Modern desktop management for driving digital transformation
Read our blog on modern desktop management to know what the term means and the benefits it offers over traditional management
Get fresh insights, pro tips, and thought starters–only the best of posts for you.
May 17, 2021
17 min read
As more people gravitate towards their phones or tablets to get their work done, desktops still remain a popular choice. With enterprise needs becoming more complex it can be a real challenge for admins to manage the desktops and laptops in a way that it does not compromise the data present inside. Although this can be easily done by bringing on board a desktop management software, the real challenge comes in choosing one that can help you neatly address everything your organization would require. The right desktop management software can give businesses complete control over the managed devices to ensure they stay compliant with the deployed policies. Here’s a list of desktop management software you can use within your organization.
Hexnode is an award winning UEM solution provided by Mitsogo Inc. In addition to offering seamless management for desktops, mobile devices, rugged devices and workplace IoT, Hexnode also extends its management capabilities to include remote work management, security management, app management, content management, BYOD, Identity & Access Management, Mobile Threat Defense and Mobile Expense Management. Its unified management console coupled with a strong suite of features has helped many businesses to efficiently manage their endpoints. Hexnode’s app management is not just limited to deploying applications to the right end users but also helps organizations create customized app catalogs and set appropriate configurations to secure the deployed applications. Integrations with ABM and SCCM simplifies the onboarding of mac and windows devices even further.
Hexnode UEM helps businesses to meet any challenges they may face in managing their desktops and laptops. It has a centralized console that allow admins to easily manage applications and push various restrictions as policies to the managed devices. The solution’s integration with ABM can be a real time saver for admins as they can enroll the mac devices via DEP and purchase and deploy apps in bulk through the Volume Purchase Program. Hexnode makes management of windows devices a bit easier with its integration with SCCM.Windows 10 devices can be enrolled into Hexnode’s portal with the help of the Hexnode installer application. These devices can be managed as soon as they are enrolled within the portal.
The ability to remotely push custom scripts and manage devices by creating dynamic groups greatly helps to automate the device management process. Hexnode currently does not support Chrome OS devices but works are already in the pipeline.
It was in 2018 that Blackberry Enterprise Server (BES) was rebranded to Blackberry Unified Endpoint Manager. BES was a middleware application that wirelessly connected Blackberry devices to enterprise collaboration software such as Microsoft Exchange. With time, the software grew to provide more than just transferring emails securely. Blackberry acquired Good Technology in 2015, a California based company that specialized in managing and securing mobile devices in a corporate environment. This acquisition helped Blackberry to expand its device management capabilities and carve a niche for itself in the endpoint management industry.
While Blackberry does provide robust security, the software comes with limited desktop management capabilities for windows and macs. It lacks web content filtering in multiple platforms, the feature is currently supported only on iOS devices. Admins are also limited from configuring the firewall settings on the managed devices, set time limits and enable authentication via smart cards.
MaaS360 is a SaaS product by IBM that helps organizations manage both corporate owned and personal devices of employees. The cloud-based product was first developed by FiberLink Communications and was later acquired by IBM in 2013. The software resides in IBM’s BlueMix cloud platform. It harbors multi tenancy, enabling varied kinds of businesses to use the software. MaaS360 delivers a more AI centric approach to UEM with Watson. The analytics that Watson provides to users are in the form of reports. The customizable filters present within the reports makes it easier for admins to spot any issues the managed devices might be having.
This software does offer a good amount of security configurations and app management capabilities for desktops, but their feature set has a number of limitations especially for organizations harboring a complex workflow. G Suite enrollment for macOS devices and pre-approved enrollment that can save the admin plenty of time is lacking. Though MaaS360 offers a single app kiosk mode functionality for windows, users have reported on its unreliability.
ManageEngine is an IT division of Zoho corporation. They have over 90 products that helps businesses meet their IT management needs. Their IT management software extends to include service management, identity and access management, unified endpoint management, IT security management, IT operations management and advanced IT analytics. ManageEngine Desktop Central is their UEM offering. Various tools such as mobile device management plus, OS deployer, remote access plus, patch manager plus and patch connector plus are used alongside to manage the endpoints.
Bugs have been reported on newer versions of the software. Because of the complex UI, users can take time to keep track and fully understand the added features. Although the product offers a wide range of configurations for desktops, ManageEngine misses out on some critical security configurations such as smart card authentication, web content filtering and configuring firewall settings in macs.
It also lacks the capability to restrict Windows users from manually removing mdm from the device. This is a critical feature to have since users may intentionally remove the mdm agent from the device and leave it unmanaged. The software also lacks the granular app management capabilities that most enterprise desktop users desire.
AirWatch, an Atlanta based company that provided EMM was acquired by VMWare in 2014. The EMM product later underwent multiple rebranding. It was first rebranded to AirWatch by VMWare then later to VMWare AirWatch and finally to VMWare Workspace ONE UEM in 2018. The software offers multiple desktop management capabilities, some of which includes zero touch onboarding, custom scripting, a unified app catalog, data loss prevention, encryption and OS updates.
One of the key highlights of Workspace ONE is its app management capabilities and support for legacy operating systems. Though various settings can be configured to make the devices and corporate network more secure, they are not enough to meet the growing challenges brought in by the latest kinds of cyber security threats. Its remote management capabilities barely scratches the surface and may not come in handy in situations when organizations have to ensure the devices employees take home to work are completely secure. It also lacks the ability to remotely push custom scripts on mac and windows devices, which can be a real time saver for admins to automate routine tasks.
Even though, workspace ONE supports the generation of both custom and scheduled reports, they don’t give admins a clear idea on whether the devices are adequately compliant with the deployed policies. For instance, though admins can generate reports on the device’s battery logs and usage details it doesn’t give reports on the number of devices that are non-encrypted, password protected or kiosk enabled.
Citrix Systems Inc, is a software-based company in the US that specializes in server, application, desktop virtualization, networking, SaaS and cloud computing technologies. In 2013, Citrix acquired Zenprise. The company combined the Citrix Cloud Gateway MAM software with the MDM capabilities of Zenprise to create XenMobile. With the addition of more features, XenMobile which primarily offered EMM grew to include a more unified approach to manage the endpoints and was later rebranded to Citrix Endpoint Management.
Though Citrix Endpoint Management offers a variety of features centered on securing devices across multiple platforms, the software lacks several critical desktop management capabilities such as the ability to set time limits on macOS devices and enabling admins to authenticate users with their smart cards.
One other crucial feature that Citrix users will miss out is the convenience of opting for pre-approved enrollment. The benefits of going for a pre-approved enrollment includes importing devices to the UEM console even before the user completes the enrollment process. This will help admins to cut short the time taken for onboarding users. In addition to this, admins can also assign various policies to the devices and also group the devices for easier management. Upon enrollment, the assigned policies will immediately start to take effect on the devices.
Users have complimented Citrix’s app management capabilities that includes almost all features an admin would require to deploy the right applications to users, however the absence of creating a customized app catalog does make them fall short on providing users with instant access to the applications they need. They also lack the option to enable web content filtering on the devices. This essential security feature not only benefits users in being more productive but also helps organizations block data hogging websites that may increase the overall network usage costs.
Founded in 2006, Meraki is a cloud managed IT company based in San Francisco. The company was found as part of the MIT Roofnet Project, an experimental 802.11b/g mesh network developed by MIT. Meraki was acquired by Cisco in 2012. Though the core focus of the company is networking, it provides various endpoint management capabilities.
As cyberthreats and other similar vulnerabilities are continually on the rise, businesses must always adapt the strongest security measures to ensure the safety of their assets. Though Cisco Meraki provides quite a good set of desktop management capabilities, the software falls short on providing important security configurations for Windows and MacOS.
MEM has been through a couple of rebranding over the years ever since its founding in 2011. It began as Windows Intune when it was rebranded to Microsoft Intune in 2014. In 2019, the product was further rebranded to Microsoft Endpoint Manager (MEM). It provides endpoint management capabilities to corporate owned and BYO devices. Its management capabilities extend to both cloud and on-premises. In addition to managing desktops and mobile devices, MEM also manages virtual machines, embedded devices and servers. Microsoft Endpoint Manager includes the functionalities of both Microsoft Intune and Configuration Manager.
One of the major drawbacks of Microsoft Endpoint Manager is its limited remote management capabilities. It lacks some critical remote actions such as scanning device location and broadcasting messages in windows devices. The convenience of installing applications, associating policies and exporting device details remotely is absent in both Windows and MacOS. MEM also lacks the implementation of multiple configurations that can make the managed devices more secure such as blacklisting/whitelisting applications in windows and setting app configurations and web content filtering in mac devices.
App groups and app catalogs can be beneficial for enterprises harboring a busy workflow with multiple departments. App groups can help organizations deploy specific apps to specific teams and app catalogs which can consist of both individual apps and app groups can be customized to fit your organization’s requirements. If you are an admin managing hundreds of devices, you’ll easily understand the convenience of having reports at your disposal, efficient generation of reports is yet another feature MEM lacks.
Ivanti is a software company based in Utah. Founded in 2017, Ivanti was formed with the merging of Landesk and Heat software. They provide offerings in IT Security, IT Service Management, IT Asset Management, Identity Management, Supply Chain Management and Unified Endpoint Management. Ivanti acquired MobileIron and PulseSecure in 2020, helping the company to further strengthen themselves in Unified Endpoint Management, Zero Trust Security and IT Service Management.
Even with the added capabilities of MobileIron, managing desktops with Ivanti can be still be quite a bit of a troublesome experience. Its complicated management console can make users miss out on a lot of features. The absence of proper documentation doesn’t exactly help either. However, Ivanti does offer good management for Windows devices.
Sophos is a security software and hardware company based in Britain. Its products are used in communication endpoint, encryption, network security, email security, mobile security and unified threat management. The company began by producing security software to businesses and antivirus solutions (both free and premium) to home users. Sophos Mobile, their UEM offering can be hosted on-premises and in cloud.
Even though the software provides modern management, it has limited desktop management capabilities which includes the absence of multi app kiosk mode in windows and convenient app management functionalities such as creating app catalogs, setting app notifications and initiating app downgrades. It also lacks an efficient group policy management like the creation of dynamic groups which can help admins get real time compliance checks on the devices.