Unified endpoint management (UEM) is an IT best practice and strategy for securing and controlling desktop computers, laptops, smartphones, and tablets in a connected, secure manner from a single console. It’s increasingly important for enterprises today because of the prevalence of corporate-owned, personally-enabled (COPE) devices, and bring your own devices (BYOD) policies. In practice, UEM is a combination of enterprise mobility management (EMM), mobile device management (MDM), and client management tools (CMT).

The need for UEM

In the previous part of this blog series, we discussed the value UEM brings to enterprises. But is UEM a need or a want? In this post, we’ll see why UEM is essential for all enterprises that deploy a diversified range of devices. 

A 451 Research survey[1] of IT managers found that more than 90 per cent reported using eight or more management solutions to secure endpoints. Utilizing multiple endpoint management solutions can pose security risks, as multiple policies, user groups, etc. can create a security gap when more than one solution is functioning simultaneously. Also, BYODs might not be covered under your organization’s security policies, and standalone CMTs and MDM solutions might not be sufficient for managing all endpoints.

UEM combines the functionality of multiple products into a single platform and provides the complete range of capabilities for managing all the endpoints in your enterprise.

An overview of UEM capabilities

Here are the essential UEM capabilities:

1. CMT migration:

UEM provides direct management of all endpoints using its native capabilities. As we discussed in a previous blog, UEM calls for a seamless migration to combine the management of mobile devices and computers/laptops from the existing client management methods. This is possible with a base CMT solution that allows integration with other solutions for easy migration from CMT to UEM.

 2. Modern management:

IT departments are seeking a consistent and unified way to manage their users’ diversified device range, in terms of both administration and security. Modern management includes management of devices spanning the latest Windows version to mobile devices across all operating system platforms.  

3. Traditional mobile device management:

Traditional MDM capabilities of UEM include:

  • Easy device enrollment

  • Profile management

  • Devising deployments and configurations

  • Remote troubleshooting

  • Device lockdown

  • Geo-tracking of devices

4. Mobile application management (MAM):

MAM calls for the central control and management of all applications installed on devices, as well as the security aspects associated with managing those devices and applications. Here are the MAM capabilities that are essential in a UEM solution:

  • Silent installation of applications—both in-house and store apps

  • Asset management

  • Kiosk Mode—restricts a device to a specified set of applications

  • Whitelisting and blacklisting of applications

  • Restrict app policies and app and device passcodes as part of security management

MAM also includes all other capabilities of traditional mobile device management.

5. Enterprise mobility management:

EMM includes all MDM and MAM capabilities of UEM, plus the following:

  • Email management

  • Content management

  • Security management

  • Audits and reports

  • Ruggedized device management

 6. Non-traditional device management:

The adoption of non-traditional and Internet-of-Things (IoT) devices is likely to become twofold[2] in 2021 when compared to 2017 (according to Bain & Company). Microsoft reports that by 2021, 94 percent of enterprises will be deploying IoT. Even though adoption is on the rise, the need to bring these non-traditional smart devices such as IoT, smart wearables such as Google Glass, GPS systems in automobiles, etc. under the purview of UEM’s capabilities is essential in order to be future-ready.

7. BYOD and unmanaged devices management:

 With the consumerization of IT, employees utilizing BYODs are very common. UEM solutions must be able to easily onboard and administer relevant policies for these employees’ devices.

 Distinct personal and corporate profiles can be created using UEM utilizing containerization. This enables logical isolation of enterprise data from personal data coexisting in the same device, thus securing restricted data.   

8. Diverse platforms:

With the help of UEM, you can manage devices of all types, across all platforms:

  • iOS and macOS

  • Windows OS and Servers

  • Linux

  • Android

  • Chrome OS

9. Client Management capabilities:

Traditional client management capabilities include:

  • Patch management

  • Software application deployment

  • Asset management of endpoints

  • Remote control and troubleshooting

  • Configuration management

  • Browser security management

  • Remote OS deployment

  • USB device management

  • AD reports and insightful reporting

 We will learn more about all these capabilities in the upcoming posts in this blog series.

References:
[1]  https://global.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/wp-451-research-securing-eot.pdf
[2] https://www.bain.com/about/media-center/press-releases/2018/bain-predicts-the-iot-market-will-more-than-double-by-2021/