GenAI is coming to your UEM platform: How to prepare

Generative artificial intelligence (genAI) capabilities and features are coming to unified endpoint management (UEM) platforms — in fact, some are already here — and technology and business leaders need to be prepared for the challenges they might face.

Some of the leading UEM vendors are weaving AI and genAI features into their platforms. Here are a few examples:

ManageEngine has made its in-house AI-based assistant, Zia, an integral part of its UEM solution, Endpoint Central. Through natural-language interactions with the “Ask Zia” chatbot, IT teams can tap into AI-powered insights, intelligent report generation, and AI-enabled remote support.

Upcoming features for the platform include genAI-powered management and security automation. GenAI capabilities will be integrated through Ask Zia, and additional features will be aimed at enhancing device performance optimization and security incident management.

Microsoft offers Copilot for Windows Autopatch in its Intune UEM product, which enables AI-driven guidance through every update management stage, from planning and deployment tracking to issue identification and remediation. The genAI tool provides actionable insights so teams can keep endpoints secure and up to date with minimal disruption, according to the company. Other available or upcoming Intune features include Copilot assistance for multiple device queries, endpoint privilege management, and policy management.

BlackBerry’s mobile threat defense capability for UEM uses AI and machine learning models for scoring apps and URLs to check for malware and malicious sites and phishing incidents. The company says it is evaluating genAI use cases across both servers and apps for inclusion in future releases, with an emphasis on maintaining customer data privacy. A spokesperson declined further comments on these roadmap features or the approximate timeframe of release.

Industry watchers also point to improved script generation, natural-language data extraction and analysis, and end-user support as likely applications for genAI in UEM tools.

In a large enterprise, a UEM platform might be managing thousands of user devices and other endpoints and tightly tied to security systems, digital employee experience tools, and other enterprise software. Clearly there’s a potential for challenges around security, user experience, and operational efficiency when genAI is embedded in UEM. Preparation is important for success.

Computerworld asked three enterprise mobility analysts for their advice on how businesses can take advantage of genAI in UEM tools while still protecting their users, systems, and data.

Ask vendors for key information

“The most important first step that organizations can take is to fully understand the vendor’s roadmap for genAI features, along with the architecture that will be used to deliver the capabilities,” said Tom Cipolla, senior director and analyst at research firm Gartner.

“Surprise releases of genAI are indicative of a failure to prepare and a potentially weak vendor relationship,” Cipolla said.

Technology costs are a common concern of organizations, so executives need to keep tabs on how much genAI features cost and whether the added expense is worth it.

“Today, most of these capabilities are beta and offered at no cost,” said Andrew Hewitt, principal analyst at Forrester Research. “However, that may not last, as the cost of genAI is high.” Customers should ask vendors for specifics on what they intend to charge for various genAI features in their UEM platforms — and when, he said.

Other big issues include cybersecurity and the privacy of corporate data.

“GenAI may be utilizing data that is proprietary to the organization, and sending that to a third-party cloud” could be risky, Hewitt said. It’s a good practice to verify with the UEM vendor that data is being processed locally and protected, he said.

To that end, UEM customers need to get guarantees from their vendor about security and privacy protections, Hewitt said. It should be stated in the contract that customers’ proprietary data, including their employees’ private data, is encrypted and will not be used in training genAI models.

Gartner’s Cipolla also urged IT leaders to ensure that their UEM vendors are making security a priority with genAI. Ideally, genAI features should be provided in a secure way that isolates personal employee and customer data.

“Organizations should carefully review the data privacy protection documentation provided by the vendor, specifically looking for cases where the genAI capabilities of the platform use public large language models to fulfill requests,” Cipolla said.

Create guardrails

Before deploying any forthcoming genAI capabilities in their UEM platforms, companies should take steps to protect their systems and data. For example, they need to put guardrails in place to make sure proprietary data, such as personally identifiable information for employees, is protected.

“Organizations need to build AI governance not just for UEM platforms, but also across the digital workplace stack,” Hewitt said. “They should be doing an inventory of where their data currently resides, what protections they have in place for secure authorization, and doing their due diligence around personal or other sensitive information.”

IT organizations should start to think about their automation process, Hewitt added. “What types of approvals and authorizations will be necessary to execute automation in the endpoint management stack?” he said. “How will they plan to gain trust and confidence in AI and automation? How should they measure this? Taking an inventory of existing automation processes could help here, as well as doing some testing of genAI on basic use cases.”

Testing genAI features should be done in a safe environment prior to rolling them out. “As with any AI solution, organizations should proceed carefully and employ a ‘block, walk, run’ strategy while they gain comfort with the solution and its security,” Cipolla said.

Verify, test, and monitor — with humans in charge

As genAI features begin to appear in UEM tools, “organizations should ensure that endpoint device management tasks or functions enabled or assisted by AI have similar or better outcomes” than approaches used previously, said Phil Hochmuth, program vice president, enterprise mobility, at research firm IDC.

That means keeping a close eye on AI recommendations and actions. “Teams using AI in IT operations for endpoints must be watchful for AI system misinterpretation, partial or incorrect completion of tasks, and other bad outcomes that affect end-user productivity,” Hochmuth said.

Enterprises need to be especially mindful of false or inaccurate recommendations from AI, Hewitt said. Administrators need to conduct a “sanity check” on these recommendations before implementing them in their environment. For example, it’s important to confirm that the recommendations are based on recent or real-time data, he said.

Cipolla concurred. “Information delivered via genAI can contain inaccuracies and hallucinations — statements that sound factual but are not accurate — resulting from the large language model used to train the AI,” he said.

If genAI results are not verified prior to usage, that could result in significant operational impacts, including loss of data, a brand credibility hit, and a degraded digital employee experience, Cipolla said.

“For this reason, genAI must be combined with human expertise to validate generated results,” he said. “Prior to implementation of genAI recommendations, ensure that at least one expert human validates the accuracy of the information. Do not use genAI to validate genAI, as different models could share hallucinations.” 

To reduce the risk of inaccurate results, Cipolla recommended using a framework similar to common approaches based on the IT Infrastructure Library (ITIL), where proper vetting of IT changes is performed.

“Also, prior to implementing any script in a production environment, ensure that testing is performed to validate that there are no unintended side effects. After implementation, carefully monitor the operation of the system for delayed impacts,” Cipolla said.

Share what works and build on success

Organizations should not fall into the trap of thinking genAI can replace tech employees.

“The accuracy of genAI-produced information within tailored use cases, such as digital workplace management tools, will improve quickly. However, genAI will never be able to replace human intuition, empathy, curiosity, experience, and expertise within the digital workplace,” Cipolla said.

To prevent potentially catastrophic results, “genAI must be positioned to augment humans and not be seen as an opportunity to replace humans,” Cipolla said. “Human creativity and expertise combined with genAI is a force multiplier that has the potential to yield significant breakthroughs.”

To share and collectively improve on positive results, Cipolla recommended that organizations create wiki-style, easily searchable libraries of prompts (and sample result sets) that can be used to identify common successful prompts.

“This can be as simple as a shared spreadsheet, a channel in a collaboration tool, or a basic wiki-style website. Enable all employees to contribute, and recognize those employees who exhibit extraordinary creativity in their prompts,” Cipolla said.

“Prompt libraries also can be purchased from vendors as a service,” he noted.

Here, too, communication with the UEM vendor is important. Most genAI capabilities will have built-in feedback collection mechanisms, where feedback is routed to the vendor for integration into the program, Cipolla said. In this way, genAI successes (and failures) can be used to improve the features in the future.