When organizations consider their options for managing users' endpoints, it's imperative to select desktop management software by looking into specific features, integrations and licensing models.
The challenge for years has been managing mobile devices, desktops and related software alongside one another, because often times they each require separate tools. Over the years, these specialized tools evolved into a more universal platform called unified endpoint management (UEM).
UEM contains several product categories each with unique specialties.
- Client management tools (CMT) include desktop and laptop management on both a device and software level.
- Mobile device management (MDM) involves device hardware management.
- Mobile application management (MAM) handles software management.
- Identity and access management (IAM) includes authorization, authentication, password and single sign-on management.
- Enterprise mobility management (EMM) includes all mobile management tools, but it does not manage desktop computers and laptops.
Security is not a distinct category, but UEM includes it to some degree in each offering -- sometimes as an add-on.
It can be confusing, as vendors developed the products separately before converging them into a single UEM product. However, some products still list the above acronyms while describing individual features. For example, MDM may be listed as a specific product on a vendor's website, but it is sold as part of the UEM product; the MDM part can't be split out. However, there are narrower products that do address individual functions, such as Microsoft's System Configuration Manager, which is a desktop management tool and not Microsoft's fully-fledged UEM product.
While UEM is a combination of existing platforms in many ways, there can be value in using the more specialized management platforms -- such as MDM and IAM -- for a more focused approach to each aspect of end-user management. Organizations may like a key feature from one MDM vendor's platform, but the desktop management capabilities from another.
This article is part of
For organizations focusing on what they need for desktop management, it's worthwhile to review the products in terms of their desktop management capabilities. As such, this comparison of products and features focuses on desktop management and does not consider factors beyond that.
Top desktop management software vendors
Although firms such as Gartner don't often identify products specifically as desktop management software, we can use Gartner's Magic Quadrant for UEM as a baseline to compile a list of viable options. IT administrators should analyze the desktop management capabilities of each tool based on this starting point.
This comparison explores offerings from Microsoft, VMware, IBM, ManageEngine, Citrix, BlackBerry, LogMeIn and Ivanti. These are all mature products built on desktop and mobile products for years before consolidating into UEM. In addition, these products include the ability to manage mobile devices and many offer a cloud-based management pane.
Desktop management features to look for
Vendors don't all identify the same features in the same way, and they often vary greatly on what they include. Some vendors focus a lot on security in a basic product, and others separate security into a separate product. The feature list below is a set of fairly common features among products that are important to IT administrators. Separating the features into these categories allows for a more apples-to-apples comparison between products.
Keep in mind that desktop management, as defined here, includes hardware -- PCs and laptops -- and software for user productivity and management functions. Mobile devices are not included.
- Patch management. Often included in software management, this specifies the feature of managing and distributing patches and updates to clients.
- Software and application management. This includes software deployment, feature and version management for users and IT applications.
- Remote access. This feature holds a different significance to different vendors. It could be a remote desktop application for users, remote management of devices, users or other similar features.
- Compliance rules and enforcement. While administrators can generate compliance reports manually, these vendors specifically identify a feature to provide compliance information.
- Desktop device configuration and management. This is the core of desktop management -- hardware provisioning, software configuration and an easy-to-use interface. Ideally, these features should all be on a single pane of glass to manage users, devices, software, updates and other functions.
- Active Directory (AD) reports and interface. These systems have an Active Directory connector to allow the console to manage AD users, devices and groups. The systems pull these from the AD domain, and in some cases it includes reporting capabilities.
- User admin. Some offerings provide management for users, groups and related features. AD connections may or may not be included.
- Asset management and tracking. While all desktop management products bring device controls as well, asset management is a specific function to manage all IT assets, often with tracking and reporting capabilities.
- Cloud capability. These products offer some level of cloud capability. The management function may be in an app in the cloud, it may manage apps and virtual devices in the cloud or perform other related cloud-based functions.
- Power management. This includes remote wake-up, power on and off and power saving management functions.
- OS support. This determines the operating systems that IT can install the product on. This may or may not be the list of client OSes that can be managed.
- Content management. Content management systems are typically separate products to manage documents and files, and produce reports. However, some desktop management systems contain content management functions.
- Lifecycle management. This entails managing software, applications and devices from deployment through deactivation for tasks such as planning, tracking, deployment and monitoring. These products provide some level of built-in lifecycle management, but the degree varies from product to product.
- Security. Offerings typically include some level of security such as antivirus or malware protection in addition to local security. This may be provided from a directory service such as Active Directory, either built-in or via a partner. Some products may require an upgraded service level to include security features.
Product feature comparison
Desktop management software varies greatly, depending on how vendors implement and support features. Additionally, vendors may offer three or more product tiers that include the additional features above. Thus, it is important to review the feature sets for each product's offerings to determine which one satisfies an organization's needs.
This comparison can help narrow down the list of products that an organization should review and strongly consider. Organizations likely need more details when considering desktop management software, so the best route is to speak directly to the most promising vendors. Most will provide a free demo or evaluation license to help organizations decide.
Product notes and pricing
There are some important notes to know about each vendor, their offering and their pricing. Some products require contacting the vendor for detailed pricing information.
ManageEngine is one of the core vendors to offer a UEM product and is consistently in Gartner's Magic Quadrant reports -- though it's currently in the "niche" group. In addition to a solid set of mobile device tools, this product features hardware-independent deployment, custom deployment templates and a number of add-ons, including the following:
- Endpoint Security
- OS Deployment
- Failover Server
- Secure Gateway Server
- Multi-Language Pack
ManageEngine uses a 'call for quote' pricing mechanism so organizations must speak with a vendor representative to get a sense of the pricing.
A solid UEM product, IBM MaaS360 has some interesting AI components including a policy recommendation engine and a voice-based AI administrative assistant. IBM prices its product in four levels. While the vendor provides more details on its website, the following pricing outline gives a good baseline:
- Essentials: $4.00 per device, per month
- Deluxe: $5.00 per device, per month
- Premier: $6.25 per device, per month
- Enterprise: $9.00 per device, per month
Microsoft Endpoint Manager -- Microsoft Configuration Manager
IT administrators will know that Microsoft often has complicated licensing, but these offerings are certainly worth looking into for some organizations. Their UEM product, Microsoft Endpoint Manager (MEM), offers Microsoft Managed Desktop as a cloud-based IT management and security monitoring service. For the purposes of this article, we focus specifically on the desktop management capabilities of Microsoft Configuration Manager -- which is a component of MEM.
The pricing and licensing models are numerous with lots of different paths that organizations have to negotiate based on specific requirements. Microsoft does, however, offer a strong roadmap for navigating all these disparate services.
VMware Workspace One
VMware Workspace One has some advanced features including certificate management. The vendor offers a wide assortment of deployment and provisioning options which includes physical and virtual machines. Its device management options offer advanced, enterprise and mission-critical management levels as an add-on -- something that competitors have not identified. Similar to IBM, VMware features an automated AI virtual assistant for user support. Pricing is based on a monthly basis, per user and per device. Workspace One Plus, Standard, Advanced and Enterprise Suites do not have public pricing information.
- Employee Essentials -- for unmanaged devices: $1.66 per device, per month or $3 per user, per month
- Mobile Essentials -- mobile only: $3 per device, per month or $5.40 per user, per month
- Desktop Essentials -- desktop only: $4.00 per device, per month or $7.20 per user, per month
- UEM Essentials -- desktop and mobile: $5.25 per device, per month or $9.45 per user, per month
Another mature UEM product, Citrix Workspace, builds on Citrix's base products and offers extensive virtual app and virtual desktop support. Citrix is the only evaluated product that specifies a Microsoft Office 365 integration in addition to extensions to support Windows 7, 8.1, 10 and 11. Citrix Workspace provides management without requiring agents to be installed.
Pricing is at four tiers.
- Essentials: $2 per user, per month
- Standard: $7 per user, per month
- Premium: $18 per user, per month
- Premium Plus: $25 per user, per month
BlackBerry is a major player in the UEM market and has been in Gartner's report for several years. BlackBerry UEM features a single-pane-of-glass UEM console for mobile, desktop, laptop and software management, along with cloud options.
BlackBerry's pricing is a closely held secret, with no pricing tables or feature lists on their website.
With a history of being a remote access product, LogMeIn features a strong portfolio of remote access and control and IT automation using scripting for reporting and proactive alerts. LogMeIn features software and device management in a single-pane-of-glass console and features support for kiosks and point-of-sale devices.
Pricing is a little different. This vendor offers a base plan of $80 per month with a minimum of 25 devices and basic features including the following:
- remote access
- user and device management
- background access
- file transfer
- desktop sharing
Advanced features are available in three add-ons.
- Security: $47 per month
- Automation: $47 per month
- Insight: $47 per month
Ivanti Neurons for UEM
This UEM offering from Ivanti allows IT to automate software and OS updates and deployments and offers several monitoring and troubleshooting functions that IT can use to address UX issues as they arise. The product provides real-time session data on managed desktops, which can help IT understand the root causes of user issues. Ivanti's platform also supports remote access desktop sessions for users to work on their in-office desktop from remote locations. That same function also allows IT administrators to look into user issues with a hands-on remote session.
Ivanti does not have public pricing information on Ivanti Neurons for UEM, though it offers perpetual or subscription licensing.