All endpoints managed and controlled efficiently

Lifecycle Management for Windows 10 and Mac OS and mobile devices


SecureUEM offers a complete PC-Lifecycle-Management (PCLM) for Laptops, Desktops with Windows 10 and Mac OS and mobile devices with iOS, Android and Windows Mobile, including provisioning, configuration up to decommissioning of the devices.


Managing Mac OS and Windows 10 Devices

Asset Management

Administrators have a centralized asset management overview and can see detailed device information like OS Version, Serial Number, Available Storage, Mac Addresses and much more.

Device Security

To protect access, admins can set password policies for the Mac Device including minimum length, Auto-Lock timeframes and more. It is also possible to provide certificates (e.g. S/MIME) certificates using the admin console, which will be automatically imported into the MacOS Key Chain. Furthermore, certain features like Camera, Touch ID and more can be disable per User or Group.

Connection Management

It is possible to define WIFI-Connections for the users. Using the web interface, admins can set the SSID, password and other settings that are required to connect to the predefined WIFI hotspots.

PIM Management

To reduce manual efforts for users regarding email setup the PIM Management feature can be used to predefine the access details for the Mailserver (Exchange or IBM). The settings are pushed to the device and the email accounts are created automatically using the local Mail Client Application.

App Management

With the app management, admins can see which applications are installed on the device with details including version number and source. It is also possible to define which applications are mandatory or blacklisted. For Windows it also possible to disable System applications like Calculator, Contana, Maps and many more. Additional applications can be uploaded using the web interface (.pkg files for Mac and .msi files for Windows).

Device Lock and Wipe

SecureUEM has remote wiping capabilities for MacOS as well as for Windows 10. Admins can remotely wipe the device and all its content. For MacOS it is also possible to lock a device remotely. Once a Mac device is locked, it can be only unlocked with a code, which is visible to the admin in the admin console.


Smooth device setup with device enrollment

With device enrollment employees can unbox their devices and start using immediately without even noticing that the device is being managed by the company. SecureUEM supports all common enrollment methods, including Apple DEP, Android Enterprise Enrollment and Samsung Knox Enrollment. Furthermore, the traditional enrollment methods can be used including using SMS, E-Mail, QR-Code and more.

Keep an overview over your Asset Inventory

IT staff has the possibility to track and get information over the hardware assets, such as WIFI, Bluetooth and Cellular Network information. Furthermore, SIM-Cards can be managed in SecureUEM.

Control over Software and Apps

You can decide, which Apps mandatory or optional for the employees. It is also possible to blacklist certain apps, in order to make sure the device is GDPR-Compliant for instance. Furthermore, it is possible to see, which Apps employees install and mitigate in case of security issues.

Enterprise App Store and Mobile Application Management

With the Mobile Application Management (MAM) you can setup your own Enterprise App Store and deliver enterprise signed In-House Apps, which you don’t want to install to the public AppStore. It is also possible to configure those Apps and remotely install them on the employee’s devices. OS updates can be managed too, in order to make sure employees are using the latest most stable version of the operating system.

Container Management

With SecureUEM you can manage “OS-Level Containers”, including Samsung KNOX, Android Enterprise and iOS Containers, as well as our own SecurePIM Container App.


Those are separate sections on the OS, which tend to split data and apps into two separate areas: business and private. All major mobile operating systems provide this feature, which are differently implemented however.

Samsung KNOX Containers

On Samsung KNOX, you can define which Apps must or can be installed inside the KNOX Container. The employees have usually the freedom to install any app outside of the container. A great aspect of this approach is, that the user could install the same app in both areas. Samsung KNOX makes sure in the background, that data cannot be mixed between the two areas. Android Enterprise Container work similarly. The only difference is, that KNOX conducts the separation on hardware level (separate CPU etc.), whereas Android Enterprise does it at a software level.

iOS Container

SecureUEM can also manage iOS containers, which are differently implemented by Apple. The separation of data is happening in the background, the user doesn’t even see a difference. Different to Android, it is not possible to install the same App twice. The iOS architecture makes sure, that private data cannot be mixed up with “managed data”. Manage contacts for instance cannot be accessed by non-managed apps, like WhatsApp e.g.

SecurePIM App Container

Besides the OS-Level Containers, SecureUEM can fully manage and control the own Container App SecurePIM. Different to the preceding approaches, the SecurePIM App implements the containarisation on App-Level, hence the data is separated within the SecurePIM App, making access from other Apps impossible, unless IT allows it. The SecurePIM App provides all relevant business-functions, including E-Mail, Calendar, Files and more, enabling the mobile workforce to perform all daily tasks using one highly secure app.

Full Control over Device Security

With SecureUEM you have control over all security aspects of the devices. Starting with very basic things like device password policy up to more advanced settings like Certificate Management. In case a device gets lost, you can wipe the whole device remotely, or only perform a so-called enterprise-wipe, which only deletes the business-related stuff on the device. If a device has been stolen, you can try to locate it using the GPS-Tracking feature. Compromised devices can be detected via Root- and Jailbreak-Detection and locked remotely. On Android devices you can also install anti-virus software, if needed.

Always connected securely

Besides protecting data at rest, you need to make also sure that data in motion is protected too. It can for instance happen, that employees connect to harmful WIFI-Hotspot, without even noticing (at the Airport e.g.). Therefore, it is important to setup the correct WIFI and VPN-Profiles using SecureUEM. With SecureUEM administrators can even define, which Apps should establish a per-app VPN in order to make sure, that the corporate apps always use a secure connection.



The SecurePIM App covers all major features of MS Exchange and IBM Notes incuding:

  • Mail
  • Calendar
  • Contacts
  • Tasks
  • Notes

Secure Content (MCM)

Besides the PIM functionality, SecurePIM also provides a full Mobile Content Management (MCM). Administrators can define the File-Shares the users are allowed to access within the SecurePIM App. All major File-Share solutions with WebDAV protocol are supported (MS Sharepoint, Nextcloud, Owncloud…). With the Office 365 integration, it is even possible to use Microsoft OneDrive for business.

With Secure Content, users can access corporate files directly from the SecurePIM App. All files are transferred end-to-end encrypted and are stored encrypted all the time in the app. Users can not only view the documents but also edit them using the built-in Office editor, which supports all major filetypes (doc, ppt, xls, pdf…)

Secure Collaboration

Email is still the most used form of collaboration in a business context, there is no doubt about it. Many users however prefer more and more to use instant messaging instead of emails, as they are used to it from their private usage. However, many companies do not provide secure ways of modern communication. As an effect, many employees use private Messaging Apps like WhatsApp also for business purposes, which lead to data leakage and compliance issues (GDPR).

 With SecurePIM Secure Collaboration users can collaborate with colleagues using Chat, Voice and Video capabilities in an easy, secure and compliant manner without leaving the app. Again, all data is transferred securely using highest encryption standards.

Secure Chat

Instant Messaging is the core component of the SecurePIM Collaboration Suite. Employees are able to instantly chat with colleagues inside the SecurePIM App. With the neat less integration, it empowers the user to perform many integrative tasks such as creating a chat group from an existing email thread or calendar event. Furthermore, users can share files from the document module in an existing chat or create new conversations.

Secure Voice & Video

Besides instant messaging, users have the capability to instantly call a colleague or even a group of colleagues using voice or video. This is very useful for employees who are traveling in countries, where the roaming cost and security is relevant. With the tight integration into the SecurePIM App, users can initiate calls directly from the contact, email, and calendar module, e.g. to instantly call the group of participants in a scheduled meeting.