Unified Endpoint Management – current trends and potential
UEM systems are constantly evolving and offering new or different options for management, security, and usability. At the same time, their scope of application is growing. On the one hand, this is due to new technological options, such as operating system updates. On the other hand, customers are demanding new features as their needs change over time. This is because corporate structures, strategies, and working models are changing, device landscapes are becoming more complex, employees are making new demands, and security risks are increasing. The UEM systems Microsoft Intune, Ivanti, VMware Workspace ONE UEM, Jamf, and BlackBerry, all of which are part of the EBF portfolio, are among the leading systems and are also constantly changing. In an interview, Dennis Wittig, IT consultant at EBF, reports on the most important changes in the UEM sector in recent months, the opportunities these open up for companies, and the potential that often remains untapped at present.
Dennis, what have been the most important changes in the UEM environment in recent months?
Dennis Wittig:
“From my perspective and experience, it’s clearly the integration of desktop operating systems – Windows 10 and 11 as well as macOS. These are becoming increasingly integrated into UEM solutions.
A few years ago, desktop support was only possible in the form of inventory management. This meant that you could see which devices were available, but you couldn’t really manage them. In recent years and months, we are now seeing more and more connections being made to established solutions – established management solutions in the Windows environment would be, for example, group policies or SCCM.
That’s why I believe we are now at a point that has been talked about for a long time: the transition from mobile device management to unified endpoint management. Today, not only are mobile operating systems fully integrated, but so are desktop systems. Unified endpoint management has truly become a reality.
And in some cases, we have even gone beyond this point: for certain functionalities, UEM solutions have surpassed previous solutions and offer a level of convenience that administrators have never experienced before.
In the future, this will go even further: we are already seeing that it is not just desktop devices that are being integrated. IoT devices such as printers and scanners, as well as other operating systems such as Chrome OS and Linux, will also become increasingly easier to manage via UEM systems.”
The management of mobile devices and desktops is therefore becoming increasingly converged. What impact does this have on administrators and users?
Dennis Wittig:
“They now have everything in one place and can use a uniform interface for the company’s entire device fleet. This has several advantages for administrators: First, there are many synergy effects. For example, there are policies that were previously only defined for mobile devices, but can now apply to all devices. Compliance or security policies, for example, only need to be defined centrally once. You no longer have to figure out how to achieve the same status in the different solutions. On the other hand, new administrators can get up to speed much faster because they don’t have to learn different solutions for different operating systems first.
And all of this also has advantages for users. Many things are being standardized for them as well. For example, the self-service portal, where users can manage their devices and, to a certain extent, perform troubleshooting. Users no longer have to go to one portal for mobile devices and another for desktop devices. They can do everything centrally in one self-service portal.
In addition, users are now accustomed to receiving out-of-the-box solutions from mobile devices. Apple offers the Device Enrollment Program, while Android offers Google Zero Touch. Users receive a device at home, unpack it, and simply start using it. This option is now also available for desktop systems and can be implemented across the board using UEM systems: Microsoft has the out-of-the-box experience or Autopilot for Windows, and Apple offers automatic device registration for Macs as well. This means that desktop computers can also be sent directly to users in their packaging and do not require time-consuming preparation. This is a major advantage and makes many things easier – especially when working from home.”
What future trends in usability are already foreseeable?
Dennis Wittig:
“We are seeing UEM systems attempting to differentiate themselves above iOS and Android, i.e., in desktop operating systems. While the possibilities offered by the various solutions for iOS and Android are very uniform, desktop systems offer a great deal of potential that can be exploited in different ways. If we look at Windows management again, one example is the migration of group policies: Many companies have existing policies for Windows devices, which usually need to be transferred to UEM systems. There are solutions for this. VMware offers the Airlift system, for example, and MobileIron offers the Bridge system.
In general, however, UEM manufacturers are dependent to a certain extent on the options offered by the operating system manufacturers. Some functions are available, while others are missing. This is particularly relevant for iOS and Android, less so for macOS and Windows. In many cases, it is possible to use scripting to create interfaces or implement certain functions, either with PowerShell or terminal scripts. This can be used to close the gaps that have not yet been addressed by modern management or earlier group policies.
Another topic I frequently encounter is identity management, with the goal of implementing greater security for devices and users. They should be able to better identify themselves to internal and external services. This is moving in the direction of single sign-on, and we are talking about cloud providers such as Octa or Azure Active Directory, which form a central interface to employee identities. They go beyond internal services and can also be used for third-party services in the cloud, SaaS products, and more. UEM vendors offer many options for integrating identity management more deeply into their systems. At VMware and MobileIron, for example, we have a product called Access in both cases. The solution sits between the UEM system, the identity management solution, and the services to which the user is to log in, and coordinates the process. It identifies the device to the services and ensures that users can log in to different solutions with a single identity.
However, in my opinion, this is primarily driven by the US market. Since most UEM manufacturers also come from the US, they primarily adapt to the requirements there. In Germany, on the other hand, we still have many, many customers who rely on local directories – and not on cloud-based directories or identity management solutions. Here and there, there are hybrid approaches that use local directories that are synchronized. But overall, the German market is still more cautious in this regard and does not seem to want to relinquish control of user identities just yet.”
You just mentioned that many manufacturers come from America and that many features are geared toward the market there. Which trends, apart from identity management, are not very popular in Europe or specifically in Germany?
Dennis Wittig:
“Another topic that is only slowly gaining acceptance – compared to the support offered by operating systems and UEM solutions – is BYOD, Bring Your Own Device, i.e., the use of private devices in a corporate environment. And in this context, there is also the topic of iOS user enrollment. This has been around since iOS 13, which was released just under two years ago, and offers the possibility of integrating private iOS devices into the corporate context more easily and separately. However, this has hardly been popular so far. My guess would be that this is currently still strongly driven by a different understanding of data protection in the German and European markets – keyword GDPR – and that people are much more cautious about breaking down such barriers.
With Android, many companies had contact with the topic of BYOD for a different reason: When the switch to Android Enterprise became necessary some time ago, many used a migration scenario that utilized the work profile. This is, so to speak, the BYOD variant for Android, which, although it did not offer the most options in terms of pure device control from an API perspective, did avoid a complete reset of the device and was therefore very focused on user productivity. With the switch to Android Enterprise, it has become clear to many that BYOD is a good option for companies. As a result, more customers have moved in the direction of private devices.”
Thank you, Dennis, for the exciting insights!
Join us on our journey!
UEM systems are constantly evolving and offering new possibilities. Are you already taking advantage of them? Feel free to contact us to discuss optimization potential for increasing security in your company, improving the user experience, and reducing administrative overhead.
