What is unified endpoint management (UEM)?
Explore IBM's UEM solution Subscribe to Security Topic Updates
Illustration with collage of pictograms of clouds, mobile phone, fingerprint, check mark
What is UEM?

UEM, or unified endpoint management, is software that enables IT and security teams to monitor, manage and secure all of an organization’s end-user devices, such as desktops and laptops, smartphones, tablets, wearables and more, in a consistent manner with a single tool, regardless of operating system or location.

UEM strengthens endpoint security by simplifying it, enabling security and IT teams to protect all endpoint devices by using one tool in one consistent way.

A relatively new technology, UEM combines the capabilities of legacy mobile management solutions, including mobile device management (MDM) and mobile application management (MAM), with those of tools used to manage on-premises and remote PCs.

Already popular for managing bring your own device (BYOD) programs and hybrid (mixed on-premises and remote) workforces, UEM's use has exploded as security and IT departments adapt to support expanded work-from-home (WFH) initiatives in the advent of the COVID-19 pandemic. 

IBM Security X-Force Threat Intelligence Index

Gain insights to prepare and respond to cyberattacks with greater speed and effectiveness with the IBM Security X-Force Threat Intelligence Index.

Related content

Register for the Cost of a Data Breach report

The evolution of UEM

UEM is the latest in a series of mobile security management tools, which are tools that emerged and evolved in response to the changing relationship between organizations, employees, mobile devices and working styles over the last two decades.

From MDM...

The first mobile devices introduced in the workplace were company-owned, and mobile device management (MDM) tools were developed to enable IT administrators to manage and secure these devices. MDM tools gave administrators total control over all features of a device. They might provision, enroll and encrypt devices, configure and control wireless access, install and manage enterprise apps, track the location of the devices, and lock and wipe a device if it was lost of stolen.

...to MAM...

MDM was an acceptable mobile management solution until smartphones became so popular that employees wanted to use their personal smartphones for work (instead of carrying both a work and a personal device). BYOD was born. And soon, employees bristled at surrendering total control of their personal phones and personal data to MDM.

A new solution, mobile application management (MAM), emerged. Instead of focusing on management control of the entire mobile device, MAM focused on app management. With MAM, administrators might take total control over corporate apps and the corporate data associated with them; they might also exercise enough control over employees’ personal apps to protect corporate data, without touching or even seeing employees’ personal data.

...to EMM...

But MAM solutions also found their limits, most of which resulted from their sheer inability to keep pace with the explosion of new apps employees might add to their iOS or Android devices. In response, vendors combined MDM, MAM and some related tools to create enterprise mobility management (EMM) suites. EMM provided the corporate data security of MDM, the superior employee experience of MAM, and management and security control over all devices used outside of the office—not only smartphones, but off-site laptops and PCs too.

...to UEM

EMM left one final endpoint management gap (and potential security vulnerability). Because it didn’t offer capabilities for managing onsite end-user devices, it required administrators to use separate tools and policies for onsite and off-site device management and security. This created more work, confusion and opportunity for error, right about the same time that more employers were trying to let more employees work from home.

UEM emerged as the solution to this problem. It combines the functions of EMM with the capabilities of client management tools (CMTs) used traditionally to manage on-premises PCs and laptops. Most UEM tools also include, integrate or interact with endpoint security tools such as antivirus and anti-malware software, web control software, user and entity behavior analytics (UEBA) solutions, integrated firewalls and more.

How UEM improves endpoint security

Using multiple endpoint management tools to manage and secure different endpoint devices in different locations results in lots of manuals and repeated work for security and IT teams, and increases the opportunity for inconsistencies, misconfigurations and errors that can leave the endpoints and the network vulnerable to attack.

UEM greatly reduces the work and the risk by creating a single, central dashboard where IT administrators and security teams can view, manage and secure every endpoint device connected to the enterprise network.

UEM tools work across all PC and mobile operating systems including Apple iOS and MacOS, Google ChromeOS and Android, Linux® and Microsoft Windows. (Some solutions might also support the BlackBerry OS and Windows phone mobile operating systems.) Many UEM solutions also support printers and other end-user IoT devices, smartwatches and other wearables, virtual reality headsets and virtual assistants to anything that an employee or business partner might use to connect to the network and get work done.

UEM is aware of all devices on the network no matter the type of connection, how often they connect, and where they connect from. It can even discover connected devices that administrators or security teams aren’t aware of, in real-time.

From this, central dashboard administrators can perform or automate critical management and security tasks for any or all devices, including:

  • Enrolling and provisioning devices: To reduce the administrative burden of BYOD, UEM solutions provide a portal where users can self-enroll and have their devices provisioned automatically. UEM also automatically enforces enrollment and provisioning for any new or unknown device attempting to connect to the network.

  • Applying and enforcing security policies: Admins can specify multi-factor authentication, password length and complexity, password renewals, data encryption methods and much more. By enabling admins to deliver consistent policies across all devices with one tool, UEM greatly reduces manual work for IT departments and security staff.

  • Pushing patches and updates: UEM can scan endpoints for software, firmware or OS vulnerabilities and automatically push patches wherever needed.

  • Controlling apps and applications: Employers can approve or prohibit use of specific apps or applications, and prevent unauthorized apps or applications from accessing enterprise data. Many UEM tools enable the creation of an app store where users can download, install and periodically update enterprise-approved apps and desktop applications.

  • Isolating corporate and personal data: This protects corporate and personal data, and provides the optimal user experience for BYOD.

  • Keeping endpoint security solutions up to date: Admins can install the latest antivirus definitions on devices, update web filters with the latest blacklisted or whitelisted websites, and even tweak firewalls to repel the latest threats.

  • Securing connections: UEM lets administrators specify the type of connection. For example, wifi, VPN, and by device, by user or even by application.

  • Identifying and remediating threats: By integrating with UEBA, endpoint detection and response (EDR) and other security technologies, UEM can help identify abnormal device behaviors that indicate ongoing or potential threats, and trigger other security tools to take action against threats.

  • Wiping and locking lost, stolen or end-of-lifecycle devices: As a last line of defense, UEM lets admins or security teams locate, wipe clean, lock and/or reset lost, stolen or retired devices, to prevent unauthorized access to the network and keep any sensitive data on the device from falling into the wrong hands. It can also reset decommissioned devices for continued personal use.

The bottom line is that for these and other tasks, UEM’s all-encompassing approach enables security and IT departments to ignore the distinctions between on- and off-site devices, mobile and desktop devices, Windows or Mac or Chrome or Linux operating systems—and focus simply on device and security management.

BYOD, work-from-home and other UEM use cases

As mentioned above, UEM evolved from the collision of changing technologies for managing and securing organizations BYOD policies, increasingly hybrid workforces, and expanding work-from-home programs. But organizations adopt UEM to support other strategic management and security initiatives, including:

Simplified regulatory compliance: Hybrid workforces can add to the complexity of demonstrating and enforcing compliance with industry and data privacy regulations. UEM solutions can help cut through that complexity.

For example, UEM enables an organization to set a single policy that ensures every device complies with the encryption requirements specified by GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act) and other data privacy regulations. UEM data isolation and application control capabilities help administrators ensure that only authorized applications or mobile apps can access highly regulated data.

Zero trust security: In a zero trust security approach, all endpoints are considered hostile by default. All entities—users, devices, accounts—are granted the least privileged access required to support their jobs or functions, and all entities must be continuously monitored and regularly reauthorized as access continues. UEM can support zero trust implementation in several ways, from simplifying the provisioning of all devices for least privileged access, to providing real-time visibility into every device connected to the network.

Supported devices
Learn how to manage multiple platforms with an AI-driven unified endpoint management. Try MaaS360 plan assessment Read the documentation
Related solutions
IBM Security® MaaS360®

Transform how you manage and protect laptops, desktops, smartphones, tablets, wearables, IoT and purpose built devices with AI-driven unified endpoint management (UEM).

Explore MaaS360
Unified endpoint management (UEM) solutions

Explore UEM solutions for all endpoint management use cases including mobile device management (MDM), enterprise mobility management (EMM), bring your own device (BYOD) and mobile security.

Explore UEM solutions
UEM for frontline workers


Transform how you manage devices, apps and data for frontline workers.

Explore UEM solutions for frontline workers
Bring your own device (BYOD) solutions

Deliver BYOD security for your mobile workforce while increasing mobile productivity, reducing costs and building employee trust.

Explore BYOD solutions
Resources Unified Endpoint Management and Security

See the future of security in this work-from-anywhere world. Learn about the new trend of convergence of endpoint security, UEM and EDR/XDR.

Advanced endpoint protection versus risk-based application patching versus laptop management

Learn about the similarities and differences between advanced endpoint protection, laptop management and risk-based application patching.

KuppingerCole Leadership Compass Report - UEM 2023

Find the solution that best fits your needs and learn what IBM offers as one of the leaders in the UEM.

MDM versus MAM: Top 5 differences

Learn more about differences between mobile device management and mobile application management, in order to make sure your mobile devices, users and data remain protected.

Forrester and IBM on how the end user redefined UEM

In this podcast, our guest Andrew Hewitt, Analyst at Forrester Research, sits down with Clint Adams and Ryan Schwartz of the IBM Security MaaS360 team to clearly define the shift from device- to user-centricity and play it from two perspectives—what organizations can expect and how end users will be impacted.

Unified Endpoint Management versus device lifecycle management: What do they have in common?

Learn about the similarities between unified endpoint management and device lifecycle management.

Take the next step

As flexible work models have become the new norm, employees must remain productive when working from anywhere on any device in a protected way. From endpoint management to native security, IBM Security MaaS360 provides an end-to-end UEM solution. 

Explore MaaS360 Book a live demo