Moving toward a Unified Endpoint Management (UEM) strategy should be a major corporate goal over the next several years as mobile devices proliferate in the workspace and cloud applications replace legacy, client-based software.
Research firm Gartner predicts that 80% of worker tasks will take place on a mobile device by 2020, increasing the momentum behind UEM.
What began almost a decade ago as somewhat ham-handed mobile device management (MDM) – controlling access to enterprise smartphones and tablets often after employees signed onerous agreements – has evolved into today's enterprise mobility management (EMM), which includes mobile application management (MAM).
Now, enterprises are being pushed toward UEM, which in many ways represents a return to MDM capabilities through the use native mobile management APIs included in modern operating systems. Those APIs allow firms to manage desktops, laptops, mobile devices, and in some cases IoT devices, via a single console. And UEM is meant to be operating system-agnostic.
Accoridng to Chris Silva, vice president of research for mobile, endpoint and wearable devices at Gartner, about 30% of enterprises are either actively using UEM already or are beginning to "cross the bridge" from old management to modern management techniques.
Many companies that have already deployed UEM backed into it. They updated Office 365 and started looking at their other apps and decided to start using SaaS applications; or they deployed a BYOD strategy for mobile devices; or they began allowing Macs into their typically Windows environment.
"These confluence of events sort of landed them in a place where they're saying, 'Hey, look now. We have modern management tools that will support any end point and all our apps are consumable on whatever device somebody wants,'" Silva said. "These are the companies who bit the bullet early and arrived at UEM ahead of schedule."
UEM has yet to be widely adopted because not all companies have upgraded their Windows desktops and laptops (and Windows 32-bit apps on them) to modern OSes that support mobile device management, according to Nicholas McQuire, vice president of enterprise research at CCS Insight. That said, enterprises are preparing to adopt UEM en masse, McQuire said.
Gartner's magic quadrant for UEM vendors as of June, 2018.
Eighty-seven percent of 400 mobile technology decision-makers surveyed by CCS in the U.S. and four European countries indicated their desktop and mobile operations will converge into a single team and strategy within three years; 61% expect to do so within a year or two. Research firm IDC agreed. It believes the majority of enterprises will go down the UEM road in some fashion in the next three to five years.
"So, they are en route to UEM – but it will take a bit of time," McQuire said.
What to do now
Seventy-percent of companies that have deployed an MDM strategy have done so via a cloud service, according to Bryan Taylor, research director on Gartner's Mobile, Endpoint and Wearables Computing team.
The average MDM contract is three years, and most of those MDM services now include UEM products that support the management of both PCs and Macs in addition to mobile devices. But the vast majority of enterprises are not even close to managing all end points from one console, Taylor said.
One of the most important, and sometimes overlooked, actions enterprises can do now to get ready for UEM is align their IT organization prior to a rollout, according to Phil Hochmuth, IDC's program director for Enterprise Mobility. That means combining PC and Mac, mobile and laptop management teams into a single end-user computing IT organization. Doing so helps set the stage for unified management tools, Hochmuth said.
Traditional ways to manage endpoints.
"The biggest mistake an IT team can make is to be in a position where they have to react organizationally to how a new software platform works - i.e., putting in UEM before reconstructing the IT organization," Hochmuth said via email.
Figure out what tools are now used to manage desktops
Enterprises should get a sense of the processes and tools now being used to build and manage desktops. If you're heavily dependent on building an image – and there's no ability to use the version of Windows that comes with a PC from the factory – understand why that's the case.
"You need to answer that question because until you can move from traditional image-based PC deployments, you can't even consider UEM," Silva said.
Companies also need to inventory apps and figure out what percentage of employees use them. Expect there will be a small percentage of apps that are extremely important that can't migrate to your new UEM management strategy. So organizations need to ask how they'll handle those applications. Do you replace them? Do you virtualize them? "The process to do that could be 18 months; it could be 24 months," Silva said.
Figure out what tools are used to manage mobile devices?
It's highly likely your mobile management tools will also be able to manage PCs and Macs. But not all of them can.
After solving organizational issues, getting apps modernized and figuring out how you're going to change the desktop deployment process, you have to determine if you have a tool you can use to start testing UEM. If not, do you have a stripped down MDM tool, such as the one that comes with Office 365? If even that option is a no-go, you'll have to consider investing in tools such as Microsoft's Intune, AirWatch's (VMware) Workspace One or MobileIron to begin piloting and testing UEM.
Other UEM vendors include Blackberry, IBM, and Ivanti.
Gartner looks at the evolution of endpoint management.
In particular, AirWatch's Workspace One has been a standout in the capabilities it offers, particularly enabling enterprises to bridge the gap between traditional client management software, such as System Center Configuration Manager (SCCM) or LANDESK, and modern UEM tools, Gartner's Taylor said.
Intune and AirWatch both have a larger set of features and functionality geared toward helping companies through the transition to modern management.
"Anyone who is making an investment in mobile management or end-point management tech today should be thinking about a three-year horizon in buying a tool that's going to do UEM, even if UEM isn't even on the table right now," Silva said. "Because in three years time, that's when that contract comes up for renewal.
"We don't know what the future looks like for OSes, but maybe your organization by that time is embracing Chromebooks or Macs. Now you're using devices, like in the case of a Chromebook, that can only be managed with UEM," Silva continued. "Then you'll be left scrambling trying to find a tool, test it to figure out if it's the tool you want, get the contract in place, all the while [as] the number of devices that need management [pile] up."
There are other UEM precursor problems.
Prepare for pushback
Globally, there are more than 300 million PCs currently running pre-2014 OSes, though companies are modernizing desktops quickly because some of the biggest cyberattacks recently hit legacy PC platforms the hardest, McQuire said. As enterprises upgrade to modern platforms, such as Windows 10, UEM becomes more a part of the long-term planning.
The presence of so many legacy PC applications that are incompatible with modern operating systems or UEM platforms has kept companies from moving to UEM.
As a first step, the IT shop should assess application compatibility – and soon. That won't be easy, as there are more than five million Win32 applications in businesses; the average large company has over 2,000. And 90% of those applications are line-of-business tools often owned and funded by the business unit – not the IT department.
"IT has a change management and cat herding exercise in getting the applications migrated to UEM because of these," McQuire said. "The biggest pitfalls to avoid are the change management issues, so ensure you have a partner who can help with all the elements of the migration to UEM across desktop and mobile."
Currently, legacy apps and the desktop environment have been the biggest impacts on UEM rollouts. "In some cases, we have seen 75% of the cost of UEM projects owing to change management. This is a big people-and-processes challenge as opposed to technology," McQuire said.
Enterprise desktop operations often use client management tools, and IT people have built their careers on those legacy tools, such as Microsoft's ConfigMgr [System Center Configuration Manager] tool, which just is now 25 years old.
The prospect of throwing all that out and replacing it with UEM has many IT teams in a panic, Silva explained.
IT workers are worried about job security because they haven't been cross-trained on UEM tools. Thus, many of them are pushing back, saying the UEM tools aren't robust enough to manage critical assets.
"So, there's political push back, a skills gap and a general distrust of the new technology that the CIO and head of desktop operations have to cut through," Silva said. "When I talk to clients now, they're doing that now – but they're having a hard time showing them ...the future and getting them on board."
Proceed with deliberate speed (don't rush)
While it is imperative to think about UEM, build a timeline for the move and start getting familar with the tools, companies are not yet up against a wall. You don't have to jump on UEM for another three or more years, Silva said.
The sheer complexity of doing an app refresh, and the arduous task and cost of retraining staff or even bringing in people with newer skills, will eat up any potential savings from the efficiency that UEM will bring in, according to Silva. "So, there's upside [to UEM], but not enough upside that this is an imperative they need to do right now," he said.
And, it's likely you already have some UEM tools at your disposal to pilot.
Microsoft has consolidated its Enterprise Mobility + Security (EMS) suite of products under its Azure portal, combining its Intune mobile application management tools and its Azure Active Directory (AD) and Information Protection under a single console.
So, if you buy Microsoft's EMS package, you're already getting a full client management tools to continue using right alongside Intune.
And just last month, Microsoft announced it's moving from an 18-month support window for versions of Windows 10 to a 30-month support window. In essence, IT shops were just given an additional year of breathing room to test and deploy the next version of Windows.
"So, I don't think that will have a huge impact where people will just back off UEM, but they were scrambling to get to UEM and get everything under an 18-month cycle," Silva said. "Now, that they don't have that urgency, they can push their goal of getting all end points under UEM to 2019 or even 2020."
That said, 2020 isn't that far away.