UEM systems are in a state of continuous development, providing new or additional opportunities for administration, security, and usability. At the same time, their area of application is also growing. One reason for this is the advent of new technological options when updating operating systems, for example. On the other hand, customers also request new functions as their requirements adapt over time. This can be due to changing corporate structures, strategies, and working models, increasingly complex device landscapes, new demands being placed on employees, or increasing levels of security risks.
The leading systems include the UEM systems Microsoft Endpoint Manager, MobileIron by Ivanti, VMware Workspace ONE UEM, Jamf and BlackBerry, all of which are part of the EBF portfolio and are constantly undergoing transformation.
Dennis Wittig, IT Consultant at EBF, reports in this interview on the key changes in the UEM sector over recent months, the opportunities these reveal for companies and the potential that is often left unfulfilled.
Dennis, what have been the most important changes in the UEM environment in the last few months?
From my point of view, and with the benefit of my experience, this is clearly the integration of desktop operating systems – meaning Windows 10 and 11, as well as macOS. These are being integrated ever more closely into the UEM solutions.
A few years ago, desktop support would only have been possible in the form of an inventory. This means that you were able to see the devices but there was no real way of managing them. In recent years and months, we are increasingly seeing how a connection is made to established solutions – established management solutions in the Windows environment such as group guidelines or SCCM.
So, now I think that we have reached the point that has been a topic of conversation for some time: the transition from Mobile Device Management to Unified Endpoint Management is taking place. It is not just mobile operating systems that are fully integrated, but also the desktop systems. Unified Endpoint Management has truly become reality.
And, in some respects, we have already moved on. With regard to certain functions, the UEM solutions have overtaken the existing solutions and now provide a level of convenience that admins have not previously enjoyed.
This will go even further in the future: we can already see that it will not just include the integration of desktop devices. It will be just as easy to manage IoT devices such as printers or scanners with UEM systems as it is for other operating systems, like Chrome OS and Linux.
There is increasing amalgamation of the management of mobile devices and desktops. What effects will this have for administrators and users?
They now have everything in one place and can use a standardized interface for the company’s entire device fleet. Administrators benefit from this in various ways: There are a lot of synergy effects. For example, guidelines that had previously been defined just for mobile devices can now apply for all devices. Only one, central definition of compliance or security guidelines is now required. You no longer have to keep an eye on how to reach the same level in different solutions. Administrators can also jump in much more quickly as they do not have to get to know different solutions for the various operating systems.
All of these things are advantageous for users. It results in a lot of simplification. One example of this is the Self-Service Portal, where users manage their devices and can also perform a degree of troubleshooting. Users are no longer required to access one portal for mobile devices and then call up another one for desktop devices. They can deal with everything centrally in a Self-Service Portal.
Thanks to mobile devices, users have also become used to receiving out-of-the-box solutions. This is the Device Enrollment Program for Apple devices and Google Zero Touch for Android. A device is sent to the user’s home address, where they can easily unpack and operate it. This option is now available for desktop systems as well, and is suitable for wide-ranging implementation with UEM systems: Microsoft has the out-of-the-box experience or Autopilot for Windows and Apple also provides automatic device registration for Macs. These enable desktop PCs to be packaged and sent to the user without the need for any time-consuming preparations. This represents a significant benefit and makes many things easier – especially in the home office environment.
What future usability trends are you already able to predict?
We can see that the UEM systems attempt to set themselves apart above iOS and Android, with the desktop systems. While the options for the various solutions are very uniform for iOS and Android, desktop systems have plenty of potential that can be used in a variety of ways. For example, if we take another look at Windows management then this includes the migration of group guidelines: in many companies, guidelines already exist for Windows devices and these are normally suitable for inclusion in the UEM systems. There are solutions available for this. For example, VMware offers the Airlift system and MobileIron has the Bridge system.
However, in general it is fair to say that the UEM providers are to some extent dependent on the options provided by operating system manufacturers. Some functions are available and some are missing. This is particularly the case with iOS and Android but is less relevant for macOS and Windows. In many cases, you do have the option of switching to scripting to create interfaces or realize specific functions. This could be with PowerShell or terminal scripts. You can use these to plug the gaps that have not yet been addressed by modem management or earlier group guidelines.
Another topic that I am often confronted with is identity management – with the aim of implementing increased security for devices and users. They should be better able to identify themselves to internal and external services. This is heading towards single sign-on and we are talking about cloud providers like Octa, or about Azure Active Directory, which form a central interface to the employees’ identities. These go beyond the internal services and can also be used for third-party services in the cloud, SaaS products, and more. The UEM manufacturers provide plenty of opportunities for integrating identity management more deeply into their systems. For example, VMware and MobileIron both have a product called Access. Coordinating the whole process, the solution is located between the UEM system, the identity management solution, and the services for which enrollment is to take place. It identifies the device to the services and ensures that users can log in to various solutions with one identity.
In my judgment, this is driven primarily by the US market. As most UEM providers come from the USA, they align themselves in particular with the local requirements. However, we have a host of customers in Germany who make use of local directories – and do not use directories or identity management solutions in the cloud. Some hybrid approaches do exist, working with local directories that are synchronized. Overall though, the German market is far more cautious and does not seem to be so willing to hand over users’ identities.
You just noted that many manufacturers come from America, and that a lot of features are aligned with that market. In addition to identity management, are any trends less appealing to the European or German markets?
Another topic that is only slowly growing in popularity – compared to the support provided by operating systems and the UEM solutions – is the BYOD, Bring Your Own Device, area. This refers to the use of personal devices in the corporate environment. The topic of iOS user enrollment also belongs in this context. This has been in existence since iOS 13, meaning that it hit the market about 2 years ago, and enables simplified and separate integration of personal iOS devices into the corporate context. However, this has yet to achieve widespread popularity. My hunch is that the German and European markets are currently driven by a different understanding of data protection – the keyword is GDPR, and people are far more cautious about knocking down those partitions.
Many companies have come into contact with the BYOD topic with Android for another reason: when it became necessary to switch to Android Enterprise some time ago, many applied a migration scenario that used the Work profile. And this is pretty much the BYOD variant of Android, which didn’t provide the greatest number of options for pure device control in API terms, but avoided a complete device reset and was thereby focused squarely on user productivity. Switching to Android Enterprise therefore made it clear to many people that BYOD is a good option for companies. This prompted more customers to start moving towards personal devices.
Many thanks for these fascinating insights, Dennis!
UEM systems are in a state of continuous development, providing new opportunities. Are you already making the most of these? Feel free to contact us for a chat about optimization potential, increasing security within your company, improving the user experience, and reducing administrative overheads.
