Heather
Gray

Top Desktop Management Software to use in 2021

Heather Gray

May 17, 2021

17 min read

As more people gravitate towards their phones or tablets to get their work done, desktops still remain a popular choice. With enterprise needs becoming more complex it can be a real challenge for admins to manage the desktops and laptops in a way that it does not compromise the data present inside. Although this can be easily done by bringing on board a desktop management software, the real challenge comes in choosing one that can help you neatly address everything your organization would require. The right desktop management software can give businesses complete control over the managed devices to ensure they stay compliant with the deployed policies. Here’s a list of desktop management software you can use within your organization.

1) Hexnode

Hexnode is an award winning UEM solution provided by Mitsogo Inc. In addition to offering seamless management for desktops, mobile devices, rugged devices and workplace IoT, Hexnode also extends its management capabilities to include remote work management, security management, app management, content management, BYOD, Identity & Access Management, Mobile Threat Defense and Mobile Expense Management. Its unified management console coupled with a strong suite of features has helped many businesses to efficiently manage their endpoints. Hexnode’s app management is not just limited to deploying applications to the right end users but also helps organizations create customized app catalogs and set appropriate configurations to secure the deployed applications. Integrations with ABM and SCCM simplifies the onboarding of mac and windows devices even further.

Platforms supported:

  • MacOS
  • Windows

Positives:

Negatives:

  • Does not support Chrome OS

Considerations

Hexnode UEM helps businesses to meet any challenges they may face in managing their desktops and laptops. It has a centralized console that allow admins to easily manage applications and push various restrictions as policies to the managed devices. The solution’s integration with ABM can be a real time saver for admins as they can enroll the mac devices via DEP and purchase and deploy apps in bulk through the Volume Purchase Program. Hexnode makes management of windows devices a bit easier with its integration with SCCM.Windows 10 devices can be enrolled into Hexnode’s portal with the help of the Hexnode installer application. These devices can be managed as soon as they are enrolled within the portal.

The ability to remotely push custom scripts and manage devices by creating dynamic groups greatly helps to automate the device management process. Hexnode currently does not support Chrome OS devices but works are already in the pipeline.

2) Blackberry UEM

It was in 2018 that Blackberry Enterprise Server (BES) was rebranded to Blackberry Unified Endpoint Manager. BES was a middleware application that wirelessly connected Blackberry devices to enterprise collaboration software such as Microsoft Exchange. With time, the software grew to provide more than just transferring emails securely. Blackberry acquired Good Technology in 2015, a California based company that specialized in managing and securing mobile devices in a corporate environment. This acquisition helped Blackberry to expand its device management capabilities and carve a niche for itself in the endpoint management industry.

Platforms supported:

  • Windows 10
  • MacOS

Positives:

  • Security is one of the main strengths of Blackberry UEM, its adherence to a zero-trust framework along with continuous user authentication helps organizations address multiple security related risks

Negatives:

  • Allow admins to pre-approve users but not devices based on serial numbers
  • Lacks essential configurations in macOS devices such as web content filtering, firewall, Exchange ActiveSync, time limits and smart card authentication
  • Cannot create app catalogs
  • Multi app kiosk mode is missing in Windows
  • Lacks the ability to downgrade applications
  • Does not provide geofencing
  • Custom groups cannot be created
  • The blackberry device agent can cause performance issues on devices in the long run
  • Complex UI

Considerations

While Blackberry does provide robust security, the software comes with limited desktop management capabilities for windows and macs. It lacks web content filtering in multiple platforms, the feature is currently supported only on iOS devices. Admins are also limited from configuring the firewall settings on the managed devices, set time limits and enable authentication via smart cards.

3) IBM MaaS360 with Watson

MaaS360 is a SaaS product by IBM that helps organizations manage both corporate owned and personal devices of employees. The cloud-based product was first developed by FiberLink Communications and was later acquired by IBM in 2013. The software resides in IBM’s BlueMix cloud platform. It harbors multi tenancy, enabling varied kinds of businesses to use the software. MaaS360 delivers a more AI centric approach to UEM with Watson. The analytics that Watson provides to users are in the form of reports. The customizable filters present within the reports makes it easier for admins to spot any issues the managed devices might be having.

Platforms supported:

  • MacOS
  • Windows
  • Chrome OS

Positives:

  • Has multiple enrollment options like self, authenticated and hands-free enrollment with DEP
  • Offers a wide range of remote management options
  • Unified console to manage applications
  • Can group devices into custom and dynamic groups

Negatives:

  • Lacks enrollment with G Suite account for macOS devices
  • Lacks pre-approved enrollment for both macOS and windows devices
  • Cannot set app configurations on macOS devices
  • Lacks configuration on various security settings
  • Lacks multi app kiosk mode in windows
  • Cannot set required apps in windows
  • Cannot get the location history of the devices
  • Delay in adding new features introduced in new OS versions

Considerations

This software does offer a good amount of security configurations and app management capabilities for desktops, but their feature set has a number of limitations especially for organizations harboring a complex workflow. G Suite enrollment for macOS devices and pre-approved enrollment that can save the admin plenty of time is lacking. Though MaaS360 offers a single app kiosk mode functionality for windows, users have reported on its unreliability.

4) ManageEngine Desktop Central

ManageEngine is an IT division of Zoho corporation. They have over 90 products that helps businesses meet their IT management needs. Their IT management software extends to include service management, identity and access management, unified endpoint management, IT security management, IT operations management and advanced IT analytics. ManageEngine Desktop Central is their UEM offering. Various tools such as mobile device management plus, OS deployer, remote access plus, patch manager plus and patch connector plus are used alongside to manage the endpoints.

Platforms supported:

  • Windows
  • MacOS
  • Linux
  • ChromeOS

Positives

  • Has good patch management
  • Provides multiple enrollment options for macOS and windows
  • Configure certificates, VPN and SCEP in windows
  • Enable app and browser restrictions in windows
  • Sync data and documents from managed apps on macOS devices

Negatives

  • Lacks pre-approved enrollment in macOS
  • Lacks open enrollment, AD authentication and Azure AD authentication in windows
  • Lacks important security features such as restricting users from manually removing mdm from windows
  • Cannot set app configurations on macOS devices
  • Cannot configure various account settings like email, Exchange ActiveSync, CardDAV, CalDAV and LDAP
  • Lacks the configuration of various security settings such as OS updates, Time Limits, Smart Card Authentication, Firewall etc
  • Doesn’t support configurations on Dock, Setup Assistant, Screen Saver, AirPrint, Kernel Extensions
  • Has limited remote management capabilities
  • Doesn’t support the deployment of store apps, enterprise app with PKG file and enterprise app from manifest url in macOS devices
  • Cannot deploy enterprise app from manifest url in Windows
  • Cannot create dynamic device groups
  • Has limitations on generating reports

Considerations

Bugs have been reported on newer versions of the software. Because of the complex UI, users can take time to keep track and fully understand the added features. Although the product offers a wide range of configurations for desktops, ManageEngine misses out on some critical security configurations such as smart card authentication, web content filtering and configuring firewall settings in macs.

It also lacks the capability to restrict Windows users from manually removing mdm from the device. This is a critical feature to have since users may intentionally remove the mdm agent from the device and leave it unmanaged. The software also lacks the granular app management capabilities that most enterprise desktop users desire.

5) Workspace ONE

AirWatch, an Atlanta based company that provided EMM was acquired by VMWare in 2014. The EMM product later underwent multiple rebranding. It was first rebranded to AirWatch by VMWare then later to VMWare AirWatch and finally to VMWare Workspace ONE UEM in 2018. The software offers multiple desktop management capabilities, some of which includes zero touch onboarding, custom scripting, a unified app catalog, data loss prevention, encryption and OS updates.

Platforms supported:

  • MacOS
  • Windows
  • ChromeOS
  • Linux

Positives:

  • Offers various enrollment methods with minimal user intervention such as DEP (macOS) and PPKG enrollment (Windows)
  • Offers support for other OS platforms such as Linux, ChromeOS (legacy), Windows Rugged, Windows 7 and Windows CE
  • Configure various device, network and security and privacy settings
  • Extensive app management capabilities
  • Has group policy management, where groups can be created based on users or devices

Negatives:

  • Lacks pre-approved enrollment
  • Doesn’t have several important security, app, device, account and network restrictions
  • Has limited remote management capabilities
  • Lacks the deployment of store apps on macOS devices
  • Doesn’t come with the flexibility to associate policies to devices, users, user groups and domains
  • Limited report management capability

Considerations

One of the key highlights of Workspace ONE is its app management capabilities and support for legacy operating systems. Though various settings can be configured to make the devices and corporate network more secure, they are not enough to meet the growing challenges brought in by the latest kinds of cyber security threats. Its remote management capabilities barely scratches the surface and may not come in handy in situations when organizations have to ensure the devices employees take home to work are completely secure. It also lacks the ability to remotely push custom scripts on mac and windows devices, which can be a real time saver for admins to automate routine tasks.

Even though, workspace ONE supports the generation of both custom and scheduled reports, they don’t give admins a clear idea on whether the devices are adequately compliant with the deployed policies. For instance, though admins can generate reports on the device’s battery logs and usage details it doesn’t give reports on the number of devices that are non-encrypted, password protected or kiosk enabled.

6) Citrix Endpoint Management

Citrix Systems Inc, is a software-based company in the US that specializes in server, application, desktop virtualization, networking, SaaS and cloud computing technologies. In 2013, Citrix acquired Zenprise. The company combined the Citrix Cloud Gateway MAM software with the MDM capabilities of Zenprise to create XenMobile. With the addition of more features, XenMobile which primarily offered EMM grew to include a more unified approach to manage the endpoints and was later rebranded to Citrix Endpoint Management.

Platforms supported:

  • MacOS
  • Windows 10
  • ChromeOS

Positives:

  • Offers multiple enrollment options
  • Allow users to configure various network and account settings
  • Supports single app and multi app kiosk mode in windows
  • Flexible app management capabilities
  • View device location and create geofence

Negatives:

  • Lacks pre-approved enrollment
  • Lacks the ability to set time limits on macOS devices
  • Does not have a granular group management policy
  • Cannot create app catalog on macOS devices
  • Email cannot be configured on windows devices

Considerations

Though Citrix Endpoint Management offers a variety of features centered on securing devices across multiple platforms, the software lacks several critical desktop management capabilities such as the ability to set time limits on macOS devices and enabling admins to authenticate users with their smart cards.

One other crucial feature that Citrix users will miss out is the convenience of opting for pre-approved enrollment. The benefits of going for a pre-approved enrollment includes importing devices to the UEM console even before the user completes the enrollment process. This will help admins to cut short the time taken for onboarding users. In addition to this, admins can also assign various policies to the devices and also group the devices for easier management. Upon enrollment, the assigned policies will immediately start to take effect on the devices.

Users have complimented Citrix’s app management capabilities that includes almost all features an admin would require to deploy the right applications to users, however the absence of creating a customized app catalog does make them fall short on providing users with instant access to the applications they need. They also lack the option to enable web content filtering on the devices. This essential security feature not only benefits users in being more productive but also helps organizations block data hogging websites that may increase the overall network usage costs.

7) Cisco Meraki

Founded in 2006, Meraki is a cloud managed IT company based in San Francisco. The company was found as part of the MIT Roofnet Project, an experimental 802.11b/g mesh network developed by MIT. Meraki was acquired by Cisco in 2012. Though the core focus of the company is networking, it provides various endpoint management capabilities.

Platforms supported:

  • MacOS
  • Windows
  • ChromeOS

Positives:

  • Has an intuitive interface
  • Good remote management capabilities
  • Has robust hardware and software inventory features
  • Easy to deploy and manage applications

Negatives:

  • The provisioning process takes longer than expected
  • Lacks GSuite and pre-approved enrollment
  • Application installation and upgrades are difficult
  • Does not support single app or multi app kiosk mode for windows
  • Lacks several critical macOS and windows configurations
  • Cannot create app groups or initiate app downgrades
  • Cannot set apps as mandatory in both macs and windows

Considerations

As cyberthreats and other similar vulnerabilities are continually on the rise, businesses must always adapt the strongest security measures to ensure the safety of their assets. Though Cisco Meraki provides quite a good set of desktop management capabilities, the software falls short on providing important security configurations for Windows and MacOS.

8) Microsoft Endpoint Manager

MEM has been through a couple of rebranding over the years ever since its founding in 2011. It began as Windows Intune when it was rebranded to Microsoft Intune in 2014. In 2019, the product was further rebranded to Microsoft Endpoint Manager (MEM). It provides endpoint management capabilities to corporate owned and BYO devices. Its management capabilities extend to both cloud and on-premises. In addition to managing desktops and mobile devices, MEM also manages virtual machines, embedded devices and servers. Microsoft Endpoint Manager includes the functionalities of both Microsoft Intune and Configuration Manager.

Platforms supported:

  • MacOS
  • Windows

Positives:

  • Manage and secure devices from a centralized platform
  • Provides conditional access, device restriction policies and CSP policies
  • Automation of deployment with Windows Autopilot

Negatives:

  • Limited kiosk functionalities
  • Lacks integral remote management capabilities such as associating policies and installing applications remotely
  • Limited app management features such as the lack of creating app groups and app catalogs

Considerations

One of the major drawbacks of Microsoft Endpoint Manager is its limited remote management capabilities. It lacks some critical remote actions such as scanning device location and broadcasting messages in windows devices. The convenience of installing applications, associating policies and exporting device details remotely is absent in both Windows and MacOS. MEM also lacks the implementation of multiple configurations that can make the managed devices more secure such as blacklisting/whitelisting applications in windows and setting app configurations and web content filtering in mac devices.

App groups and app catalogs can be beneficial for enterprises harboring a busy workflow with multiple departments. App groups can help organizations deploy specific apps to specific teams and app catalogs which can consist of both individual apps and app groups can be customized to fit your organization’s requirements. If you are an admin managing hundreds of devices, you’ll easily understand the convenience of having reports at your disposal, efficient generation of reports is yet another feature MEM lacks.

9) Ivanti Unified Endpoint Manager

Ivanti is a software company based in Utah. Founded in 2017, Ivanti was formed with the merging of Landesk and Heat software. They provide offerings in IT Security, IT Service Management, IT Asset Management, Identity Management, Supply Chain Management and Unified Endpoint Management. Ivanti acquired MobileIron and PulseSecure in 2020, helping the company to further strengthen themselves in Unified Endpoint Management, Zero Trust Security and IT Service Management.    

Platforms supported:

  • Windows
  • Linux
  • Unix
  • MacOS

Positives:

  • Automation and license compliance
  • Patch management
  • Remote management without connecting to a VPN
  • Onboard windows devices with Windows Autopilot
  • Includes client management, mdm management and modern and co-management

Negatives:

  • Lacks improvement in IT and inventory reporting
  • Lacks an efficient zero-day support for new macOS releases
  • Its large number of features and lack of proper documentation can be a bit overwhelming
  • Has a complicated management interface
  • Alerting capabilities needs improvement
  • Agent upgrade is difficult

Considerations

Even with the added capabilities of MobileIron, managing desktops with Ivanti can be still be quite a bit of a troublesome experience. Its complicated management console can make users miss out on a lot of features. The absence of proper documentation doesn’t exactly help either. However, Ivanti does offer good management for Windows devices.

10) Sophos    

Sophos is a security software and hardware company based in Britain. Its products are used in communication endpoint, encryption, network security, email security, mobile security and unified threat management. The company began by producing security software to businesses and antivirus solutions (both free and premium) to home users. Sophos Mobile, their UEM offering can be hosted on-premises and in cloud.   

Platforms supported:

  • Windows 10
  • MacOS
  • ChromeOS

Positives:

  • Has an intuitive UI
  • Easy to set up
  • Provides good endpoint security functionality

Negatives:

  • Lacks efficient kiosk management
  • Does not have handy enrollment features like SMS and pre-approved enrollment
  • Lacks critical app management features such as app catalog and app downgrade

Considerations

Even though the software provides modern management, it has limited desktop management capabilities which includes the absence of multi app kiosk mode in windows and convenient app management functionalities such as creating app catalogs, setting app notifications and initiating app downgrades. It also lacks an efficient group policy management like the creation of dynamic groups which can help admins get real time compliance checks on the devices.

Share
  •  
  •  
  •  
  •  
  •  

Heather Gray

Technical Blogger @ Hexnode. Reading and writing helps me to stay sane.

Share your thoughts