Kategorie

Zoom has added a workflow automation tool to its collaboration app designed to save users time spent on repetitive tasks, the company announced this week. 

Available in Zoom’s Workplace app, the Workflow Automation feature (currently in beta) lets users set up automations using a drag-and-drop, no-code interface. 

Having made its name selling videoconferencing software, Zoom has expanded its functionality in recent years to cater to a wider range of collaboration scenarios. This includes chat, whiteboard, note taking, and room-booking tools that make up its Workplace product. The workflow automation tool brings Zoom’s app further into line with rival collaboration software vendors, including Slack (Workflow Builder) and Microsoft (Teams/Power Automate). 

The initial focus is on the creation of workflows in Zoom’s text chat tool, though automations across the Workplace app will be enabled later, the company said.

A simple example might be a team leader scheduling a recurring project status check-in in Zoom chat. Here, a team leader can create workflow can be set up to automatically post a pre-written message at a certain time each day to request an update from team members. Automations could also be used to introduce new team members to a channel, or simplify processes around time-off requests, Zoom said.

“We built Workflow Automation to be easy for teams of all sizes and abilities to use,” Wei Li, head of Zoom Team Chat at Zoom, said in a blog post Wednesday. “We’re launching Workflow Automation with Team Chat first because it’s an opportunity to strengthen collaboration with team members and get work done asynchronously. Workflow Automation helps teams by taking the guesswork out of setting up workflows and helps cut down on tedious and repetitive tasks.” 

Users can create their own workflow automations or select from pre-built templates. It’s also possible to connect with third-party apps such as Google Drive, Microsoft Outlook, or Atlassian Jira. 

The workflow automation features are available at no cost to paid Zoom customers during the beta trial. Some limitations will be introduced at general availability launch, with charges for usage outside of allotted “premium” workflow runs. 

From the editors of Computerworld, this enterprise buyer’s guide helps IT staff understand the various Android smartphone options for business use and how to choose the right solution for where you operate.

With Messages via Satellite, iOS 18 shows that Apple is going into space — and as more satellites are put in place, it will expand the capabilities of the services it provides.

Introduced at WWDC, Apple Intelligence gorged gargantuan quantities of media attention, but Apple’s plans for outers space are important, too.  Available in the US with iOS 18 on iPhone 14 or later, Messages via satellite allows users to send and receive texts, emoji, and Tap backs over iMessage and SMS when a cellular or Wi-Fi connection is not available.

Satellite and iPhone chips

Apple is basically broadening the feature set it introduced when it launched SOS by Satellite (now available in multiple countries) in 2022 to include any kind of message. The system works in the same way: “Messages via satellite automatically prompts users to connect to their nearest satellite right from the Messages app to send and receive texts, emoji, and Tap backs over iMessage and SMS,” Apple explained. “Because iMessage was built to protect user privacy, iMessages sent via satellite are end-to-end encrypted.”

How Messages via Satellite works

When you aren’t connected to a network, a prompt will appear on your iPhone inviting you to use satellite services. 

• Tap that to access Messages, Find My, Emergency SOS and Roadside Assistance. If you select Messages, a prompt will appear giving you an option to connect by satellite.
• Choose this and your iPhone will guide you to get to the best satellite connection.
• When typing your message, you’ll see an alert appear in the text entry field to show you that you are connecting via satellite.
• Feedback from the first reviewers to use the feature suggests it can take a little longer to send a message if the satellite connection is weak; at other times, it can feel as swift as normal messaging.
• All Apple’s satellite services are free for now, but the company has said enough to suggest this might eventually change.
• You do need an iPhone 14 or later to access these services.
• See also How to use Emergency SOS via Satellite.

That’s Messages via Satellite. 

What about Apple in space?

The Apple partnership is important to its satellite company partner.  “We are the operator for certain satellite-enabled services offered by Apple,” says Globalstar’s most recent annual report, which informs us that wholesale capacity services (which includes the Apple business) accounted for around 48% of company revenue last year.

“Wholesale satellite capacity services include satellite network access and related services using our satellite spectrum and network of satellites and gateways,” the report said. Under the Apple deal (also discussed here, and here), Globalstar must allocate network capacity to support Apple’s services and enable Band 53/53n for cellular services

In return, Apple pays recurring service fees, certain operating expenses and capital expenditures, and bonuses. Apple also supports investments in new satellite capacity. Globalstar hopes to launch another 26 satellites by next year; a German report claimed it might have more than 3,000 of them in flight in the next few years. 

The network space race

“We are excited about the new satellites that we have under construction to enhance our constellation following their launch, which is expected in 2025: more satellites mean more power on orbit that we can use to create additional supply to meet the growing demand for LEO capacity,” Globalstar said in its recent report. 

It is reasonably easy to guess that part of this increase in capacity will be dedicated to making Apple’s existing satellite services global. Following that logic, this implies the company will soon have in place an international system that supports end-to-end encrypted messaging and relies on non-nation-state infrastructure. 

At least one space expert thinks Apple will choose to widen the network to become a full space communications service — broadly in line with predictions from Bloomberg in 2020. Though these are “unlikely” to be the primary network for most people because of limitations on capacity and performance — at least, so far — as space agencies explore the potential to put data centers in space, and as network capability and processor performance improves, at what point will such communications become feasible? There sure seems to be money going in that direction.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing Samba file shares hosting Visual Basic Script (VBS) and JavaScript files. Targets included North

Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing Samba file shares hosting Visual Basic Script (VBS) and JavaScript files. Targets included North Newsroomhttp://www.blogger.com/profile/[email protected]

Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a "complex" law enforcement operation codenamed BURGAZADA. This includes a 40-year-old woman, an Australian Defence Force (ADF) Army Private, and her husband, a 62-year-old self-employed laborer. Media reports have identified them as Kira Korolev and Igor Korolev,

Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a "complex" law enforcement operation codenamed BURGAZADA. This includes a 40-year-old woman, an Australian Defence Force (ADF) Army Private, and her husband, a 62-year-old self-employed laborer. Media reports have identified them as Kira Korolev and Igor Korolev, Newsroomhttp://www.blogger.com/profile/[email protected]

In today's digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility—and vulnerability. Most people don't realize their credentials have been compromised until the damage is done. Imagine waking up to drained bank accounts, stolen identities, or a company's

In today's digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility—and vulnerability. Most people don't realize their credentials have been compromised until the damage is done. Imagine waking up to drained bank accounts, stolen identities, or a company's The Hacker Newshttp://www.blogger.com/profile/[email protected]

A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes. The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. "Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass

A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes. The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. "Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypassNewsroomhttp://www.blogger.com/profile/[email protected]

When Windows won’t boot up, it can be a disturbing experience. But that moment passes quickly, and you must decide how to get past this (hopefully) temporary hiccup.

Fortunately, there are plenty of ways to tackle this. They do vary in the time and effort required to implement, and in the severity of their potential impact on your PC.

Let’s talk about them, then work through the options and activities involved, along with a strategy for approaching such repair. Throughout, there’s special emphasis on Startup Repair and Boot Recovery tools, facilities and commands available in Windows 10 and 11.

What do you see?

When Windows tries but fails to boot, there are several possible displays you might see. These include a “black screen,” which essentially means nothing is on display at all.

The dreaded “Windows black screen with cursor.”

Ed Tittel/IDG

If you see a black screen

Should you see a black screen, check your PC indicator lights to make sure the device is still powered on. Sometimes when Windows shuts down, it can automatically kill the power, too. In such circumstances, the best possible outcome is powering up, followed by a normal boot sequence all the way into the Windows desktop.

For a black screen with the power on, things in Windows get more interesting. Even so, it’s worth cycling the power and trying again before attempting other repairs. Often, things will return to normal on their own. If you wind up with a second black screen, see my companion story “How to fix a Windows 10 black screen” for more tips, which work as well for Windows 11 as they do for Windows 10.

If you see something else: NOT a black screen

As Windows starts up, it uses a special program called a boot loader to start the process of taking over a PC, before it hands over control to the operating system. If enough “smarts” are present when a problem occurs during boot-up, users might see what’s called a “stop error” or a “blue screen.” Though the color can vary in recent versions of Windows, blue was a constant backdrop for such errors from the earliest Windows versions through Windows 7 and became enshrined in Windows folklore as the “Blue Screen of Death,” a.k.a. BSOD, as shown in Figure 1.

Figure 1: BSOD example for INACCESSIBLE_BOOT_DEVICE.

Ed Tittel / IDG

Figure 1 shows a BSOD for what might be called a basic no-boot scenario: it’s associated with Stop Code 7B (a hexadecimal number) otherwise labeled INACCESSIBLE_BOOT_DEVICE. In other words, it shows up when the boot loader recognizes that it cannot access the storage device from which it would normally load the Windows OS. What more basic cause for boot failure could there be? None!

On the other hand, if the Windows boot loader can’t load the OS but it can find a bootable Windows Recovery Environment partition, it should load a warning message like the one shown in Figure 2.

Figure 2: I forced this error, which would normally read “Windows didn’t start correctly.”

Ed Tittel / IDG

Try WinRE Startup Repair

Select See advanced repair options at lower center right in Figure 2. This displays the root-level Windows Recovery Environment (a.k.a. WinRE), as shown in Figure 3.

Figure 3: This is the root-level menu for the Windows Recovery Environment. We’ll move on to the Troubleshoot selection.

Ed Tittel / IDG

Boot repairs may be handled under the Troubleshoot option in Figure 3. (If you’ve prepared a bootable USB drive with repair tools, you could instead elect to boot to that by selecting Use a device.) When you click Troubleshoot, you’ll see the screen shown in Figure 4.

Figure 4: Advanced options appear when you select the Troubleshoot option in Figure 3. Note that the first item reads Startup Repair.

Ed Tittel / IDG

Click the Startup Repair button at upper left. Your PC immediately reboots. Against a black screen, the spinning balls appear over a legend that reads “Diagnosing your PC.” In the background, WinRE is running an automated set of startup checks and (where applicable) making repairs.

You’ll either wind up with a bootable desktop, or the UI will pop up a message that reads “Startup Repair couldn’t repair your PC,” as shown in Figure 5.

Figure 5: When Startup Repair fails (and it often does), it reports accordingly.

Ed Tittel / IDG

Failure happens more often than most of us would like. Indeed, I have occasionally seen WinRE’s automated Startup Repair work, but perhaps in only one out of three or four attempts.

Not to fear: there are several more repair strategies to try when Windows won’t boot. I’ll go over those in a moment — but first, it’s useful to understand Windows boot mechanisms and its boot configuration data (aka BCD).

Windows boot and BCD explained

Windows 11 creates at least two boot structures on any media (usually SSD or hard disk) from which Windows will boot. By convention, the disk where two special programs reside, known as the Windows Boot Manager and the Windows Boot Loader, is called a “boot disk.” If a runnable version of Windows also resides on that same drive, it’s called a “boot/system disk.”

The boot loader resides in a disk partition allocated for the Basic Input-Output System (BIOS) or Unified Extensible Firmware Interface (UEFI), the software that kicks off system start-up, to use when the system is initially booting itself up. After it goes through hardware and security checks, including device enumeration, the BIOS or UEFI hands over control to the boot loader, which starts the process of reading OS boot information from the Boot partition on the disk.

It then hands over control to the Windows Boot Manager, which takes over the process of starting up Windows and making it ready to run for user login and application support. The Windows Boot Manager is also responsible for handling what’s called Boot Configuration Data (BCD), on the system’s behalf.

When Windows 10 or 11 gets installed, it also creates a separate Recovery Partition at the tail end of the disk, where it keeps a bootable version of the Windows Recovery Environment (a.k.a. WinRE) that can take over if the Windows system/boot partition becomes inaccessible. This is depicted in the layout of the C: drive from a test PC in Figure 6, where EFI, system/boot, and recovery partitions follow one another from left to right.

Figure 6: From left to right: EFI, system/boot, and recovery partitions for C: (from DiskMgmt.msc).

class="close-button" data-wp-on--click="actions.core.image.hideLightbox">

Figure 6: From left to right: EFI, system/boot, and recovery partitions for C: (from DiskMgmt.msc).

Ed Tittel / IDG

Figure 6: From left to right: EFI, system/boot, and recovery partitions for C: (from DiskMgmt.msc).

Ed Tittel / IDG

aria-hidden="true">

Ed Tittel / IDG

If you look at the defaults for boot configuration data in Windows 10 or 11, you’ll see information about the Windows Boot Manager and the Windows Boot Loader appear (from the BCDedit command, discussed in the later section “Rebuilding Windows BCD”). Figure 7 shows the results of running the bcdedit command by itself, which displays active boot information currently known to the boot manager.

Figure 7: Run by itself (top left), BCDedit shows all active boot partitions, boot loader, boot manager, and recovery info.

class="close-button" data-wp-on--click="actions.core.image.hideLightbox">

Figure 7: Run by itself (top left), BCDedit shows all active boot partitions, boot loader, boot manager, and recovery info.

Ed Tittel / IDG

Figure 7: Run by itself (top left), BCDedit shows all active boot partitions, boot loader, boot manager, and recovery info.

Ed Tittel / IDG

aria-hidden="true">

Ed Tittel / IDG

For the purposes of our discussion in this story, it’s enough to understand that boot configuration data describes where the system should look to find the programs it needs to boot the system. Hopefully, it’s also obvious that this data is essential to starting up Windows. Thus, corruption, damage, and invalid entries in this data can (and does) result in an unbootable Windows installation. Fixing that is what we’re about here.

Repair strategies when Windows won’t boot

While you can sometimes use WinRE to repair Windows boot problems, that may not be the fastest or easiest way to fix things. In my experience, I’ve had better luck doing any or all of the following when Startup Repair didn’t fix boot issues:

• Restoring a known, good, working OS image (e.g., using Macrium Reflect or a similar disk image tool restore operation).
• Using a third-party boot repair tool (e.g., Macrium Rescue Media “Fix Windows boot problems” or similar boot repair tool).
• Rebuilding the Windows Boot Configuration Data (BCD) from the command line in WinRE.

Please note: I present these options in their recommended order for the techniques covered. That’s because of the time, effort, and complexity they involve or entail. This is almost the reverse of what readers may expect. That’s because it starts from a non-boot-related approach, then goes on to explain third-party boot repair tools, and only then concludes with built-in Microsoft commands.

All this assumes you’ve tried the Startup Repair option from Figure 4 without fixing your Windows 11 boot issue, whatever it may be.

1. Restoring a known, good working image

If you’ve got a recent image backup for the non-booting PC, you can boot to its restore tool. Then you can restore that backup to the target disk. Such a restore replaces the entire disk image, including boot configuration data, disk layout, and all contents. As long as the drive itself is working, this is the fastest, safest, and surest way to resolve boot problems I know. You can read all about how to create and restore a Windows image backup in my story “How to make a Windows 10 or 11 image backup.”

Each of the image backup packages covered in that story can create its own bootable media, able to restore backups from some other drive (and often includes boot repair tools as well, as you’ll see in the next section). Those tools, including links to tutorials on creating them, are:

• Macrium Reflect Rescue Media
• AEOMEI Rescue Media
• EaseUs Todo WinPE Emergency Disk
• MiniTool ShadowMaker Bootable Media

If you’ve been using the Windows Backup facility in Windows 11 (see my story “A new Windows 11 backup and recovery paradigm?” for info on how to use this), you will be able to access copies of files from key folders (and more) that have changed since your most recent image backup. This provides the best of both worlds when it comes to restoration, because an image backup provides immediate access to all your installed apps and applications, while Windows Backup provides access to key recent files via OneDrive.

2. Using a third-party boot repair tool

Most image backup tools mentioned in the previous section include boot repair facilities (MiniTool relies on its free Partition Wizard for repairing Windows boot errors instead). Other notable tools include those covered in the April 2024 Lifewire story “10 Best Free Disk Partition Software Tools,” many of which include boot repair facilities as part and parcel of their partition management capabilities á la MiniTool Partition Wizard (MTPW).

Personally, I’ve used the “Fix Windows Boot Problems” item from the Macrium Rescue Media on many occasions to tackle Windows boot problems. As long as the underlying drive was still working (it can’t fix failing hardware, alas), it has always been able to restore a working Windows boot environment when asked to do so.

I’ve also used the MTPW tool on multiple occasions, and it, too, has shown itself effective. Online reports and forum threads for the other tools mentioned here and in the preceding section indicate that they also enjoy positive ratings from their users.

If you don’t have a current backup to restore, or can’t restore such a backup for some reason, try one or more of these boot repair tools before you move to the Command Prompt in WinRE, as described in the next section. They will often fix whatever ails your Windows boot environment.

3. Rebuilding Windows BCD in WinRE

In the Windows environment, Boot Configuration Data (BCD) identifies programs used to boot the OS, and related settings (configuration) data. When Windows is running, the command line tool of choice for such information is BCDedit. But when you’re running inside the Windows Recovery Environment, having booted from bootable Windows install media (or some equivalent, such as the Microsoft Diagnostics and Repair Toolkit, a.k.a. DaRT), the tool of choice is bootrec.exe because it works on BCD data for the broken Windows image (that is, the one on your system/boot disk that isn’t currently working).

To run this command, select the Command Prompt option shown in Figure 4, then type the bootrec.exe command at the command line, using one of the options described in the next paragraph.

Interestingly, Microsoft’s Bootrec.exe support files haven’t been updated since the days of Windows 7. Even so, they’re still reasonably accurate for Windows 10 and 11. The following options still work in both:

• /FixMBR: Writes a new BCD store to the system partition, without overwriting existing partition table data. This option can address boot corruption issues, especially when the boot loader can’t read or interpret available BCD info.
• /FixBoot: Writes a new boot sector to the system partition using a boot sector compatible with the OS in use. This option helps address improper or invalid BCD changes, boot sector damage or corruption, or changes imposed when installing an older OS after a newer one was installed.
• /ScanOS: Scans all disks for installations compatible with the current OS. Displays all boot sector entries it finds, including those not currently residing in the BCD store. This option is intended to pick up installations not showing in the Boot Manager menu.
• /RebuildBcd: Scans all disks for installations compatible with current OS. Allows users to select an installation to add to the BCD store. Also rebuilds the BCD store from scratch.

The most common bootrec invocation is to instruct it to rebuild the BCD store — namely:

Bootrec.exe /RebuildBCD

(Note: the .exe is optional.)

If this technique does not result in a bootable Windows, follow the instructions at the end of the Microsoft support page to export and delete the BCD store, then rebuild that store anew. This usually works.

The makers of Ventoy, a terrific bootable ISO management tool, offer a tutorial called “How to Rebuild BCD in Windows Easily.” It even includes detailed bootrec instructions, especially Section 2, “Using the Command Prompt.” It walks through an illustrated version of the same instructions found at the tail end of the aforementioned support page.

You can learn a lot about the way that bootrec.exe actually works by digging into Microsoft’s detailed (and better documented) BCDedit command reference info (see also BCDedit Command-Line Options). Hopefully, you’ll have an image backup of your problem drive handy so you can always restore same should command-line repairs go off the rails.

Getting past the finish line

Ultimately, you’ll find yourself in one of two places. First and best, you’ll restore Windows to working order, including a proper boot. Second and less favorably, you’ll be stuck going nowhere with no boot in sight.

Should this happen, you’ll have to decide whether or not you want to scrub the existing Windows installation and start over. (In the most dire circumstances, this could mean replacing the boot/system drive that simply won’t boot despite all efforts to fix it.) On the other hand, it may be time to consider taking the PC into the shop to get on a professional bench for repair or replacement as their findings dictate.

In my 30-plus years of working with Windows, drive failure has come up twice. In both cases, the drive that wouldn’t boot wasn’t working and needed replacement. If this is a task you can comfortably handle (it’s something I routinely take care of for my fleet of 12-20 PCs), it’s neither terribly difficult nor time-consuming.

And again: if you have a recent backup, you can usually restore that to a new drive the same way you would work with the existing one. Remember: where there’s a will, there’s a way. Good luck!

The U.S. Department of Justice (DoJ) said it seized two internet domains and searched nearly 1,000 social media accounts that Russian threat actors allegedly used to covertly spread pro-Kremlin disinformation in the country and abroad on a large scale. "The social media bot farm used elements of AI to create fictitious social media profiles — often purporting to belong to individuals in the

The U.S. Department of Justice (DoJ) said it seized two internet domains and searched nearly 1,000 social media accounts that Russian threat actors allegedly used to covertly spread pro-Kremlin disinformation in the country and abroad on a large scale. "The social media bot farm used elements of AI to create fictitious social media profiles — often purporting to belong to individuals in the Newsroomhttp://www.blogger.com/profile/[email protected]

Unified endpoint management (UEM) describes a set of technologies used to secure and manage a wide range of employee devices and operating systems — all from a single console.

Seen as the next generation of mobility software, UEM tools incorporate several existing enterprise mobility management (EMM) technologies — including mobile device management (MDM) and mobile application management (MAM) — with some of the tools used to secure desktop PCs and laptops.

[ Download our editors’ PDF unified endpoint management (UEM) enterprise buyer’s guide today! And download our handy PDF UEM vendors comparison chart.]

“UEM in theory ties this all together and gives you that proverbial one pane of glass, so you can see the state of all of your endpoints,” said Phil Hochmuth, program vice president at IDC. “It gives you visibility into what people are doing with corporate data, corporate apps, on any conceivable type of device.”

The ability to manage various device types in one place is increasingly important as businesses face a growing cybersecurity threat, said Tom Cipolla, senior director analyst at Gartner. “We need to patch faster; everybody acknowledges that,” he said. “UEM gives people a consolidated view into their environment and a consolidated patching and configuration management approach.”

The evolution of mobile management: MDM, MAM, and more

At its core, UEM consists of several device management technologies that emerged to help businesses control employee mobile devices. The first iteration of such tools was MDM, which arrived about a decade ago.

Introduced in response to the initial wave of smartphones used in the workplace, MDM was designed to help IT centrally provision, configure, and manage mobile devices that had access to corporate systems and data. Common MDM features included security configuration and policy enforcement, data encryption, remote device wipe and lock, and location tracking.

However, as employee bring-your-own-device (BYOD) schemes became more prevalent in the office — driven first by the iPhone’s popularity, later by the growth of Android — vendors began to offer more targeted management of apps and data. MAM capabilities delivered more granular controls, focusing on software rather than the device itself; features include app wrapping and containerization, and the ability to block copy/paste or restrict which apps can open certain files.

MAM features were soon packaged with MDM and other tools, such as mobile identity management and mobile information management, and sold as comprehensive enterprise mobility management (EMM) product suites. Those suites led to the next stage in the evolution of device management: UEM.

What is UEM?

UEM merges the various facets of EMM suites with functionality typically found in client management tools (CMT) used to manage desktop PCs and laptops on a corporate network. One example is Microsoft’s Intune, which combined its MDM/MAM platform with Configuration Manager (formerly System Center Configuration Manager) in 2019.

UEM platforms tend to have comprehensive operating system support, including mobile (Android, iOS) and desktop OSes (Windows 11, macOS, ChromeOS, and, in some cases, Linux). Some UEM products support more esoteric categories too, including IoT devices, AR/VR headsets, and smartwatches.

Unlike traditional CMT products, UEM tends to be available as a software-as-a-service, cloud-based tool, allowing management and updates of devices such as desktop PCs without connection to a corporate network. 

The emergence of UEM has been partly driven by the inclusion of API-based configuration and management protocols within Windows and macOS, enabling the same level of device management that was already possible with iOS and Android devices.

It speaks to a wider development, too, of the convergence of mobile and traditional computing devices, with high-end tablets often on par with laptops in terms of processing power. “You have a real blurring of the lines between what is mobile computing and what is traditional endpoint computing,” said Hochmuth.

Why invest in UEM tools?

All of these devices — mobile, desktop, Windows, Mac, in the office and remote — require a unified approach to end user device management, an approach that can provide a variety of benefits, say analysts.

Among these is the opportunity for simplified and centralized management. In short, it’s more efficient for one team to provision and manage all devices from a single tool, rather than have separate support teams and tools that were traditionally divided between mobile and Windows or macOS computers. 

“If you have a separate software product or management platform for four different operating systems, that can be cumbersome and expensive,” said IDC’s Hochmuth. “Converging down to one or two is a goal for a lot of organizations.”

UEM products can reduce manual work for IT, with the ability to create a single policy — such as requiring device encryption — that can be deployed to many devices and operating systems. The same goes for patching.  

By ensuring consistent policies across apps, devices and data, UEM tools can reduce risk, with less complexity and fewer opportunities to misconfigure policies. 

There are cost benefits in replacing separate PC and mobile management applications too. “Getting rid of one software platform and all the licensing associated with that is a cost saving. That’s not the primary driver, but it’s definitely a reason to explore UEM,” said Hochmuth. 

The UEM vendor market

The global market for unified endpoint management software is forecast to grow from $5.9 billion in 2023 to $8.9 billion in 2028, according to IDC data. The rate of yearly growth is set to slow, however, from around 16% to 6% during this period. 

There are a variety of vendors, from big-name firms to smaller, more targeted companies. Microsoft (Intune) and VMware/Broadcom (Workspace One) are often considered the UEM market leaders with the broadest offerings and largest market share by revenue. BlackBerry UEM, Citrix Meraki Systems Manager, IBM MaaS360, ManageEngine, Cisco, and Ivanti UEM are also popular products.

“All these companies have roles or verticals or use cases that they address specifically,” said Hochmuth. For instance, BlackBerry is often viewed as strong in regulated markets, such as finance or healthcare, due its focus on encryption, while Microsoft has a more of a “horizontal” product with general business use cases.  

Among the vendors that have taken a more specialized approach is Jamf, which is focused purely on Apple devices running everything from macOS to tvOS, and SOTI, whose products are tailored to certain industries, such as warehouse workers with ruggedized mobile devices.

UEM reaches mainstream adoption

Gartner defines UEM as being “a late-stage maturity market,” meaning “widespread adoption has already occurred,” said Cipolla. 

IDC data indicates that around two-thirds of US businesses have now deployed a UEM tool. That doesn’t mean most organizations will use a single UEM platform, however. 

Among those that have deployed UEM, around 70% have two or more  management products in place, said Hochmuth.   For example, an organization might have one tool to manage certain Windows devices, another for both mobile and macOS devices, and then a legacy PC management tool still in use for another set of Windows devices. “The norm is more the mixed type of organizations that have different tools and multiple UEMs,” said Hochmuth, though the trend in recent years has been towards consolidation of these tools.

What’s on the horizon for UEM? AI and autonomous endpoint management 

An ongoing trend related to UEM is the rise of digital employee experience (DEX) software. DEX tools can provide IT with data and insights into how employees interact with devices and applications, with the ability to measure usage and highlight performance problems. “That’s a growth area that all the UEM vendors are pushing into,” said Hochmuth.

Also coming to UEM tools: the integration of artificial intelligence (AI). “This space in particular, is incredibly ripe for help from an AI product,” said Hochmuth. 

AI could help manage a longtime challenge for endpoint management — scale. That’s because the wide range of devices, vulnerabilities, and configurations that have to be managed.

“The pure amount of data given off by thousands of devices running different operating systems, it’s super chaotic,” said Hochmuth. “That’s a perfect use case for an AI tool that could sift through data, help you find information you need, or even more importantly, automate a lot of the manual patching, updating, configuration – the reactionary type things that people in IT ops do. Anticipating when someone might need a fix before something breaks: AI could really help with that.”

Gartner’s Cipolla points to the emergence of autonomous endpoint management (AEM), a term that describes the combination of UEM and DEX, with additional automation and AI-assistance capabilities. “The idea is to take the human out of the middle doing the research and the leg work, and put them in control of the automation,” said Cipolla.

Several UEM vendors have already begun to incorporate AEM-like functionality into their software, said Cipolla. But it’s still early for the technology, meaning it will likely be at least a couple of years before AEM tools become more fully developed and more widely used by organizations. “It’s not a product yet, it’s a future idea, it’s a concept. As the vendors work on their ideas, it becomes a market,” he said. 

As Apple faces continued waves of regulation, Apple Pay is about to open up in Europe, allowing rival payment services to gain access to the NFC chips inside iPhones to enable one-click payments.

The motivation behind forcing Apple to open up is to stimulate competition in the mobile payments space. It should enable rival services to offer mobile payments and settles a long-running dispute between Apple and the European Commission. 

What this means to Apple Pay

Under the arrangements, Apple will allow third-party wallet providers access to the NFC chip inside iOS devices without requiring them to use Apple Pay or Apple Wallet. It means rivals can now compete directly with the Apple service, and in theory means customers can choose a payment system they prefer. This relies on an extensive number of commitments, captured in a 36-page document published today.

What Europe says

“From now on, competitors will be able to effectively compete with Apple Pay for mobile payments with the iPhone in shops,” Margrethe Vestager, executive vice president in charge of competition policy, said in a statement. “So, consumers will have a wider range of safe and innovative mobile wallets to choose from.”

EC authorities have put some steel around the agreements. They will by law remain in force for 10 years and apply throughout the EEA. “Their implementation will be monitored by a monitoring trustee appointed by Apple who will report to the Commission for the same time period,” the European Commission said.

In the event Apple fails to keep its commitments, it faces a fine of up to 10% of its total annual turnover without having to find an infringement of EU antitrust rules, or a “periodic penalty” payment of 5% per day of its daily turnover for every day of non-compliance.

How will it work?

A look at the 36-page agreement suggests how the new system will work. First, developers of payment systems will need to obtain entitlements to access a series of APIs Apple will make available to support rival payment systems, but only those operating in the European Economic Area. 

The company will also work to support evolving standards; developers will be subject to developer fees, but no fees related to the use of the NFC system. That sounds like Apple will not receive a cut of payments made.

For consumers, it will be possible to choose a preferred payment system (including Apple Pay) with a new section in Settings. The iPhone will also maintain a register of installed payment apps that want NFC access, and you’ll be able to select which one to use, rather like rifling through payment cards in your real wallet.

You’ll also be able to use Apple Pay on Apple Watch and choose another system for your phone.

What about disputes?

If a developer/payment provider thinks they aren’t getting fair treatment from Apple, they will be able to submit a written complaint to the monitoring trustee. Appointed and reimbursed by Apple and approved by the European Commission, the trustee will be an independent party who monitors the company’s compliance to the agreement.

The trustee may recruit a support team of up to three advisors, and there are strict controls in place to prevent trustees running off to work for Apple or its competitors within a certain time frame. There will also be an Appeal Board to adjudicate in the event a dispute requires independent oversight. 

What about the DMA?

Apple’s decision to reach a constructive settlement concerning Apple Pay in Europe could yet turn out to be a harbinger of similar future détente regarding Europe’s Digital Markets Act. While recent statements from Vestager suggest she has little empathy for Apple’s arguments, the company has already revised some of the arrangements it proposed to bring its business practises into line with the DMA or similar rules looming in other nations.

There’s no reason to think it won’t continue to reach a constructive, if unenthusiastic, dialogue. It does remain open to question whether the agreements will go far enough for Europe or for some of the company’s loudest critics. 

But for the next decade, at least, you’ll be able to use whatever payment system you like across the European bloc as easily as you may already use Apple Pay.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

More by Jonny Evans:

• Will Apple stop at Messages via Satellite?
• MacStadium brings Orka Desktop for Devops
• Apple removes VPN apps in Russia; here’s what to do next

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover. "Missing authentication

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover. "Missing authentication Newsroomhttp://www.blogger.com/profile/[email protected]

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply Newsroomhttp://www.blogger.com/profile/[email protected]