The distinct difference between Unified Endpoint Management (UEM) and Mobile Threat Defense (MTD) is that the former is an asset management and configuration tool, whilst the latter is an advanced mobile security product that offers comprehensive protection against mobile threats.


It’s important to note that a UEM is not a security solution, it can define a device’s passcode policy, detect whether it has been jailbroken/rooted and remote wipe a device, however, the native security features of a UEM are limited and localized to the device itself.

In more tightly managed ownership models like Company Owned, Business Only (COBO), some UEMs can put restrictive policies and reporting in place to mitigate the threat of unsanctioned applications, but how does this translate into Bring Your Own Device (BYOD), Company Owned, Personally Enabled (COPE) and hybrid environments?

Employees don’t want to be limited to what’s been sanctioned by employer security policies for their personal devices. Yes, in some circumstances, a work profile can be installed to separate personal and professional, but if mobile malware exists on the device, it can still pose a threat. UEMs can use a block list to mitigate known malicious apps, but what about unknown threats? This goes beyond the capabilities of UEM.

Most MTD products are endpoint-only, and although they offer some local device risk detection, without the ability to correlate network traffic analysis against endpoint analytics, significant gaps in security can (and will) arise. For example, using a signature based approach to malware detection means looking for similarities in code against known malicious applications. This method provides an incomplete picture of app behavior and, as a result, misdiagnosis can ensue.

However, it’s not just intentionally malicious apps that can pose a threat. If we look at the recent WhatsApp Pegasus vulnerability that enabled a cyber crime group to install spyware on targeted devices, the need to understand how apps are behaving becomes even more compelling. Excessive app permissions can be a telltale sign of malicious behavior. For example, Wandera discovered a weather app collecting excessive amounts of user data. The app was collecting email addresses, location data and unique 15-digit International Mobile Equipment Identity (IMEI) numbers.

There’s a world of threats beyond malware that also needs to be considered such as phishing, cryptojacking, usage based risk and without a threat intelligence engine like MI:RIAM actively looking for anomalous behavior, companies will be vulnerable to attack; this is functionality that UEMs do not have natively.

Identity & Access Management (IAM)

The adoption of cloud services has triggered the need for more robust IAM, ensuring that only sanctioned individuals are granted appropriate access to corporate systems. UEM is often used to provide end users with Single-Sign On (SSO) access to corporate resources, but access in the post-perimeter world isn’t black and white. Just because an employee has been authenticated, it doesn’t necessarily mean access should be provisioned. With cloud applications visible to the public internet, password-based authentication is recognized as an impotent method of access management and needs additional contextual signals to determine risk.

A UEM can restrict apps and configuration even if the user isn’t logged in, however, it’s unable to block access to vital services such as Office 365. Using Wandera, organizations can ensure that access is only granted to those devices that have Wandera installed.

Wandera’s continuous conditional access feature assesses device risk posture using factors such as OS version, apps installed, network connection etc. and dynamically amends user permissions. Compliance monitoring continues throughout the course of the session to detect any anomalous or risky behavior, mitigating any threats that occur post-authorization.

If Wandera’s MTD has been integrated with a UEM, detection of any suspicious behavior can prompt an immediate automated response. If the MTD detects a possible threat, Wandera’s advanced threat intelligence engine, MI:RIAM, will determine the level of risk. If the safety of a business’ data is at risk, Wandera can inform the UEM to revoke access.

Compliance & Policy

Shadow IT is a problem for IT teams. The IT department has long been seen as a blocker; the advent of cloud services has enabled business units to bypass IT teams and select their preferred service with little to no involvement from the team that says no.

A UEM can do little to prevent apps being installed onto a device. Some UEMs are able to provide administrators with reports so app inventory can be monitored, but this is very much reactive and it’s easy for end users to use unsanctioned applications and services. Wandera’s Mobile Data Policy (MDP) enables corporate wide Acceptable Usage Policies (AUP) to be mirrored in mobile environments. By complementing and combining a UEM with Wandera’s MDP, businesses can gain a greater level of compliance.