I was touring through Switzerland and had the honor to speak at five events for a “Mobility, Workspace & Licensing” roadshow for SMB customers up to 250 employees. Before I started my presentation I have always asked the audience three questions:
- Who knows what MDM or EMM (Mobile Device Management or Enterprise Mobility Management) is?
- Have you ever heard of Unified Endpoint Management (UEM)?
- Does the name Airwatch or Workspace ONE ring any bells?
This is my thing to know which people are sitting in front of me and how deep I should or can go from a technical perspective. And I was shocked and really surprised how many people have raised their hands – only between 1 and 5 persons in average. And the event room was filled with 50 to 60 persons! I don’t know how popular EMM and UEM are in other countries, but I think this is a “Swiss thing” when you work with smaller companies. We need to make people aware that UEM is coming! 🙂
That’s why I decided to write an article about Enterprise Mobility Management and how it transformed or evolved to the term Unified Endpoint Management.
The basic idea of Mobile Device Management was to have an asset management solution which provides an overview of the smartphones (at the beginning iPhones were very popular) in a company. Enterprises were interested for example to disable Siri and ensure that corporate mobile phone devices were staying within policy guidelines. In addition, if you could lock and wipe the devices, you were all set.
However, business needs and requirements changed and suddenly employees wanted or even demanded access to applications and content. Here we are talking about features like mail client configuration, WiFi certificate configuration, content and mobile application management (MAM) and topics like containerization and identity management also became important – security in general. So, MDM and MAM were part now of Enterprise Mobility Management.
Vendors like VMware, Citrix, MobileIron and so on wanted to go further and offer the same management and configuration possibilities for operating systems like Windows or Mac OS. If I recall correctly this must have been between 2013 and 2017.
One of the biggest topics and challenges for this time were the creation of so called IT silos. There are many reasons how IT silos were built, but in the device management area it’s easy to give an example. Let’s say that you are working for an enterprise with 3’000 employees and you have to manage devices and operating systems like:
- PCs & Laptops (Windows OS)
- MacBooks or Mac OS in general
- Android & iOS devices
- Virtual apps & desktops (Windows OS)
A typical scenario – your IT is deploying Windows OS mit SCCM (Configuration Manager), Mac OS devices are not managed, IT is using JAMF or does manual work, EMM solution for iOS and Android and for the VDI or server based computing (Terminal Server) environment the responsible IT team is using different deployment and management tools. This is an example how silos got build and nowadays they prevent IT from moving at the speed of business. VMware’s UEM solution to break up those silos is called Workspace ONE UEM.
The EMM or mobility market is moving into two directions:
Today, it’s all about the digital workspace – access ANY application, from ANY cloud, from ANY device and ANYTIME.
People need app access to mobile apps, internal apps, SaaS apps and Win32 (legacy) apps. On the other hand we want to use any device, no matter if it’s a regular fat client, the laptop at home, wearables or a rugged or IoT device. If you combine “App Access” and “UEM” then you will get a new direction called “Digital Workspace”. Again, this means that Digital Workspace is just another name for the combined EUC (end-user computing) platform.
UEM is a term which has been introduced by Gartner as a replacement for the client management tool (CMT) and Enterprise Mobility Management.
Gartner defines Unified Endpoint Management as a new class of tools which function as an unified management interface – a single pane of glass. UEM should give enterprises the possibility to manage and configure iOS, Android, Mac OS and Windows 10 devices with a single unified console. With this information I would call UEM as the modern EMM.
Modern Management – Windows 10
Why is Windows 10 suddenly a topic when we talk about UEM? Well, Microsoft has put a lot efforts in their Windows 10 operating system and are providing more and more APIs that allow a richer feature set for the modern management approach – the same experience and approach VMware already has with mobile device management. Microsoft is seeking to simplify Windows 10 management and I have to say that they made a fantastic job so far!
Modern Management, if it’s with VMware Workspace ONE UEM or with a competitor’s product, is nothing else than going away from the network-based deployment to a cloud-based deployment.
Traditional means staging with SCCM for example, apply group policies, deploy software packages and perform Windows Updates on a domain-joined PC.
Modern means that we have the same out-of-the-box experience (OOBE) with our Windows 10 devices compared to an iPhone as an example. We want to unbox the device, perform a basic configuration and start consuming. By consuming I mean install all the apps I want wherever I am at the moment. If it’s a less secure network at home, at friends, on a beach, train or at the airport.
Modern also means that I receive my policies (GPOs) and basic configuration (WiFi, E-Mail, Bitlocker etc.) over-the-air across any network. And my device doesn’t need to be domain-joined (but it can). Windows Updates can also be configured and deployed directly from Microsoft or still with WSUS.
Mix Physical and Virtual Desktops with Modern Management
VMware’s vision and my understanding of modern management means that we can and should be able to manage any persistent desktop even if it’s a virtual machine. During my presentation I told the audience that they could have Windows 10 VMs in their on-premises data center, on AWS, Azure or even on a MacBook.
This use case has NOT been tested by VMware yet, but what do you think if we can manage the recently announced Windows Virtual Desktops (WVD) which are only available through Microsoft Azure? I hope to give you more information about this as soon as I have spoken to the product management.
But you see where this is going. Modern management offers us new possibilities for certain use cases and we can even easier on-board contractors or seasonal workers if no separate VDI/RDSH based solution is available.
And let’s assume that in 2018/2019 all new ordered hardware are pre-staged with a Windows 10 version we ask for. For a virtual persistent desktop this is most certainly not the case, but think again about the Windows 10 offerings from Azure where Windows 10 is also “pre-staged”.
Do we need UEM and Modern Management? Are we prepared for it?
Well, if we go by the definition of UEM then we already use Unified Endpoint Management since EMM is a part of, but just without the Windows 10 client management part. A survey in Switzerland has shown that only 50% of the companies are dealing with this topic. And to be clear: an adoption or implementation of UEM takes several years. Gartner predicts that companies have to start working with UEM within the next three to five years.
What preparation is needed to move to the new modern cloud-based management approach? There are different options depending on your current situation.
If you are running on Windows 7 and use Configuration Manager (SCCM) for the deployment, you could use Workspace ONE’s Airlift technology to build a co-management setup. But then you need to migrate first from Windows 7 to Windows 10 and use SCCM to deploy our Intelligent Hub (formerly known as Airwatch Agent). Then your good to go and could profit from a transition phase until all clients have been migrated. And in the end you can get rid of SCCM completely.
If you use another tool or manually install Windows 10, then you just need to install Intelligent Hub, enroll the device and your prepared.
But we can leverage other features and technologies like AutoPilot or Dell Factory Provisioning for Workspace ONE which are not part of this article.
Which UEM Solution for your Digital Workspace?
If you are responsible for modernizing client and device management in your company, then keep the following advice in mind. Check your requirements and define a mobility or a general IT strategy for your company. Then look out for the vendors and solutions which meet your requirements and vision. Ignore who is on the top right of the Gartner Magic Quadrant or the vendor who claims to have “the ONE” digital workspace solution. In the end you, your customers and colleagues must be happy! 🙂
In the future I will provide more information about Unified Endpoint Management and Modern Management. VMware is in the early market phase when it comes to UEM and I’m curious what’s coming within the next one or two years.
The terms “Intelligence” and “Analytics” have not been covered yet and they are very interesting because it’s about new features and technology based on artificial intelligence and machine learning. E.g. with VMware’s Workspace ONE Intelligence you have new options for “insights” and “automation”. You have data, can collect it and run it through a rules engine (automation). But this is something for another time.
Trackbacks/Pingbacks