Spotlight: Enterprise Mobility

What is UEM? Unified endpoint management explained

UEM has emerged as the next step in the development of enterprise mobility software, offering better management of a wider range of devices. By extending EMM capabilities to laptops and desktops, UEM tools helped enterprises make the quick move to remote work.

mobile device management
Thinkstock

Unified endpoint management (UEM) describes a set of technologies used to secure and manage a wide range of employee devices and operating systems — all from a single console.

Seen as the next generation of mobility software, UEM tools incorporate several existing enterprise mobility management (EMM) technologies — including mobile device management (MDM) and mobile application management (MAM) — with some of the tools used to secure desktop PCs and laptops.

“UEM in theory ties this all together and gives you that proverbial one pane of glass, so you can see the state of all of your endpoints,” said Phil Hochmuth, program vice president at IDC. “It gives you visibility into what people are doing with corporate data, corporate apps, on any conceivable type of device.”

While UEM products have been around for a few years, demand accelerated in the past 18 months due to the COVID-19 pandemic. For many IT teams forced to support a remote workforce on short notice, UEM tools helped manage employee devices used to access corporate data outside of the firewall.

“The pandemic was really a driving force in the move to UEM,” said Dan Wilson, senior director and analyst at Gartner. “Organizations that were comfortable with their on-premises mobile and PC management tools were required to rearchitect completely as the vast majority of devices moved remote.” 

The evolution of mobile management – MDM, MAM, and more

At its core, UEM consists of several device management technologies that emerged to help businesses control employee mobile devices. The first iteration of such tools was MDM, which arrived about a decade ago.

Introduced in response to the initial wave of smartphones used in the workplace, MDM was designed to help IT centrally provision, configure, and manage mobile devices that had access to corporate systems and data. Common MDM features included security configuration and policy enforcement, data encryption, remote device wipe and lock, and location tracking.

However, as employee bring-your-own-device (BYOD) schemes became more prevalent in the office — driven first by the iPhone's popularity, later by the growth of Android — vendors began to offer more targeted management of apps and data. MAM capabilities delivered more granular controls, focusing on software rather than the device itself; features include app wrapping and containerization, and the ability to block copy/paste or restrict which apps can open certain files.

MAM features were soon packaged with MDM and other tools, such as mobile identity management and mobile information management, and sold as comprehensive enterprise mobility management (EMM) product suites. Those suites led to the next stage in the evolution of device management: UEM.

So what exactly is UEM?

UEM merges the various facets of EMM suites with functionality typically found in client management tools (CMT) used to manage desktop PCs and laptops on a corporate network. One example is Microsoft’s Endpoint Manager, which combined its Intune MDM/MAM platform with Configuration Manager (formerly System Center Configuration Manager) two years ago.

UEM platforms tend to have comprehensive operating system support, including mobile (Android, iOS) and desktop OSes (Windows 10, macOS, ChromeOS, and, in some cases, Linux). Some UEM products support more esoteric categories too, including smartwatches and IoT devices as well as Android Things, Alexa for Business, and Raspberry Pi OS.

Unlike traditional CMT products, UEM tends to be available as a software-as-a-service, cloud-based tool, allowing management and updates of devices such as desktop PCs without connection to a corporate network. 

The emergence of UEM has been partly driven by the inclusion of API-based configuration and management protocols within Windows 10 and macOS, enabling the same level of device management that was already possible with iOS and Android devices.

It speaks to a wider development, too, of the convergence of mobile and traditional computing devices, with high-end tablets often on par with laptops in terms of processing power. “You have a real blurring of the lines between what is mobile computing and what is traditional endpoint computing,” said Hochmuth.

Why invest in UEM tools?

All of these devices — mobile, desktop, Windows, Mac, in the office and remote — require a unified approach to end user device management, an approach that can provide a variety of benefits, say analysts.

Among these is the opportunity for simplified and centralized management. In short, it’s more efficient for one team to provision and manage all devices from a single tool, rather than have separate support teams and tools that were traditionally divided between mobile and Windows or macOS computers. 

“If you can address all of your devices from one console — and with one vendor and one contract — then obviously there are benefits from that perspective,” said Wilson.

UEM products can reduce manual work for IT, with the ability to create a single policy — such as requiring device encryption — that can be deployed to many devices and operating systems. The same goes for patching.  

“This can greatly simplify configuration and maintenance of your environment,” said Wilson. 

By ensuring consistent policies across apps, devices and data, UEM tools can reduce risk, with less complexity and fewer opportunities to misconfigure policies. “If you create a policy in one system and you don't correctly map it to the equivalent policy in another tool, then you could leave yourself exposed,” said Wilson.

UEM tools help mitigate the chances of that kind of misconfiguration.

The UEM vendor market

The worldwide market for unified endpoint management is forecast to grow from $3.4 billion in 2019 to $4.9 billion in 2024, according to IDC data.

There are a variety of vendors, from big-name firms all the way to smaller, more targeted companies. Microsoft (Endpoint Manager) and VMware (Workspace One) are often considered the UEM market leaders with the broadest offerings. BlackBerry UEM, Citrix Endpoint Management, IBM MaaS360, and Ivanti UEM are also popular products.

Among the vendors that have taken a more specialized approach is Jamf, which is focused purely on Apple devices running everything from macOS to tvOS, and SOTI, whose products are tailored to certain industries, such as warehouse workers with ruggedized mobile devices.

Businesses trying to choose among the various options should consider what they plan to use a tool for, what specific functions they require and which UEM tool can handle most of what's needed, said Wilson. “There is no perfect tool for all, so implement the UEM that will do the majority, and then look at supplementing to address critical gaps,” he said.  

Pandemic accelerates UEM adoption

While UEM adoption was already on the upswing pre-2020, uptake boomed as businesses shifted to remote work during the pandemic, with IT departments required to support a wide range of — often newly provisioned — devices accessing business applications and data.

“The pandemic, and the big work-from-home push, forced a lot of organizations to accelerate unified endpoint management deployments,” said Hochmuth.

This is visible in the growth of Windows 10 modern management. In 2019, around 5% of Windows 10 devices were controlled by a cloud-based management system or UEM, according to Gartner data. That figure was roughly 20% by September 2020.  

“We believe that number is now closer to 30%, and it's on target to hit 50% by the beginning of 2022,” said Wilson. “This is a massive dramatic shift to UEM and cloud-based management because of the pandemic,” he said. 

With remote work, all devices are “mobile” and UEM tools are well-suited to support any device when not connected to a corporate LAN. “A lot of traditional PC management tools require PCs to be on the network, and they have to be connected to the back-end platform to do the management, to push the policy, to do software updates,” explained Hochmuth.

That said, not all businesses will require UEM tools — some are wary of employee push-back over management tools on their devices, for example. But it’s likely the transition to UEM will continue with the latest push to return to the office or create hybrid workplaces.

“We see that close to three quarters of enterprise endpoints will be managed by UEM in the next three to five years,” said Hochmuth.

What’s on the horizon for UEM

The latest trend among UEM vendors has been to include tighter integration with unified endpoint security (UES) systems that provide visibility into device security from a central admin console. UES helps organizations deliver a coordinated response to detect and address vulnerabilities and security incidents.

Alongside advantages such as improved coordination and reduced friction between IT operations and security teams, the combination of UEM with UES could also enhance worker experience by reducing complexity, said Wilson.

Gartner also sees resurgent demand for automation through the use of endpoint management, virtual desktop infrastructure or DaaS, analytics, and ML “to enable self-healing and self-tuning systems that deliver richer user experiences,” said Wilson. This is a concept the analyst firm defines as “Intelligence-driven experience automation (IDEA).”

“We expect that UEM tools will continue to expand or enable tighter integration with digital employee experience management (DEX) tools to enable IDEA,” said Wilson.

Copyright © 2021 IDG Communications, Inc.

It’s time to break the ChatGPT habit