EMM software and knowledge buyers need to find the right product
A collection of articles that takes you from defining technology needs to purchasing options
Buyers must carefully evaluate the tools and services available in the enterprise mobility management market before making a purchase. Many options are available, but these are multifaceted products with several features to vet and consider.
EMM is not a single product but more often a suite that consists of the following tools: mobile device management (MDM), mobile application management (MAM), mobile identity management and mobile content management.
The implementation of these four tools along with pricing and delivery models should shape how buyers validate each of the following vendors. There are key platforms that administrators should look for among the EMM market offerings, including:
- iOS device management
- Android management -- using Google's Android for Work or Samsung's Knox
- Windows support
Knowing which platform is most important to the company will influence the decision of which vendor fits best.
Apple realizes that the next stage of growth for its devices is through support in the enterprise. Traditionally a stronghold for Windows devices, iOS devices -- specifically iPhones -- are now strongly supported in many enterprises.
For this reason, Apple is providing increased support for MDM and EMM services in iOS. The iOS platform now supports three key technologies:
- DEP: The Device Enrollment Program automatically enrolls devices in a company's network. The Apple Configurator 2 provides EMM enrollment without physically touching the device, which is a huge cost savings.
- VPP: Apple's Volume Purchase Program enables corporations to buy large volumes of licensed apps and make them available to employees.
- ADP: The Apple Developer Program allows for custom app creation and deployment on internal enterprise app stores.
Schools have additional options. As of iOS 9.3, schools can allow devices to manage multiple profiles, enabling several students to share one device. Users widely expect that Apple will bring profiles to company devices.
These are programs that can be extended to MDM and EMM providers through APIs in the iOS software. There are key areas that Apple still makes difficult for companies, though. Two examples are:
- The App Store: Apple does not prevent a managed device from downloading an app on the iTunes App Store. Any iOS device can run any of the two million apps available from Apple. The potential risk in allowing all these app installations comes when IT runs an audit on the software and apps that run the business. This process, often referred to as app rationalization, cannot be controlled with iOS-powered devices in the same way it can be for Windows.
- OS updates: Apple does not allow companies to restrict upgrading to the latest version of iOS, allowing Apple to migrate millions of active iOS devices to the latest release within days; therefore, all custom enterprise apps must support the current version of iOS.
Apple is releasing the tools necessary to manage large numbers of iOS devices. It is also clear that Apple takes working with enterprises seriously, as shown by recent strategic partnerships with Cisco, IBM and SAP.
BlackBerry acquired WatchDox and Good Technology's Good Dynamics platform to become a comprehensive EMM suite. The full suite of tools now comprises of BlackBerry Enterprise Server 12, Good Technology collaboration apps, Good Dynamics and WatchDox by Blackberry.
Organizations can host BlackBerry's EMM tools on premises or in the cloud. The cloud support is in Canada and the Netherlands. Local data-protection laws may prevent data from leaving the country and will, in turn, cause problems with the cloud-hosting model that BlackBerry offers.
Neither BlackBerry Enterprise Server nor Good Dynamics are top-class products by themselves, but together, the package is a strong offering in the EMM market. As is expected with the BlackBerry brand, support is very strong for these products. Potential buyers should not see BlackBerry and its two acquisitions as three separate companies but as one suite of tools.
The best type of customer for BlackBerry is a a government agency or a large-scale corporation that places security as the top priority.
Citrix has long been a vendor in the desktop virtualization and server environments, led by its XenMobile product line. The Citrix tools that comprise its XenMobile EMM suite include NetScaler, ShareFile and XenMobile.
The strength of XenMobile is its ability to provide access to Windows-based software on a mobile device. This is beneficial for highly mobile workforces such as sales teams. The downside is that user experience is poor, particularly on a mobile phone. Older Windows 7 apps do not translate well to a touch environment. Citrix is doing a lot of work to counter the problems of earlier XenMobile deployments with a touch-friendly software developer's kit that users can add to desktop apps and that provides easier access on a mobile platform.
The biggest challenge for companies utilizing Citrix tools is scalability. Small and midsize companies should be fine, but larger companies will have problems if they fail to correctly configure their software as a service environment.
Many of these EMM market vendors offer services that have expanded through acquisitions. IBM has a strong selection of security tools -- Trusteer, QRadar and BigFix -- and the acquisition of MaaS360 completes the support model. MaaS360 is a cloud-based environment that supports device management for iOS, Android and Windows phone devices. MaaS360 also manages Windows and Mac OSes to provide a comprehensive, one-stop product for all enterprise endpoint devices.
MaaS360 is a compelling, reasonably priced tool with fast deployment. Each service in MaaS360 is also available as an API, providing an opportunity for developers to extend the security of mobile apps through centralized EMM software.
MaaS360 is a good turnkey product for companies that want to quickly implement a comprehensive EMM environment. Companies of any size can use MaaS360.
LANDesk's EMM tools are still immature. The strength of LANDesk is in its Universal Endpoint Management offering that includes support for mobile and PC devices. Organizations will find excellent product information management functionality and reporting tools through its Xtraction tool.
LANDesk's EMM product is for companies managing very few mobile devices with only basic controls.
Microsoft's doctrine is now "Mobile First, Cloud First" for software. This is the case for the Office365 suite of tools that users can access from Windows PCs, macOS, iOS and Android devices. Device management and security are not new areas for Microsoft. The current suite of tools to manage devices is the Microsoft Enterprise Mobility Suite. It is comprised of Microsoft Intune, Azure Active Directory Premium, Advanced Threat Analytics and Azure Rights Management. Intune, by itself, is comprised of a selection of core tools that manage MDM, MAM and configuration manager and has a specific focus for Office 365 mobile app management.
Intune is a cloud-only product and is immature compared to other products on the market. Key support for Samsung Knox and Android for Work is currently missing, but Microsoft claims that support is coming in early 2017. Another challenge for administrators is that Intune is generally weak on support for self-service controls and questionable uptime.
Microsoft's EMM tools are good for companies that are heavily dependent on Office 365 and other Microsoft Cloud services.
MobileIron is one of the rare vendors on the EMM market that is a stand-alone EMM provider. MobileIron has one of the strongest EMM tool sets and has a proven record for stability, scalability and adopting emerging technologies such as Android for Work.
The company started as an on-premises provider and launched cloud software in 2012. Companies such as Verizon and AT&T partner with MobileIron.
Areas of weakness for MobileIron often center on its enterprise app store -- Apps@Work – which isn't visually on par with competitors' app stores.
There is also a question of whether a larger company will acquire MobileIron.
SAP has a spotted history with its key EMM product, Afaria. While SAP was aggressively promoting its mobile application development platform (MADP) software as part of an acquisition of Sybase, it promoted Afaria as the key EMM tool for any company with a large SAP deployment. The challenge for SAP is that MADP software is not widely adopted, and the company has moved onto new platforms such as Fiori and the recent partnership with Apple.
SAP is reducing its own internal investment into Afaria. While SAP maintains it is still supporting the product, companies that aren't heavily invested in SAP products should be careful about purchasing any Afaria licenses.
Sophos is an ideal product for small and midsize companies. Admins can deploy the core EMM products either on premises or through the cloud and they come with endpoint protection, unified threat management, a virtual private network and Android antivirus protection.
The key strength for Sophos is that it is easy to deploy and administer and has great support. While Sophos targets small to midsize companies, its own set of products can scale to 50,000 active accounts.
Sophos is a solid product for companies that have an enhanced parallel port and want to consolidate to a single EMM system.
Businesses can deploy Android-powered phones and tablets at a low cost of entry per device. This is especially advantageous for emerging markets, such as Latin America and Asia-Pacific, where an Android device can be as much as 10% of the cost of an iOS-powered phone. SOTI could prove beneficial to companies that have large Android deployments.
SOTI's core focus is on rugged devices as well as Android devices; however, the central tool in SOTI's EMM suite, MobiControl, also supports iOS and Windows platforms.
SOTI supports a number of industry protocols and its own APIs to manage Android devices in an increasingly highly fragmented market. For instance, SOTI has strong support for Samsung Knox 2, Google's Android for Work, Sony's API support and SOTI's own AndroidPlus technology.
SOTI is ideal for companies that have invested heavily in Android. This includes many industries such as transportation, hospitality, retail, field service, manufacturing and healthcare.
Something additional to consider when choosing SOTI: As with MobileIron, SOTI is a stand-alone EMM provider. It can be difficult to negotiate rates if customers can't bundle services together.
VMware acquired AirWatch in 2014 and then followed up with the acquisition of Boxer in late 2015. The combination of tools places VMware at the top of EMM market.
AirWatch's core EMM tools are hosted in the cloud and can connect to on-premises corporate authentication services such as Microsoft Active Directory Federation Services. AirWatch has proven to scale quickly from a small number of accounts to very large international accounts.
Users can secure access to email through Boxer. The current release now includes support for Android.
VMware is deploying management solutions for internet of things devices such as wearables and custom-built tools.
There are industry concerns that VMWare's EMM services may not get the level of support they need due to the EMC merger with Dell. EMC is the parent company to VMware and its EMM services are small compared to the rest of the company, and may not receive the attention they need.
There is plenty of available support for services in the EMM market. Areas to focus on when reviewing each vendor should be scalability, quality of service and tool selection. Also, enterprises must consider whether to host an on-premises EMM tool or deploy in the cloud. Current policies will drive this decision, although cloud hosting has many scalability and support benefits that on-premises products do not typically offer.
To find the most suitable software, buyers should place focus on characteristics that are common across the EMM market to drive down licensing costs. Most of these vendors overlap in their capabilities and functions, so no one vendor can truly say they are unique from one another. It is up to the buyers to discern the pricing, licensing and special features of each vendor.
Compare the top EMM software suites
Learn what features to look for when purchasing EMM tools
Find out why an EMM platform is so essential for modern networks