the system provide a real-time compliance dashboard? | Yes. Rippling provides live dashboards showing device compliance, OS versions, encryption, and patch posture. |
How are non-compliant devices flagged, remediated, or quarantined? | Devices trigger alerts automatically, with workflows to lock, wipe, or remediate them. Access reviews are also automated. |
Can policy enforcement integrate with identity systems to block non-compliant devices from accessing apps? | Yes. Rippling integrates with SSO to block non-compliant devices from sensitive apps until remediated. |
Can device and access policies update automatically when employees change roles? | Yes. Rippling updates device and app policies dynamically whenever HRIS role or department changes occur. |
Can policies be scoped by team, seniority, or location? | Yes. Policies can be scoped granularly to role, team, seniority, or location. |
Are app access permissions tied to device compliance status? | Yes. Device compliance is enforced as a prerequisite for app access. |
Does the system support exceptions with approval workflows? | Yes. Exceptions can be requested and approved, with audit trails. |
How are temporary elevated privileges managed and revoked? | Temporary privileges can be granted with time-based expiry and revocation. |
Does the system generate immutable logs of all device and access activity? | Yes. Rippling automatically collects and stores immutable audit logs. |
Can you export evidence instantly for audits? | Yes. Rippling exports compliance evidence on demand. |
Are integrations available with compliance tools like Drata or Vanta? | Yes. Rippling integrates with compliance platforms for continuous evidence collection. |
How long are logs retained, and can retention be extended? | Log retention policies are configurable; defaults meet SOC 2 and ISO requirements. |
Does the system provide built-in templates for SOC 2, ISO, or HIPAA audits? | Yes. Rippling provides audit-ready evidence and templates for SOC 2, ISO, and HIPAA. |
Application and software management
Questions to ask | Example answers (Rippling) |
|---|---|
Can apps be auto-installed by role, department, or geography? | Yes. Rippling automatically installs apps by role, department, and geography, tied to HR data. |
Does the system support version pinning and update enforcement? | Yes. Rippling supports version pinning and automated update enforcement. |
Can custom or private apps be deployed securely? | Yes. Rippling supports secure deployment of custom scripts and private apps. |
Are app installs tracked in compliance reports? | Yes. App installations and removals are logged for compliance and reporting. |
How are licenses reclaimed when an employee leaves? | Rippling automatically revokes licenses at offboarding and reassigns them as needed. |
Can you block unapproved apps from being installed? | Yes. Rippling enforces app allow/deny lists to prevent unauthorized installs. |
Do you provide real-time alerts for suspicious app activity? | Yes. Rippling triggers alerts for app activity outside of policy baselines. |
Can policies restrict access to apps based on device compliance status? | Yes. Device compliance is enforced before app access is granted. |
Is app usage visible at both user and team level? | Yes. App usage can be reported at user, team, and department levels. |
Can restrictions be applied differently for corporate-owned vs BYOD devices? | Yes. Rippling differentiates policies between corporate-owned and BYOD devices. |
Can IT enforce OS update deadlines with user deferrals? | Yes. Rippling enforces update deadlines with configurable user deferral options. |
Does the platform support staged rollouts of updates?
| Yes. IT can stage OS and app updates across pilot and production groups. |
Can you exclude mission-critical devices from automatic updates? | Yes. Rippling allows policy exceptions for mission-critical devices. |
Are patch compliance reports available for audits? | Yes. Patch compliance reports are automatically generated and exportable. |
How quickly are vendor patches available for deployment? | Vendor patches are available as soon as released, with automated enforcement options. |
Security and threat detection
Questions to ask | Example answers (Rippling) |
|---|---|
Can devices be remotely locked or wiped instantly?
| Yes. Devices can be remotely locked or wiped in one click from the Rippling console. |
Does the system provide confirmation when a device is secured? | Yes. Rippling provides confirmation and audit logs when remote actions succeed. |
Are remote actions logged for audits? | Yes. All remote actions are recorded in immutable audit logs. |
Can devices be put into a restricted “lost mode”? | Yes. Devices can be locked into Lost Mode with location tracking enabled. |
Can devices be wiped selectively (corporate data only) vs full wipe? | Yes. Rippling supports both selective wipes and full wipes, depending on device ownership. |
Is endpoint protection included or an add-on? | Endpoint protection (SentinelOne) is included with Rippling’s core and complete plans. |
Does endpoint protection deploy automatically at enrollment? | Yes. SentinelOne installs automatically during device enrollment. |
How are threats detected and remediated? | Threats are detected by SentinelOne and surfaced in Rippling dashboards, with automated remediation. |
Are alerts surfaced in the same dashboard as MDM compliance? | Yes. Security alerts are unified with MDM compliance data in Rippling. |
Does the system integrate with SIEM or SOC tools? | Yes. Rippling integrates with SIEM platforms via API and supports real-time sync. |
Does the platform provide real-time alerts for policy drift?
| Yes. Rippling surfaces real-time alerts when devices fall out of compliance. |
Can alerts be customized by severity and device group?
| Yes. Alerts can be scoped and customized by severity, device type, or group. |
Are alerts delivered via integrations (e.g., Slack, email, SIEM)? | Yes. Alerts can be routed to Slack, email, SIEM, and other channels. |
How does the system handle false positives? | Admins can review, dismiss, or adjust thresholds to reduce false positives. |
Can alert history be exported for audits?
| Yes. Rippling exports alert history and compliance events for audits. |
Reporting, analytics, and support
Questions to ask | Example answers (Rippling) |
|---|---|
Does the platform provide live inventory of all devices by user? | Yes. Rippling maintains a real-time inventory tied to employee records. |
Can reports be segmented by department, OS, or geography? | Yes. Reports can be filtered by department, OS, device type, or region. |
Are compliance metrics available in dashboards? | Yes. Compliance metrics are visible in real-time dashboards. |
Can reports be exported to BI or SIEM tools? | Yes. Rippling exports data to BI and SIEM tools via APIs. |
Is inventory updated automatically when devices are reassigned? | Yes. Inventory updates automatically during reassignment or offboarding. |
Are device and access logs immutable? | Yes. Rippling automatically collects and stores immutable audit logs. |
Can logs be exported on demand? | Yes. Logs can be exported instantly by admins. |
Are log exports compatible with SIEM tools like Splunk or Datadog? | Yes. Logs are formatted to integrate with SIEM platforms. |
How long are logs retained? | Log retention meets SOC 2 and ISO requirements by default, with configurable policies. |
Can IT customize log retention periods? | Yes. Retention periods are configurable based on compliance requirements. |
What is your average implementation timeline? | Most Rippling MDM implementations are completed within days, not months. |
Do you provide a dedicated implementation manager? | Yes. Rippling assigns dedicated implementation managers for onboarding projects. |
What SLAs exist for support response and resolution? | Rippling provides clear SLAs with rapid response times for critical IT issues. |
What support channels are available (chat, email, phone)? | Support is available via chat, email, and phone with escalation paths. |
Do you offer admin training and certification programs? | Yes. Rippling offers admin enablement, training, and certifications for IT teams. |
Ready to evaluate vendors?
Disclaimer
Rippling and its affiliates do not provide tax, accounting, or legal advice. This material has been prepared for informational purposes only, and is not intended to provide or be relied on for tax, accounting, or legal advice. You should consult your own tax, accounting, and legal advisors before engaging in any related activities or transactions.
Hubs
Author
The Rippling Team
Global HR, IT, and Finance know-how directly from the Rippling team.
Explore more
![[Blog - Hero Image] IT onboarding](http://images.ctfassets.net/k0itp0ir7ty4/4tojGXxBbkIaeQMNEJUNV8/92acd5c6769ed7dffa1201f3f07a3181/Header_IT_Onboarding.jpg)
Must-have IT Management Software RFP template in 2025
Learn how to evaluate top IT Management Software like Rippling and which criteria to include in your RFP.
![[Blog - Hero Image] New device](http://images.ctfassets.net/k0itp0ir7ty4/6uR639qWx6lwwx0lKVofHr/05954b06f95b965ef471e17434426920/new_device.jpg)
Must-have Inventory Management Software RFP template in 2025
Learn how to evaluate top Inventory Management Software like Rippling and which criteria to include in your RFP.
![[Blog – Hero Image] Identity management](http://images.ctfassets.net/k0itp0ir7ty4/5Hsu8HkmyPFWqWKMcgpz2z/d9c5dad0dae54b424f8977ee85388ae4/Header_Identity_Management_Software_02.jpg)
Must-have Identity & Access Management (IAM) RFP template in 2025
Learn how to evaluate top Identity & Access Management (IAM) solutions like Rippling and which criteria to include in your RFP.
![[Blog - Hero Image] HR General](http://images.ctfassets.net/k0itp0ir7ty4/4OlpX0mvNywi2YUXa2Y8mp/4341646e2a4f923aed4fdda5b9ea5467/Header_HR_General.jpg)
Must‑have HRIS RFP template in 2025
Learn how to evaluate top HRIS like Rippling and which criteria to include in your RFP.
![[Blog - Hero Image] Header expense reimbursement](http://images.ctfassets.net/k0itp0ir7ty4/18RwFYvXD48bvTlXS385q0/6453c6eb06662178ea5fdb9abbd97fb3/Header_Expense_Reimbursement_03__1_.jpg)
Must-have compensation bands RFP template in 2025
Learn how to evaluate top compensation bands software like Rippling and which criteria to include in your RFP.
Must-have EOR services RFP template in 2025
Learn how to evaluate top EOR services like Rippling and which criteria to include in your RFP.
You asked, we answered: Top 10 questions for our IT experts
We collected ten of our most asked Rippling IT questions and explained how our MDM, IAM, IVM, and endpoint security solutions automate manual tasks and boost security.
IT services and solutions: How small teams can streamline workflows and boost productivity
Small businesses face unique challenges when it comes to managing their IT needs. Learn how IT services and solutions can help your business thrive.
See Rippling in action
Increase savings, automate busy work, and make better decisions by managing HR, IT, and Finance in one place.