Magic Quadrant for Unified Endpoint Management Tools

Magic Quadrant for Unified Endpoint Management Tools

Published 23 July 2018 - ID G00354834 - 48 min read

UEM refers to a new class of tools that can act as a single management interface for mobile, PC and other devices. I&O leaders should expect and plan to replace enterprise mobility management and client management tools with UEM to support modern OSs.

Market Definition/Description

This document was revised on 27 July 2018. The document you are viewing is the corrected version. For more information, see the  Corrections page on
Unified endpoint management (UEM) tools combine the management of multiple endpoint types in a single console. UEM tools perform the following functions:
  • Configure, manage and monitor iOS, Android, Windows 10 and macOS, and manage some Internet of Things (IoT) and wearable endpoints.
  • Unify the application of configurations, management profiles, device compliance and data protection.
  • Provide a single view of multidevice users, enhancing efficacy of end-user support and gathering detailed workplace analytics.
  • Act as a coordination point to orchestrate the activities of related endpoint technologies such as identity services and security infrastructure.
Vendors in this analysis fall into two categories: those that are heavily invested in mobile and modern management with very little client management tool (CMT) functionality, and those that have integrated an existing CMT or explicitly built CMT features into their UEM.
Modern OSs favor UEM-only management; Google's Chrome OS and Windows 10 S are two examples. Presently, the majority of organizations have yet to adopt UEM as the primary management tool for all endpoints, making the inclusion of features that bridge CMT and UEM strong differentiators today. The value of these features will diminish as fewer devices require them and Gartner will adapt future analyses of this market accordingly.
More information on the component pieces of UEM in contrast with CMT offerings and the barriers to UEM adoption are outlined in "Prepare for Unified Endpoint Management to Displace MDM and CMT."
We expect our market definition of UEM to evolve over the next several years as the readiness for and embrace of UEM management become more commonplace. Legacy client management capabilities and integrations will naturally diminish in importance over time as the ability to manage platforms like Chrome OS grows more important to the average enterprise. Gartner expects wearables and IoT management to become more central to the UEM use case of more organizations. Note that not all IoT objects will fall under the realm of enterprise mobility management (EMM) tools — some devices may be managed directly by service providers or require proprietary management tools. However, the diversity and number of devices will continue to grow, and IT organizations must adopt UEM tools and processes in order to scale and keep up with the quickening pace of platform updates across devices.

Magic Quadrant

Figure 1. Magic Quadrant for Unified Endpoint Management Tools
Source: Gartner (July 2018)
Magic Quadrant for Unified Endpoint Management Tools

Vendor Strengths and Cautions


42Gears is headquartered in Bangalore, India, with offices in Fremont, California, and Manchester, England. The vendor specializes in managing a corporate-owned fleet of devices across multiple platforms and form factors, including wearables and digital signage. 42Gears enjoys a global presence, with its solution deployed in innovative use cases. Its ability to manage iOS, Android, Windows 10, macOS, Wear OS, Linux (Ubuntu, Fedora) and IoT gateway devices (Raspbian, Ubuntu MATE), and legacy platforms such as Windows 7/Windows CE, demonstrates the depth of the solution and diversity in how it is used.
42Gears is innovating with its virtual assistant, DeepThought, which aims to simplify administrative tasks and perform self-service tasks for end users. The solution supports screen sharing by iOS users without external third-party dependencies. UEM administrators can automate routine management functions to create custom workflows based on triggers such as compliance rules, geofencing/time-fencing attributes and telecom policy violations. The solution provides an analytics rule engine that processes business-specific data shared by managed apps to enable better decision making and automate anomaly detection.
42Gears is appropriate for organizations that want to deploy a UEM solution to manage a diverse array of company-owned PCs, mobile devices, ruggedized devices and wearables in a single console with support for nontraditional, legacy and emerging platforms. The solution also appeals to organizations seeking to scale their UEM deployment more easily with automation.
  • 42Gears offers flexible pricing and deployment models, making it particularly attractive to midsize enterprises. Pricing options include flat-rate, perpetual and subscription models. The product shares a common codebase across on-premises and SaaS deployments, and offers customization of the product versus static off-the-shelf configuration.
  • 42Gears' UEM provides best-of-breed capabilities on Android such as full support for Android Enterprise. Customers appreciate features such as silent app installation, device tracking and the ability to manage multiple user profiles on a single shared device.
  • The UEM administration dashboard is intuitive with easy-to-use search and navigation options. It also supports the ability to view and subscribe to both prebuilt and customizable reports.
  • 42Gears has yet to add support for Windows Autopilot, and Microsoft Graph APIs to implement app-level controls for Office 365 apps or to integrate with Microsoft Store for Business to deploy public UWP apps. The solution also lacks a secure personal information manager (PIM) client.
  • 42Gears' UEM is pending government certifications. such as U.S. federal government's FedRAMP or globally applicable security certifications such as Common Criteria, which limits its reach in security-conscious organizations.
  • Customers cite the need for a user community (peer forums) and video tutorials to formalize self-service functions such as Tier 0 support. Product license structure is complex, with separate licenses for its SureLock and SureMDM offerings.


BlackBerry is based in Waterloo, Ontario, Canada. The vendor's Unified Endpoint Management 12.8 builds on the combined strengths of BlackBerry's acquisitions and investments in recent years in the EMM space. The BlackBerry UEM offering builds on the vendor's reputation in the regulated and high-security mobile markets, adding modern management capabilities to Windows 10 (and higher) and macOS Sierra (and higher), while also providing management for wearables and many IoT devices.
Notable developments include BlackBerry's Enterprise BRIDGE product, which unifies BlackBerry containerized apps with Office 365 apps managed via Intune. BlackBerry UEM also supports Microsoft's Graph API, which allows BlackBerry to fully manage Office 365 apps within its own "container," leveraging Intune programmatically to set proprietary Office 365 data loss prevention (DLP) policies ("save as" control; Intune licenses required). BlackBerry also has one of the stronger offerings among UEM vendors for IoT devices, including integration with its Radar product, aimed at the transportation vertical.
BlackBerry's UEM offering is appropriate for organizations not seeking CMT functionality or a single product that can handle migration of legacy management and modern management. The extensibility of the BlackBerry container on mobile devices and PCs is well-suited to organizations seeking to offer company data on unmanaged devices. This is especially true where multiple apps must be deployed in the container and cross-app services such as presence information are required.
  • BlackBerry's strength in delivering a highly extensible secure PIM/container, and its long list of certifications, brand recognition and presence in regulated vertical markets, make it a formidable competitor to other vendors approaching this vertical.
  • BlackBerry continues to evolve its IoT capabilities, burnishing its credibility as a viable vendor in that market and using management of QNX and other nontraditional devices to drive growth in revenue and installed base.
  • BlackBerry Enterprise BRIDGE and Microsoft Graph API support provides flexibility to Office 365 organizations in how these apps are managed and integrated into business workflows when a container is required.
  • BlackBerry is among the vendors in the Leaders quadrant that does not offer a complete CMT solution or migration capabilities for clients moving to UEM from legacy CMT offerings.
  • BlackBerry's macOS support is not yet at parity with its Windows 10 support.
  • Despite a formidable vertical market strength in regulated industries, the vendor's solution continues to gain traction in nonregulated markets slowly.


Citrix Endpoint Management, formerly Citrix XenMobile, is a stand-alone UEM offering from Citrix. Gartner sees organizations buying it most often as a piece of a larger Citrix infrastructure. Citrix has also been marketing its Endpoint Management to customers migrating to or using Microsoft's Intune UEM product as a value-added tool that can build on Intune's UEM offering with additional, more granular policies, containerized apps and integration with Citrix's Content Collaboration offering (formerly ShareFile). Citrix offers a suite of containerized mobile apps that can be managed using Citrix Endpoint Management or Intune mobile application management (MAM) controls.
Citrix's broader UEM capabilities focus on desktop environments and applications delivered through the Citrix client virtualization offering, Citrix Virtual Desktop (formerly XenDesktop). Gartner believes Citrix is well-positioned to execute as this market evolves. However, its CMT-like functions available in the Citrix Workspace Environment Manager (WEM) are available in some, but not all, license levels of the UEM product. This results in features that require interaction with a separate console and are not universally available to all Citrix Endpoint Management customers.
Citrix remains a good fit for organizations with an existing investment in Citrix virtualization technology and the Content Collaboration offering. It is also a fit for companies that require a comprehensive suite of containerized applications, or for organizations with a future roadmap that includes a transition to Microsoft Intune. The latter can help minimize user-side disruption by allowing the same containerized apps to persist despite shifting from the Citrix offering to Intune.
  • Citrix's containerized applications can be run on an unmanaged device. If an organization is equipped with Microsoft Intune licenses, these apps can be used and managed on Intune-managed devices or devices that are unmanaged, using Intune's MAM controls.
  • Citrix offers the ability to consume mobile, SaaS and virtualized Windows applications through a single app store, key for leveraging existing investments in Citrix virtualization technology and for delivering a diverse set of applications.
  • Citrix, which Gartner cited as missing key product features in the 2017 EMM Magic Quadrant, has revamped its efforts to innovate in the product, and has demonstrated the fruits of that innovation in the addition of new features such as macOS management.
  • The lack of CMT migration features across all product license tiers relegates the full complement of UEM and CMT features to its highest license level and broader Citrix Workspace offering.
  • Customers consistently note that support has materially improved, with direct access to executives, which is not available to all customers and is extremely difficult to scale.
  • Citrix is an attractive addition to an Intune installation, where missing features such as support for an on-premises gateway and console are needed. However, as Intune continues to evolve, this differentiation may be eroded.


IBM's MaaS360 offering, a leading EMM product in Gartner's 2017 Magic Quadrant for EMM, has added CMT functions from the vendor's BigFix product to offer a UEM strategy complete with CMT functionality alongside its modern management capabilities. The vendor has evolved the offering from a security-centric approach toward a focus on user productivity.
IBM has taken advantage of its broad software portfolio to combine MaaS360 with adjacent IBM products in areas such as mobile threat detection, cloud access security broker (CASB) and identity and access management (IAM), to address several, related capabilities in a single product. Additionally, IBM has used its Watson AI expertise to deliver analytics designed to help customers identify and triage issues with devices managed by MaaS360. The automatically generated reports help surface critical issues that require attention, and can be customized with filters for issues based on geography and vertical industry. The feature has been cited as highly valuable by IT operations teams seeking to take on UEM without needing additional staff to administer the tool.
IBM continues to transition from EMM toward a UEM strategy, aiding in customers' transition from legacy to modern client management. Improved integration between MaaS360 and BigFix brings a rich set of CMT capabilities into the MaaS360 offering.
MaaS360 is a good fit for customers that want a SaaS-based UEM tool that has integrated mobile security and can automate some of the steps required to maintain ideal compliance and management posture across devices.
  • IBM has taken advantage of its BigFix product IP to broaden the MaaS360 offering to a full-featured UEM with CMT feature support and integration to ease in transitioning PC clients from BigFix to MaaS-based modern management.
  • IBM offers advanced predictive analytics using its Watson engine to analyze UEM-gathered data to predict possible problems or security events, a benefit noted as highly valuable by IT-resource-strapped organizations.
  • Customers continue to report that MaaS360 is easier to implement compared with other UEM solutions.
  • IBM offers rich capabilities to ease migration from its CMT offering, BigFix, to modern management, although integration of CMT features into the console migration from competitive offerings requires co-management of devices with both MaaS and the third-party CMT.
  • MaaS360 is SaaS-only; it does not provide an on-premises management option. The solution does offer an on-premises access gateway for email and other applications.
  • Clients called out support issues centered on the vendor's help desk ticket system. The online ticketing system presents challenges with not being updated with status and problem solutions, which has extended some customers' resolution times.


Ivanti was formed in early 2017 following the acquisition of Landesk by private equity firm Clearlake Capital, merging it with HEAT Software. Since the merger, the company has added a number of acquisitions to its portfolio, including Concorde Solutions and RES Software, for asset management and identity and automation, respectively. The vendor's UEM offering is based on its EMM offering, which previously bore the Landesk brand.
Ivanti's UEM strategy builds on Landesk's pedigree in the CMT market. In 2016, Ivanti switched its EMM product focus to the Landesk technology. The vendor has since combined its EMM and CMT products, providing a single pane of glass for management of all relevant endpoints. The vendor is one of the few in this research that offers a full CMT solution as part of its UEM offering.
Ivanti is a good fit for organizations currently managing their PCs using its tools, and those not yet looking to dive head first into modern PC management and looking for a UEM solution offering established traditional CMT functionality with native integration into EMM.
  • Ivanti maintains a broad portfolio of products, including IT service management, IT asset management and security that integrate into its UEM offering.
  • Ivanti demonstrates a breadth of UEM features in its offering, pairing established CMT offerings from its Landesk heritage alongside rich mobile management capabilities aimed at providing a user-centric view of devices, policies and status information.
  • Administrators can use a single workflow to deploy an application to PCs and mobile devices. For example, an administrator can deploy the PC, Mac and mobile versions of an application through one operation.
  • Despite a broad product offering with an established pedigree, Gartner does not encounter buyers with any frequency outside of its core markets, such as education.
  • Ivanti offers a limited set of out-of-the-box modern management (relying on MDM-like controls) configurations for Windows 10, which will require the use of custom configuration service providers (CSPs) for customers looking for deeper MDM-only support. Gartner was unable to identify customers using the UEM product's controls independent of its CMT to manage PC endpoints.
  • Gartner does not encounter the Ivanti offering on many clients' shortlists and has encountered a number of buyers confused by the new branding, lacking an understanding of the well-known heritage products behind the new brand.


ManageEngine is a division of Zoho, with headquarters in Pleasanton, California, and operations in China, India, Japan, the Netherlands and Singapore. Its UEM offering is Desktop Central. The product offers support for managing macOS, Windows and Linux PCs, along with Android, Apple iOS and Windows mobile devices.
Desktop Central is aimed primarily at small and midsize organizations, with the majority of deployments supporting under 500 devices. Desktop Central offers an easy-to-navigate interface and a lower price point than many of the other UEM vendors offering traditional Windows management capabilities.
ManageEngine is a good fit for small and midsize organizations looking for basic functionality for EMM and integrated traditional Windows device management.
  • The vendor maintains a very active user community that is rich in support and how-to content from other users of the product.
  • ManageEngine offers a broad set of ITOM tools for customers looking for out-of-the-box integrations into other ManageEngine products.
  • ManageEngine offers a free edition that can be used for up to 50 devices, and can be downloaded from its site or installed via various cloud marketplaces, allowing prospective customers to easily trial the tool.
  • ManageEngine lacks advanced EMM capabilities including geofencing and time-fencing, and lacked Microsoft Graph support to integrate with Intune at the time of this analysis.
  • Desktop Central lacks advanced UEM administration capabilities, such as the ability to assign MDM policies across a user's device or to user groups, that may make it cumbersome to manage for larger, more complex environments.
  • There is a significant feature delta between the SaaS and on-premises deployment models of the ManageEngine offering, along with a lag in feature parity between SaaS and on-premises.


Matrix42, headquartered in Frankfurt, offers a UEM product, Matrix42 Unified Endpoint Management, that combines the vendor's EMM offering with its client management offering (Empirium) as a single console for UEM. The vendor also provides its own IAM, software asset management and service desk products alongside its UEM tool.
Matrix42's product combines UEM and IT service management, allowing for user self-service capabilities including approval workflows and service catalog integration. Matrix42 also integrates its identity as a service (Matrix42 MyWorkspace) and service desk (Matrix42 Service Management) into its UEM offering.
Matrix42's product is a good fit for organizations primarily located in Europe and Australia that want an easy-to-use UEM with both traditional and modern management support for their Windows and macOS devices.
  • Matrix42's integration between its UEM and service desk products allows help desk personnel to quickly support endpoint device issues.
  • Matrix42 offers user-based licensing with an allowance for an unlimited number of devices per user, including PCs and mobile devices.
  • Matrix42 has a healthy split of direct and indirect sales, which could improve its execution and build its presence in new geographies through channel partnerships.
  • Despite claims of a healthy renewal rate, Gartner Peer Insights input from clients using the solution are mixed in their evaluation of customization in complex environments.
  • The vast majority of Matrix42's customers are in Europe and the Asia/Pacific region. The vendor has a strong presence in the EU and Asia/Pacific regions, but less presence in the Americas and other regions, which can present challenges in expanding its implementation partnerships.
  • Matrix42 does not provide its own containerized PIM, instead relying on an OEM agreement to provide this functionality. The vendor has also yet to add support for Office 365 app controls, using the generally available Microsoft Graph API set.


Microsoft's Enterprise Mobility + Security (EMS) suite is the foundation of Microsoft's UEM strategy. Microsoft introduced integration and migration capabilities between Microsoft System Center Configuration Manager (ConfigMgr) and Microsoft Intune, which customers can buy stand-alone or as part of EMS, which is also included in certain Microsoft enterprise licensing agreements. Microsoft includes ConfigMgr in its EMS offering alongside Intune with the goal of providing customers flexibility to allocate management tasks across CMT and UEM, if desired.
In 2018, Microsoft released Intune APIs for Microsoft Graph, exposing much of Intune's functionality as services for programmatic access by Microsoft and third-party tools. It is important to note, however, that integration with third-party tools will still require a valid license for Intune/EMS, as well as a license for the third-party product being used.
Continued client interest in Intune/EMS is demonstrated by a noted increase in the number of Gartner clients that are implementing or have implemented it in 2018. Increased awareness through concerted Microsoft sales and marketing motion, continued product improvements, and growing adoption of both Office 365 and Azure Active Directory deployments contribute to significant pull-through.
Intune is appropriate for organizations that are looking for fully integrated ConfigMgr workload management alongside UEM, that require application-level management for the Office 365 mobile apps, or those looking to standardize on Microsoft tools and utilize existing EA entitlements.
  • EA customers that fully buy into the Microsoft 365 vision will find that extensive integration across products exposes capabilities that are difficult to replicate piecemeal.
  • Integration with ConfigMgr and incremental migration capabilities for PCs to Intune and ConfigMgr co-management can reduce the complexity of the transition to UEM.
  • There is full integration with Office 365 mobile apps; Intune is required for implementing app level for access to full DLP controls such as controlling "save as" and restricting "copy/paste" and enabling multi-identity features.
  • Incomplete support for legacy Android versions may present management issues in environments where managing Android devices is central to the use case.
  • Intune lacks full support for integration with some popular identity management products (for example, Ping Identity and Okta), which may make some capabilities of these products more challenging to implement for both managed and unmanaged devices.
  • Customers have noted frustration that Microsoft offers a single price point and license for Intune, whether using app-level controls only or deploying the tool as their primary UEM.


MobileIron is headquartered in Mountain View, California. Its well-known EMM offering has continued to see investments focused on modern management of Windows 10 and macOS to round out its UEM capabilities. MobileIron Threat Defense is a new SKU that bundles the Zimperium SDK for threat detection capabilities as part of the MobileIron agent to allow real-time detection and remediation. MobileIron supports Microsoft Graph APIs to enforce app protection policies in Office 365 apps (although this requires a separate Microsoft EMS/Intune license). Over the past year, the company forged new partnerships and expanded its ecosystem with new ISV integrations. Lenovo established a reseller relationship with MobileIron as its preferred solution for Windows laptops. The integration with Google Orbitera, a cloud service marketplace, allows MobileIron to manage licenses to third-party cloud apps and restrict access to purchased cloud services only to authorized devices in a platform-agnostic manner. Service desk management tools such as ServiceNow and SIEM tools such as Splunk integrate with MobileIron web services APIs to access and provide visibility into mobile device inventory and initiate actions on mobile devices.
MobileIron Access is designed as an identity proxy to complement MobileIron's MDM capabilities to provide adaptive access, single sign-on (SSO) and multifactor authentication (MFA) to enterprise resources. These capabilities, along with security certifications such as common criteria (NIAP MDM-PP V2), FedRAMP ATO, DISA STIG, SOC 2 Type 2 and CSFC position the company well to expand its customer base in regulated and government verticals. Lenovo and MobileIron have announced a partnership to support out-of-the-box PC management capabilities.
In 2017, MobileIron appointed its incumbent CFO as its new CEO, replacing IoT industry veteran Barry Mainz. This coincided with it shelving an industrial IoT initiative while maintaining support for platforms such as Apple tvOS and embedded Windows 10. Organizations that want an up-to-date, scalable and proven UEM solution that integrates with a large security ecosystem, and do not require inclusion of legacy CMT features, should consider MobileIron.
  • The MobileIron Access customer base is growing — customers use it to enable adaptive access and SSO across both SaaS and internally hosted apps.
  • MobileIron's in-house tech support is cited by customers as vastly superior, while customers have reported varying experiences with third-party support from certain partners. Customers report satisfaction with MobileIron listening to and prioritizing feature requests.
  • In addition to supporting Samsung Knox, MobileIron is supporting Google's Android Enterprise Recommended program with up-to-date Android Management support, including zero-touch enrollment. Combined with MobileIron threat defense, these capabilities will be attractive to organizations that want to manage and secure Android devices.
  • MobileIron faces competitive pressure due to the lack of differentiated features in the management of Windows 10 and macOS devices, and a lack of integrated CMT functions.
  • Gartner has not seen evidence of large-scale deployments of Windows 10 management. Large enterprise deployments primarily involve iOS and Android platforms, with limited use of macOS.
  • As the solution expands to manage more device types, the lack of focus on analytics and reporting capabilities limits the ability to extract useful business insights such as application usage metrics.


Beijing NationSky Network Technology Co. is based in Beijing, China. NationSky's UEM product is called NQSky UEM. The company's customer base is largely in mainland China, where it serves multiple industry and government verticals, including financial institutions, insurance, manufacturing, hospitality, education and telecommunications companies.
NationSky receives customer kudos for 24/7 technical support, with well-defined service-level agreements for minor incidents, critical defects and feature requests.
The company has partnerships with multiple major global OEMs and regional OEMs such as Vivo, OPPO, Xiaomi, TCL, nubia and Aliyun OS. The partnerships with local device manufacturers extend NationSky's customer reach by bundling management capabilities with enterprise device sales.
NationSky has secured critical certifications that have kept pace with new regulations in China, such as the China Center for Information Industry Development and China State Information Center for Classified Protection of Information System Grade. China's Cybersecurity Law, effective since 1 June 2017, introduces the concept of "critical information infrastructure (CII)," mandating enhanced security requirements for qualifying organizations. DLP capabilities are available on both unmanaged and managed devices.
NQSky UEM is a good fit for large organizations requiring endpoint management with tight integration with Chinese OEM devices, use in Chinese government applications or local language customer support in China.
  • NQSky UEM integrates with CMTs for Windows 10 such as Beijing VRV to synchronize user- and device-level information between the two systems. The administration console is accessible via a native app on smartphones and tablets.
  • NationSky provides a workspace app called AppNest that containerizes capabilities for instant messaging (BeTalk), email (BeMail), contacts, file sync and share, and any enterprise-approved apps. It is designed for maximum appeal to its core market, with design details based heavily on WeChat.
  • Administrators can subscribe to reports in multiple formats and set up recurrence intervals, using analytics data on key events to populate reports. The platform offers telecommunications expense data and proactive alerting for license renewals.
  • While NQSky UEM supports configuration and policy management for Windows 10, it neither supports app distribution of internal apps nor integrates with Microsoft Store for Business for external apps. The support for Microsoft Office 365 Graph APIs was not generally available at the time of this writing.
  • NQSky UEM does not support Android Enterprise due to the lack of Google Play services in China. However, it offers specific support for Chinese OEMs' management tools and proprietary OSs, such as Aliyun OS, SyberOS and TDOS (formerly Huawei Kirin OS.)
  • NationSky continues to demonstrate strength in the Chinese market, but Gartner does not encounter many customers using NationSky UEM outside of China, making the offering very market-specific to China.

Snow Software

Headquartered in Stockholm, Sweden, Snow Software offers UEM capabilities primarily through the Snow Device Manager (SDM), but the functionality is spread across an integrated set of products. The company fills a niche by combining device management with self-service functionality around employee onboarding/offboarding, hardware life cycle management and software license management.
SDM's integration with Snow License Manager (SLM) allows organizations to ensure compliance with software licensing audits along with application usage and cost analytics. SDM also integrates tightly with Snow's offering in software asset management called the Snow Automation Platform, which allows administrators to present users with a self-service enrollment workflow.
The vendor is migrating features to its web-based console, but requires use of a Windows-only desktop application for creation of policy that can be deployed by the web-based tool, which is more complex than the workflow for other UEM solutions evaluated. Its secure PIM, Sentinel Secure, is being withdrawn in favor of platform-level containerization provided by Android Enterprise and iOS managed apps.
SDM is a good fit for midsize organizations with a specific requirement to integrate with application license management and asset inventory in the workplace. SDM is available both on-premises and as a SaaS solution, and is localized in English, German, Portuguese and Swedish.
  • The self-service workflow streamlines the process of enrolling devices, requesting subscription to productivity software and renting a cloud-hosted virtual desktop through a single "check-out" portal.
  • Customers report very high satisfaction with the simplicity of the solution that enables them to be up and running with little to no training.
  • Snow demonstrates strength in integrating with software license management and service desk tools from its own portfolio and from other vendors.
  • Snow has limited support for modern management of Windows 10 and macOS. For example, there is no support for enabling encryption or distributing applications using MDM on Windows 10.
  • Customers report scalability issues, resulting in a lot of manual rework while recovering from a failure in application deployment. SDM can manage up to 50,000 devices on a single domain.
  • SDM version 6 introduces a web-based console for limited device management functionality, but the main administration console continues to be a Windows desktop application with an outdated look and feel. Moreover, SDM, SLM and AP currently execute as three separate Windows applications, in addition to the Snow Integration Manager.


Headquartered in Abingdon, England, Sophos offers its Sophos Mobile UEM product, which integrates with its broader line of security products, particularly its endpoint protection platform (EPP). The product can function as a stand-alone UEM tool deployed on-premises or in cloud environments. Sophos has aggressively pursued innovation in the security space using nonsignature detection methods, DLP and EDRM extended across server, workstation and mobile devices.
Sophos sells its UEM solution to a largely small and midsize business audience, although the product can scale to support 50,000 devices and has been deployed at greater scale in certain customer environments. Gartner most commonly encounters Sophos Mobile in organizations looking for a strong mobile solution with support for managed and unmanaged devices.
Sophos is a good fit for organizations looking to consolidate EPP and UEM, and for a strong containerization solution that offers push-type task interactions.
  • Sophos Mobile's console, geared to midmarket clients, uses configurable tiles to provide a multimodal dashboard, providing a visually intuitive and easily navigable user experience.
  • Sophos offers tight integration with its security solution to offer a combination UEM and security solution in a single package and console.
  • Sophos Secure Email (which is licensed from Virtual Solution) is one of the best secure PIM clients for containerized email available. It offers an easy-to-use interface and runs as part of the Sophos container, along with Sophos Secure Workspace for secure documents and a corporate browser.
  • Sophos does not offer legacy CMT capabilities or tools for migration for clients moving to UEM from legacy CMT offerings, and licenses some components of its UEM offering.
  • Gartner sees customer interest in Sophos limited to midmarket deployments, with few large enterprise deployments.
  • Despite the central nature of identity in providing dynamic endpoint management, Sophos currently does not offer an identity provider as part of its solution.


SOTI, headquartered in Mississauga, Ontario, Canada, is included in this year's analysis as a nonparticipating vendor. Gartner has drawn on public information shared in vendor briefings, sourced from the vendor's public product information and using customer input from Gartner client inquiries and Peer Insights data to form its analysis of SOTI in the UEM space. SOTI has expanded beyond its MobiControl product by adding rapid mobile app development (SOTI Snap) and a help desk offering (SOTI Assist) as part of its SOTI ONE platform, while continuing to iterate on MobiControl.
Gartner has seen an increase in interest in SOTI for use outside of use-case-specific or purpose-built device management and at global scale. SOTI remains strongest in single-purpose or purpose-built device deployments. The vendor has demonstrated a consistently strong presence in IoT management, with many production and revenue-generating use cases.
Pairing SOTI's UEM with the other elements of the SOTI ONE platform's offerings, SOTI is a good choice for organizations that require specific support for single-purpose devices and deep IoT management. It is also a good choice for those seeking to source UEM and related products, such as service desk or mobile app development tools from a single player.
  • SOTI consistently demonstrates proficiency in management of nontraditional devices and use cases, such as increased revenue and visibility into operations through MobiControl management of IoT devices.
  • The vendor maintains a strong presence and brand recognition in use cases for purpose-built devices, disproportionate to its size when compared to larger rivals such as VMware, with which it competes. Gartner has also seen an increase in the breadth of customers, both vertical and globally, evaluating SOTI.
  • The emergence of SOTI One casts the vendor's offerings as a platform that can address management, content delivery (via mobile apps) and user support, exhibited by few other vendors outside the Leaders quadrant.
  • Gartner clients have noted that a lack of local presence in certain regions or countries, like China, have presented a challenge in deployment and securing truly global support.
  • Its unique capabilities to manage Android devices and address IoT use cases give the vendor visibility, but its relative size and share of market are reflected in its low ability to execute.
  • Having demonstrated organizational growth over the past year, SOTI has struggled to enunciate a market identity, consistently exhibiting reluctance to be categorized by its individual product categories, resulting in lower visibility among buyers.


VMware completed the transition of its AirWatch product family to VMware branding in 2018, creating the Workspace ONE brand of UEM offerings and retiring legacy color-tiered licensing under the AirWatch brand. The vendor also added a tier to its Workspace ONE offering; VMware maintains its Standard and Advanced offerings focused on endpoint management, and adds a tier offering endpoint management and application virtualization as the Workspace ONE Enterprise tier. The vendor maintains its top-tier offering, Workspace ONE Enterprise for VDI, which includes full desktop virtualization.
VMware continues to invest in technologies to improve management of mobile, wearable and IoT devices and modern management of PCs. The vendor has demonstrated significant commitment to providing "bridge" technology as part of its AirLift offering aimed at providing a rich feature set for migrating apps, policies and configurations from Microsoft ConfigMgr. Additional support for CMT tasks such as patch management is given peer-to-peer delivery through technology licensed from Adaptiva, Chrome device management was added in 2017, with VMware the first vendor in this analysis to offer support for the platform.
VMware's Workspace ONE Intelligence, based on technology acquired through its purchase of Apteligent, provides detailed analytics across multiple endpoint types, users and identities, apps, and networks. Read access to the data is included with all license tiers; actionable access rules are included in an interactive dashboard at its Enterprise product tier. VMware has added a set of microservices and is investing in templated mobile apps based on these microservices, to help customers rapidly design and deliver commonly-used mobile apps.
VMware's Workspace ONE is ideal for organizations seeking to adopt a solution with deep CMT migration functionality, and seeking a strong analytics component in the UEM console. In addition to broad, overall brand recognition, the vendor is investing in serving populations of single-purpose or purpose-built Android devices, expanding on Google's Android Enterprise management layer.
  • VMware has made significant investments in CMT integration technology and in the addition of some CMT features to its Workspace ONE offering, providing customers support in their journey to migrate from CMT to UEM for PC management.
  • Investments in analytics, microservices and in offering components such as increased integration and functionality of its Boxer offering, plus new, more relevant product license tiers, demonstrate a keen awareness of market needs.
  • VMware has continued a regular cadence of product improvements and new offerings, such as Chrome management and integrations with Office 365 mobile apps, that place it ahead of many competitors in terms of innovation.
  • VMware's focus on helping customers migrate from CMT to UEM with its own tools places it in more direct competition with Microsoft than its peers, whose packaging and licensing could drive down the average selling price and revenue of VMware's UEM product.
  • Gartner is unsure of what impact a recent change in EUC product leadership, from a single lead executive to dual EUC leads, may have on innovation, roadmap and product cycles.
  • Gartner continues to see the majority of customers adopting UEM-only SKUs, demonstrating limited uptake of higher-level SKUs that bundle other VMware technologies alongside UEM.

Vendors Added and Dropped

We review and adjust our inclusion criteria for Magic Quadrants as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant may change over time. A vendor's appearance in a Magic Quadrant one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. It may be a reflection of a change in the market and, therefore, changed evaluation criteria, or of a change of focus by that vendor.


This is a new Magic Quadrant; no vendors have been added.


This is a new Magic Quadrant; no vendors have been dropped.

Inclusion and Exclusion Criteria

Many of the tools in this analysis come from mobile (EMM) heritage, while others are expansions of traditional, PC-focused CMTs. In order to be included in this analysis, tools must contain the following elements and capabilities:
  1. Enterprise mobility management, consisting of:
    • Provisioning: This refers to the ability to configure Android and iOS devices, distribute mobile applications, manage app and OS updates, and assist with device life cycle management.
    • Auditing, tracking and reporting: EMM suites can provide device hardware and software inventories, audit settings and usage to verify compliance with enterprise policies and manage assets.
    • Enterprise data protection: EMM suites can apply controls for data encryption, mitigate data loss, handle data remediation, and expedite employee hires and terminations.
  2. Modern management of PCs, consisting of:
    • Direct management of the following platforms, using OS-native management libraries:
      • macOS (required)
      • Windows 10 (required)
      • Chrome OS (optional)
      • Desktop Linux (optional)
Gartner considers the following product capabilities representative of a complete UEM vision; however, their presence is not required for inclusion:
  1. Integration with discrete, traditional CMTs. Examples of client management functions include:
    • Imaging and patch management
    • Desktop app packaging
    • Console view integration
  2. Direct management of a subset of IoT devices, in production, such as:
    • Android-embedded
    • Windows-embedded
    • IoT-specific OS (proprietary or nonproprietary)
    • Proprietary or nonproprietary IoT gateways
Included vendors must be able to demonstrate at least $10 million in revenue from UEM products and demonstrate a user base of at least 50,000 total active licenses.
Each participating vendor must provide five references, three of which have not been submitted for previous, related Magic Quadrants. Each vendor must supply one reference customer using at least 1,000 seats of single-console combined PC and mobile deployment (consisting of production PCs being used in line of business).
Many vendors were considered for the Magic Quadrant but did not qualify because they did not meet the business metrics or the technical capabilities outlined above. In particular, in its first year of evaluating this market, Gartner encountered a dearth of legacy CMT vendors with UEM capabilities sufficient to warrant inclusion.

Other Vendors to Consider

The following are a few vendors that have increased their investments in UEM, but lacked the product completeness or established track record to qualify for inclusion:
  • Accelerite continues to provide core client management technologies to its customers and is focused on delivering a combined set of capabilities this user base requires. The combination of the vendor's Radia and Sentient products into Sentient Stack demonstrates a strong push to offer a unified console, but the offering's mobile management capabilities remain limited.
  • Google offers management of mobile devices, including Android, Chrome OS and iOS, in its G Suite Admin console, but lacks the critical aspect of Windows support, barring its inclusion. The console provides a reasonable slate of MDM and MAM features at no additional cost for organizations using G Suite, although the latter is not a requirement to use its management tools. Gartner recommends its use for organizations that have adopted G Suite and require basic mobile management, or for customers looking to manage Chrome OS devices, although support for this Chrome management is growing among vendors included in this Magic Quadrant.
  • Jamf's Jamf Pro and Jamf Now (the former for larger customers, and the latter for customers under 200 users) offering address management of PC and mobile endpoints in Apple-centric environments. The vendor consistently receives high marks from its customers; however, its support for Android and Windows platform, critical for the majority of Gartner clients, is lacking. The vendor recently entered into partnership with Microsoft to round out the macOS client management capabilities in the Intune/EMS offering, a credit to its leadership in this space.

Evaluation Criteria

Ability to Execute

The Ability to Execute axis measures the vendors' ability to meet the current needs of EMM buyers, as well as their ability to succeed in this market by gaining market share and achieving revenue growth. Vendors were evaluated based on the following criteria:
  • Product or Service: This evaluates the features that are provided and if the vendor has customers using these features successfully in production environments.
  • Overall Viability: This criterion evaluates the size of the vendor and its financial performance. We also evaluated the size and growth of the vendor's EMM business.
  • Sales Execution/Pricing: This criterion reflects the frequency of the vendor's appearance on buyers' shortlists. We also evaluate the degree to which the vendor has a presence in North America, Europe, Latin America and the Asia/Pacific region.
  • Market Responsiveness/Record: Gartner evaluates execution on delivering products consistently and in accordance with promised timelines, the agility to meet new market demands, and how well the vendor received customer feedback and quickly built it into the product.
  • Marketing Execution: This is a measure of brand and mind share based on client references and channel partner feedback. Gartner evaluates the degree to which customers and partners have positive identification with the EMM product, and whether the vendor has credibility in this market. We also used search data on for the vendor and product as a measure of brand recognition and market awareness.
  • Customer Experience: Gartner assesses the vendor's reputation in the market based on customers' feedback regarding their experiences working with the vendor, if they are glad they chose the vendor's product and whether they plan to continue working with the vendor.
  • Operations: This refers to the ability of the organization to meet its goals and commitments. Factors include the quality of the organizational structure, including skills, experiences, programs, systems and other attributes that enable the organization to operate effectively and efficiently.

Table 1: Ability to Execute Evaluation Criteria

Evaluation Criteria
Product or Service
Overall Viability
Sales Execution/Pricing
Market Responsiveness/Record
Marketing Execution
Customer Experience
Source: Gartner (July 2018)

Completeness of Vision

The Completeness of Vision scale provides an aggregate measure of a vendor's likelihood of future success in the EMM market. Gartner evaluates vendors' statements about current and future market direction, innovation, customer needs, and competitive forces, and how well they map to Gartner's view of the market. Vendors were evaluated based on the following criteria:
  • Market Understanding: Ability to understand customer needs and translate them into products and services. Vendors that show a clear vision of their market — they listen to and understand customer demands, and can shape or enhance market changes with their added vision. As the UEM market takes shape, approaches to balancing modern and legacy endpoint management techniques, and the inclusion of key features in the product and a demonstrable roadmap of near-term technology goals, are core to assessing market understanding.
  • Marketing Strategy: Clear, differentiated messaging consistently communicated internally, externalized through social media, advertising, customer programs and positioning statements. Capturing the emerging interest in UEM tools depends on striking a balance between messaging a need for transition in endpoint strategy and a clear path forward for potential customers. The approach to this, as well as to communicating business impacts of the product and its innovations, will be evaluated.
  • Sales Strategy: A sound strategy for selling that uses the appropriate networks, including direct and indirect sales, marketing, service, and communication. Partners that extend the scope and depth of market reach, expertise, technologies, services and their customer base. An ability to address various market segments, verticals and presence in regions are all part of the evaluation of UEM sales strategy
  • Offering (Product) Strategy: An approach to product development and delivery that emphasizes market differentiation, functionality, methodology and features as they map to current and future requirements. Gartner will evaluate the current solution's breadth of capability against common use cases, client needs and commonly requested features across mobile and PC management.
  • Business Model: The design, logic and execution of the organization's business proposition to achieve continued success. Understanding the role UEM products play in the broader scheme of a vendor's business and an evaluation of the resources to continue to innovate determine the strength of the business model.
  • Vertical/Industry Strategy: The strategy to direct resources (sales, product, development), skills and products to meet the specific needs of individual market segments, including verticals. Gartner will evaluate presence in vertical markets and specific features, messaging and roadmap to solve industry-specific customer issues with UEM.
  • Innovation: Direct, related, complementary and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes. Innovation will be reflected in the support for managing emerging device types such as wearables and other IoT devices; integration with or support for legacy client management processes; and support for emerging platforms on mobile and PC.
  • Geographic Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the "home" or native geography, either directly or through partners, channels and subsidiaries, as appropriate for that geography and market. Our evaluation will look at business activities in various global regions, and will explore a vendor's ability to perform at a global scale and address region-specific issues through criteria and response to specific use scenarios.

Table 2: Completeness of Vision Evaluation Criteria

Evaluation Criteria
Market Understanding
Marketing Strategy
Sales Strategy
Offering (Product) Strategy
Business Model
Vertical/Industry Strategy
Geographic Strategy
Source: Gartner (July 2018)

Quadrant Descriptions


Leaders demonstrate a keen grasp of current customer needs as business shifts from CMT and EMM to a single, UEM management console. These vendors also demonstrate innovation in broad platform support and analytics, and demonstrate broad integration with channel and other technology providers. They have the most complete products in the UEM market, and these companies are aligned with current and future use cases and needs of UEM buyers, demonstrating adaptability. Overall, they have a strategy that creates a high likelihood of success in this market.


Challengers possess a strong ability to execute, an established customer base and market understanding, but may lack the breadth or depth of other's offerings. The vendors' considerable resources ensure long-term viability. Challengers may have solid products, but they lack the product commitment to lead the market. They are less closely aligned than Leaders with the most important UEM market trends, and they do not have a roadmap that demonstrates compelling differentiation from other products.


Visionaries have unique capabilities in certain aspects of UEM or a novel approach to solving customer problems. They meet the requirements of customers that place a high priority on specific functional areas. They may not have the product completeness, support capability, business performance, mind share or track record often exhibited by leading vendors.

Niche Players

Niche Players are often excellent choices for organizations. They do not have the product completeness, revenue, mind share and track record of Leaders or Challengers. Their product roadmaps typically represent a strategy of following the market rather than leading it. In some cases, this is due to a vendor's lack of resources or its focused approach to solving certain vertical or use-case needs. If a customer does not require the breadth of capability of non-Niche Player vendors or values a specific aspect of a Niche Player vendor's offering, these products deserve serious consideration. Many offer more streamlined or less expensive solutions to meet UEM needs.


As the number and diversity of endpoints grows, organizations are reconsidering the efficacy of foundational endpoint management techniques such as imaging new PCs and homogeneous hardware configurations. In addition to the difficulty of consistent control across mobile, PC and IoT devices, paired with the operational upside of a single tool to all endpoints, platform-specific management becomes difficult to sustain.
UEM is emerging as a required tool to support modern OSs and new versions of traditional OSs. As organizations look to support Apple's macOS, contemplate Google's Chrome OS or roll out Windows 10 in S mode (Windows 10 S), the capabilities to fully manage these platforms exist in UEM tools and are lacking from traditional CMT. Gartner sees the majority of organizations facing nontrivial obstacles to fully embrace UEM, but the number of organizations making the switch to UEM management will grow in the coming three years. Understanding the market for these tools, its players and the critical functions of the tools themselves is key to making investments in endpoint management infrastructure today that will continue to deliver value in the future. For more information on the rise of UEM, obstacles to its adoption and its impact, see "Prepare for Unified Endpoint Management to Displace MDM and CMT."

Market Overview

In this first year of UEM tools as a market represented in a Magic Quadrant, Gartner has assembled a core set of capabilities required for viable UEM.

Advancing Toward Unified Endpoint Management

The provenance of UEM tools can range from EMM tools that have expanded management of Windows and macOS devices to CMTs that have expanded beyond their PC management roots. Some CMT vendors are addressing the growing demand for a single console across mobile and PC devices but, as a class, CMTs have not moved as quickly as EMM solutions to embrace UEM.
The biggest challenge to implementing UEM today is that organizations usually have legacy requirements, namely complex Win32 applications and Windows Group Policy Objects (GPOs) that currently cannot be addressed with UEM tools. Further complicating matters, the need for traditional device imaging, and entrenchment of processes built around CMT packages, hamper the embrace of UEM.
Given the current state of the majority of enterprises Gartner has encountered, fully embracing UEM to manage all devices is not yet possible. But the market for these tools is emerging. Organizations are beginning to understand UEM capabilities, and the vendors and products that meet the full definition of UEM, regardless of whether they are currently ready to adopt these tools.

Crossing the Bridge

Gartner has consistently used a model of three "waves" to describe the evolution of endpoint management. The three waves are:
  • Wave 1: Completely separate tools — CMT for PCs, UEM for mobile — and processes for management to PCs and mobile.
  • Wave 2: Concurrent use of tools for mobile and PC devices, with PCs being addressed by CMT or a combination of CMT and UEM. Wearable and some IoT devices fall under EMM.
  • Wave 3: Tools, processes and policies for PC and mobile devices merge. Note that, a subset of IoT devices, where applicable, and wearable devices, where applicable, can be managed in this same console.
Wave 3 reflects the tooling and management end state of an organization that has migrated to UEM. Current client interactions indicate roughly 30% of organizations are in a position to move to Wave 3. The majority of organizations have process, tool and application limitations that make full adoption of UEM a future state.
The future for organizations with no plans for UEM can be bleak, as more platforms are adopted that are built to be managed by UEM tools through MDM libraries. Apple's macOS, Google's Chrome OS and Microsoft's Windows 10 S platforms all embody this trend. As a result, organizations not yet ready to migrate all endpoint management to UEM can and should use the next 24 months to create a pilot or test environment for UEM tools. Infrastructure and operations (I&O) leaders tasked with modernizing endpoint management strategy will be better-positioned to migrate groups of devices, as appropriate, to UEM, gradually reducing the number of clients — and users — dependent on legacy endpoint management.
This step of developing a pilot environment is a critical one in being able to evaluate the UEM capabilities of any incumbent tools. Studying how policy and deployment elements will be handed in a UEM construct is another step to take in preparation for UEM. An inflection point is on the horizon where UEM tools will supersede CMT offerings in their ability to adequately address management of PCs. When this inflection point occurs will differ from organization to organization, but its presence is difficult to dispute based on platform vendors' continued focus on UEM-based management.

Ready for Some, Not for All

Note that many of the tasks handled by CMTs today will not all be addressed under a switch to UEM management. For example, endpoint security, patch management and app packaging are all elements that, under traditional CMTs, arrive on users' PCs through a complex mix of tools. Using custom images to ensure that all endpoint security tools are "baked in," orchestrating and coordinating patches for the OS and apps, and handling broader impacts like bandwidth management through branch and peer-based caching are not inherent elements of UEM.
First, Microsoft continues to enhance the MDM APIs in Windows 10, closing the gap with GPOs. Second, EMM vendors are providing proprietary capabilities to address those gaps in areas such as security policy, managing scripts, and deploying Win32 applications and patch deployment. These developments are increasing the number of scenarios for which organizations can use EMM tools to manage PCs.

Evaluation Criteria Definitions

Ability to Execute

Product/Service: Core goods and services offered by the vendor for the defined market. This includes current product/service capabilities, quality, feature sets, skills and so on, whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria.
Overall Viability: Viability includes an assessment of the overall organization's financial health, the financial and practical success of the business unit, and the likelihood that the individual business unit will continue investing in the product, will continue offering the product and will advance the state of the art within the organization's portfolio of products.
Sales Execution/Pricing: The vendor's capabilities in all presales activities and the structure that supports them. This includes deal management, pricing and negotiation, presales support, and the overall effectiveness of the sales channel.
Market Responsiveness/Record: Ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve and market dynamics change. This criterion also considers the vendor's history of responsiveness.
Marketing Execution: The clarity, quality, creativity and efficacy of programs designed to deliver the organization's message to influence the market, promote the brand and business, increase awareness of the products, and establish a positive identification with the product/brand and organization in the minds of buyers. This "mind share" can be driven by a combination of publicity, promotional initiatives, thought leadership, word of mouth and sales activities.
Customer Experience: Relationships, products and services/programs that enable clients to be successful with the products evaluated. Specifically, this includes the ways customers receive technical support or account support. This can also include ancillary tools, customer support programs (and the quality thereof), availability of user groups, service-level agreements and so on.
Operations: The ability of the organization to meet its goals and commitments. Factors include the quality of the organizational structure, including skills, experiences, programs, systems and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis.

Completeness of Vision

Market Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. Vendors that show the highest degree of vision listen to and understand buyers' wants and needs, and can shape or enhance those with their added vision.
Marketing Strategy: A clear, differentiated set of messages consistently communicated throughout the organization and externalized through the website, advertising, customer programs and positioning statements.
Sales Strategy: The strategy for selling products that uses the appropriate network of direct and indirect sales, marketing, service, and communication affiliates that extend the scope and depth of market reach, skills, expertise, technologies, services and the customer base.
Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation, functionality, methodology and feature sets as they map to current and future requirements.
Business Model: The soundness and logic of the vendor's underlying business proposition.
Vertical/Industry Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of individual market segments, including vertical markets.
Innovation: Direct, related, complementary and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes.
Geographic Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the "home" or native geography, either directly or through partners, channels and subsidiaries as appropriate for that geography and market.