Buyer's Handbook: Buy the right UEM system to oversee all endpoints Article 2 of 4

Discover details on unified endpoint management

With the prevalence of mobile devices in the enterprise, companies need solid technology to manage them. UEM tools consolidate all endpoints together to ensure they are secure.

Mobile devices in the workforce are here to stay. But with widespread use comes substantial security risks. Unified endpoint management (UEM) is the latest evolution of tools to address the ongoing challenge of mobile security. But what is unified endpoint management security? Before exploring UEM tools, buyers must know what this technology achieves and how it differs from the preceding mobile management technology.

Ever since the introduction of the smartphones into the consumer market, desktop administrators have had to navigate through the BYOD polices that followed the growing popularity of these devices on the job. Previously, companies were able to secure and manage the PCs, tablets, laptops or phones that they provided their users and keep foreign devices out of the environment. With users now accessing company email, applications, documents and data with their personal devices, IT often struggles to maintain security while still allowing for the productivity that the use of mobile devices -- smartphones, IoT endpoints, laptops and iPads -- can provide.

The software industry responded to this need with UEM, which is an attempt to consolidate or "unify" former technologies, including the following:

  • client management tools (legacy tools)
  • mobile device management (MDM)
  • mobile application management (MAM)
  • identity and access management (IAM)
  • mobile content management (MCM)
  • enterprise mobility management (EMM)

For a better understanding of the mobile management tools, let's look at each of those software categories that emerged before UEM. These tools have specific functions and problems they solve. It is important to understand what they are and where they fit on the road to UEM.

Client management tools

Gartner defines client management tools (CMTs) as software that manages the configuration of clients. Examples are legacy PC lifecycle management tools from the Windows 7 era and products like Microsoft's System Center Configuration Manager.

Mobile device management

Before exploring UEM tools, buyers must know what this technology achieves and how it differs from the preceding mobile management technology.

MDM was the first mobile device management tool for remote devices and continues to be a standard tool. The original intent of MDM software was to manage company-owned devices and ultimately protect company assets and data in instances of laptop loss, theft, damage, etc. Its fundamental functions include device activation, enrollment and provisioning, remote wipe, policy deployment and security. MDM uses remote management protocols and APIs from the operating system to perform deployment, security, authentication and other functions. MDM fundamentally changed the way the client endpoint performs tasks, from updates to application authentication; however, it does not manage or control applications that previously existed on mobile devices.

Mobile application management

MAM software enhances MDM-related features by focusing on applications and associated data on mobile devices. MAM also addresses the security problems that stem from BYOD practices. Personally owned phones carry valuable and often sensitive company data -- like email, calendars, presentations, spreadsheets, apps and app-specific data -- away from corporate security and control. Thus, employees could transfer sensitive and confidential documents to a personal or public location. MAM mitigates this risk by enabling admins to design and enforce policies on mobile apps that could fence off corporate from personal apps, provide software provisioning and removal, monitor app usage, and control and protect company data on mobile devices.

Identity and access management

Identity and access management (IAM) or ddentity as a service (IDaaS) emerged as a cloud-based management tool that provides authentication, authorization, password and single sign-on (SSO) functions.

Distinguish between MDM, EMM and UEM

IAM fits into EMM and is the engine that provides certificates deployed by MDM. It takes advantage of MDM device enrollment and ensures compliance with MDM policies. IAM enables SSO for mobile devices and applications as well as multifactor authentication (MFA) using text messages and certificates. Consumers experience different authentication methods when they purchase tickets or receive text messages with a code to enter in order to obtain access to an online account.

Large businesses have complex authentication environments with disparate systems and platforms, as well as diverse mobile and international system users that include partners, contractors or customers. All of these entities require accounts for access, so a solid identity management (ID management) system is crucial to keep a tight lid on security and ensure that users can only access the data and systems that the company has authorized. For these large companies, the IAM tools work with enterprise tools, such as Active Directory, Active Directory Azure and Active Directory Federated Services. With these tools, admins can sync user accounts and passwords via encryption between systems, thus enabling SSO.

Mobile content management

MCM software is essentially a file storage and sharing service. It differs from MAM and MDM because it controls the data itself rather than the application or device. In summary, MCM encrypts and protects company data. A team of end users often access data on a variety of devices and applications, and MCM software offers collaboration, commenting and note-taking capabilities that are shareable with other team members and controlled by identity management tools.

Editor's note: Using extensive research into unified endpoint management technology, TechTarget editors focused this series of articles on vendors that combine capabilities of EMM and MDM with a considerable market presence. Our research included Gartner, Forrester and TechTarget surveys.

Enterprise mobility management

EMM is a relatively recent attempt to combine the several prior mobile device management tools into a single tool. Prior to EMM, IT had to buy several different tools to meet device, application and data needs so there was not a single view into all management aspects. EMM software manages the use of mobile devices, wireless networks and other mobile computing services in a business context. While EMM has all the features of MDM, it also supports BYOD policies and MAM, MCM and IAM capabilities. EMM also added important new functionalities, such as the following:

  • file sync and share between users in the enterprise (enhanced MCM); and
  • IAM tools, federation and multifactor authentication (MFA).

While EMM successfully merged all of the mobility management tools, it lacked the ability to manage PCs and laptops in the enterprise primarily because the OSes -- Windows 10 and macOS -- did not have the APIs and other interfaces available. Also, the expanding set of IoT and wearable devices required additional changes in the management tools. Thus, IT admins needed a single platform to manage traditional client devices, mobile devices and all IoT endpoints.

What is unified endpoint management?

UEM is the next evolution of EMM. UEM software consolidates device and application management platforms for mobile devices, desktops, printers, wearables IoT devices and other endpoints. UEM has been largely successful due to advances in Windows 10 MDM application program interfaces (APIs) that were not available in Windows 8.1 and earlier versions. Mac OS X, Chrome OS, BlackBerry and Apple iOS 11 also have made advances in management interfaces and support UEM.

UEM has a number of advantages over EMM, primarily that it supports all devices -- including desktops -- and takes advantage of new APIs in OSes to manage IoT devices and wearables. UEM tools have merged all the management features for all the prior technologies into one product and are preparing for future devices. This eliminates the burden on admins from having to implement and deploy a number of different tools to manage their mobile and desktop enterprise.

UEM is still in its early stages. Many UEM products still lack a complete set of tools, but are posed to catch up as UEM is now established in the market.

Dig Deeper on Mobile management

Unified Communications