CV MDM — Offline-First
Mobile Device Management
The only enterprise MDM platform built to operate in completely air-gapped, classified, and internet-isolated networks — where conventional cloud MDM tools simply cannot work.
On-premise deployment · Zero cloud dependency · QR enrollment without internet · Full data sovereignty
Trusted by defense & government organizations
Indian Army — Signals 21
Offline-enrolled, air-gapped fleet management in active operational use
Government Offices
Multiple central and state government departments managing secured device fleets on isolated networks.
Critical Infrastructure
Industrial, telecom, and public-sector organizations operating on captive and air-gapped networks across India.
What is Mobile Device Management (MDM)?
Think of MDM as a remote control panel for every smartphone and tablet in your organization. Instead of physically touching each device to install software, set rules, or respond to a security threat, your IT team controls everything from one central dashboard.
With an MDM platform, your organization can enroll devices, push approved applications, enforce security policies (like mandatory encryption or screen lock), restrict unauthorized functions, and remotely wipe a lost or stolen device — all without ever touching the hardware again.
For organizations managing dozens, hundreds, or thousands of Android devices across distributed teams, facilities, or operational sites, MDM is not optional — it is the foundational layer of mobile security and operational control.
App Deployment
Push, update, or remove approved applications across your entire fleet silently.
Policy Enforcement
Mandate encryption, password complexity, and device restrictions from the dashboard.
Remote Wipe
Instantly erase sensitive data from any lost or compromised device.
Asset Tracking
Know where every device is, its battery level, and last-contact time in real time.
Hardware Inventory
Automatically collect IMEI, serial number, OS version, and network details.
Team Access Control
Define who can do what — view, manage, wipe — with role-based permissions.
Why Cloud MDM Fails Critical Infrastructure
Every major commercial MDM vendor — from Microsoft Intune to VMware Workspace ONE — was designed for corporate offices with reliable internet connectivity. That assumption is a critical failure point for defense, government, and industrial environments.
Internet-Dependent Enrollment
Cloud MDM solutions require your device to reach the vendor's external servers to enroll. If there is no public internet — as in defense facilities, submarines, or isolated industrial networks — enrollment simply fails.
Your Data on Vendor Servers
Device telemetry, policy configurations, application inventories, and user data are stored on infrastructure you do not own or control. For classified or sensitive environments, this is a fundamental data sovereignty violation.
Unusable in Captive Networks
Air-gapped military networks, SCADA/ICS environments, and high-security government facilities do not permit outbound connections to commercial cloud services. Cloud MDM is architecturally incompatible with these environments.
Permanent Vendor Dependency
If the vendor experiences an outage, changes pricing, discontinues a product, or is acquired, your device management capability can be disrupted or lost entirely. You have no control.
Fails During Outages
Cloud MDM stops functioning during internet outages, degraded connectivity, or network incidents. In operational environments where connectivity is intermittent, devices go unmanaged at the worst possible time.
No Compliance Audit Control
When audit logs and device records live on a vendor's cloud, your security team cannot independently verify or maintain them. This fails audits under ISO 27001, NIST 800-53, and similar frameworks.
Offline MDM vs. Cloud MDM
For organizations in defense, government, and critical infrastructure, this comparison is not academic — it determines whether your devices can be managed at all.
Intune, Workspace ONE, etc.
By CryptoVoIP Technologies
From Installation to Managed Fleet in Minutes
CV MDM is designed for rapid deployment with no external dependencies. Your entire fleet can be enrolled and managed without a single outbound internet connection.
Install on Your Server
Run the automated installer on Ubuntu 20.04 or 22.04 LTS. PostgreSQL, Tomcat, and all dependencies are configured automatically. Your data never leaves your infrastructure.
Generate Enrollment QR
From the web dashboard, create a configuration profile and generate a QR code. The QR embeds your server address, Wi-Fi credentials, APK checksum, group policy, and device ID — all in one scan.
Scan & Deploy
Tap the fresh device screen six times, scan the QR code. The device connects to your secure network, verifies the APK, registers itself, and applies all policies — in under two minutes.
Manage Your Fleet
All devices appear in your dashboard immediately. Push policies, deploy apps, lock, wipe, track location, view logs, and enforce compliance — from your secured internal web console.
The Offline Enrollment Difference
During QR code generation, CV MDM embeds your Wi-Fi SSID and password, server address, APK download URL with SHA-256 checksum, device group assignment, and policy configuration into a single self-contained QR payload. When a device scans it, every step executes against your internal infrastructure only — no DNS resolution to external servers, no cloud relay, no vendor intermediary. This is why CV MDM works inside defense networks, submarines, nuclear facilities, and any environment with a physical or logical network boundary.
Everything Your Fleet Needs.
Nothing Your Network Doesn't Allow.
CV MDM delivers the full enterprise MDM feature set — built from the ground up to function in the most restrictive network environments on Earth.
True Air-Gapped & Offline Operability
Operate in completely isolated, dark-site networks. Run the entire MDM server on an internal LAN with zero external internet dependency. Offline QR provisioning, local package hosting, and resilient policy enforcement even when the server is unreachable.
Cryptographically Secured Infrastructure
Every device is cryptographically bound to its hardware ID. Every sync payload carries an HMAC-SHA256 signature, and every APK is verified with SHA-256 before installation — eliminating spoofing, tampering, and supply-chain attacks.
True Zero-Touch QR Enrollment
Generate one QR code on your internal server. Tap a fresh screen six times and scan. The device auto-connects to your secure Wi-Fi, registers itself, downloads all group policies, and is operational in under two minutes — no internet, no cloud.
Total Kiosk Mode & UI Lockdown
Disable Home, Recents, and Notifications. Conceal the Android status bar. Bind hardware buttons to specific actions. Lock the device to a single approved app or a fully branded corporate launcher — users cannot exit without your admin password.
Deep Samsung Knox & 55+ Policies
Deep Android Enterprise and Samsung Knox integration delivers 55+ enforceable policies: disable cameras, mute microphones, block USB transfers, restrict telephony to data-only, and control Knox lock-screen elements for zero information leakage.
Unrivaled Application Management
Silent OTA APK deployment with SHA-256 integrity checks. Per-app permission control, whitelist/blacklist enforcement, run-at-boot and run-after-install policies. Push urgent zero-day fixes that bypass normal sync schedules instantly.
Full Network & Certificate Control
Push APN configurations (MCC, MNC, PAP/CHAP), pre-configure Wi-Fi credentials during provisioning, and deploy trusted private CA certificates directly into device credential stores — stripping any unauthorized CA certificates simultaneously.
Dynamic Configuration Engine
Push a single configuration template to 10,000 devices. CV MDM injects each device's unique IMEI, serial number, or custom admin properties dynamically — no manual per-device configuration required.
Multi-Tenant, Global-Scale Dashboard
Full RBAC with four access tiers, isolated multi-tenant customer environments, white-label rebranding, and 15+ language localizations. A modular plugin architecture adds GPS tracking, audit trails, forensic logging, and bulk imports.
Try CV MDM Free — No Credit Card. No Cloud.
Sign up on our hosted trial portal, enroll your first devices, and explore the full platform. When you're ready, we deploy the same system on your own infrastructure — fully offline.
Seven Layers of Security,
One Platform
CV MDM secures both the managed devices in the field and the administrative infrastructure used to control them — with cryptographic integrity at every layer.
Device Integrity & Data Protection
Forced Storage Encryption
Remotely mandate full-device storage encryption ensuring data at rest is protected even if a device is physically seized.
Remote Wipe & Factory Reset
Issue an immediate wipe command to securely erase all corporate data from a lost or compromised device.
Factory Reset Protection
Prevent unauthorized users from manually wiping a device through Android Settings and re-enrolling it elsewhere.
SIM Swap & Hardware Tamper Detection
Track IMEI and flag device anomalies indicating a SIM swap or hardware tampering event in real time.
Built for Environments Where Failure Is Not an Option
CV MDM is deployed across sectors where device compromise, data leakage, or management downtime carries consequences far beyond a support ticket.
Defense & Military
Manage smartphones and tablets deployed in operational theaters, on-base facilities, and secure command networks where zero external connectivity is the rule, not the exception.
Government & Intelligence
Deploy managed devices inside SCIFs, classified networks, and government data centers. Full audit trails and RBAC support compliance with NIST, FedRAMP, and ISO 27001 frameworks.
Critical Infrastructure
Secure Android devices in power generation, water treatment, oil & gas, and transportation networks — environments where any unmanaged device is an attack surface.
Industrial & SCADA Networks
Manage handheld terminals and operator tablets on OT networks physically isolated from the public internet. No cloud dependency means ICS/SCADA environments are fully supported.
Banking & Finance
Enforce encryption, restrict data exfiltration paths, and manage POS terminals, ATM maintenance devices, and field agent phones under strict financial compliance policies.
Global Enterprise
Multi-tenant, white-label architecture supports enterprises with international operations. 15+ language localizations, secondary failover server, and MQTT guaranteed delivery across continents.
Deployment & Compatibility
Standard server infrastructure. No proprietary hardware. No cloud subscriptions. Deploy on your own equipment, in your own facility, under your own security policy.
Server Requirements
- Ubuntu 20.04 / 22.04 LTS
- Java 8+ runtime
- PostgreSQL database
- Apache Tomcat
- Automated install script
Android Support
- Android 7.0 through 14
- Device Owner mode
- Profile Owner mode
- Samsung Knox deep API
- Huawei · Lenovo · Xiaomi · HTC · Mediatek
Enrollment Methods
- QR code (fully offline)
- IMEI-based identification
- Serial number binding
- Custom admin device ID
- Bulk import via plugin
Plugin Ecosystem
- GPS location & history
- Forensic audit trail
- Device log collection
- Bulk device import
- Push notification scheduling
Security Is Our Foundation,
Not a Feature
CryptoVoIP Technologies builds security infrastructure for environments where a single breach has national or operational consequences. We are the founders of OpenNVR — open-source network video recording for critical surveillance infrastructure — and engineers of enterprise-grade secure communications platforms.
CV MDM was not adapted from a consumer product. It was architected from the ground up for classified and critical environments — with cryptographic integrity in every layer, on-premise sovereignty as the default, and zero compromise on security posture.
Ready to Manage Your Fleet
Without Leaving Your Perimeter?
Contact our team for an on-premise deployment consultation, a live demonstration in your environment, or access to our trial portal.
No cloud subscription required · No data leaves your network · Deploy on your own infrastructure