Unified endpoint management (UEM) describes a set of technologies used to secure and manage a wide range of employee devices and operating systems — all from a single console.
Seen as the next generation of mobility software, UEM tools incorporate several existing enterprise mobility management (EMM) technologies — including mobile device management (MDM) and mobile application management (MAM) — with some of the tools used to secure desktop PCs and laptops.
“UEM in theory ties this all together and gives you that proverbial one pane of glass, so you can see the state of all of your endpoints,” said Phil Hochmuth, program vice president at IDC. “It gives you visibility into what people are doing with corporate data, corporate apps, on any conceivable type of device.”
The ability to manage various device types in one place is increasingly important as businesses face a growing cybersecurity threat, said Tom Cipolla, senior director analyst at Gartner. “We need to patch faster; everybody acknowledges that,” he said. “UEM gives people a consolidated view into their environment and a consolidated patching and configuration management approach.”
The evolution of mobile management – MDM, MAM, and more
At its core, UEM consists of several device management technologies that emerged to help businesses control employee mobile devices. The first iteration of such tools was MDM, which arrived about a decade ago.
Introduced in response to the initial wave of smartphones used in the workplace, MDM was designed to help IT centrally provision, configure, and manage mobile devices that had access to corporate systems and data. Common MDM features included security configuration and policy enforcement, data encryption, remote device wipe and lock, and location tracking.
However, as employee bring-your-own-device (BYOD) schemes became more prevalent in the office — driven first by the iPhone’s popularity, later by the growth of Android — vendors began to offer more targeted management of apps and data. MAM capabilities delivered more granular controls, focusing on software rather than the device itself; features include app wrapping and containerization, and the ability to block copy/paste or restrict which apps can open certain files.
MAM features were soon packaged with MDM and other tools, such as mobile identity management and mobile information management, and sold as comprehensive enterprise mobility management (EMM) product suites. Those suites led to the next stage in the evolution of device management: UEM.
What is UEM?
UEM merges the various facets of EMM suites with functionality typically found in client management tools (CMT) used to manage desktop PCs and laptops on a corporate network. One example is Microsoft’s Intune, which combined its MDM/MAM platform with Configuration Manager (formerly System Center Configuration Manager) in 2019.
UEM platforms tend to have comprehensive operating system support, including mobile (Android, iOS) and desktop OSes (Windows 11, macOS, ChromeOS, and, in some cases, Linux). Some UEM products support more esoteric categories too, including IoT devices, AR/VR headsets, and smartwatches.
Unlike traditional CMT products, UEM tends to be available as a software-as-a-service, cloud-based tool, allowing management and updates of devices such as desktop PCs without connection to a corporate network.
The emergence of UEM has been partly driven by the inclusion of API-based configuration and management protocols within Windows and macOS, enabling the same level of device management that was already possible with iOS and Android devices.
It speaks to a wider development, too, of the convergence of mobile and traditional computing devices, with high-end tablets often on par with laptops in terms of processing power. “You have a real blurring of the lines between what is mobile computing and what is traditional endpoint computing,” said Hochmuth.
Why invest in UEM tools?
All of these devices — mobile, desktop, Windows, Mac, in the office and remote — require a unified approach to end user device management, an approach that can provide a variety of benefits, say analysts.
Among these is the opportunity for simplified and centralized management. In short, it’s more efficient for one team to provision and manage all devices from a single tool, rather than have separate support teams and tools that were traditionally divided between mobile and Windows or macOS computers.
“If you have a separate software product or management platform for four different operating systems, that can be cumbersome and expensive,” said IDC’s Hochmuth. “Converging down to one or two is a goal for a lot of organizations.”
UEM products can reduce manual work for IT, with the ability to create a single policy — such as requiring device encryption — that can be deployed to many devices and operating systems. The same goes for patching.
By ensuring consistent policies across apps, devices and data, UEM tools can reduce risk, with less complexity and fewer opportunities to misconfigure policies.
There are cost benefits in replacing separate PC and mobile management applications too. “Getting rid of one software platform and all the licensing associated with that is a cost saving. That’s not the primary driver, but it’s definitely a reason to explore UEM,” said Hochmuth.
The UEM vendor market
The global market for unified endpoint management software is forecast to grow from $5.9 billion in 2023 to $8.9 billion in 2028, according to IDC data. The rate of yearly growth is set to slow, however, from around 16% to 6% during this period.
There are a variety of vendors, from big-name firms to smaller, more targeted companies. Microsoft (Intune) and VMware/Broadcom (Workspace One) are often considered the UEM market leaders with the broadest offerings and largest market share by revenue. BlackBerry UEM, Citrix Meraki Systems Manager, IBM MaaS360, ManageEngine, Cisco, and Ivanti UEM are also popular products.
“All these companies have roles or verticals or use cases that they address specifically,” said Hochmuth. For instance, BlackBerry is often viewed as strong in regulated markets, such as finance or healthcare, due its focus on encryption, while Microsoft has a more of a “horizontal” product with general business use cases.
Among the vendors that have taken a more specialized approach is Jamf, which is focused purely on Apple devices running everything from macOS to tvOS, and SOTI, whose products are tailored to certain industries, such as warehouse workers with ruggedized mobile devices.
UEM reaches mainstream adoption
Gartner defines UEM as being “a late-stage maturity market,” meaning “widespread adoption has already occurred,” said Cipolla.
IDC data indicates that around two-thirds of US businesses have now deployed a UEM tool. That doesn’t mean most organizations will use a single UEM platform, however.
Among those that have deployed UEM, around 70% have two or more management products in place, said Hochmuth. For example, an organization might have one tool to manage certain Windows devices, another for both mobile and macOS devices, and then a legacy PC management tool still in use for another set of Windows devices. “The norm is more the mixed type of organizations that have different tools and multiple UEMs,” said Hochmuth, though the trend in recent years has been towards consolidation of these tools.
What’s on the horizon for UEM? AI and autonomous endpoint management
An ongoing trend related to UEM is the rise of digital employee experience (DEX) software. DEX tools can provide IT with data and insights into how employees interact with devices and applications, with the ability to measure usage and highlight performance problems. “That’s a growth area that all the UEM vendors are pushing into,” said Hochmuth.
Also coming to UEM tools: the integration of artificial intelligence (AI). “This space in particular, is incredibly ripe for help from an AI product,” said Hochmuth.
AI could help manage a longtime challenge for endpoint management — scale. That’s because the wide range of devices, vulnerabilities, and configurations that have to be managed.
“The pure amount of data given off by thousands of devices running different operating systems, it’s super chaotic,” said Hochmuth. “That’s a perfect use case for an AI tool that could sift through data, help you find information you need, or even more importantly, automate a lot of the manual patching, updating, configuration – the reactionary type things that people in IT ops do. Anticipating when someone might need a fix before something breaks: AI could really help with that.”
Gartner’s Cipolla points to the emergence of autonomous endpoint management (AEM), a term that describes the combination of UEM and DEX, with additional automation and AI-assistance capabilities. “The idea is to take the human out of the middle doing the research and the leg work, and put them in control of the automation,” said Cipolla.
Several UEM vendors have already begun to incorporate AEM-like functionality into their software, said Cipolla. But it’s still early for the technology, meaning it will likely be at least a couple of years before AEM tools become more fully developed and more widely used by organizations. “It’s not a product yet, it’s a future idea, it’s a concept. As the vendors work on their ideas, it becomes a market,” he said.