Desktop management is the process of systematically managing all computers in an organization, including desktop, laptop, tablet, and other end-user computing devices. Desktop management is part of the larger field of systems management, which includes all of the IT systems and services utilized by an organization.
Desktop management functions include install/move/add/change (IMAC), virus and spam protection and remediation, patch management, and traditional help desk functions such as password reset and managing and controlling non-authorized applications that may have been installed on employer-owned devices.
Beyond device management, desktop management can encompass identity and access management (IAM), administration of single sign-on utilities, application delivery, and management of user accounts. Modern organizations utilize a desktop management solution, either administrated by in-house staff or outsourced to a third-party support and maintenance organization.
Enterprise desktop management solutions vary from vendor to vendor, but most have a consistent set of core capabilities including:
Device management or Mobile Device Management (MDM) which includes lifecycle management for end user devices, whether provisioned by the organization or ‘Bring your Own Device’ (BYOD) employee-owned devices. This invariably includes a desktop management interface that enables a remote desktop manager to de-commission, remotely access, remotely erase, maintain inventory, and keep operating system current.
Application management or Mobile Application Management (MAM), a policy-driven tool that controls application placement on the allowed list or deny list and can make sanctioned applications available for users to download from an enterprise application store.
Identity and Access Management (IAM), which ensures that only authorized users, devices, and applications are granted access to corporate resources including programs and data. IAM ties into single sign-on (SSO), authentication, and certificate management, and can use AI tools that calculate risk of a particular user based on their behavior, for example if a warehouse employee tries to access HR files not normally needed in the course of their work.
Sequestering, or the separation of business and personal applications on devices (typically phones) via use of password protected applications, to prevent the leaking or exfiltration of sensitive data.
Content control, policies applied to documents and other content to support security and auditing for any sensitive or proprietary information. This may include the creation and management of an enterprise document catalog to grant access to authorized users.
The major functions of desktop management solutions can be summarized as
Desktop management solutions often require that a desktop management interface of some type be installed on devices under management.
As the number of users – and the number of devices per user – both grow, the need to manage, secure, and support a growing number of endpoint devices becomes increasingly critical. With the expanding footprint of BYOD devices, organizations must secure from inadvertent threats, ensure patches are pushed and installed, and that only authorized devices and users gain access to corporate resources.
The Desktop Management Interface (DMI) is an accepted industry standard framework that is used for the management, maintenance, inventory, and tracking of both hardware and software components, presenting a single console and from a central locations. The CMI is the creation of the Desktop Management Task Force (DMTF) with the goal of automating system management. DMI is of great importance in networked or remote environments where many computers are under management.