Skip to main content
How Can We Help?
Table of Contents
< All Topics
Print

Managing Unified Workspaces

Published 4 September 2025

Abstract

Unified workspaces have become foundational to contemporary enterprise operations, particularly in the context of an increasingly distributed and mobile workforce. The convergence of unified endpoint management (UEM) with advanced technologies such as artificial intelligence (AI) is redefining how organizations manage devices, data, and access. 

The governance of unified workspaces involves managing technical infrastructure to ensure regulatory compliance and protect privacy. This includes overseeing corporate-owned devices, personally owned devices in a “bring your own device” (BYOD) environment, Internet of Things (IoT) endpoints, and artificial intelligence agents.

This document provides an analysis of current trends, strategic imperatives, and emerging risks associated with unified workspace management, with a particular focus on the governance challenges introduced by agentic AI. We conclude with a list and description of how the leading UEM vendors are incorporating AI and other innovations into their offerings. 

Authors:

Michael DisabatoPrincipal Consulting [email protected]  

Executive Summary

Unified workspaces are now a critical enabler of organizational agility and resilience. The governance of unified workspaces involves managing technical infrastructure to ensure regulatory compliance and protect privacy. This includes overseeing corporate-owned devices, personally owned devices in a “bring your own device” (BYOD) environment, Internet of Things (IoT) endpoints, and artificial intelligence agents.

A focus on digital employee experience is directly correlated with organizational performance. Unified workspaces must be designed to optimize usability, accessibility, and support, thereby driving employee engagement and retention. Unified workspace solutions must support hybrid work models, allowing employees to work effectively from any location. These platforms integrate tools for communication, collaboration, and productivity, providing a consistent experience across devices and locations.

Physical offices are being redefined with a focus on collaboration rather than mere occupancy. The office is now considered a destination, rather than the default working environment. Concurrently, Unified Endpoint Management (UEM) has evolved from basic mobile device management into a comprehensive platform for configuring, securing, and managing endpoints, despite the added complexity from BYOD policies and regulatory requirements. 

The shift to hybrid and remote work has hastened the use of UEM platforms for managing devices, applications, and data. UEM evolved from mobile device management, offering extensive features for configuring and controlling mobile devices, operating systems, and applications. It separates organizational content from personal content on devices, supporting a bring-your-own-device approach that complies with most regulations.

The rise of AI brings both transformative potential and new risks. AI agents will track endpoints and operators, learn their patterns, and report any deviations. Integrated with other organizational systems, these patterns will be automatically adjusted.

The development of agentic AI agents will significantly affect the unified workspace. These agents, equipped with access to organizational information as permitted by their creators, can autonomously expand their capabilities through learning. This advancement necessitates UEM systems that can offer proper oversight and governance for these agents.

Current State of Unified Workspaces

The concept of unified workspaces has significantly matured and evolved, with much of that evolution catalyzed by the work-from-home mandates triggered by the COVID-19 pandemic. Today, unified workspaces are a crucial component of modern workplace strategies, addressing the changing needs of businesses and highly mobile employees.

The effective governance of unified workspaces now requires the management of a complex technical infrastructure to ensure regulatory compliance and privacy protection. This governance must encompass corporate-owned devices, personally owned devices permitted in a “bring your own device” (BYOD) environment, Internet of Things (IoT) endpoints, and artificial intelligence agents.

Hybrid Work Integration

Unified workspace solutions must seamlessly support hybrid work models, allowing employees to work efficiently from any location and on any device. These platforms will integrate various tools for communication, collaboration, and productivity, enabling a consistent experience across devices and location. In the 1988 science fiction novel “Mona Lisa Overdrive”, William Gibson repurposed the phrase “There is no ‘there’ there” to describe cyberspace as a realm devoid of physical location but full of connections, highlighting the internet’s delocalized nature. 

Because of this delocalization, work evolved from a place you go to activities you perform. Employees can connect from anywhere with a signal, whether that’s a coffee shop or the International Space Station. With the deployment of 5G cellular and low and medium earth orbit satellite constellations (e.g., SpaceX Starlink, OneWeb, Eutelsat Konnect, and Amazon’s Project Kuiper) there is literally no place on Earth that lacks a connection. The boundaries of the workplace have dissolved, and unified workspaces are the connective tissue that makes this new reality possible.

And as we discuss further below, this level of mobility also opens the door to a range of threat vectors arising from use of unsecured networks such as coffee shops or hotel rooms. UEM must consider the connectivity methods used by “roaming” workers to ensure that compliance requirements are met.

Advanced Technology Integration

Modern unified workspace solutions incorporate mature and cutting-edge technologies:

1.     Cloud-based application and data access

2.     AI-driven automation for tasks like meeting summaries and action item tracking

3.     IoT devices for monitoring space usage and energy consumption

4.     Augmented and Virtual Reality for enhanced collaboration and immersive meetings

Integration with business-critical tools (CRM, content sharing and collaboration, project management, email) is now table stakes, streamlining workflows and boosting productivity.

Enhanced Security Measures

Security remains paramount. UEM platforms provide robust encryption, multi-factor authentication, and regulatory compliance tools (e.g., GDPR, HIPAA). The ability to monitor, manage, and remediate threats across a heterogeneous device landscape is essential to maintaining enterprise integrity. 

Network VPNs are being replaced by application VPNs. However, this and the use of pinned certificates are making it harder for systems in the middle to un-encrypt, inspect, and re-encrypt traffic to monitor data flows. However, this is also making man-in-the-middle attacks harder, which is critical, given the nature of public Wi-Fi hotspots. 

Unified Communication Platforms

Teams want less friction, not more. Unified communication platforms roll messaging, video, and email into one seamless experience, making collaboration easier and reducing tool sprawl. 

Unified workspaces have moved from theory to practice, enabling flexible work, driving productivity, and fostering collaboration in a world that’s digital and distributed by default.

Current Thinking and Trends

The tension between remote work preferences and return-to-office (RTO) mandates has reshaped workplace strategies, requiring organizations to balance employee autonomy, contractor needs, and external pressures like commercial real estate demands. As these dynamics intersect with evolving approaches to workforce management and office design, organizations must adopt secure employee-centric approaches and flexible and adaptive collaboration spaces. These will be supported by unified communication platforms, context-sensitive access controls, and responsive applications.

Employee-Centric Design

A focus on digital employee experience is directly correlated with organizational performance. Unified workspaces must be designed to optimize usability, accessibility, and support, thereby driving employee engagement and retention. However, these features must not come at the expense of risk-aware cybersecurity measures.

Flexible and Adaptive Spaces: Reinventing the Office’s Purpose

Physical office spaces are being redesigned to support collaboration and connection, with a focus on communal areas and flexible layouts supported by digital unified workspaces. These redesigned spaces are transitioning from daily physical locations to flexible workspaces, with design priorities reflecting hybrid realities:  

Table 1. Example Office Space Areas

Function Purpose Example
Hot-Desking Zones Reduce real estate costs; support hybrid schedules Modular desks with IoT sensors
Tech-Enabled Pods Facilitate hybrid meetings Soundproof booths with 4K cameras
Wellness Lounges Counteract burnout; attract in-office visits Meditation rooms, ergonomic seating
Project Labs Host contractor collaborations Secure, bookable spaces for mixed teams

Source: TechVision Research (August 2025)

Contractor Integration

Independent contractors now constitute a significant proportion of the workforce. Their unique, in-demand skills require project-based flexibility, and they resist rigid office attendance requirements. They often work for multiple companies and require flexibility in location and scheduling. Secure, role-based access controls are necessary to enable productivity while mitigating risks associated with third-party data exposure.

Unified Endpoint Management

Along with the reimagining of as physical offices, UEM has matured from simple mobile device management into a robust platform for configuring, securing, and managing endpoints, even as BYOD and regulatory hurdles add complexity. These are highly integrated systems that provide:

·      Centralized dashboards for device health and compliance

·      Application virtualization and desktop virtualization

·      Remote lock/wipe

·      App whitelisting/blacklisting

·      Data containerization

·      VPNs and mobile threat defense

·      Automated patch management

·      Full-disk encryption

·      Endpoint Detection and Response (EDR)

·      SD-WAN for optimized connections

·      Zero-Trust Architecture

With these tools, organizations can balance flexibility and security, staying compliant with evolving regulations while supporting hybrid work.

Bring Your Own Device (or not)

To BYOD or not to BYOD; that is the question. Whether it is better to endure the complexities and risks associated with personal devices in the workplace, or to resist and enforce strict device policies to avoid potential chaos.

Shortly after the arrival of the iPhone and its Android counterparts, the desire of employees to abandon their company-issued devices (usually a Blackberry) and use their personal devices became the seed of the BYOD movement. Recognizing that it is not just smartphone usage, but the entire personal ecosystem of devices, services, and software that must be considered only adds to the complexity of this decision. Only remote working has created more conflict and upheaval in the workplace. 

BYOD policies offer flexibility but introduce significant regulatory and operational challenges. Legal requirements for data privacy, monitoring consent, and device seizure must be carefully balanced against user expectations and business needs (see Table 2). 

Before setting a mobile device policy, organizations must decide if and how BYOD fits. It’s rarely an easy call, and legal requirements can clash with executive preferences. Regulatory issues abound, especially in industries with strict data controls. 

Table 2. BYOD Regulatory Issues

Regulatory Framework Key Requirements BYOD Challenges
GDPR Data minimization, user consent, breach notification Balancing employee privacy with corporate monitoring; ensuring data stored on personal devices is encrypted and access-controlled.
HIPAA/CMMC Encryption, access controls, audit trails Securing sensitive data on heterogeneous devices and preventing unauthorized app usage.
FedRAMP/NIST SP 800-53 Continuous monitoring, incident response protocols Limited visibility into personal device configurations and patch status.

Source: TechVision Research (August 2025)

Key risks include data leakage, non-uniform device security and software levels, and difficulties enforcing compliance across diverse operating systems.

Any BYOD policy will require a combination of containerization of the organization’s intellectual property and the ability of the organization to seize the employee’s device in the event a court orders its examination in a discovery procedure. This last requirement is the major sticking point with employees, and it is understandable when you realize that thing in their hand is not a smartphone. It is the nexus of their personal universe and contains everything in the world that is important to them. Most people would rather destroy their phones rather than turn them over to a lawyer and have the contents potentially available in court records.

An alternative to containerization is to create virtual desktops and to virtualize applications. This further minimizes the potential for organizational data to leak onto a personal device. However, even this is not 100% perfect, and there is still the small possibility of corporate data existing on a personal device.

There are further privacy considerations that reflect GDPR and other laws:

·      Consent and Transparency: Employees must explicitly consent to corporate monitoring and data collection on personal devices.

·      Data Minimization: Restrict access to only essential data (e.g., via role-based access controls).

·      Right to Erasure: Ensure remote wipe capabilities for corporate data without affecting personal files.

While BYOD provides the convenience of a single device, the security and legal implications make the value of the convenience questionable. TechVision Research recommends avoiding BYOD. While having two smart devices, one personal, one corporate, can be inconvenient, it is more defensible from a legal perspective.  The additional security it brings to corporate content is a cost of doing business.

“The Future is Here; It’s Just Unevenly Distributed”[1]

Artificial intelligence (AI) is the near-term path down which unified workspace and unified endpoint management will travel, and it will be focused on two areas: operational analysis and control, and management of agentic AI. 

Intelligent Analysis and Control

AI-driven analysis will become integral to endpoint and user behavior monitoring. These systems establish dynamic baselines for normal activity and autonomously adjust access controls in response to contextual changes (e.g., travel, role transitions, location-based risk factors).

For example, an employee’s travel schedule, as recorded in the corporate calendar, informs AI-driven access decisions. Deviations from expected behavior (such as unscheduled travel or extended absences) can trigger automated access restrictions, thereby enhancing security without manual intervention.

Agentic AI

The introduction of agentic AI—autonomous software agents capable of independent action—represents a paradigm shift. These agents, embedded in platforms such as Salesforce Agentforce, SAP Joule, and Oracle Miracle Agent, possess the ability to access sensitive data, execute transactions, and adapt their behavior over time. 

The principal risk is the emergence of “shadow AI,” wherein agents are deployed without appropriate oversight or governance. Such agents may inherit broad permissions, access confidential information, and evolve beyond their original scope, creating substantial exposure for the organization. And you thought shadow IT was bad. 

Agentic AI Management

Leading UEM vendors are beginning to address the management of agentic AI, though solutions remain as nascent as the AI technology they seek to manage. Notable developments include:

·      HCL BigFix: Supports deployment and lifecycle management of agentic AI agents, including autonomous incident resolution and digital twins for IT service management.

·      Omnissa Workspace One: Roadmap includes proactive, autonomous agents for ITSM, cybersecurity, and DevOps, with full agentic AI management capabilities in active development.

Continuous innovation in this domain is anticipated, driven by the accelerating capabilities of AI technologies themselves.

Recommendations

Unified workspaces and unified endpoint management necessitate a strategic approach. Device integration, security measures, and employee-centric design should be customized for each organization and, in some cases, for each department within an organization. Solutions need to offer scalable options to improve efficiency, endpoint visibility, and address the requirements of a dynamic workforce.

  • Adopt and Enhance UEM Platforms: Ensure comprehensive visibility, security, and compliance across all endpoints.
  • Formalize Acceptable Use Policies: Align policies with regulatory requirements and organizational objectives.
  • Prioritize Zero-Trust Security Models: Implement advanced threat detection, endpoint monitoring, and automated remediation.
  • Evaluate BYOD Policies: Weigh flexibility against regulatory risk, and implement robust data isolation measures.
  • Prepare for AI Integration: Develop governance frameworks for agentic AI, including oversight, change management, and lifecycle controls.

About TechVision

World-class research requires world-class consulting analysts, and our team is just that. Gaining value from research also means having access to research. All TechVision Research licenses are enterprise licenses; this means everyone that needs access to content can have access to content. We know major technology initiatives involve many different skill sets across an organization and limiting content to a few can compromise the effectiveness of the team and the success of the initiative. Our research leverages our team’s in-depth knowledge as well as their real-world consulting experience. We combine great analyst skills with real world client experiences to provide a deep and balanced perspective.

TechVision Consulting builds off our research with specific projects to help organizations better understand, architect, select, build, and deploy infrastructure technologies. Our well-rounded experience and strong analytical skills help us separate the “hype” from the reality. This provides organizations with a deeper understanding of the full scope of vendor capabilities, product life cycles, and a basis for making more informed decisions. We also support vendors in areas such as product and strategy reviews and assessments, requirement analysis, target market assessment, technology trend analysis, go-to-market plan assessment, and gap analysis.

TechVision Updates will provide regular updates on the latest developments with respect to the issues addressed in this report.

About the Author

Michael Disabato brings over 50 years of experience in IT, spanning application development, network engineering and management, wireless and mobility, and enterprise architecture. He currently focuses on mobility, IoT management, governance and policy, and artificial intelligence. Michael holds a master’s degree in information sciences with a focus on artificial intelligence.

While a team manager and analyst at Gartner, Inc. Michael advised large enterprise clients in multiple vertical industries including health care, higher education, financial services, federal and state and local governments, manufacturing, aerospace, energy, utilities and critical infrastructure. He has worked extensively with international clients to develop their local and global governance and policies and infrastructure.

Appendix A – UEM Vendors

This is a list of the leading Unified Endpoint Management (UEM) providers. They share common capabilities listed above. The capabilities listed below reflect recent developments employing artificial intelligence.

BlackBerry Spark UEM

Overview: Offers a unified platform for managing and securing endpoints, including mobile devices and applications, with a focus on industries requiring high security.

Key Capabilities:

  • AI and machine learning for mobile threat defense, malware/phishing detection, and dynamic security policy enforcement.

Citrix Endpoint Management

Overview: Part of the Citrix Workspace platform, this solution provides unified management for both corporate and BYOD devices across various operating systems.

Key Capabilities:

  • Integration with Citrix Virtual Apps and Desktops
  • Enhanced with analytics for user behavior, risk-based authentication, and continuous compliance monitoring.
  • Streamlined device and app management with AI-driven insights.

HCL BigFix

Overview: A UEM solution that automates the discovery, management, and remediation of endpoints, including virtual, cloud, and on-premise devices.

Key Capabilities:

·       Leverages AI to automate compliance and endpoint management

·       Offers predictive remediation guidance and real-time vulnerability management using AI

  • Uses machine learning (ML) and natural language processing (NLP) to automate IT operations, deliver zero-touch remediation, and recommend prescriptive actions for IT operations.

·       Provides a digital workspace with self-healing and generative AI capabilities, automating tasks and enabling real-time monitoring and remediation.

IBM Security MaaS360

Overview: A SaaS-based UEM platform that leverages IBM’s Watson AI to provide analytics and threat management across various endpoints, including laptops, desktops, mobile devices, and IoT devices. Provides centralized endpoint management with strong security features tailored for enterprise needs.

Key Capabilities:

  • AI-driven threat detection and remediation
  • Watson AI for advanced analytics, risk-based management, automated threat detection, and response.
  • Behavioral analytics, anomaly detection, and predictive insights for proactive endpoint security.

Ivanti Unified Endpoint Manager

Overview: Formed from the merger of LANDESK, HEAT Software, and MobileIron, Ivanti offers a UEM solution that combines advanced endpoint security, inventory management, and automation features for hybrid work environments across diverse platforms like Windows, macOS, Linux, Chrome OS, and IoT devices.

Key Capabilities:

  • Autonomous bots for self-healing/self-securing endpoints, automated troubleshooting, and remediation.
  • Real-time operational intelligence using NLP queries, sensor-based architecture, and predictive analytics for proactive issue resolution.

Jamf Pro

Overview: Specializing in Apple ecosystem management, Jamf Pro offers tools tailored for managing macOS, iOS, iPadOS, and tvOS devices in enterprise environments.

Key Capabilities:

  • Integration with Apple services and Microsoft Intune
  • Jamf AI Assistant provides a conversational, generative AI interface for admins, enabling natural language queries, instant access to documentation, and contextual support. Current skills include:
    • Reference (documentation lookup)
    • Explain (detailed object explanations)
    • Search (natural language to database queries)
  • Integration with Anzenna’s agentic AI enhances Jamf’s risk visibility by evaluating app provenance, usage, and developer history, flagging risks, and enabling one-click remediation through the Jamf agent.

ManageEngine Endpoint Central

Overview: A product of Zoho Corp., ManageEngine provides comprehensive UEM solution that offers a wide array of features for managing and securing endpoints across various platforms.

Key Capabilities:

  • In-house AI assistant “Zia” for natural-language queries, AI-powered insights, intelligent report generation, and AI-enabled remote support.
  • GenAI-powered management and security automation (upcoming), including device performance optimization and security incident management.
  • AI-based malware protection (NGAV) using deep learning and behavioral detection for threat prevention and remediation.

Microsoft Intune

Overview: A widely used, cloud-based UEM solution that integrates with Microsoft 365 and Azure Active Directory, offering comprehensive device and application management across Windows, macOS, iOS, and Android platforms.

Key Capabilities:

  • Integrated Copilot for Windows Autopatch, providing AI-driven guidance for update management, deployment tracking, issue identification, and remediation.
  • AI-powered features for device queries, endpoint privilege management, policy management, and smart replies in email and notes transcription.
  • Predictive analytics for proactive maintenance and risk detection.

 Omnissa (Workspace ONE UEM)

Overview: Formerly VMware’s End-User Computing business, Workspace ONE specializes in simplifying digital work environments and managing endpoints. 

Key Capabilities:

  • Provides actionable insights, ML-driven risk analytics, predictive maintenance, and workflow orchestration through a low-code platform.
  • Omni AI Assistant offers knowledge search, natural language data queries, and is planned to expand into proactive recommendations and action-oriented assistance for admins.
  • Enables automation of complex IT workflows, serving as a customer-defined agent for automating steps and decisions.
  • Workspace ONE supports management of Apple’s on-device generative AI features (Apple Intelligence), allowing admins to enable/disable and configure these capabilities on managed Apple devices.

These companies are recognized for their innovative solutions that cater to diverse industries and device ecosystems while addressing modern challenges like hybrid work environments and IoT integration.

[1] William Gibson, interview on Fresh Air, NPR (31 August 1993)

Tags:

We can help

If you want to find out more detail, we're happy to help. Just give us your business email so that we can start a conversation.

Thanks, we'll be in touch!

Stay in the know!

Keep informed of new speakers, topics, and activities as they are added. By registering now you are not making a firm commitment to attend.

Congrats! We'll be sending you updates on the progress of the conference.