MDM is dead, long live EMM

Broken Cell Phone


I thought I was creative with my post title, but it turns out that if you google the phrase “MDM is dead” you’ll turn up with tons of results. Some are really old like this one from 2012, which predicts that MAM is what will kill MDM. Others, like this one by security intelligence, are newer and emphasize something different, which is that EMM is useless without MDM, so therefore EMM is MDM. I’m definitely late to the party in saying that MDM is dead, but it looks like the phrase means something different to a lot of people. This is my perspective as an on-site professional.


I think the buzz of MDM is dead. People used to get really excited about MDM. When I first started implementing MDM solutions for clients in 2012, a lot of people didn’t even know what MDM was. Now everybody knows what MDM is, and a lot of companies want it in some form or fashion. The problem with MDM is that it is not an all-encompassing solution. A lot of people assume that “mobile device management” solutions can manage everything on mobile devices, but that’s not the case. Passcode locks, camera, bluetooth, wifi, and and exchange configurations? Sure. But those are only possible to control because the device manufacturers make it so. What about the data that users can see? What about controlling the actually functions of digital applications on devices? Well unfortunately, that’s not part of MDM. That’s part of MAM.


Between 2013 and 2015 is when the buzz for MAM really went wild. People started thinking, who cares about the device? If we just control the data, any device can be used and devices don’t have to be controlled at all. We can implement BYOD and fully scale at minimum cost. Unfortunately, this isn’t ideal either. What happens when a user physically loses their device and they just so happened to have some unprotected corporate data on it? You can’t wipe a device that’s not being managed. Sure MAM allows the app to be wiped, but what if the user wrote a note or a password or took a picture? Those aren’t managed by MAM. In reality, MAM is only a partial solution as well. The security-minded company needs something more complete.


We are now living in the era of EMM. Companies like Mobile Iron, Airwatch, Intunes, etc all no longer identify themselves as MDM solutions. They’re now EMM providers, and they work in conjunction with platforms like iOS and Android for Work. When exactly did the buzz for MDM and MAM die? Well, this might be controversial, but I actually have an exact date for you: June 3, 2014. That is the date when the Gartner IT consulting firm released their latest analysis of mobile management industry trends, and they did something quite important: they changed the title and focus of their analysis from “Mobile Device Management Software” to “Enterprise Mobility Management Suites.” Here is their reasoning:

Enterprise mobility management (EMM) suites consist of policy and configuration management tools and a management overlay for applications and content intended for mobile devices based on smartphone OSs. They are an evolution from previous-generation mobile device management (MDM) products that lacked application and content management. IT organizations and service providers use EMM suites to deliver IT support to mobile end users and to maintain security policies.


The buzz for MDM is dead, but not because companies don’t want MDM anymore. They still do, they just need it packaged in a more complete EMM solution. Companies like Airwatch and Intunes have recognized this and have acted accordingly. Other companies like SAP, which have primarily focused on MDM, have completely fallen off the Gartner Magic Quadrants report and are at risk of losing potential customers. Times like this always reminds me of what Microsoft CEO Satya Nadella once said:

Our industry does not respect tradition — it only respects innovation.

Future of MDM: UEM?


When it comes to mobile device management there are so many acronyms that it’s kind of ridiculous. What is even more ridiculous is that the majority of these acronyms tend to stay, so you can’t really ignore them as they come along. Terms like MDM, BYOD, MAM, and IoT, for example, have all become fairly prevalent (though terms like MIM have become mostly ignored).


There’s been some new buzz around the term UEM, and one of the major sources is this article by securityintelligence. I don’t like to waste time, so I’ll cut to the chase: UEM stands for unified endpoint management, and what it really means is that you will have one “unified” central point for managing all devices within a company. You may ask, “well isn’t that just an MDM/MAM solution? Airwatch and other vendors are able to manage a multitude of devices.” That’s a valid question, and in fact I was confused about that for a while as well. It became clear to me when I was reading this:


There was a singular event that allowed UEM to turn the corner: Microsoft provided an API function resembling MDM for lightweight management of Windows 10 devices in July 2015. This opened the door for consistent management abilities across all device form factors, including smartphones, PCs, wearables and IoT.


This is where things get interesting. If you think about it, companies usually manage their mobile devices and PCs completely separately. Usually you’ll have an MDM/MAM solution like Afaria to manage mobile devices, and a robust PC management solution like SCCM to manage Windows PCs. Although SAP does have some PC management features available via custom Afaria executable, in general most companies tend to go with the Microsoft tool SCCM to manage Microsoft PCs. When Microsoft enabled MDM on Windows 10 devices, however, that potentially made it possible for one singular MDM solution to realistically manage not only mobile devices, but all Windows PCs as well. Securityintelligence takes this line of thinking and extrapolates it out into the future: eventually companies will be able to have one solution that manages everything, including mobile devices, PCs, IoT, wearables, etc. Pretty much any device with a wifi chip. At that point you won’t just have an MDM solution, you’ll have an “everything” solution. In other words, a “UEM” solution.


You can already see MDM solutions trying to be “UEM” solutions now. Mobile Iron doesn’t just do just mobile devices, they can manage anything with Windows 10 and are developing solutions to manage IoT devices too. Microsoft offers both SCCM and Intunes as cloud services. Airwatch offers laptop management and is looking for use cases for IoT. It looks like the industry sees the potential of being able to manage everything from one spot, and vendors are desperately trying to innovate their way to the top spot. The best value you can bring to a customer is being able to do everything for them.


What are my thoughts? Well, I don’t think the term “UEM” will ever become popular. If you search “UEM” you’ll struggle to get relevant hits. If I had to guess, it’s because Google has already popularized the acronym EMM, or enterprise mobility management, in regards to their solution Android for Work. If you think about it, EMM and UEM are almost the same thing. My takeaway from securityintelligence’s article isn’t the new acronym, but that we’re really living in an exciting time for mobile management. The IT world changed drastically when MDM was widely adopted, and now corporations all over the world are enabling their employees to work mobile. But now all that just seems like a first step. As everything becomes “smart” and connected, companies will want one central point to manage everything, including IoT, mobile devices, and computers. Although I’m not excited about the new acronym, I am excited about how the concept will be implemented in the industry.