Connected, data-intensive and ubiquitous, endpoint devices — ranging from PCs and smartphones to internet of things (IoT) devices — are among the most valuable IT assets an organization can have. For a growing number of enterprises, unified endpoint management (UEM) is the platform of choice for managing endpoints and keeping them from becoming security, privacy, and regulatory compliance risks.
UEM explained
UEM platforms are software suites that provide a single management interface for the oversight of endpoint devices within an organization. These systems evolved from and in many cases are replacing mobile device management (MDM) and enterprise mobility management (EMM) tools.
MDM products control the functionality of mobile devices and include features such as device enrollment, remote control, device lockdown, and location tracking. EMM platforms provide those features in addition to mobile information management, mobile application management, and mobile content management.
UEM takes things a step further, expanding the enterprise mobility management spectrum to include not just mobile devices, but also desktop and laptop computers, printers, wearables, and IoT devices — all through a single management console.
Why enterprises need UEM
There’s no question that organizations need to manage and protect endpoint devices. Users are accessing corporate networks and data from an expanding array of devices — Windows PCs, Macs, Chromebooks; iOS and Android phones and tablets; and even AR/VR headsets such as Meta’s Quest 3 and Apple’s Vision Pro. More people are working remotely or in hybrid work environments, and in many cases using their personal devices. In addition, many companies are launching IoT and edge computing initiatives.
These endpoints are major security risks, especially when employees are using their own devices for work. That’s a key reason why managing the large and growing number of endpoint devices is so important for enterprises. UEM platforms are designed to simplify the management of devices and enhance the security of heterogeneous environments.
“The modern device management principles of UEM address the changing nature of work, where employees are remote/hybrid and their devices are ‘off network’ for long periods of time,” says Phil Hochmuth, program vice president, enterprise mobility at research firm IDC.
One of the most important benefits of UEM for enterprises is that it’s preferable to using a multitude of disparate mobility management tools, which can end up increasing costs and decreasing efficiency. Using a single endpoint management tool also makes it easier to ensure that security, privacy, and data governance policies are applied consistently across various platforms and working environments.
“UEM promises to consolidate multiple management systems, teams, and polices, making endpoint management more efficient and workers more productive,” Hochmuth says.
Essential reading
- Enterprise mobility 2024: Welcome, genAI
- Download: UEM vendor comparison chart 2024
- How UEM supports the hybrid workplace
- What is UEM? Unified endpoint management explained
- 8 key technologies for the future of work
Major trends in UEM
One of the most notable trends in the UEM space is the emergence of generative artificial intelligence (genAI). This is not surprising, given that genAI has become a focal point for many organizations over the past year.
GenAI will impact multiple areas of UEM, including script creation, knowledge-based article creation, natural language processing-based querying of endpoint data, and help desk chatbots, according to Andrew Hewitt, principal analyst at Forrester Research.
Although there is much potential for genAI to enhance workplace operations, there has been limited adoption within UEM tool vendors thus far, says Tom Cipolla, senior director analyst at research firm Gartner. Gartner expects this to quickly change as vendors realize the added revenue opportunities associated with genAI-augmented tools, he says.
Because the UEM market is highly mature, “we see a new iteration on the horizon, appropriately labeled autonomous endpoint management [AEM],” Cipolla says. AEM combines the most effective features from UEM and digital employee experience (DEX) tools with AI and machine learning to accelerate endpoint patching, configuration, and experience management, he says.
“AEM will eventually replace traditional tools and architectures with lightweight, cloud-based, intelligence-powered capabilities,” Cipolla says. “Though AEM platforms are not yet widely available and product definitions are inconsistent amongst vendors, several are introducing their initial offerings for this new market. Organizations considering UEM tools should evaluate vendor roadmaps to determine if they will provide AEM functionality.”
In the meantime, pricing of UEM platforms is on the rise, Cipolla says. Most vendors have instituted price increases to keep pace with inflation and rising costs, he says. In addition, he says, perpetual licensing continues to be phased out in favor of subscription-based licensing.
How to choose UEM software
UEM platforms from the leading vendors have much in common, but of course no two offerings are exactly alike. IT leaders need to thoroughly evaluate the options in the market.
It’s a good practice to conduct a proof of concept or pilot test before committing to a broad rollout of a platform, because switching platforms later in the process might be difficult and costly. A pilot program is also a good way to determine which features and capabilities the enterprise needs most.
When evaluating UEM options, pay particular attention to these key factors:
1. Operating system support. A UEM platform should support a broad variety of operating systems, including Windows, macOS, ChromeOS, iOS, and Android. Enterprises want to provide employees with choices, especially when it comes to device operating systems, Hewitt says.
Some platforms support various operating systems with different levels of granularity and features, Hochmuth says. Some endpoint management vendors focus specifically on a certain device vendor or operating system, such as Apple or Android, he says.
2. Integration with other IT products. How well does the UEM platform work with other IT components such as ticketing systems and security tools? Integration with other products is important, and whether a vendor has partnerships with other platforms used to support IT is a key consideration, Hochmuth says. Many vendors offer UEM along with other products and have strong integration among them, he says.
3. Device security policies. Organizations must have the ability to set policies regarding jailbreaking, root detection, password setting, mobile threat detection, malware detection, anti-phishing, and so on, Hewitt says. Given that much corporate data is outside the firewall boundaries of an enterprise, ensuring mobile device security is vital, he says.
In addition, platforms need built-in policy templates to enforce common security framework baselines, Cipolla says. This can simplify security decisions and provide auditable compliance with well-established standards.
“Many UEM tools now include the ability to apply the security framework baseline directly to a device or a group of devices,” he says. “This ensures that the organization’s devices will be protected, even as the baseline changes.”
4. Management automation. Organizations continue to look for ways to reduce costs when it comes to deploying devices, and automation provides an opportunity to do that. These capabilities enable a fully automated deployment to occur quickly, Hewitt says. That means employees get devices faster and administrators spend less time on deployment.
5. Real-time telemetry collection. UEM should be able to do things like understand the end-user experience, automate issues, and improve root cause analysis, Hewitt says.
“The collection of real-time data, particularly DEX data, is a new trend that is hitting the UEM market,” Hewitt says. “With the rise of AI, these tools need as much data as possible to drive automation across the stack.”
6. Pricing. The cost of technology investments is always top of mind with IT and business leaders, and UEM platforms should be no exception. Some UEM platforms are relatively low cost if bundled with other products sold by the vendor, Hochmuth says. He recommends looking for a per-user pricing model rather than per-device pricing model. That’s because most users need to access multiple devices for work.
7. Regulatory compliance certification. Many organizations, particularly those in the federal government or in regulated industries, need to be compliant with multiple regulations governing functions such as data privacy and security. UEM platforms that are certified under the Federal Risk and Authorization Management Program (FedRAMP) or other certification initiatives can help ensure that all devices in an organization are up to date and compliant with relevant regulations.
Organizations in government and financial services typically look for these types of certifications because they verify that a UEM platform has been tested and secured, Hewitt says.
8. Conditional access. Another factor to consider is whether the UEM platform can enforce conditional access policies across all devices, apps, networks, etc. Conditional access — which enables organizations to look across a multitude of conditions to decide whether individual employees can access certain resources — is the foundation of an enterprise mobility strategy, according to Hewitt. If any of the conditions are noncompliant, access is blocked.
9. Support for remote environments. With hybrid work environments the norm, a lot of employees will continue to work remotely at least part of the time. Thus, it’s important for IT administrators to be able to troubleshoot endpoint devices in both on-premises and remote locations, which can improve user experience and limit downtime, Hewitt says.
10. Current or upcoming AEM features. Evaluate a vendor’s road map to determine if it includes emerging autonomous endpoint management features, Cipolla says. These include:
- Automated patch availability detection via AI
- The ability to predict the likelihood of deployment success and the level of performance impact based on demonstrated external and internal success metrics
- The ability to monitor device performance and employee sentiment post patching to detect impacts
- Customizable automation controls to adapt to an organization’s desired level of control
13 leading UEM vendors
The key players in the UEM market are for the most part the same companies that held leadership positions in the MDM/EMM segment. To get you started in your research, here are brief descriptions of the major UEM platforms available. (This list does not include management platforms that specialize in a single OS or vendor ecosystem, such as Apple MDM products.)
You can also download a detailed comparison chart that shows the features and functions offered by eight of the largest UEM vendors.
42Gears: 42Gears UEM supports Android, iOS, macOS, Windows, and Linux, and is designed to make it easier for enterprises to migrate from legacy platforms such as Windows 7 to an EMM-compliant version such as Windows 10. It offers a single platform to manage all endpoints, including desktops/laptops, employee-owned devices, IoT devices, sensors and gateways, ruggedized devices, wearables, and printers.
BlackBerry: BlackBerry UEM is a multiplatform system that provides device, app, and content management with integrated security and connectivity, and helps organizations manage iOS, macOS, Android, Windows, and ChromeOS devices. Key features include a single user interface, secure IP connectivity, user self-service, role-based administration, and company directory integration.
Cisco Meraki: Systems Manager, Meraki’s cloud-based UEM platform, provides central provisioning, monitoring, and securing of all endpoint devices within an organization, while keeping the enterprise network aware of constantly changing devices. The platform supports management of iOS, Android, Windows, macOS, and ChromeOS environments. The Meraki cloud dashboard enables configuration and monitoring from a single console.
Google: Endpoint Management (part of the Workspace Suite) works on Android, iOS, ChromeOS, macOS, and Windows devices. Administrators can enforce policies across both Android and iOS, and distribute apps from the Admin console on Google Play or Apple’s App Store. Access from any Windows, macOS, Chrome OS, and Linux device is logged and can be blocked if needed. Certain advanced features are available only with Business and Enterprise licenses.
HCL Technologies: HCL BigFix Endpoint Management enables organizations to fully automate discovery, management, and remediation of endpoint issues, regardless of location or connectivity. Features include BigFix Insights, which lets organizations quickly visualize risks as well as costs, and multicloud management, which gives administrators 360-degree visibility, control, and compliance enforcement of both cloud and on-premises endpoints.
IBM: IBM Security MaaS360 is a cloud-based UEM platform that enables organizations to secure smartphones, tablets, laptops, desktops, wearables, and IoT devices. AI and predictive analytics provide alerts to potential endpoint threats and remediation to avoid security breaches and disruptions. MaaS360 protects apps, content, and data. The platform supports Windows, macOS, ChromeOS, Linux, Android, iOS, and other operating systems.
Ivanti: Ivanti Unified Endpoint Manager is designed to simplify enterprise mobility, applying policies and personalization across all devices. Companies can use the system’s artificial intelligence to determine which users and devices get what type of access. The platform supports Windows, macOS, ChromeOS, Linux, iOS, Android and several other operating systems. Administrators can gather detailed device data, automate software and operating system deployments, personalize workspace environments, and address user issues.
ManageEngine: ManageEngine Desktop Central, a UEM platform from the IT management division of Zoho Corp., helps organizations manage servers, laptops, desktops, smartphones, and tablets from a central location. Enterprises can automate endpoint management routines such as installing patches, deploying software, and imaging and deploying operating systems. The platform also provides management of IT assets and software licenses, remote desktop control, and software usage monitoring. It supports Windows, macOS, Linux, ChromeOS, Android, and iOS, among other operating systems.
Matrix42: Matrix42 Unified Endpoint Management supports Windows, macOS, ChromeOS, Android, iOS, and iPadOS and can be accessed from the cloud, on-premises, or in a hybrid environment. The platform provides automatic deployment of devices and applications, real-time reports and analysis on usage, and access control for applications and sensitive data. Data is encrypted on mobile devices, and personal and business data are separated on BYOD devices.
Microsoft: Microsoft Intune, a cloud-native management tool for Windows, macOS, Linux, iOS, and Android devices, also includes Microsoft Configuration Manager for on-premises endpoints. Enterprises can configure specific policies to control applications, such as preventing emails from being sent to people outside the organization. On personal devices, Intune helps make sure an organization’s data stays protected and can isolate organization data from personal data.
Sophos: Sophos Mobile supports the management of Windows, macOS, iOS, and Android devices, providing configuration and policies, inventory and asset management, and detailed reporting on device usage. Organizations can install, remove, and view apps; use containers to manage content; provide compliance rules and remediation; and protect against threats such as malware and phishing.
SOTI: The SOTI ONE Platform allows companies to securely manage any device or endpoint, including IoT devices, with any form factor throughout its entire lifecycle. Supported OSes include Windows, macOS, Linux, Android, iOS, iPadOS, Zebra, and more. The platform features SOTI XSight, a diagnostic help desk tool that lets technicians analyze, troubleshoot, and resolve mobile device and app issues from anywhere at any time.
VMware: VMware Workspace ONE is a cloud-based platform for managing desktop, mobile, rugged, wearable, and IoT devices. It supports operating environments including Android, iOS, Windows, macOS, ChromeOS, and Linux. The platform offers data protection against security threats with conditional access and compliance policies, with a Privacy Guard feature designed to manage privacy policies. Among the first UEM vendors to offer genAI-powered scripting capabilities, VMware was purchased by Broadcom in 2023, with a sale now pending to investment firm KKR.
This article was initially published in October 2021 and updated in April 2024.