Agregátor RSS

Unified endpoint management (UEM) describes a set of technologies used to secure and manage a wide range of employee devices and operating systems — all from a single console.

Seen as the next generation of mobility software, UEM tools incorporate several existing enterprise mobility management (EMM) technologies — including mobile device management (MDM) and mobile application management (MAM) — with some of the tools used to secure desktop PCs and laptops.

[ Download our editors’ PDF unified endpoint management (UEM) enterprise buyer’s guide today! And download our handy PDF UEM vendors comparison chart.]

“UEM in theory ties this all together and gives you that proverbial one pane of glass, so you can see the state of all of your endpoints,” said Phil Hochmuth, program vice president at IDC. “It gives you visibility into what people are doing with corporate data, corporate apps, on any conceivable type of device.”

The ability to manage various device types in one place is increasingly important as businesses face a growing cybersecurity threat, said Tom Cipolla, senior director analyst at Gartner. “We need to patch faster; everybody acknowledges that,” he said. “UEM gives people a consolidated view into their environment and a consolidated patching and configuration management approach.”

The evolution of mobile management: MDM, MAM, and more

At its core, UEM consists of several device management technologies that emerged to help businesses control employee mobile devices. The first iteration of such tools was MDM, which arrived about a decade ago.

Introduced in response to the initial wave of smartphones used in the workplace, MDM was designed to help IT centrally provision, configure, and manage mobile devices that had access to corporate systems and data. Common MDM features included security configuration and policy enforcement, data encryption, remote device wipe and lock, and location tracking.

However, as employee bring-your-own-device (BYOD) schemes became more prevalent in the office — driven first by the iPhone’s popularity, later by the growth of Android — vendors began to offer more targeted management of apps and data. MAM capabilities delivered more granular controls, focusing on software rather than the device itself; features include app wrapping and containerization, and the ability to block copy/paste or restrict which apps can open certain files.

MAM features were soon packaged with MDM and other tools, such as mobile identity management and mobile information management, and sold as comprehensive enterprise mobility management (EMM) product suites. Those suites led to the next stage in the evolution of device management: UEM.

What is UEM?

UEM merges the various facets of EMM suites with functionality typically found in client management tools (CMT) used to manage desktop PCs and laptops on a corporate network. One example is Microsoft’s Intune, which combined its MDM/MAM platform with Configuration Manager (formerly System Center Configuration Manager) in 2019.

UEM platforms tend to have comprehensive operating system support, including mobile (Android, iOS) and desktop OSes (Windows 11, macOS, ChromeOS, and, in some cases, Linux). Some UEM products support more esoteric categories too, including IoT devices, AR/VR headsets, and smartwatches.

Unlike traditional CMT products, UEM tends to be available as a software-as-a-service, cloud-based tool, allowing management and updates of devices such as desktop PCs without connection to a corporate network. 

The emergence of UEM has been partly driven by the inclusion of API-based configuration and management protocols within Windows and macOS, enabling the same level of device management that was already possible with iOS and Android devices.

It speaks to a wider development, too, of the convergence of mobile and traditional computing devices, with high-end tablets often on par with laptops in terms of processing power. “You have a real blurring of the lines between what is mobile computing and what is traditional endpoint computing,” said Hochmuth.

Why invest in UEM tools?

All of these devices — mobile, desktop, Windows, Mac, in the office and remote — require a unified approach to end user device management, an approach that can provide a variety of benefits, say analysts.

Among these is the opportunity for simplified and centralized management. In short, it’s more efficient for one team to provision and manage all devices from a single tool, rather than have separate support teams and tools that were traditionally divided between mobile and Windows or macOS computers. 

“If you have a separate software product or management platform for four different operating systems, that can be cumbersome and expensive,” said IDC’s Hochmuth. “Converging down to one or two is a goal for a lot of organizations.”

UEM products can reduce manual work for IT, with the ability to create a single policy — such as requiring device encryption — that can be deployed to many devices and operating systems. The same goes for patching.  

By ensuring consistent policies across apps, devices and data, UEM tools can reduce risk, with less complexity and fewer opportunities to misconfigure policies. 

There are cost benefits in replacing separate PC and mobile management applications too. “Getting rid of one software platform and all the licensing associated with that is a cost saving. That’s not the primary driver, but it’s definitely a reason to explore UEM,” said Hochmuth. 

The UEM vendor market

The global market for unified endpoint management software is forecast to grow from $5.9 billion in 2023 to $8.9 billion in 2028, according to IDC data. The rate of yearly growth is set to slow, however, from around 16% to 6% during this period. 

There are a variety of vendors, from big-name firms to smaller, more targeted companies. Microsoft (Intune) and VMware/Broadcom (Workspace One) are often considered the UEM market leaders with the broadest offerings and largest market share by revenue. BlackBerry UEM, Citrix Meraki Systems Manager, IBM MaaS360, ManageEngine, Cisco, and Ivanti UEM are also popular products.

“All these companies have roles or verticals or use cases that they address specifically,” said Hochmuth. For instance, BlackBerry is often viewed as strong in regulated markets, such as finance or healthcare, due its focus on encryption, while Microsoft has a more of a “horizontal” product with general business use cases.  

Among the vendors that have taken a more specialized approach is Jamf, which is focused purely on Apple devices running everything from macOS to tvOS, and SOTI, whose products are tailored to certain industries, such as warehouse workers with ruggedized mobile devices.

UEM reaches mainstream adoption

Gartner defines UEM as being “a late-stage maturity market,” meaning “widespread adoption has already occurred,” said Cipolla. 

IDC data indicates that around two-thirds of US businesses have now deployed a UEM tool. That doesn’t mean most organizations will use a single UEM platform, however. 

Among those that have deployed UEM, around 70% have two or more  management products in place, said Hochmuth.   For example, an organization might have one tool to manage certain Windows devices, another for both mobile and macOS devices, and then a legacy PC management tool still in use for another set of Windows devices. “The norm is more the mixed type of organizations that have different tools and multiple UEMs,” said Hochmuth, though the trend in recent years has been towards consolidation of these tools.

What’s on the horizon for UEM? AI and autonomous endpoint management 

An ongoing trend related to UEM is the rise of digital employee experience (DEX) software. DEX tools can provide IT with data and insights into how employees interact with devices and applications, with the ability to measure usage and highlight performance problems. “That’s a growth area that all the UEM vendors are pushing into,” said Hochmuth.

Also coming to UEM tools: the integration of artificial intelligence (AI). “This space in particular, is incredibly ripe for help from an AI product,” said Hochmuth. 

AI could help manage a longtime challenge for endpoint management — scale. That’s because the wide range of devices, vulnerabilities, and configurations that have to be managed.

“The pure amount of data given off by thousands of devices running different operating systems, it’s super chaotic,” said Hochmuth. “That’s a perfect use case for an AI tool that could sift through data, help you find information you need, or even more importantly, automate a lot of the manual patching, updating, configuration – the reactionary type things that people in IT ops do. Anticipating when someone might need a fix before something breaks: AI could really help with that.”

Gartner’s Cipolla points to the emergence of autonomous endpoint management (AEM), a term that describes the combination of UEM and DEX, with additional automation and AI-assistance capabilities. “The idea is to take the human out of the middle doing the research and the leg work, and put them in control of the automation,” said Cipolla.

Several UEM vendors have already begun to incorporate AEM-like functionality into their software, said Cipolla. But it’s still early for the technology, meaning it will likely be at least a couple of years before AEM tools become more fully developed and more widely used by organizations. “It’s not a product yet, it’s a future idea, it’s a concept. As the vendors work on their ideas, it becomes a market,” he said. 

Aktivistický technologický kolektiv NoLog.cz spustil 7 nových služeb: anon.nolog.cz - NoLog identita, talk.nolog.cz - videokonferenční systém OpenTalk, vault.nolog.cz - bezpečný správce hesel pro jednotlivce a skupiny, search.nolog.cz - anonymní vyhledávač, kdy.nolog.cz - snadné domlouvání společných termínů, md.nolog.cz - editor pro společnou práci na textech ve formátu Markdown a nolog.chat - šifrovaný chat pro jednotlivce a skupiny.

Když v americkém městě SeaTac přišli s nápadem nahradit tradiční ohňostroj u příležitosti Dne nezávislosti světelnou show s drony, nikoho ani nenapadlo, jakou pozornost to vyvolá v médiích a na sociálních sítích. Namísto okouzlujícího představení precizně synchronizovaných 200 kvadrokoptér totiž ...

Mapy.cz neslouží jen k zobrazení podkladů a plánování tras • Nabízejí celou řadu dalších praktických funkcí a možností • Vybrali jsme 16 tipů a triků, o kterých možná nevíte

As Apple faces continued waves of regulation, Apple Pay is about to open up in Europe, allowing rival payment services to gain access to the NFC chips inside iPhones to enable one-click payments.

The motivation behind forcing Apple to open up is to stimulate competition in the mobile payments space. It should enable rival services to offer mobile payments and settles a long-running dispute between Apple and the European Commission. 

What this means to Apple Pay

Under the arrangements, Apple will allow third-party wallet providers access to the NFC chip inside iOS devices without requiring them to use Apple Pay or Apple Wallet. It means rivals can now compete directly with the Apple service, and in theory means customers can choose a payment system they prefer. This relies on an extensive number of commitments, captured in a 36-page document published today.

What Europe says

“From now on, competitors will be able to effectively compete with Apple Pay for mobile payments with the iPhone in shops,” Margrethe Vestager, executive vice president in charge of competition policy, said in a statement. “So, consumers will have a wider range of safe and innovative mobile wallets to choose from.”

EC authorities have put some steel around the agreements. They will by law remain in force for 10 years and apply throughout the EEA. “Their implementation will be monitored by a monitoring trustee appointed by Apple who will report to the Commission for the same time period,” the European Commission said.

In the event Apple fails to keep its commitments, it faces a fine of up to 10% of its total annual turnover without having to find an infringement of EU antitrust rules, or a “periodic penalty” payment of 5% per day of its daily turnover for every day of non-compliance.

How will it work?

A look at the 36-page agreement suggests how the new system will work. First, developers of payment systems will need to obtain entitlements to access a series of APIs Apple will make available to support rival payment systems, but only those operating in the European Economic Area. 

The company will also work to support evolving standards; developers will be subject to developer fees, but no fees related to the use of the NFC system. That sounds like Apple will not receive a cut of payments made.

For consumers, it will be possible to choose a preferred payment system (including Apple Pay) with a new section in Settings. The iPhone will also maintain a register of installed payment apps that want NFC access, and you’ll be able to select which one to use, rather like rifling through payment cards in your real wallet.

You’ll also be able to use Apple Pay on Apple Watch and choose another system for your phone.

What about disputes?

If a developer/payment provider thinks they aren’t getting fair treatment from Apple, they will be able to submit a written complaint to the monitoring trustee. Appointed and reimbursed by Apple and approved by the European Commission, the trustee will be an independent party who monitors the company’s compliance to the agreement.

The trustee may recruit a support team of up to three advisors, and there are strict controls in place to prevent trustees running off to work for Apple or its competitors within a certain time frame. There will also be an Appeal Board to adjudicate in the event a dispute requires independent oversight. 

What about the DMA?

Apple’s decision to reach a constructive settlement concerning Apple Pay in Europe could yet turn out to be a harbinger of similar future détente regarding Europe’s Digital Markets Act. While recent statements from Vestager suggest she has little empathy for Apple’s arguments, the company has already revised some of the arrangements it proposed to bring its business practises into line with the DMA or similar rules looming in other nations.

There’s no reason to think it won’t continue to reach a constructive, if unenthusiastic, dialogue. It does remain open to question whether the agreements will go far enough for Europe or for some of the company’s loudest critics. 

But for the next decade, at least, you’ll be able to use whatever payment system you like across the European bloc as easily as you may already use Apple Pay.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

More by Jonny Evans:

• Will Apple stop at Messages via Satellite?
• MacStadium brings Orka Desktop for Devops
• Apple removes VPN apps in Russia; here’s what to do next

Podle analytiků z IDC přišlo ve druhém čtvrtletí do obchodů 64,9 milionu počítačů, o 3 % více než loni. Dodávkám stále vládně čínské Lenovo, které distribuovaly 14,7 milionu PC. V těsném závěsu je HP s 13,7 milionu a s větším odstupem tam Dell s 10,1 milionu PC. Pořadí na prvních místech se už ...

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover. "Missing authentication

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover. "Missing authentication Newsroomhttp://www.blogger.com/profile/[email protected]

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply Newsroomhttp://www.blogger.com/profile/[email protected]

Tzv. Bluetooth beacons mají spoustu užitečného využití • Zjistí blízké zařízení, pomůžou s vyhledáním toho, které jste ztratili • Bluetooth však má svůj "otisk", který je možné vysledovat...

NASA zahájila novou misi nazvanou CubeSat Radio Interferometry Experiment (CURIE), jejímž cílem je pokusit se odhalit zdroj záhadných rádiových signálů přicházejících ze Slunce. V rámci CURIE byly raketou Ariane 6 na oběžnou dráhu Země vyneseny dva cubesaty disponující 2,5 metru dlouhými anténami. ...

Letters from CISO Ethan Steiger suggest the data related to job applications

Advance Auto Parts' CISO just revealed for the first time the number of individuals affected when criminals broke into its Snowflake instance – a hefty 2.3 million.…

NethSecurity is a Linux firewall that has been gaining traction in the open-source Linux space. Its proactive approach to network management and security has set it apart.

The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk. The new variant of StealthVector – which is also referred to as DUSTPAN – has been designated DodgeBox by Zscaler ThreatLabz, which discovered the loader strain in

The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk. The new variant of StealthVector – which is also referred to as DUSTPAN – has been designated DodgeBox by Zscaler ThreatLabz, which discovered the loader strain inNewsroomhttp://www.blogger.com/profile/[email protected]

Od loňského září Firefox nabízí vlastní překladač. Oficiálně je to pořád betaverze, ale postupně se zlepšuje. Dobrá zpráva je to pro ty, kteří na první místo staví svoje soukromí, protože překládání probíhá lokálně. Firefox 128 k tomu přidává tolik potřebnou funkci – překládat už nemusíte celé ...

Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi. CISA has added this Type Confusion bug, exploited in the wild, to its Known Exploited Vulnerability Catalog . CISA has stated, "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.", underscoring the significance of this flaw for impacted organizations.