Spotlight: Enterprise Mobility

How to choose the right UEM platform

Unified Endpoint Management software lets IT manage all of an organization’s endpoint devices — smartphones, laptops, desktops, printers, IoT devices, and more — from a single management console. Here’s what to look for when shopping for a platform, and 13 leading vendors to consider.

sdecoret/Shutterstock

Endpoint devices have become so ubiquitous, connected, and data-intensive that they are among the most valuable technology assets an organization has today. They’re also some of the biggest security risks. It’s no surprise, then, that managing the large and growing number of smartphones, laptops, tablets, desktops, and other end-user products is a high priority for IT.

For a growing number of enterprises, unified endpoint management (UEM) is the method of choice for keeping management of endpoints from descending into chaos. UEM platforms are designed to simplify the management of devices and enhance the security of heterogeneous environments.

Among the key selling points of UEM is that it’s preferable to using a multitude of disparate mobility management tools that can end up increasing costs and decreasing efficiency for companies.

UEM platforms are basically software suites that offer a single management interface for endpoint devices within an organization. The technology evolved from and in many cases is replacing mobile device management (MDM) and enterprise mobility management (EMM) tools.

MDM products control mobile device functionality and include features such as device enrollment, remote control, device lockdown, and location tracking; EMM provides those features as well as mobile information management, mobile application management, and mobile content management.

UEM broadens the enterprise management spectrum to include not only mobile devices, but also desktop and laptop computers, printers, wearables, and internet of things (IoT) devices via a single management console.

As more people work remotely or in hybrid work environments — in many cases using personal devices — and as more companies launch IoT and edge computing initiatives, UEM has become even more valuable for enterprises.

How to choose UEM software

Although UEM platforms from leading vendors might have a lot in common, no two offerings are completely alike. Enterprises need to do their homework when evaluating the options available — and it's important to keep in mind that UEM is a relatively new technology concept that's still evolving.

Given how important endpoint management is to an organization, it might be a good idea to conduct a proof of concept or a pilot test before committing to a broad rollout. Making a shift in vendors later in the process could be difficult and costly. Most major UEM vendors offer 30-day free trials of their software.

A pilot program is also a good way to determine which features and capabilities are most vital to the company. Testing out multiple platforms, if possible, provides a way to make direct comparisons.

10 criteria for choosing a UEM platform

When evaluating UEM options, be sure to pay particular attention to these key factors:

1. Operating system support. This gives a sense of the breadth of the UEM tool across Windows, iOS, macOS, Android, and Chrome operating systems, says Andrew Hewitt, a senior analyst at Forrester Research. “Enterprises are increasingly looking to satisfy the need for employee choice, especially when it comes to device operating systems,” he says. “The more a UEM supports, the more likely the enterprise can satisfy that need.”

Certain platforms support various operating systems with varying levels of granularity and features, says Phil Hochmuth, program vice president, enterprise mobility, at IDC. “Some vendors focus specifically on a certain operating system, such as Apple or Android,” he says.

2. Support for bring-your-own-device (BYOD) programs. This capability provides an indication of specific investments the UEM provider has made in iOS User Enrollment or Android Enterprise, Hewitt says.

“Because of shortages in devices over the past year, we've seen a rise in BYOD deployments,” he says. “The native enrollment models for BYOD from both Apple and Google provide a baseline of security in an easy-to-enroll fashion, making it much smoother for organizations to get devices into the hands of employees.”

3. Integration with other IT products. Partnerships a vendor has with other platforms used to support IT or end users in general is another key consideration. “How well does the UEM platform integrate with your ticketing system or your security information and login platform, or your endpoint security product?” Hochmuth asks. “Many of the larger vendors now offer you UEM along with other products such as these, and have strong integration stories there.”

4. Device security policies. Companies need to be able to set policies regarding things like jailbreaking, root detection, password setting, mobile threat detection, malware detection, anti-phishing, and so on, Hewitt says. “Because data now lives outside the four walls of the enterprise, ensuring device security for mobile devices is even more important,” he says. These types of features enable organizations to ensure that there is no compromise in mobile security.

Also important from a security standpoint is integration with identity and access management, remote access, and endpoint security tools “to support dynamic policy and contextual access as well as novel authentication methods,” says Dan Wilson, senior director analyst at Gartner.

5. Management automation. Organizations are increasingly looking to save on costs when it comes to deploying devices, because it’s an undifferentiated activity within their competitive environments, Hewitt says. These capabilities allow a fully automated deployment to occur quickly, which means employees get devices faster and administrators spend less time on deployment.

6. Mobile application management (MAM)-only support. Can the vendor support a non-MDM deployment, where a company only manages apps? “Not every organization can get all of its employees to enroll an MDM, for both privacy and technical reasons,” Hewitt says. “MAM is a good option for privacy-minded employees, because the organization has no access to their device, just corporate apps.”

The ability to provide standalone management of applications on unmanaged devices, as well as application and data containment, is important, Wilson says. This includes “capabilities to segregate or isolate personal and corporate data,” he says.

7. Pricing. Pricing is always a key consideration for any technology investment, especially one that affects so many users. “Some UEM platforms can be had for relatively low cost if bundled with other [products] sold by the vendor, or depending on the licensing model for certain software products,” Hochmuth says.

“In general, look for a per-user pricing model as opposed to a per-device pricing model, as most end users are accessing multiple devices to do work and will need more than one device managed and secured,” Hochmuth advises.

8. Regulatory compliance certifications. Offering certifications for initiatives such as the Federal Risk and Authorization Management Program (FedRAMP), which provides a standardized approach to security authorizations for cloud service offerings, is important for government customers and others in regulated industries. Some organizations have unique requirements for compliance with rules such as the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and FedRAMP, Hewitt says.

“Customers in government and financial services generally look for these types of certifications, because they verify that the UEM in question has been tested and secured,” he says.

9. Conditional access. Can the UEM enforce conditional access policies across devices, apps, networks, etc? Conditional access is the foundation of any mobility strategy, Hewitt says. It enables organizations to look across a multitude of conditions to decide whether individual employees can access a resource. If any of the conditions are noncompliant, access is blocked.

10. Support for remote environments. Many people will continue to work from home or other remote locations, at least part of the time, for the foreseeable future. So it’s important that UEM platforms can support a remote and hybrid workforce. This enables IT administrators to troubleshoot both traditional and mobile endpoints in remote locations, improving user experience and limiting downtime for employees, Hewitt says.

13 key UEM vendors

The major players in the UEM market are largely the same ones that have held leadership positions in the MDM/EMM segment. They include some of the biggest software companies in the world.

To get you started in your research, here are brief descriptions of the major platforms available. You can also download a detailed comparison chart showing the features and functions offered by eight leading EMM/UEM vendors.

42Gears: 42Gears UEM supports Android, iOS, MacOS, Windows, and Linux, and is designed to make it easier for enterprises to migrate from legacy platforms such as Windows 7 to an EMM-compliant version such as Windows 10. It offers a single platform to manage all endpoints, including desktops/laptops, employee-owned devices, IoT devices, sensors and gateways, ruggedized devices, wearables, and printers.

BlackBerry: BlackBerry UEM is a multi-platform system that provides device, app, and content management with integrated security and connectivity, and helps organizations manage iOS, macOS, Android, Windows 10, and BlackBerry 10 devices. Key features include a single user interface, secure IP connectivity, user self-service, role-based administration, and company directory integration.

Cisco Meraki: Systems Manager, Meraki’s cloud-based UEM platform, provides central provisioning, monitoring, and securing of all endpoint devices within an organization, while keeping the enterprise network aware of constantly changing devices. The platform supports management of iOS, Android, Windows, macOS, Chrome OS, and tvOS environments. The Meraki cloud dashboard enables configuration and monitoring from a single console.

Citrix: Citrix Endpoint Management (formerly XenMobile) allows organizations to inventory, manage, and secure a range of device types with a single management console. In addition to iOS and Android, Citrix provides management and controls for Windows 10, macOS, Chrome OS, thin clients, and Workspace Hub device types, using XenMobile as its foundation. It offers endpoint provisioning and configuration controls for device enrollment, policy application, and access privileges.

HCL Technologies: The vendor’s BigFix 10 endpoint management platform enables organizations to fully automate discovery, management, and remediation of endpoint issues, regardless of location or connectivity. Features include BigFix Insights, which lets organizations quickly visualize risks as well as costs, and multicloud management, which gives administrators  360-degree visibility, control, and compliance enforcement of both cloud and on-premises endpoints.

IBM: IBM Security MaaS360 with Watson is a cloud-based UEM platform that enables organizations to secure smartphones, tablets, laptops, desktops, wearables, and IoT devices. Watson artificial intelligence (AI) and predictive analytics provide alerts to potential endpoint threats and remediation to avoid security breaches and disruptions. MaaS360 protects apps, content, and data.

Ivanti: Ivanti Unified Endpoint Manager is designed to simplify enterprise mobility, applying policies and personalization across all devices. (Ivanti purchased MobileIron, another leading EMM/UEM vendor, in 2020.) Companies can use the system’s artificial intelligence to determine which users and devices get what type of access. The platform supports Windows, macOS, Linux, Unix, iOS, and Android operating systems. Administrators can gather detailed device data, automate software and operating system deployments, personalize workspace environments, and address user issues.

ManageEngine: ManageEngine Desktop Central, a UEM platform from the IT management division of Zoho Corp., helps organizations manage servers, laptops, desktops, smartphones, and tablets from a central location. Enterprises can automate endpoint management routines such as installing patches, deploying software, and imaging and deploying operating systems. The platform also provides management of IT assets and software licenses, remote desktop control, and software usage monitoring. It supports Windows, macOS, Linux, Chrome OS, Android, iOS, iPadOS, and tvOS.

Matrix42: Matrix42 Unified Endpoint Management supports Windows, macOS, Chrome OS, Android, iOS, and iPadOS and can be accessed from the cloud, on-premises, or in a hybrid environment. The platform provides automatic deployment of devices and applications, real-time reports and analysis on usage, and access control for applications and sensitive data. Data is encrypted on mobile devices, and personal and business data are separated on BYOD devices.

Microsoft: Microsoft Endpoint Manager includes both Configuration Manager and Microsoft Intune, a cloud-native management tool for Windows and macOS desktops and mobile devices that provides MDM and MAM. Enterprises can configure specific policies to control applications, such as preventing emails from being sent to people outside the organization. On personal devices, Intune helps make sure an organization’s data stays protected and can isolate organization data from personal data.

Sophos: Sophos Mobile supports the management of Windows 10, macOS, iOS, and Android devices, providing configuration and policies, inventory and asset management, and detailed reporting on device usage. Organizations can install, remove and view apps, use containers to manage content, provide compliance rules and remediation, and protect against threats such as malware and phishing.

SOTI: The SOTI One Platform allows companies to securely manage any device or endpoint, including IoT devices, with any form factor throughout its entire lifecycle. Supported OSes include Windows 10, macOS, Linux, Android, iOS, iPadOS, Windows Mobile, Zebra, and more. The platform features SOTI Assist, a diagnostic help desk tool that lets technicians analyze, troubleshoot, and resolve mobile device and app issues from anywhere at any time.

VMware: VMware Workspace ONE is a cloud-based platform for managing desktop, mobile, rugged, wearable, and IoT devices. It supports operating environments including Android, iOS, Windows 10, macOS, and Chrome OS. The platform offers data protection against security threats with conditional access and compliance policies, with a Privacy Guard feature designed to manage privacy policies.

Related: Download our UEM vendor comparison chart