Data appliance 102 is configured to enforce policies regarding communications between clients such as clients 104 and 106, and nodes outside of enterprise network 110 (e.g., reachable via external network 118). Examples of such policies include ones governing traffic shaping, quality of service, and routing of traffic. Other examples of policies include security policies such as ones requiring the scanning for threats in incoming (and/or outgoing) email attachments, website downloads, files exchanged through instant messaging programs, and/or other file transfers. In some embodiments, appliance 102 is also configured to enforce policies with respect to traffic that stays within enterprise network 110. In some embodiments, other devices are included in network 110, such as a mobile device management (MDM) server 146, which is in communication with data appliance 102. As shown, MDM server 146 communicates with mobile devices (e.g., 104, 106) to determine device status and to report (e.g., periodically) such mobile device status information to data appliance 102. MDM can be configured to report the presence of malicious applications installed on devices such as device 104/106, and/or can be configured to receive indications of which mobile applications are malicious (e.g., from appliance 102, from service 122, or combinations thereof). In some embodiments, data appliance 102 is configured to enforce polices against devices 104 and 106 based on information received from MDM server 146. For example, if device 106 is determined to have malware installed on it, data appliance 102 (working in cooperation with MDM server 146) can deny client 106 access to certain enterprise resources (e.g., an Intranet) while allowing device 104 (which does not have malware installed upon it) access to the resources.