Systems administrators have been used to managing fleets of desktops for decades now. The tools available for monitoring office desktops have become very sophisticated, enabling all of those machines to be managed centrally. But then laptops came along and the staff wanted to access the server through mobile devices when they were out in the field – requiring different systems management services.
The operating methods of connections from mobile devices are different from the system procedures for desktop connections.
Laptops, smartphones, and tablets require different security procedures because they can be taken out of the office building. They can be lost or stolen much more easily than desktop computers. They need to be tracked and wiped remotely when mislaid.
All of the special requirements of mobile devices meant that separate software was developed to manage their connections. This later development of mobile device management systems meant that systems administrators got used to deploying separate monitoring and management tools for mobile devices while carrying on with familiar systems for desktop management.
Here is our list of the seven best Unified Endpoint Management tools:
- N-able N-central EDITOR’S CHOICE A complete remote monitoring and management platform that is suitable for centralized system management by IT departments or Managed Service Providers. Start 30-day free trial.
- ManageEngine Desktop Central (FREE TRIAL) A monitoring, management, and security package for endpoints that includes special tools for managing mobile devices. It installs on Windows Server or cloud platforms.
- Syxsense Manage (FREE TRIAL) An endpoint management system that includes asset inventory management for hardware and software and covers desktops, servers, and IoT devices. This is a cloud-based service.
- BlackBerry UEM A suite of tools to manage desktops, mobile devices, and IoT devices. It is available for installation on Windows Server or as a SaaS platform.
- Citrix Endpoint Management A virtualization-linked UEM solution that enables devices and user profiles to be managed separately.
- VMWare Workspace ONE A user-focused virtual desktop system that enables all endpoints to be managed centrally.
- Cisco Meraki A cloud-based endpoint management system that can enroll home-based desktops and mobile devices as well as office equipment.
The evolution of endpoint management
Unified endpoint management puts an end to switching between monitoring tools in order to manage all of the devices that a business’s employees use to access the network and servers. In recent years, IoT devices have come onto the scene – especially in the field of security cameras. Any device that contains a processor and is connected to the internet creates potential security problems.
All devices need to be patched and protected from hackers. The traffic crossing a network needs to be identified by the endpoint, no matter what type of device that endpoint is. Therefore, it is increasingly necessary to centralize the monitoring and management of all types of devices that a business employs. This need has created a market for unified endpoint management.
About unified endpoint management
Unified endpoint management integrates all of the special extra functions needed for mobile devices into network and endpoint management systems.
Unified Endpoint Management (UEM) is a bit of a misnomer because one of the key aspects that anyone needs from UEM is monitoring. So, it should really be called UEMM. A typical UEM system is able to integrate with network monitoring software. The system should enable all management and maintenance actions for all of the devices owned by a company to be performed from one central location.
A UEM should provide the ability to set up devices with a suite of software. It should allow the user to create profiles that include software bundles suitable for each job description and it should also manage user access rights to both devices and software.
Despite the unity of UEM, there are always going to be different administration needs for different types of devices. So, UEMs usually have different screens for different device types. For example, device tracking won’t be available for desktop computers. So, rather than treating all devices as equal, a UEM provides all of the functions needed to monitor and manage all devices within one dashboard – albeit across several screens.
Recommended UEM systems
A recent trend in the provision of system monitoring tools is to move them out to the cloud and deliver them on the Software-as-a-Service model (SaaS). Given that mobile devices could be anywhere in the world, it makes sense that the monitoring and management tool should work equally well no matter where the server that runs it is located.
Cloud-based UEMs are very good a providing centralized infrastructure management for multiple sites. Extending the logic of that capability, these tools are also very suitable for Managed Service Providers (MSPs) that need to manage multiple sites for multiple clients. So, even if a business doesn’t have many mobile devices in operation, it is a good idea to consider this monitoring and management route to future-proof the IT support team’s tools – those mobile devices will start to creep in.
The Best UEM Tools
N-central is a product of the N-able’s MSP division. This part of the system tools provider’s operations supplies monitoring and management services for managed service providers (MSPs). However, many of these systems work just as well for the IT departments of multi-site organizations. N-central is a SaaS platform that includes all of the tools that IT professionals need to support IT resources and users.
The monitoring system built into this system covers networks, servers, applications, and endpoints. As with most UEMs, it includes separate screens for the management of desktops and mobile devices. The on-site infrastructure monitoring and management services include a remote access function that enables all devices to be onboarded and set up from one central location. The service also includes a backup and restore system and patch management that covers servers and desktops.
The Mobile Device Management (MDM) feature in N-central enables standard profiles to be created that will automatically set up one or many devices for onboarding and also load all required software. For day-to-day monitoring, the N-central MDM includes a device tracker. Mobile devices that are reported as lost or stolen can be locked and wiped from the business’s HQ.
The N-central MDM provides flexible support for mobile access strategies. For example, it is possible to implement access management differently for user-owned devices and company-owned equipment. The system is able to control the permissions on devices to block a list of banned apps from being installed on them. It is also possible to disable hardware features, such as the camera. These device control features also extend to IoT devices.
The desktop and laptop services in the N-central system extend to an Endpoint Detection and Response system (EDR) to improve system security. Technicians can gain remote access to each device for the implementation of automated maintenance routines or for manual troubleshooting. These services cover devices running Windows, macOS, and Linux.
N-able N-central is a subscription service and you can access it on a 30-day free trial.
N-able N-central is our top pick for a unified endpoint management tool because it includes an excellent security system as well as comprehensive monitoring and management services for all types of endpoints. N-able N-Central has integrated EDR software provided by Bitdefender to keep all Windows, macOS, and Linux devices secure and includes tracking, locking, and wiping utilities for mobile devices. IT professionals can use N-central to support corporate IT resources and it is also designed as a tools platform for MSPs.
Get a 30-day free trial: n-able.com/products/n-central/trial
Operating system: Cloud-based
Desktop Central provides a platform for IT professionals to fully manage a company’s IT system no matter where those endpoints are. The software for this system installs on Windows Server and it is also available for installation on Azure cloud servers or an AWS account. The system can monitor endpoints that are on-premises, on remote sites, or out in the field.
ManageEngine is one of the leading providers of IT infrastructure monitoring services and Desktop Central is built on the company’s expertise in many different areas of systems management. The service starts by tracking down all devices and logging them in an inventory. It records where each device is, its operating system, and its software inventory. This is the basis for all of its IT asset management functions.
Key features in Desktop Central include configuration management, patch management, software license management, and remote access. Support technicians can use automated features in the dashboard to configure and backup devices and create standard setups for all desktop and mobile OSs. This creates the ability to set standard profiles that can be rolled out in bulk to onboard new device fleets. Each profile can also be applied individually.
Mobile device management features in the service include tracking, locking, and wiping utilities. It is also possible to blacklist apps and block facilities on each mobile device. The set-up service in the tool is part of a software management system that covers all device types, including desktops. This will keep track of licenses and install updates when they become available. Users can also onboard their own devices through a self-service portal.
Security software is available as an add-on option with Desktop Central. This module includes constant vulnerability assessments and configuration tightening. Other security tools include browser security systems, application controls, and device controls. Datastores can be secured with BitLocker.
Desktop Central is offered in four editions. The lowest of these is Free which is suitable for small businesses. The three paid versions are Professional, Enterprise, and UEM. Mobile device management is included in the UEM bundle and is available as a paid add-on in the Professional and Enterprise versions. ManageEngine offers the Enterprise edition on a 30-day free trial.
Syxsense Manage is a cloud-based endpoint management service that covers servers and desktops running Windows, Linux, or macOS. It can also supervise IoT devices. This system can unify the management of endpoints on several sites and also include the endpoints used by remote workers.
The system searches out all endpoints and logs them in an inventory. It will continue its discovery service by scanning each device, noting its operating system and all installed software. It is possible to set up a standard endpoint configuration, including a software bundle, that can be used to automatically onboard new devices.
Technician utilities in the package include a Wake-on-LAN service and a remote control system. Many of the system scanning services in the bundle are automated.
An automated patch management system in Syxsense Manage looks out for patch and update availability on the sites of the vendors of the software listed in the inventory. When one becomes available, Syxsense copies over the patch installer and will apply those patches to all relevant machines during the next available maintenance window. Storage space for patch installers and system logs is included in the price of the Syxsense Manage service. Each account gets 50GB of cloud storage space.
All of the actions performed by the endpoint manager are recorded and those logs can be accessed in a report format that is needed for compliance to PCI DSS, SOX, and HIPAA.
Syxsense Manage is a subscription service with prices starting at $600 per year for 10 devices. You can access Syxsense Manage on a 14-day free trial.
BlackBerry offers a unified endpoint management suite that covers desktops, mobile devices, and IoT equipment. The service is able to manage devices running Windows, macOS, ChromeOS, iOS, and Android.
The dashboard of the service is accessed through a standard browser even if you choose the on-site installation option. The home screen on the console lists all of your enrolled devices, no matter whether they are on-premises or mobile. The monitoring list also includes user-owned BYOD devices.
The BlackBerry Spark UEM Suite system includes software management as well as hardware tracking. The service is able to manage license availability and identify where each license is deployed. This software management service also extends to the automated rollout of updates. OS patching can also be automated through the BlackBerry Spark UEM Suite system.
Mobile defense management tools in the UEM include AI-based malware protection. The mobile security system also checks apps for malicious activity and allows the system administrator to block the installation of unauthorized software. Remote access features include tracking, locking, and wiping functions. BYOD devices can access corporate services through a portal that keeps personal and business activities separate on the device.
BlackBerry Spark UEM Suite is available as on-premises software that installs on Windows Server. BlackBerry also offers the system as a SaaS platform hosted on its own servers. There is a BlackBerry Spark UEM Suite account option in AWS as well. You can access Spark UEM Suite on a free trial.
Citric is one of the leading virtualization providers and its Endpoint Management service is a SaaS platform based on its thin-client service, called Workspace Premium. The kernel of this UEM is a virtual desktop for each company user. The hardware element is a managed system that acts as an agent for the VM. So, A user can log in on any desktop and get access to the same environment.
The Citrix Endpoint Management system includes asset management. Devices running Windows, macOS, Chrome OS, Android, and iOS can be enrolled into the system. Once a device is registered, the management service keeps its operating system patched. Everything else on the device is virtual.
The software requirements of each type of user get set up on a central server and then made available as a VM. When a new user get registered in the system, a VM copy gets allocated to that account by linking it to a profile.
On mobile devices, access to corporate services is managed through a portal app. This makes wiping very easy if a device gets lost or stolen – the administrator just blocks access to the service from that device. Onboarding devices just requires the user to install the portal app. This means that switching to a replacement device is a very quick process and it also makes BYOD access a straightforward process.
VMWare is a major rival to Citrix in the virtualization market and it offers a UEM that is very similar to Citrix Endpoint Management. VMWare Workspace ONE works through a virtual desktop system that grants each user access to a virtual desktop that can be accessed from any company device. The desktop version of the user’s worktop applies to computers running Windows and macOS.
Mobile devices running iOS and Android get access to a virtual desktop through a portal app. The app can easily be installed on user-owned devices, keeping business and private usage of the device separate. That mobile access can be easily revoked in the case of lost or stolen devices. The user then just needs to install the corporate app and log in to get access resumed.
Each supported desktop device needs to be enrolled in the system with agent software that can be installed remotely. Workspace ONE keeps the operating systems of those devices up to date but all other functions that users access on each desktop are really held on a central server and accessed over the network. Centralizing the hosting of software makes license management and updating a very straightforward process.
Cisco Meraki is able to extend the BYOD concept out to the desktops used by remote workers in their own homes. Meraki covers desktops, laptops, smartphones, and tablets. It includes software license management and patch management as well as IT asset management functions.
This is a SaaS platform, so you don’t need to install and maintain the Meraki software on your own servers. The console can be accessed from anywhere through any browser or a Meraki console app. The delivery of a user environment is based on containerization. That is, each user gets access to a desktop or an app locker for the device, according to its type. This ensures that each user environment is consistent across devices and it also prevents company data from being accessed by others outside of the containing application.
The containerized solution makes it easy to control which apps can access corporate resources from outside the building and wiping the phone through remote processes isn’t necessary because the systems administrator just needs to blacklist a lost or stolen device.
Cisco offers a 14-day free trial of Meraki.
Choosing a Unified Endpoint Management Tool
When examining the market for UEM tools, we focused on SaaS systems. Cloud-based services charge for their software by subscription and include all supporting hardware and services, so they are very easy to afford – there are no upfront costs involved in acquiring the system.