Compared to personal endpoints, such as the computers and devices families may have in their home, businesses face a much more difficult time securing the large fleets of workstations or the server farms that might provide their livelihood. Often, they have more to lose as well.
For one thing, there is an issue of quantity. Enterprises have a much larger set of devices, all of which must be secured: any weak links in a network can cause widespread damage when exposed to the Internet. There is also a matter of quality. Though consumers can often live with staggered updates to devices, an enterprise requires more consistency.
And one solution
In a similar fashion as to how remote desktop software is critical to providing technical support in some office environments, many of these challenges can be tackled through unified endpoint management, or UEM. UEM uses mobile device management (or MDM) APIs built into operating systems or third-party software to allow the security of many different endpoints to be managed from a single console.
Notably, Windows 10 includes new MDM APIs that are not available in previous versions of Windows, nor in some other enterprise operating systems. These APIs allow an administrator with UEM access to devices to blacklist software, install updates and patches, change file access policies, and modify Wi-Fi or VPN security settings, among other essential tasks.
However, as of this writing, Windows 10's MDM APIs do not allow encryption management or secure executable (.exe) deployment, to name two examples of tasks that may be important for complete endpoint management. As Microsoft improves its most recent operating system and new software is released, administrators and IT decision makers would probably benefit from keeping an eye on how first-party UEM develops.