Market Guide for Unified Endpoint Management Tools

We’re excited to offer you a complimentary copy of the Gartner® Market Guide for Unified Endpoint Management Tools, which we believe provides valuable information if you’re in the process of evaluating the UEM market.

Fifteen vendors were named as Representative Vendors in the Market Guide, and we’re proud to be among them. We believe that the insights within the Market Guide align with our own vision of where the UEM market is headed, especially regarding emerging capabilities (including risk-based patching and automated vulnerability remediation) that we offer with Ivanti Neurons.

We also believe these insights, along with our recognition as a Leader in the 2022 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools, validate our commitment to helping our customers manage and secure their network assets.

To access your complimentary copy of the Market Guide and learn more about UEM capabilities and tools, please fill in the form.

Disclaimers and attributions:

GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner, Market Guide for Unified Endpoint Management Tools, Tom Cipolla, Dan Wilson, Craig Fisler, Sunil Kumar, 19 September 2023

Unified endpoint management tools have reached mainstream adoption and have proven essential for I&O leaders to manage, secure and enable the hybrid workplace. I&O leaders responsible for digital workplace transformation should use this research to guide UEM investment and tool consolidation.

Overview

Key Findings

  • Single-operating-system (OS)-centric endpoint management platforms (as opposed to multi-OS platforms) fragment operations, which increases cybersecurity risk, inflates overall costs, requires specialized skills and creates an inconsistent digital employee experience (DEX).
  • Multiple management tools are still being used, although unified endpoint management (UEM) vendors have significantly improved in their ability to manage non-Windows operating systems, and are now capable of supporting most use cases on macOS, iOS, iPadOS, Android and Windows.
  • Mature digital workplace organizations are more likely to consolidate tools. Organizations that have consolidated their endpoint management tools to a single UEM tool scored 70% higher on the Gartner Digital Workplace Maturity Assessment than those that have not.

Recommendations

I&O leaders responsible for the digital workplace should:
  • Increase efficiency and reduce costs by consolidating siloed management tools for Windows, Linux, macOS and mobile devices into a single UEM platform.
  • Expedite value realization by selecting the best-fit platform currently available, rather than waiting for a tool that addresses all requirements. Analyze requirement gaps to determine if they can be closed by changing processes or adding supplementary tools.
  • Accelerate endpoint operations by favoring UEM platforms that provide extensive automation opportunities, DEX capabilities, risk score integration and patching prioritization capabilities.

Strategic Planning Assumption(s)

By 2027, UEM and DEX tools will converge to drive AI- and ML-infused autonomous endpoint management (AEM), reducing human effort by at least 40%.

Market Definition

Gartner defines a unified endpoint management (UEM) tool as a software-based tool that provides agent and agentless management of computers and mobile devices through a single console.

Modern UEM tools:
  • Provide a user-centric view of devices across device platforms.
  • Offer agent and/or agentless management through native Windows endpoint, macOS, Linux and Chrome OS controls.
  • Offer agentless mobile management through native Apple iOS/iPad OS and Google Android controls.
  • Aggregate telemetry and signals from identities, apps, connectivity and devices to inform policy and related actions.
  • Aggregate and analyze technology performance and employee experience data.
  • Integrate with identity, security and remote access tools to support zero-trust access and contextual authentication, vulnerability, policy, and configuration and data management.
  • Manage nontraditional devices, including Internet of Things (IoT) devices, wearables and rugged handhelds.
 
The must-have capabilities for this market include:
  • A generally available, single license product SKU.
  • Agent-based or agentless management for these operating systems: Apple iOS and iPadOS; Apple macOS; Google Android; and Microsoft Windows (endpoint versions).
  • Product must support the following core features for each of the aforementioned operating systems: device enrollment and provisioning; device configuration and policy enforcement; OS patching and update management; and application deployment.
  • Product must be able to operate as a turnkey SaaS (UEM vendor hosted and operated, not infrastructure as a service [IaaS])
 
The standard capabilities for this market include:
  • Support for the full spectrum of mobile management, including mobile device management (MDM), supervision (iOS) and fully managed (Android), and mobile application management (MAM).
  • Containerized mobile applications to protect corporate data (such as prevention of copy/paste, attachment saving and printing to nonapproved destinations).
  • Ability to erase corporate data from devices upon employee separation without having physical device access.
  • Third-party application package repository or store.
  • Enterprise app store for employee self-service.
  • Direct integration with the Microsoft Intune Graph API for app and data protection.
  • Agent-based management or prebuilt connector for CMT integration.
  • Customizable reporting and dashboarding capabilities.
  • Support for Microsoft Autopilot, Apple Business Manager, Android Zero Touch Enterprise, or similar autoenrollment and provisioning.
  • Remote viewing/control of endpoints and review of device inventory, performance and stability.
  • Configuration of PC and mobile devices for limited use by frontline or task workers or to be used as kiosks, digital signage, utility and/or a shared device.
  • Native or turnkey integration with third-party VPN devices, per-app or on-demand VPN (or similar technology) to enable secure access to company apps and data.
 
The optional capabilities for this market include:
  • Agent or agentless management, including device discovery, inventory, configuration, OS updates and patching, policy management, encryption management and software deployment of:
    • Google ChromeOS
    • Windows Server
    • Various Linux distributions
    • IoT devices
    • Ruggedized device management (Android OEMConfig or AOSP)
    • Wearable device management (e.g., augmented reality/virtual reality [AR/VR] headsets, wrist-worn devices)
  • Third-party application patch automation
  • Capabilities to minimize bandwidth for patching/updates (e.g., peer to peer, deployment optimization)
  • Role-based access control (RBAC) to support geographic or line of business (LOB) device population administrative permissions (dedicated support teams for a portion of the population)
  • Extended Features:
    • Vulnerability assessment and prioritization, either via native features within the tool or via integration with external tools
    • Digital employee experience (DEX) capabilities to analyze technology performance and employee sentiment
    • Visual workflow designer to enable simplified creation of automation routines
    • IT service management (ITSM) and configuration management database (CMDB)

Market Description

UEM tools consolidate device management functions for multiple platforms into a single console. Vendors included in this report have demonstrated functionality in all core capabilities that follow (see Figure 1).

Figure 1: Core Capabilities of UEM Tools

Core Capabilities

  • Multi-OS capabilities. Support for managing devices based on Microsoft Windows, Apple macOS, iOS, iPadOS and Android operating systems within a single console.
  • Enrollment and provisioning. Automated enrollment and light-touch initial preparation of devices, including support for modern zero-IT touch deployment strategies through integration with Microsoft Windows Autopilot, Apple Business/School Manager and Google Android Zero-Touch Enrollment services.
  • Configuration management. Control of device OS settings and features to support security requirements and increase usability via automated configuration and remediation.
  • OS updates. Support for OS features, major updates and security updates, with flexible-scheduling capabilities and support for accelerated priority updates.
  • Application deployment and updates. Deployment, patching and removal of applications to support the full application life cycle. Includes commercially available and custom applications, as well as integration with common application stores (Apple App Store, Google Play, Microsoft Store) and package repositories (Chocolatey Software, Ivanti, Liquit, Microsoft Windows Package, Manager/Winget, Munki, Patch My PC).
  • SaaS-hosted approach. A fully managed, turnkey SaaS offering that does not require a VPN or corporate network connection for management operations, and minimizes platform operational requirements.

Common Capabilities

  • Identity, access and endpoint security management integration. Provides posture data from endpoints into adaptive access management platforms and security infrastructure, supporting zero-trust principles and limiting the impacts of compromised devices through enriched telemetry.
  • Third-party application updates. Many UEM vendors offer a repository of prepackaged third-party applications, eliminating the need to package common application updates and increasing the speed of patching.
  • Endpoint analytics and automation. Identification, collection and aggregation of signals and telemetry from identity, apps and devices. Connectivity into the UEM tool to help inform policy, automation and related actions, as well as provide a view into DEX.
  • Linux management. Most commonly includes Ubuntu support and extends to other Linux variants with varying depth and capabilities.
  • ChromeOS management. Management of ChromeOS with or without an agent. This includes device discovery, inventory, configuration, OS updates and patching, policy management, encryption management, and software deployment.
  • Nonstandard device support. Includes wearables, Internet of Things (IoT), Apple tvOS, Honeywell, Zebra OS and other Android Open Source Project (AOSP) or Android-OEMConfig-based device management capabilities.
  • Insights and reports. Standard, customizable and automated reporting of endpoint hardware and software inventory, configuration and compliance status and anomalies, device status, owner, and location. Surfacing of recommendations to IT administrators to help prioritize activities.
  • VPN integration. Native or turnkey integration with third-party devices, as well as per-app or on-demand VPN (or similar technology) to enable secure access to company apps and data.
  • Remote support and control. Remote viewing/control of endpoints and review of device inventory, performance and stability. Generally used by IT support staff.

Emerging Capabilities

  • Risk-based patching. Integration of threat intelligence reporting from paid and commonly available sources enables organizations to prioritize their patching efforts and quickly resolve the most critical vulnerabilities.
  • Automated vulnerability remediation. Native capabilities or direct integration with vulnerability scanning platforms facilitate the identification of vulnerabilities and automated remediation, including configuration changes and software patching.

Market Direction

Gartner considers UEM to be a mature and stable market. Limited opportunities for growth include new deployments of frontline worker technology; consolidation of disparate, OS-centric tools; and small to midsize organizational use cases. UEM vendor revenue growth continues to be driven by organic expansion inside existing customers, such as expansion into the management of Windows, macOS and Linux devices alongside mobile. Primary client interest drivers are modernization and increased velocity of endpoint management and patching, as well as automation, reduced operational overhead and improved DEX.
 
Gartner sees the following forces shaping the future of the UEM market:
  • Greater acceptance of hybrid and remote work demands improved, location-agnostic patching and management of endpoints. This emphasizes the increased importance of UEM and adjacent tools to support and secure remote and hybrid work.
  • Integration with endpoint analytics and endpoint security tools to build proactive and resilient defenses for endpoints.
  • A greater focus on intelligence and automation to drive efficiencies and improve DEX. This requires a centralized platform for collecting and using telemetry to automate fixes for common problems and reduce IT overhead.
  • Increased demand for consolidating and integrating UEM and endpoint security vendors and tools, to reap the benefits of tighter platform integration and, to a lesser extent, achieve cost efficiencies.
  • Customer demand for consolidation to a single UEM platform. This remains a frequent interaction topic with Gartner clients, and conversations have matured from basic tool selection to more advanced concepts, such as best practices for achieving top velocity and efficiency.

Market Analysis

The UEM market is highly mature, with relatively consistent major feature capabilities displayed among the vendors. Differentiation in the UEM tools market is exhibited primarily within the breadth and depth of the vendor’s OS support, as well as their capabilities to accelerate and automate routine operations such as patching and configuration management, Differentiation can also be seen in the vendor’s level of flexibility to support a variety of use cases.

Multi-OS Management

  • Microsoft Windows represents over 96% of the client PC operating systems market (see Market Share: Infrastructure and Operations (I&O) Software, Worldwide, 2022). As a result, UEM vendors prioritize support for, and have the strongest capabilities for the management of Windows-based devices.
  • Growing interest in and adoption of Apple macOS in the enterprise is causing UEM vendors to prioritize new feature investments toward increased capabilities for macOS management. Historically, dedicated macOS management tools were the tools of choice. But, based on Gartner client interactions, the trend has shifted to the use of UEM tools, due to the cost savings and efficiencies gained by consolidating operations into a single platform.
  • Mobile device management (Apple iOS, iPadOS and Google Android) was once a strong stand-alone product market, but is now a highly commoditized feature set within almost all UEM tools, where little differentiation exists today. Any limited innovation within the base management capabilities of Google Android and Apple iOS/iPadOS will quickly be adopted by UEM vendors.
  • While some tools lack support for mobile application management (MAM), many provide corporate data security. This can be offered either as a first-party capability via containerized mobile applications and/or as a common integration with Microsoft Intune MAM to support the data-protection capabilities of Microsoft 365 mobile applications.
  • Linux continues to be an area of increasing interest, as organizations recognize the need to bring all endpoint devices into compliance. However, support varies significantly between UEM vendors, with the core challenge being the large number of Linux variants that exist today.
  • Support for the management of ruggedized or specialty devices based on Android OEMConfig variants, such as Zebra Technologies and Honeywell, is common, but the ease of management and depth of capabilities varies significantly between the vendors.
  • Support for AOSP varies considerably between vendors and is used primarily in regions where Google services are not available, such as China.
  • Wearable (augmented reality, virtual reality, etc.) and IOT device management capabilities within UEM tools remain niche, and most often require additional tools for complete support.

Configuration Management

  • Configuration of devices to support security and organization standards is a primary feature of all UEM tools. Individual configuration settings are usually aggregated into policies for simplified management.
  • Many UEM tools enable policies to be applied to device groups (either manually defined or dynamically defined via device or user attributes), simplifying the management and application of standards.
  • Significant differences in reporting capabilities, including refresh frequency, data accuracy and report customization, exist between UEM tools. Inadequate, delayed or inaccurate reporting will impact compliance analysis and configuration/remediation efforts.
  • Advanced tools offer the ability to support a template-based approach that enables easy application of recommended configuration settings within common cybersecurity frameworks, such as NIST Cybersecurity Framework, ISO/IEC 27001 and ISO/IEC 27002, SOC 2 and NERC CIP. This is a tremendous time saving and prevents inadvertent noncompliance.

Operating System Management

  • UEM tools enable deployment of OS features, major updates and security updates, with flexible scheduling capabilities and support for accelerated priority updates.
  • Most UEM tools support a ring-based update strategy, enabling controlled rollout of feature and security updates. This enables phased rollouts, with the success of early rings informing the speed of the overall update process.
  • UEM platforms are best suited to modern OS management strategies that are based on lighter-touch approaches via built-in operating system capabilities. Although Gartner continues to see increased adoption of UEM and modern OS management in parallel, we still advise clients to be methodical with the transition from traditional approaches. This is especially true for those with significant technical debt and complexity, and those with more rigid policies and processes.

Application Management

  • All UEM tools support deployment, patching and removal of applications to support the full application life cycle.
  • Some UEM tools lack the ability to deploy applications in native format (e.g., .msi(x), .pkg, .dmg). This can be limiting if an application is not hosted in a commercial application store (such as Apple App Store, Google Play or Microsoft Store).
  • Advanced tools provide an integrated catalog of prepackaged third-party applications, enabling rapid deployment without the need to package every update. With the rapid pace of application updates, this should be considered a high-priority requirement.

Hosting Options

  • SaaS-hosted UEM tools are best positioned to support the hybrid workplace.
  • All UEM tools in this Market Guide are available as a fully managed, turnkey SaaS, and do not require a VPN or corporate network connection.
  • Many UEM tools also have on-premises offerings, with varying degrees of integration and feature parity between on-premises and SaaS. This is a fit primarily for high-security or cloud-averse organizations, or for air-gapped network use cases, but can introduce significant challenges with remote devices and increase administrative overhead considerably.

The Future: Autonomous Endpoint Management

The rapid evolution of SaaS-powered capabilities, integration of threat intelligence data, elevated importance of DEX tools and rapid expansion of AI use cases are beginning to influence the next evolution of endpoint management beyond UEM. Over the next two to four years, we anticipate that the inability of enterprise IT leaders and managed service providers to scale staffing levels and skill sets to meet ever-increasing business and cybersecurity demands will rapidly fuel the adoption of intelligence and automation. This will result in the emergence of an entirely new market of autonomous endpoint management (AEM) tools. When the potential of the new AEM market is fully realized, these tools (or combinations of tools) will significantly reduce IT overhead, accelerate configuration compliance and risk reduction, and improve DEX.

Representative Vendors

The vendors listed in this Market Guide do not imply an exhaustive list. This section is intended to provide more understanding of the market and its offerings.
 

Vendor Selection

While there are a number of vendors that partially fulfill the requirements of the UEM tools market definition, Gartner has included a range of providers in this research that meet all of the “must-have” requirements. Gartner estimates that there are over 60 providers that at least partially meet the requirements of this market. The vendors provided in Table 1 were chosen as full-featured representatives of the market. Those included in this Market Guide:

  • Meet all of the “must-have” requirements within the UEM tools market definition
  • Represent a broad geographic range based on locations of headquarters and areas of focus
  • Are visible to Gartner clients, as evidenced by client conversations

Table 1: Representative Vendors in Unified Endpoint Management Tools

VendorProduct NameHeadquarters
SureMDM
Bangalore, Karnataka, India
BlackBerry UEM
Waterloo, Ontario, Canada
Citrix Endpoint Management
Fort Lauderdale, Florida, United States
FileWave
Indianapolis, Indiana, United States
BigFix
Santa Clara, California, United States
Hexnode UEM
San Francisco, California, United States
 IBM
MaaS360
Armonk, New York, United States
Ivanti Neurons for UEM
South Jordan, Utah, United States
Endpoint Central
Pleasanton, California, United States
Unified Endpoint Management
Frankfurt, Hessen, Germany
Microsoft Intune
Redmond, Washington, United States
RaySuite UEM
Paderborn, North Rhine-Westphalia, Germany
Scalefusion UEM
Pune, Maharashtra, India
Syxsense Enterprise
Newport Beach, California, United States
Workspace ONE
Palo Alto, California, United States
 

Source: Gartner (September 2023)

Vendor Profiles

This document was republished on 22 September 2023. The version you are reading is the corrected version. For more information, see the Corrections page on gartner.com.
 
All vendors below are full-featured representatives of the market (see Vendor Selection section above). To aid in evaluation, we have also highlighted the additional capabilities that are most commonly requested by Gartner clients (MAM support, OS support, third-party application patching, hosting options, and licensing models).
 

42Gears

Company Profile: 42Gears, founded in 2009, is a private company headquartered in Bangalore, Karnataka, India. 42Gears’ operations and clients are geographically diversified across most vertical segments.
 
Supported OS: 42Gears’ SureMDM enables management of:
  • Apple iOS, iPadOS and macOS
  • Google Android, ChromeOS and Wear OS
  • Microsoft Windows 10/11
  • Most Linux distributions
  • USB-, Wi-Fi-, cloud- or Bluetooth-connected peripherals
 
MAM Support: 42Gears’ SureMDM provides native MAM and containerization capabilities to protect corporate data. SureMDM enables integration with Microsoft Intune MAM to support the data protection capabilities of Microsoft 365 native applications.
 
Third-Party App Patching: 42Gears does not offer a repository of prepackaged apps or automation of third-party app patching.
 
Hosting Options: On-premises, private cloud and SaaS options are available.
 
Licensing: SureMDM is licensed via a per device model based on a tiered approach and includes Standard, Premium and Enterprise levels.
 

BlackBerry

Company Profile: BlackBerry, founded in 1984, is a public company headquartered in Waterloo, Ontario, Canada. BlackBerry’s operations and clients are geographically diversified across all vertical segments.
 
Supported OS: BlackBerry UEM enables management of:
  • Apple iOS, iPadOS, macOS and tvOS
  • Google ChromeOS, Android and Android OEMConfig
  • Microsoft Windows 10/11
 
MAM Support: BlackBerry UEM provides native MAM and containerization capabilities to protect corporate data. BlackBerry UEM also enables integration with Microsoft Intune MAM to support the data-protection capabilities of Microsoft 365 applications.
 
Third-Party App Patching: BlackBerry does not offer a repository of prepackaged apps or automation of third-party app patching.
 
Hosting Options: On-premises and SaaS hosting options are available.
 
Licensing: BlackBerry UEM is licensed on a per-user and per-device basis via the BlackBerry UEM Express and BlackBerry UEM Suite bundles.
 
 

Citrix

Company Profile: Citrix, founded in 1989, is a private company that is part of Cloud Software Group, and is headquartered in Ft. Lauderdale, Florida, United States. Citrix’s operations and clients are geographically diversified across all vertical segments.
 
Supported OS: Citrix Endpoint Management enables management of:
  • Apple iOS, iPadOS and macOS
  • Google ChromeOS, Android and Android OEMConfig
  • Microsoft Windows 10/11
 
MAM Support: Citrix Endpoint Management provides native MAM and containerization capabilities to protect corporate data. Citrix Endpoint Management also enables integration with Microsoft Intune MAM to support the data-protection capabilities of Microsoft 365 applications.
 
Third-Party App Patching: Citrix does not offer a repository of prepackaged apps or automation of third-party app patching.
 
Hosting Options: On-premises, hybrid and SaaS hosting options are available.
 
Licensing: Citrix Endpoint Management is available to new and existing Citrix virtualization customers as an add-on SKU, licensed via a per user basis.
 

FileWave

Company Profile: FileWave, founded in 1992, is a private company headquartered in Indianapolis, Indiana, United States. FileWave’s operations and clients are geographically diversified across the education and small to midsize enterprise segments.
 
Supported OS: FileWave enables management of
  • Apple iOS, iPadOS, macOS and tvOS
  • Google Android and ChromeOS
  • Microsoft Windows 10/11
 
MAM Support: FileWave does not provide native application management or containerization capabilities to protect corporate data. FileWave also does not provide integration with Microsoft Intune MAM.
 
Third-Party App Patching: FileWave does not offer a repository of prepackaged apps or automation of third-party app patching.
 
Hosting Options: On-premises and SaaS hosting options are available.
 
Licensing: FileWave licensing is based on the number of devices and users. Additional information is not available publicly.
 

HCLSoftware

Company Profile: HCLSoftware, a part of HCL Enterprise founded in 1976, is headquartered in Santa Clara, California, United States. HCLSoftware’s operations and clients are geographically diversified across all vertical segments.
 
Supported OS: HCL BigFix enables management of:
  • Apple iOS, iPadOS and macOS
  • Google ChromeOS and Android
  • Most Linux distributions
  • Windows for IoT
  • Microsoft Windows 10/11, IoT and Servers
 
MAM Support: HCL BigFix Mobile does not provide native MAM or containerization capabilities to protect corporate data. HCL BigFix does not provide integration with Microsoft Intune MAM.
 
Third-Party App Patching: HCL BigFix offers a repository of prepackaged apps and automation of third-party app patching.
 
Hosting Options: On-premises and SaaS hosting options are available.
 
Licensing: HCL BigFix licensing is perpetual or subscription license, based on a per-device or per-user basis. Bundles include BigFix Lifecycle, BigFix Remediate and BigFix Workspace & BigFix Compliance. BigFix Patch and Inventory are also available, but do not include modern OS or mobile device support.
 

Hexnode

Company Profile: Hexnode, a division of Mitsogo, was founded in 2013 and is a private company headquartered in San Francisco, California, United States. Hexnode’s operations and clients tend to be geographically diversified within the small to midsize business markets across most vertical segments.
 
Supported OS: Hexnode UEM enables management of:
  • Apple iOS, iPadOS, macOS and tvOS
  • Google Android, Android OEMConfig and AOSP
  • Microsoft Windows 10/11
 
MAM Support: Hexnode UEM provides native MAM and containerization capabilities to protect corporate data. Hexnode UEM does not provide integration with Microsoft Intune MAM.
 
Third-Party App Patching: Hexnode does not offer a repository of prepackaged apps or automation of third-party app patching.
 
Hosting Options: Only SaaS hosting is available.
 
Licensing: Hexnode UEM is licensed based on a five-tier approach (per device subscription) and includes Express, Pro, Enterprise, Ultimate and Ultra levels.
 

IBM

Company Profile: IBM, founded in 1911, is a public company headquartered in Armonk, New York, United States. IBM’s operations and clients are geographically diversified across all vertical segments.
 
Supported OS: IBM MaaS360 enables management of:
  • Apple iOS, iPadOS and macOS
  • Google ChromeOS, Android, Android OEMConfig and AOSP
  • Microsoft Windows 10/11
 
MAM Support: IBM MaaS360 provides native MAM and containerization capabilities to protect corporate data. IBM MaaS360 also provides integration with Microsoft Intune MAM to support the data-protection capabilities of Microsoft 365 applications.
 
Third-Party App Patching: IBM offers a repository of prepackaged apps and automation of third-party app patching.
 
Hosting Options: Only SaaS hosting is available.
 
Licensing: IBM MaaS360 is licensed based on a four-tier subscription (per device or per user) approach based on Essentials, Deluxe, Premier and Enterprise levels.
 

Ivanti

Company Profile: Ivanti, founded in 1985, is a private company headquartered in South Jordan, Utah, United States. Ivanti’s operations and clients are geographically diversified across all vertical segments.
 
Supported OS: Ivanti Neurons for UEM enables management of:
  • Apple iOS, iPadOS, macOS and tvOS
  • Google ChromeOS, Android, Android OEMConfig and AOSP
  • Most Linux distributions
  • Microsoft Windows 10/11 and Servers
 
MAM Support: Ivanti Neurons for UEM provides native MAM and containerization capabilities to protect corporate data. Ivanti Neurons for UEM also provides integration with Microsoft Intune Mobile Application Management to support the data-protection capabilities of Microsoft 365 applications.
 
Third-Party App Patching: Ivanti offers a repository of prepackaged apps and automation of third-party app patching. Ivanti Neurons for Patch Management (additional license required) also provides intelligence on known exploits and threat context for vulnerabilities to enable risk-prioritized remediation.
 
Hosting Options: On-premises, private cloud and SaaS options are available.
 
Licensing: Ivanti Neurons for UEM licensing (subscription only) is available based on a per-user or per-device basis. Bundle Options include Ivanti Neurons for UEM Premium, Ivanti UEM On-Prem, Ivanti UEM On-Prem Premium and Ivanti UEM On-Prem Premium with VPN.
 

ManageEngine

Company Profile: ManageEngine, a division of Zoho, was founded in 1996 and is a private company headquartered in Pleasanton, California, United States. ManageEngine’s operations and clients are geographically diversified across all vertical segments.
 
Supported OS: ManageEngine Endpoint Central enables management of:
  • Apple iOS, iPadOS, macOS and tvOS
  • Google ChromeOS, Android, Android OEMConfig and AOSP
  • Most Linux distributions
  • Microsoft Windows 10/11 and Servers
 
MAM Support: ManageEngine Endpoint Central provides native MAM and containerization capabilities to protect corporate data. ManageEngine Endpoint Central also provides integration with Microsoft Intune MAM to support the data protection capabilities of Microsoft 365 applications.
 
Third-Party App Patching: ManageEngine offers a repository of prepackaged apps and automation of third-party app patching.
 
Hosting Options: On-premises, private cloud and SaaS options are available.
 
Licensing: ManageEngine Endpoint Central is licensed on a per-device basis via a four-tier approach, including Professional, Enterprise, UEM and Security levels. Subscription or perpetual-based licensing is available.
 

Matrix42

Company Profile: Matrix42 was founded in 1992 and is a private company headquartered in Frankfurt, Hessen, Germany. Matrix42’s operations are geographically diversified and clients tend to be midsize enterprises in the Germany, Austria and Switzerland (DACH) region across all verticals.
 
Supported OS: Matrix42 UEM enables management of:
  • Apple iOS, iPadOS, macOS and tvOS
  • Google ChromeOS and Android
  • Most Linux distributions
  • Microsoft Windows 10/11
 
MAM Support: Matrix42 UEM does not provide native MAM or containerization capabilities to protect corporate data. Matrix42 UEM provides integration with Microsoft Intune MAM to support the data protection capabilities of Microsoft 365 applications.
 
Third-Party App Patching: Matrix42 offers a repository of prepackaged apps and automation of third-party app patching.
 
Hosting Options: On-premises, hybrid, private cloud and SaaS options are available.
 
Licensing: Matrix42 UEM is licensed on a per-user subscription basis.
 

Microsoft

Company Profile: Microsoft, founded in 1975, is a public company headquartered in Redmond, Washington, United States. Microsoft’s operations and clients are geographically diversified across all vertical segments.
 
Supported OS: Microsoft Intune is a SaaS-hosted UEM platform that enables full management of:
  • Apple iOS, iPadOS and macOS
  • Google ChromeOS, Android, OEMConfig and AOSP
  • Microsoft Windows 10/11
  • Linux (Ubuntu only)
 
MAM Support: Intune provides native MAM for Microsoft 365 mobile apps.
 
Third-Party App Patching: Microsoft does not offer a repository of prepackaged apps or automation of third-party app patching.
 
Hosting Options: Intune is SaaS-hosted. On-premises and hybrid options exist for the management of Windows 10, 11, and Servers through Microsoft Configuration Manager.
 
Licensing: Included with Microsoft 365 Education A3/Government G3/E3 and higher bundles, or licensed separately through Microsoft’s Enterprise Mobility + Security (EMS) bundles and stand-alone Intune SKUs.
 

Raynet

Company Profile: Raynet, founded in 1999, is a private company headquartered in Paderborn, North Rhine-Westphalia, Germany. Raynet’s operations are focused within Germany, North America, Poland, Turkey and the U.K., and customers tend to be diversified within those regions across all verticals.
 
Supported OS: RaySuite UEM enables management of:
  • Apple iOS, iPadOS and macOS
  • Google Android and Android OEMConfig
  • Most Linux distributions
  • Microsoft Windows 10/11, IoT and Servers
 
MAM Support: RaySuite UEM provides native MAM and containerization capabilities to protect corporate data. RaySuite UEM also provides integration with Microsoft Intune MAM to support the data-protection capabilities of Microsoft 365 applications.
 
Third-Party App Patching: Raynet offers a repository of prepackaged apps and automation of third-party app patching.
 
Hosting Options: On-premises, private cloud and SaaS options are available.
 
Licensing: Raynet licensing information is not available publicly.
 

Scalefusion

Company Profile: Scalefusion, founded in 2014, is a private company headquartered in Pune, Maharashtra, India. Scalefusion’s operations and clients tend to be geographically concentrated in North America across many vertical segments.
 
Supported OS: Scalefusion MDM enables management of:
  • Apple iOS, iPadOS and macOS
  • Google Android and Android OEMConfig
  • Some Linux distributions (Ubuntu and Debian)
  • Microsoft Windows 10/11
 
MAM Support: Scalefusion MDM does not offer native MAM or containerization capabilities. Scalefusion MDM enables integration with Microsoft Intune MAM to support the data protection capabilities of Microsoft 365 native applications.
 
Third-Party App Patching: Scalefusion offers a repository of prepackaged apps and automation of third-party app patching.
 
Hosting Options: On-premises, private cloud and SaaS options are available.
 
Licensing: Scalefusion MDM licensing is available only in a subscription model based on a per-device basis via a four-tier approach (Essentials, Growth, Business and Enterprise).
 

Syxsense

Company Profile: Syxsense, founded in 2012, is a private company headquartered in Newport Beach, California, United States. Syxsense’s operations and clients are geographically diversified across all vertical segments.
 
Supported OS: Syxsense Enterprise enables management of:
  • Apple iOS, iPadOS and macOS
  • Google ChromeOS and Android
  • Most Linux distributions
  • Microsoft Windows 10/11
 
MAM Support: Syxsense Enterprise does not provide native MAM or containerization capabilities to protect corporate data. Syxsense Enterprise also does not provide integration with Microsoft Intune MAM.
 
Third-Party App Patching: Syxsense offers a repository of prepackaged apps and automation of third-party app patching.
 
Hosting Options: Only SaaS hosting is available.
 
Licensing: Syxsense is available only in a subscription model based on a per-device basis via a three-tier approach (Syxsense Manage, Syxsense Secure and Syxsense Enterprise).
 

VMware

Company Profile: VMware, founded in 1998, is a public company headquartered in Palo Alto, California, United States. VMware’s operations and clients are geographically diversified across all vertical segments.
 
Broadcom announced its intention to acquire VMware on 26 May 2022. At the time of this evaluation, however, Broadcom and VMware operate as separate entities. Gartner will provide further insight as more detail becomes available.
 
Supported OS: VMware Workspace ONE enables management of:
  • Apple iOS, iPadOS, macOS and tvOS
  • Google ChromeOS, Android, Android OEMConfig and AOSP
  • Most Linux distributions
  • Microsoft Windows 10/11
 
MAM Support: VMware Workspace ONE provides native MAM and containerization capabilities to protect corporate data. VMware Workspace ONE also provides integration with Microsoft Intune MAM to support the data-protection capabilities of Microsoft 365 applications.
 
Third-Party App Patching: VMware offers a repository of prepackaged apps and automation of third-party app patching.
 
Hosting Options: On-premises and SaaS (shared or managed hosted) options are available.
 
Licensing: VMware Workspace ONE licensing is offered in a subscription model on a per-device or per-user basis via four use-case-based SKU packages (Employee Essentials, Mobile Essentials, Desktop Essentials and UEM Essentials). Alternative tiered packages are also available (Standard, Advanced and Enterprise).

Market Recommendations

I&O leaders responsible for device management should:
  • Reduce costs and complexity by consolidating endpoint management into a single SaaS-hosted UEM platform.
  • Improve employee experience and increase the organization’s security posture and agility by centralizing macOS-, Windows- and mobile-focused teams into a single endpoint management team.
  • Avoid difficulties by adopting UEM now, rather than waiting for the perfect tool that addresses all of their requirements, because this rarely exists. Waiting often results in increased complexity, administrative overhead and total cost of ownership (TCO), as well as further technical debt for those who resist change.
  • Simplify the vendor selection process by choosing a UEM tool that addresses the majority of requirements, and then address gaps with complementary or supplemental tools. Monitor vendor roadmaps closely to determine when gaps are closed and complementary tools can be retired.

Acronym Key and Glossary Terms

AEM
Autonomous Endpoint Management — The rapid evolution of SaaS-powered capabilities, integration of threat intelligence data, the elevated importance of DEX tools and the rapid expansion of AI use cases are beginning to influence the next evolution of endpoint management beyond UEM, referred to as AEM.
Android OEMConfig
Android Original Equipment Manufacturer Configuration (enables hardware vendors to significantly modify the Android OS to take advantage of their unique hardware).
AOSP
Android Open Source Project (used in regions where Google Mobile Services are not available)
DEX
Digital Employee Experience — DEX tools help IT leaders measure and continuously improve the technology experience that companies offer to their employees. Near-real-time processing of data aggregated from endpoints, applications and employee sentiment, along with information on organizational context, helps surface actionable insights that drive self-healing automations and engage employees, moving them toward optimal behaviors.
MAM
Mobile Application Management to security corporate data.
MDM
Mobile Device Management
MTD
Mobile Threat Defense — provides protection against some mobile device threats.
UEM
Unified Endpoint Management

Evidence

Independent research, along with data from over 600 client conversations over the past 12 months, were used to produce this research.

Scroll to Top
× How can I help you?