Skip to main content
The importance of thinking beyond security to maximize ROI

Unified Endpoint Management (UEM) – Seven Best Practices

By Anna Kungsdahl | March 28, 2018

In my last post I discussed that good technology management starts with a user, now I will cover cost optimization with UEM.

All too often, I see customers focusing on security as they embark on a Unified Endpoint Management (UEM) initiative. Not that there’s anything wrong with that. The constant demand for tighter security is one of the primary factors driving the need for unified management of an organization’s technology assets. But there’s so much more to be gained. Customers who address UEM from a broader perspective, beyond security, can expect productivity gains, high levels of user satisfaction, and optimized costs. Here’s my seven UEM best practices for improving ROI.

Return on investment for a UEM project stretches way beyond the benefits of tighter security and better protection mechanisms. While UEM projects are often initiated due to the constant need for additional security, a broader perspective can deliver benefits elsewhere. In the decade I’ve worked with Snow Device Manager – part of Snow’s UEM offering – I’ve watched our customers closely; observing why some of them succeed in their UEM projects and others don’t. Putting my thoughts together, I’ve come up with seven best UEM practices:

  1. Start with the user.
  2. Adopt a cross-functional approach.
  3. Implement cross-platform solution, with a single pane-of-glass for visualizing technology assets and consumption in datacenters, cloud, mobile, and desktop.
  4. Embed security in the request process and consumption of technology assets.
  5. Ensure a basic level of security on all devices and provide support for additional levels of security for select groups and devices.
  6. Automate processes to lower the total cost of ownership.
  7. Address UEM as a continuous process.


1.Focus on users

As I discussed in a previous post, Unified Endpoint Management (UEM) – it starts with the user, good UEM puts the user first, because they make choices based on service first and endpoint second. Processes that are put into place to manage technology assets, need to be seamless and unobtrusive, without impacting user productivity.

2. Integrated sourcing, SAM, and finance

Modern tech-savvy users are comfortable managing their devices and phones as well as the applications installed on them. To solve an immediate productivity need, users are likely to purchase software directly from the website of a software vendor or an application from Windows Marketplace, Google Play, or the App Store. Download, install, and consumption is instantaneous. The only glitch is the often manual and time-consuming process of reimbursement through the expense claims system.

But the real issue is the cost and risk associated with:

  • Non-compliant use of applications
  • Loss of entitlement information
  • Lack of technology consolidation
  • Failure to avail of volume purchases
  • Potential purchase of blacklisted applications.

Successful UEM projects address technology asset management from a holistic perspective. By bringing Sourcing, Software Asset Management (SAM), Finance, and Security together, UEM processes and solutions can be designed so that the life cycles of assets are managed to minimize risk and optimize spend.

With cross-functional transparency, Sourcing can negotiate better contracts for volume purchases, the SAM team can ensure that inventory is complete for all endpoints, automate license reharvesting, and assure compliance. And finally, security policies can be embedded in UEM processes without impacting user productivity.

3. A SIngle pane-of-glass

From a security perspective, any blind spot in the inventory of machines and devices connected to the corporate network presents risk. A device or machine running software without the latest patches installed, opens the door to attack. But these blind spots present other risk in the form of audit fines, virtualization sprawl, unused hardware/ software, and missed volume purchasing opportunities.

Cross-platform UEM enables infrastructure, software, and consumption to be visualized through a single pane-of-glass. Discovery, inventory, and consumption tracking capabilities can provide detailed insight into IaaS and SaaS, on-premise datacenters, desktops, laptops, servers, as well as the mobile park.

4. EMBED Security

Make it simple for users to follow procedure. Security processes that are complicated and cumbersome tend to be ignored, with users circumventing protocol in the name of expediency. Unfortunately, most users are unaware of the potential consequences of attaching unapproved devices to a network, the cost of running machines that serve no business purpose, or the risk associated with downloading blacklisted software to their machines and devices.

A UEM solution that provides users with a one-stop-shop for mobile and desktop applications is good for a seamless user experience. Security measures can be embedded into automated workflows for requests, approvals, deployment, installation, and removal ensures that technology assets are managed effectively.

5. security on all devices

Safeguarding mobile devices in the same way that datacenters and desktop infrastructure are secured ensures that data is protected, and the attack surface is minimized. Popular desktop software, like Salesforce and Microsoft Office 365, usually come with app counterparts. Enrolling devices with a baseline of security ensures that users download approved applications, updates can be rolled out silently, patches are deployed, and devices can be wiped when lost or stolen.

Certain individuals and groups, like the C-suite, within an organization are more attractive to would-be attackers than others. The ability to roll out additional security measures to certain groups or individuals – again without disrupting the user, creating performance issues, or hampering productivity in any way – enables organizations to protect itself from attack.

6. Reducing total cost of ownership

A UEM solution that can provide full endpoint visibility can provide cost savings by identifying unused hardware and software. Smart and automated re-harvesting of licenses and subscription plans ensures that unused technology assets are either retired or assigned to new users. Smart solutions will enable you to, for example, automatically remove unused subscription plans or move users onto cheaper plans based on their consumption – and without any inconvenience to the user.

Automating repeatable tasks, like spinning up virtual machines in a cloud environment, not only removes overhead from the IT Service Desk, it also enables security policies to be embedded in a systematic way  – my colleague, David Svee, who is Product Manager for Snow Automation Platform, talks more about this in Security loves IaaS automation.

The more you can automate, the greater the possibilities for reducing TCO. I have discussed some of them throughout this post, such as an integrated software store, full asset life cycle management, and here are a few more:

  • Policy-driven subscription management
  • Device and permissions management
  • Cost-center tagging
  • Provision and decommission of cloud resources
  • Automated software install and uninstall
  • User on-/ off-boarding and identity management.


7. Continuous improvement

UEM is not a one-off project that can deliver immediate cost savings while addressing security issues. The cost aspect of technology assets changes over time. Previously, asset management focused on expensive software. Today, the assets that need to be taken care of include IoT devices, VMs, applications, and middleware, as well as SaaS consumption, configuration settings and entitlement information.

In line with technology evolution, the attack surface is constantly expanding, as people use new devices to carry out workplace tasks, with more software, applications, and data.

Against this backdrop of constant change, a successful UEM initiative ensures that operational processes are in place to facilitate and manage change once the initial program is complete.


In my next UEM post, I will dig deeper into the concept that there’s more to UEM than security. In the meantime, why not take a look at Snow Device Manager, or check out our events page for a SnowStorm near you, where you can get a sneak preview of, the soon-to-be-released, Snow Device Manager 6.0.

You May Also Like

Snow User Summit: 3 Topics Changing the IT Landscape in 2021
Snow User Summit: 3 Topics Changing the IT Landscape in 2021
During the 2021 Snow User Summit, our panel of Snow experts explored three topics fundamentally changing the IT landscape.
Read More
Snow 2021 SAP Forum: Global Conversations on Today’s Biggest SAP Challenges
Snow 2021 SAP Forum: Global Conversations on Today’s Biggest SAP Challenges
Check out some of the highlights from the Snow 2021 SAP Forum including conversations around S/4HANA, how to maximize ROI on your SAP investment and more.
Read More
GDPR Report Card: Year Three - Fines, New Processes and More
GDPR Report Card: Year Three - Fines, New Processes and More
Since its rollout three years ago, the General Data Protection Regulation has grown into a global change agent. Discover what's changed and what challenges are still ahead.
Read More