Professional Documents
Culture Documents
Tools
Published 1 August 2022 - ID G00757534 - 26 min read
By Analyst(s): Tom Cipolla, Dan Wilson, Chris Silva, Craig Fisler
Initiatives: Digital Workplace Infrastructure and Operations; Infrastructure Security
By 2025, more than 90% of clients will use cloud-based UEM tools to manage the majority
of their estate, up from 50% in early 2022.
Market Definition/Description
Gartner defines unified endpoint management as a tool that provides agent and agentless
management of computers and mobile devices through a single console. Modern UEM
tools:
■ Offer agent and/or agentless management through native Windows 10, macOS and
Chrome OS controls.
■ Aggregate telemetry and signals from identities, apps, connectivity and devices to
inform policy and related actions.
■ Integrate with identity, security and remote access tools to support zero-trust access
and contextual authentication, vulnerability, policy, and configuration and data
management.
IBM is a Challenger in this Magic Quadrant. IBM Security MaaS360 with Watson provides
AI-enhanced UEM and endpoint security. Its operations are geographically diversified, and
its clients tend to be midsize enterprises (MSEs) in technology, retail and manufacturing
based in the Americas and Europe. IBM continues to invest in Watson for security and
digital employee experience (DEX) improvements, deeper integration with identity and
security products, and OS and application patching to reduce vulnerabilities.
Strengths
■ Intelligence and automation: IBM’s Watson delivers analytics designed to identify,
prioritize and resolve security, identity, performance and configuration issues on
devices managed by MaaS360. Security intelligence and automation remains a
strength as IBM continues to build upon rich integration with QRadar and other
identity and security tools to dynamically adjust policies to reduce risk. Recent
development extends beyond security use cases into endpoint analytics and
automation to improve DEX.
Cautions
■ Product marketing: MaaS360 is rarely promoted or referenced during IBM Security
conferences, events and marketing, and cross-selling of MaaS360 is infrequent,
resulting in missed bundling opportunities with other IBM products. As a result,
clients often cite a lack of product capability awareness and wonder how strategic
MaaS360 is for IBM.
■ SaaS only: Available only as a SaaS solution, MaaS360 does not provide on-
premises management options. Despite holding several security certifications (e.g.,
FedRAMP, SOC 2 Type 2 and ISO 27002) and offering a gateway to enable mobile
devices to access email and other on-premises applications, a lack of on-premises
hosting may limit MaaS360’s appeal for some users.
Ivanti
Ivanti is a Leader in this Magic Quadrant. Its Ivanti Neurons for Unified Endpoint
Management offers broad support for nearly all endpoints. Its operations are
geographically diversified, and its clients tend to be enterprise organizations. Ivanti
continues to add intelligence and automation to improve discovery, automation, self-
healing, patching, zero-trust security and DEX via the Ivanti Neurons platform. Ivanti
Neurons also bolsters integration with IT service, asset and cost management tools.
Following acquisitions, Ivanti is making progress integrating RiskSense, MobileIron,
Cherwell Software and Pulse Secure, but work remains.
Strengths
■ Intelligence and automation: Ivanti Neurons for Unified Endpoint Management is the
only solution in this research that provides active and passive discovery of all
devices on the network using multiple advanced techniques to uncover and
inventory unmanaged devices. It also applies machine learning (ML) to the collected
data and produces actionable insights that can inform or be used to automate the
remediation of anomalies.
Cautions
■ Licensing model: As Ivanti continues to expand its offerings, migrate to the cloud
and add Ivanti Neurons capabilities to each product, it’s becoming more challenging
to navigate the website, bundling and pricing. Gartner clients often cite confusion
with understanding what specific capabilities are included with each product or
hosting option, or if additional licensing is required.
■ Feature parity: Some features and extended capabilities of the product are not
available on-premises, including the advanced discovery, intelligence and
automation from Ivanti Neurons. The SaaS offerings are also updated more
frequently and receive updates faster than their on-premises counterparts.
ManageEngine
ManageEngine is a Niche Player in this Magic Quadrant. The newly rebranded Endpoint
Central product continues to expand its broad management capabilities. Its operations are
geographically diversified. Its clients tend to be MSEs. ManageEngine continues to invest
in endpoint analytics, automation and enhanced capabilities for MSPs, as well as
broadening its purview into endpoint security, remote access and zero-trust capabilities.
Strengths
■ Endpoint diversity: In addition to OS management capabilities, ManageEngine offers
broad capability to manage Chrome OS, Linux distributions (Ubuntu, Red Hat,
CentOS, Fedora, Mandriva, Debian, Mint, SUSE, Pardus and Oracle Linux, and
derivatives of each), servers and Android OEMConfig devices (Samsung, Zebra,
Honeywell, Lenovo, Datalogic, Unitech, Nokia, Kyocera, CipherLab, Seuic and
Spectralink).
■ Broad capabilities: ManageEngine’s feature set makes Endpoint Central a solid entry
point for clients starting their UEM journeys by seeking a low-cost, highly flexible
offering. Client interactions and social media mentions highlighted its distributed
cloud deployment as a cost-effective way to help clients adhere to disparate country
and market-specific regulations.
Cautions
■ Licensing model: The licensing model is more difficult to understand and administer
than those of competitors. Obtaining a quote requires entering the total number of
devices to manage and the number of technicians who will need to access the
system — tiered from 50 to 10,000 devices, and one to 50 additional technicians.
ManageEngine also lacks user-based licenses and charges an additional license fee
for its Endpoint Security, Analytics Plus and Secure Gateway Server capabilities.
■ Remote access and zero trust: ManageEngine lacks generally available VPN and
zero-trust capabilities. Both were on the 2021 roadmap, but weren’t delivered. Until
delivered, third-party solutions are required, which proves cumbersome for smaller
organizations.
Matrix42
Matrix42 is a Niche Player in this Magic Quadrant. The Matrix42 Secure UEM (SUEM)
product excels at supporting basic endpoint management and security use cases. Its
operations are geographically diversified, and clients tend to be MSEs in the Germany,
Austria and Switzerland (DACH) region. Matrix42 has continued to invest in capabilities to
inventory, manage and patch devices, along with investments aimed at enhancing
ITAM/ITSM and behavioral dynamic policy enforcement.
Strengths
■ Product marketing: Matrix42 effectively enables its customers and promotes the
UEM’s overall capabilities through webinars, user communities, tradeshows and
local branded experience days.
Cautions
■ Geographic focus: Despite its desire to sell globally, Matrix42 lacks strong brand
awareness among buyers outside the DACH region. Brand awareness is limited, and
growth in other markets has been challenging.
■ Platform economics: Matrix42 aligns well with smaller IT organizations that favor
complete platforms over point solutions by focusing primarily on selling SUEM and
complete digital workspace bundles (plus add-ons). However, organizations with a
CMDB, ITAM/ITSM or endpoint security tools may end up paying extra for
capabilities they already have.
■ Remote access and zero trust: Matrix42 requires third-party tools to complete its
zero-trust and remote-access capabilities, lacking an integrated VPN offering at the
time of this analysis.
Strengths
■ Microsoft-native: Deep platform integration with Azure AD, Defender for Endpoint
and Microsoft 365 suites of products offers improved security and IT administrator
experience. Evidence of improved stability and performance achieved by replacing
third-party plug-ins with native solutions cannot be ignored.
■ Product strategy: With the growth of Microsoft 365, Endpoint Manager continues to
dominate UEM market share. New features and fixes are prioritized based on
customer demand. Sustaining prior momentum, Endpoint Manager branding has
become commonplace among clients, and Gartner observes that it is mentioned
widely and favorably in social media.
Cautions
■ Reporting: Dashboard and reporting capabilities are basic, with limited prebuilt
reports available compared with competing products. Many clients report that the
creation of custom reports via Microsoft Graph integration is labor-intensive and
requires specialized skills to be effective.
VMware
VMware is a Leader in this Magic Quadrant. VMware’s Workspace ONE platform provides
improved employee experience through UEM, extensive virtualization, analytics,
comprehensive security, remote access, apps and workflows. Its operations and clients
tend to be geographically diversified. VMware continues to invest in helping customers
drive workplace modernization, implement zero trust, improve the digital employee
experience and reduce digital friction.
Broadcom announced its intention to acquire VMware on 26 May 2022. At the date of
publication, VMware met the inclusion criteria for this Magic Quadrant and continued to
operate as an independent entity. Gartner will provide additional insight and research to
clients as more details become available regarding the acquisition.
Strengths
■ Product strategy: VMware is the only vendor in this research with a complete
package that includes device management, single sign-on, remote support, remote
access, endpoint security, analytics, automation and virtualization. VMware also
added SaaS management capabilities through its partnership with BetterCloud.
Cautions
■ Pricing: Clients get the most value from Workspace ONE through advanced features,
such as DEX management, risk-based conditional access for zero trust and use-case
focused solutions for automation and intelligence. These are only available with the
Advanced or Enterprise license tiers, which are priced among the highest of the
products evaluated in this research.
■ Feature parity: Many of the advanced Workspace ONE capabilities require the use of
its SaaS offering. These include reporting and dashboards with historical data,
automation with third-party integrations through custom connectors, Risk Analytics,
Digital Employee Experience Management and Workspace ONE Trust Network.
Added
■ No vendors were added to this Magic Quadrant.
■ Citrix: Citrix announced the 1 July 2022 end of sale for Citrix Endpoint Management
to focus investments on zero trust network access (ZTNA) and desktop as a service
(DaaS) technologies.
■ Direct integration with the Microsoft Intune Graph API for app and data
protection
2. Evidence that the UEM product has at least 10 million devices under management,
excluding managed devices entitled under trial, freemium or other no-cost use
arrangements
3. UEM offering as turnkey SaaS (UEM vendor hosted and operated, not IaaS)
■ Volume of job listings specifying experience with the UEM platform as a job
requirement on TalentNeuron and on a range of employment websites in the
U.S., Europe and China
Honorable Mentions
Gartner tracks more than 30 vendors in the unified endpoint management space. Although
this research identifies six vendors that have met our inclusion criteria, the exclusion of a
vendor does not mean that the vendor and its products lack viability.
Described below are several noteworthy vendors that did not meet all of our inclusion
criteria, but could be appropriate for clients, contingent on requirements:
■ HCL Software: HCL BigFix offers modern and agent-based management and
patching of Windows and macOS, as well as agent-based management and
patching of Windows Server, many Linux distributions and UNIX families. Separately
licensed, BigFix Mobile offers management of Apple and Android mobile devices.
BigFix did not meet Gartner’s inclusion criteria for single license SKU for UEM and
direct integration with the Microsoft Intune Graph API for app and data protection.
Operations Medium
Completeness of Vision
Completeness of Vision focuses on the performance of a vendor’s product as it applies to
current market needs, the strategy and performance in delivering to meet that
understanding, and the vendor’s ability to innovate for current and emerging needs as well
as against its competitors. This metric also assesses a vendor’s geographic strategy and
presence, its strategy and roadmap for the product, and its general business model.
Innovation High
Quadrant Descriptions
Leaders
Leaders exhibit strong execution and vision scores, and exemplify the suite of functions
that assist organizations in managing their mobile devices and
PCs. Leaders also provide guidance and tools to help migrate from traditional client
management to modern management, as well as deep integration with endpoint analytics
and endpoint security tools to provide a simplified IT administrator and an improved
employee experience.
Visionaries
Visionaries exhibit strong capabilities in their current offerings and a complete set of
functionalities to address common use cases. However, the vendor’s size, the size of its
installed base, platform breadth or integration points make it appropriate for some, but
not all, buyers. There are no Visionaries in this year’s Magic Quadrant.
Niche Players
Niche Players exhibit leadership in specific use cases, market segments or verticals.
However, their offerings fail to provide a breadth of features that make them relevant to all
buyers, regardless of vertical, geographic market or use case.
Context
For the 2022 iteration of the Magic Quadrant, no changes were made to the rating
methodology. For the inclusion criteria, we added a market momentum index to help
identify market relevancy.
The goal of any Magic Quadrant is to provide a level view of comparable products (size,
capability and corporate structure) to address the demands of a wide variety of
buyers. Not every company’s requirements are identical. We encourage clients to review
the accompanying Critical Capabilities research to review use case and functionality
requirements, and this research to align industry expertise, vision, technology and cost
requirements to the right vendor, regardless of the vendor’s quadrant.
Market Overview
Gartner considers UEM to be a mature and stable market. Growth is small and driven
primarily by organic events. Limited opportunities for growth include new deployments of
frontline worker technology, consolidation of disparate and OS-centric tools, and small to
midsize organization use cases.
■ Integration with endpoint analytics and endpoint security tools to build proactive and
resilient defenses for endpoints that are being targeted by more and better-skilled
adversaries.
■ Demand to consolidate and integrate UEM and endpoint security vendors and tools,
in order to benefit from tighter platform integration and, to a lesser extent, achieve
cost-efficiencies.
■ Customer demand for consolidation to a single UEM platform. The 2022 Gartner
February Omnibus Survey confirmed that 54% of respondents have already
consolidated to a single endpoint management team, and an additional 26% plan to
do so in the next two years. Furthermore, 83% of respondents have invested in
modern management of endpoints and 75% in mobile BYOD enablement.
Looking forward, the rapid evolution of SaaS-powered capabilities and the emergence of
DEX tools offer a glimpse into the next evolution of endpoint management beyond UEM.
Over the next three to five years, we anticipate that the inability of enterprise IT leaders
and managed service providers to scale staffing levels and skill sets to meet ever-
increasing business and cybersecurity demands will catalyze the adoption of intelligence
and automation. Gartner calls the next phase “autonomous endpoint management
(AEM).”
Evidence
Gartner Peer Insights: We considered reviews for Gartner Peer Insights posted from 1
April 2021 through 31 March 2022 for representative vendors in the following markets:
CMT, enterprise mobility management (EMM) suites, mobile application management
(MAM) and UEM.
Ritesh Srivastava, from the Social Media Analytics team, contributed to this research.
■ How organizations are thinking about security vendor consolidation and what
business outcomes are expected as a result
The survey was developed collaboratively by a team of Gartner analysts and Gartner’s
Research Data, Analytics and Tools team.
Disclaimer: Results of this survey do not represent global findings or the market as a
whole, but reflect the sentiments of the respondents and companies surveyed.
Sales Execution/Pricing: The vendor's capabilities in all presales activities and the
structure that supports them. This includes deal management, pricing and negotiation,
presales support, and the overall effectiveness of the sales channel.
Marketing Execution: The clarity, quality, creativity and efficacy of programs designed to
deliver the organization's message to influence the market, promote the brand and
business, increase awareness of the products, and establish a positive identification with
the product/brand and organization in the minds of buyers. This "mind share" can be
driven by a combination of publicity, promotional initiatives, thought leadership, word of
mouth and sales activities.
Operations: The ability of the organization to meet its goals and commitments. Factors
include the quality of the organizational structure, including skills, experiences, programs,
systems and other vehicles that enable the organization to operate effectively and
efficiently on an ongoing basis.
Completeness of Vision
Market Understanding: Ability of the vendor to understand buyers' wants and needs and
to translate those into products and services. Vendors that show the highest degree of
vision listen to and understand buyers' wants and needs, and can shape or enhance those
with their added vision.
Sales Strategy: The strategy for selling products that uses the appropriate network of
direct and indirect sales, marketing, service, and communication affiliates that extend the
scope and depth of market reach, skills, expertise, technologies, services and the customer
base.
Offering (Product) Strategy: The vendor's approach to product development and delivery
that emphasizes differentiation, functionality, methodology and feature sets as they map
to current and future requirements.
Business Model: The soundness and logic of the vendor's underlying business
proposition.
Vertical/Industry Strategy: The vendor's strategy to direct resources, skills and offerings
to meet the specific needs of individual market segments, including vertical markets.
Operations Medium
Innovation High