Major Use Cases and Capabilities
Major Use Cases
PC Management
Traditional management of the desktop computers relied on manual updates of software and patches that were layered on top of each other. Client management tools were used to manage these environments. UEM solutions should maintain the core capability of managing desktops while helping organizations move beyond legacy client management tools to a more comprehensive and unified approach to managing these endpoints along with all other types of endpoints. UEM solutions can support variety of different desktops operating systems such as Windows, macOS, Linux or Chrome.
Mobile Device Management
As mobile phones, laptops, and tablets became economically available, organizations controlled the employee device regarding its OS and software applications and security controls when the device was within the perimeter of the organization. However, their portability also became a challenge for organizations to manage them remotely. Unified Endpoint Management (UEM) of mobile end devices is now the rule rather than the exception compared to point solutions of the past (e.g., EMM, Enterprise Mobility Management). UEM solutions should include capabilities to meet these challenges such as mobile device lifecycle management, remote access, troubleshooting & diagnostics, remediation, and patching software.
Unmanaged Devices/BYOD
At a point in time in the not-too-distant past, organizations needed to quickly deal with the introduction of the bring-your-own-device (BYOD) paradigm shift. Organizations required policies to define the boundaries of BYOD that included the ability to segregate the business data and applications from personal data and applications. Mobile device management (MDM) provided the tools to control the device functionality and help manage these mobile devices' lifecycle and their platforms. Enterprise Mobility Management (EMM) solutions added mobile information as well as application and content management. The ability to push software, updates, or patches to devices becomes what is known as modern endpoint management. Today, this can all be accomplished using a comprehensive and consolidated approach using Unified Endpoint Management (UEM) solutions to ensure company organizational and legal policies when the endpoint device moves outside the organization's perimeter. Other important BYOD UEM capabilities should include device registration, user self-service, endpoint containment and content management of corporate information, and detection and remediation of endpoint vulnerabilities.
Nontraditional Devices
Work environments are continuing to change. The range of endpoint device types has expanded past desktop, laptop, tablets, and mobile phones to now include printers, IoT devices, wearables like Apple Watch, and even newer types of endpoint devices that support virtual/augmented/mixed reality environments using headsets such as Oculus and HoloLens. Unified Endpoint Management (UEM) solutions should support a wide range of endpoints, including these nontraditional devices, to keep current and to help future proof the IT environment.
Capabilities
Device Management
Management of various endpoint device types, which includes its life cycle management, such as onboarding, provisioning, decommissioning, operating system management, remote access for support, troubleshooting or wiping, and device inventory.
Application Management
This category focuses on the ability to control and apply policies to applications regarding endpoint devices and other application management features. It can include the capability to enroll devices and users via App Stores, software packaging and deployment, distribute applications to endpoints, whether bulk or otherwise, apply aspects of security such as white or blacklisting applications, isolate corporate from private user applications, etc.
Patch Management
This category focuses on the ability to distribute and apply endpoint device system patches (e.g., OS, application, etc.) from various vendors, whether the patch is deployed on a schedule or critical/emergency patches are distributed rapidly when necessary. Some other capabilities include reporting endpoint system status (e.g., patch level), missing patch discovery whether it is a security hotfix, application, or others, level of automation, etc.
Content Management
Endpoint content management refers to the ability to apply access rules and policies to documents or other content on the endpoint device. The rules and policies can be coarse or fine-grained enough to apply to an individual file. Capabilities can also include catalogs of enterprise documents, content security, as well as audit logging, etc.
Endpoint Visibility
The ability to provide a consolidated view and management of all endpoints regardless of where the solution is deployed. Endpoint visibility often features a single pane view via a dashboard and provides visibility to device inventory, state, threats, policy management, licenses, reporting, etc.
Intelligence & Automation
This category looks at the level and use of analytics and/or artificial intelligence to provide insight into different aspects of the UEM domain as well as the ability to automate, assist or take action to remediate endpoint-related issues, as well as other capabilities.
User Experience Support
The ability to support the collecting and monitoring of end-user devices, applications, and activity information for the purpose of improving the end-user experience. This can include benchmarking workforce experience against internal goals, correlating a user's experience with other data sources, providing automation and remediation capabilities to proactively reduce the friction of end-user issues with their device or application, reporting on end-user experience, or even the ability to integrate with other third-party or partner products that can provide this capability to the UEM product.
Admin & DevSecOps Support
The ability to provide support options for administrators of the UEM solution, IT security, and the operations team regarding their tools, automation, and continuous integrations.