Does unified endpoint management need user environment management?

After a few years of saying “no, the other UEM,” worlds could collide!

For years, I’ve been wondering if user environment management and profile management vendors will ever expand into operating systems other than Windows. Today, I want to get the conversation started by throwing around a few ideas.

Anecdote: How UEM for UEM could be helpful

I thought of this recently when I saw a tweet from Brian Madden (the person):

“Productivity tip for new @VMware employees: save countless hours by configuring custom text replacements on your mobile device. #ThereIFixedIt”

On his iPhone, Brian set text replacement shortcuts so that “vmw,” “Vmware,” and “VMWare” all get autocorrected to “VMware.”

I replied:

“If only there was an MDM profile for custom dictionaries!”

The problem is that there’s no MDM API to configure the text replacement settings in iOS, so you can’t touch this with unified endpoint management (UEM) tools. If you wanted to do this for your entire fleet of corporate devices, you’d be out of luck.

However, when it comes to fine-grained management tasks that affect the user experience, this is the type of thing that user environment management tools (the older, original UEM) have been doing on Windows for years. (This topic was also on my mind considering the recent news about FSLogix.)

As more work happens on non-Windows devices, there will be more of a need to do user environment management tasks on iOS, Android, Chrome OS, and macOS.

How do we do this?

The MDM APIs for iOS and Android have been expanding dramatically with every major release (and often with the minor releases, too). Now we can use MDM for tasks such as setting device wallpapers, configuring printers, and arranging or hiding app icons. For individual apps, developers can choose to expose configuration values that can be managed directly via the standard MDM protocol.

But for all this progress, there are still a ton of settings that are only available in the UI, like the text replacement example. Just look at your settings app, and see what’s not available as an MDM API. (Here are settings for iOS and Android.)

As it turns out, the only place that many settings are stored is in device backups—i.e., iTunes or iCloud backups, Google backups for Android, and OEM services like Samsung Cloud.  With some exceptions, these aren’t enterprise-oriented solutions to dealing with these settings.

The main exception, by the way, is GroundControl, which you can think of as an enterprise version of Apple Configurator, with a bunch of other features. It can take backups from devices—containing settings and other things that can’t be configured via MDM—and put them on other iOS devices. You can think of it as imaging or managing a profile (the way that we think of a Windows profile), except for iPhones and iPads.

Another exception is Shared iPad, a multi-user mode that’s kind of like roaming user profiles. It’s only for education customers, though.

Do we need it yet?

So MDM has come a long way, and GroundControl is a no-brainer if you’re deploying enterprise-liable iOS devices.  But what does the end user computing industry need next? Do we need UEM for UEM? This could make a really interesting conversation over beers at a conference, but I wanted to put it out there to get it in everybody’s mind before all the big shows start.

Here are some thoughts:

Mac management and Macs in the enterprise have been growing like crazy. macOS already has more settings and custom profiles that can be exposed via MDM, plus you can put a traditional agent on the device. So in theory, these would be a possible route to build “user environment management” for macOS.

For mobile devices, maybe Google could introduce a special backup management service for Android Enterprise, or maybe the GroundControl concept could be applied to Android, too. Or perhaps Apple could buy GroundControl and make it an enterprise service. (After all, Apple is all about services now.)

Apple could also open up Shared iPad, like people have wanted for years. (Of note, this brings up possible app compatibility issues. Fun!)

Another idea I had was what if the Android and iOS Settings apps themselves could be opened up to the app config standard. That is, your MDM could just send an app config payload specifying the value for any controls and switches exposed in the UI of the settings app. Then there would be no need to wait and hope for new MDM APIs to come along in the OS.

Going beyond devices, what about cloud apps? Many of them have user settings that are behind proprietary APIs or only available in the UI. Could those fall under user environment management, too? How do you integrate with them? To what degree could tools leverage identity standards like SAML and SCIM?

No matter what, to make these things happen, solutions are going to have to blend elements of unified endpoint management, user environment management, and identity management.

Wrap up

I’ve posed the question of user environment management for macOS to a couple of vendors over the years, and in the past, they said that they thought about it, but it would have been too much trouble for a market that was still too small. They already have plenty of business dealing with Windows profiles.

But as we go forward, I think this could change. We’re all living on multiple non-Windows devices, and we all have settings that we wish could follow us around. (I also think this is interesting because it blends the mobile and desktop worlds.)

So is it time for more tools like this? Or are MDM APIs enough? Or do the challenges just make it too impractical? Let me know what you think!

Next Steps

Mosyle adds screen sharing to MDM software

Dig Deeper on Unified endpoint management