The term "endpoint management" refers to the centralized administration, monitoring, configuration, and protection of endpoints within an organization. Typical endpoints include desktop PCs, laptops, smartphones, tablets, workstations, point-of-sale and specialized systems, as well as an increasing number of IoT devices. The goal of endpoint management is to control devices consistently throughout their entire lifecycle (from provisioning to decommissioning), enforce security and compliance requirements, and improve the efficiency of IT operations.
Inventory and asset management: Automatic collection of hardware and software assets, device details, serial numbers, and installed applications.
Operating system and software deployment: Rolling out, updating, and removing operating systems, applications, and configurations on endpoints, often automated and scheduled.
Patch and update management: Distribution and control of security updates and patches for operating systems and applications, including status overviews and compliance reports.
Policy and configuration management: Central definition and enforcement of device settings (e.g., password policies, encryption, Wi-Fi, VPN, or proxy settings).
Endpoint security integration: Integration and control of security components such as antivirus, EDR/XDR agents, host firewalls, and encryption solutions on endpoints.
Mobile Device Management (MDM) / Unified Endpoint Management (UEM): Management of mobile devices and often desktops within a unified solution, including containerization of corporate data on private devices (BYOD).
Remote access and remote support: Secure remote access to endpoints for troubleshooting, user support, and maintenance activities.
Monitoring and compliance control: Monitoring device status, detecting non-compliant systems, and triggering automated actions (e.g., quarantine, restricted network access).
Automation and scripting: Use of scripts and automation rules to execute recurring tasks centrally (e.g., cleanup jobs, log collection, configuration changes).
Self-service and service catalog: Providing a portal where users can request or install software, updates, or configurations on their own.
Reporting and dashboards: Overviews of patch status, device health, security posture, and license usage, including export and audit capabilities.
A company centrally manages several thousand Windows and macOS clients, distributes security updates automatically, and always has an up-to-date view of patch compliance.
An IT team uses an endpoint management solution to enforce new password and encryption policies across the organization to meet compliance requirements.
A field service employee receives a new laptop that is automatically provisioned with all required applications, printers, and network settings upon first login.
An organization uses endpoint management to manage employees’ mobile devices, protect corporate data, and remotely wipe data if a device is lost or stolen.
A service desk agent connects to an endpoint via remote support, runs a script to fix an issue, and has the action automatically documented in the system.