AppTec in Test: Managing Windows 10 and Mobile Devices with AppTec UEM

AppTec EMM

Tools for Unified Endpoint Management (UEM) usually originate from the administration of Windows PCs and only added mobile devices later. In contrast, AppTec GmbH went the opposite way and recently opened Enterprise Mobile Manger (EMM) for the central administration of Windows 10 computers.
Most long-established UEM tools have retained their original concept for the management of Windows 10 and install an agent on the PCs that they need for common tasks such as inventory, software distribution, patch or vulnerability management. For mobile device management, they use the MDM interfaces of iOS or Android.

However, Microsoft also provides such interfaces for Windows 10 in the form of Configuration Service Providers (CSPs). Although these do not currently offer all the options available through Group Policy, new providers are added with each release of Windows 10.

The management of Windows 10 via MDM interfaces is an element of Microsoft’s Modern Management. The cloud service Intune relied on this concept from the very beginning, but third-party vendors are also strategically aligning themselves to this model.

Manage smartphones and Windows 10 PCs together

AppTec from Basel is now also following this development and has expanded its MDM solution to include support for computers running Windows 10 and macOS. The Enterprise Mobile Manager (EMM) therefore offers the possibility to manage devices in a heterogeneous environment centrally via its web-based management console.

Neben Smartphones können mit dem AppTec-EMM auch Windows-10-Computer verwaltet werden.

In addition to smartphones, the AppTec EMM can also be used to manage Windows 10 computers.

The Swiss cover a wide range of functions: Inventory and configuration (MDM), distribution of applications (MAM), data protection (MCM), security (MSM), mobile e-mail management (MEM) and Bring you own device (BYOD).

Simple device integration

In order to start managing mobile or stationary devices, users must first be logged into the system with their devices. The administrator creates users either manually, imports them in multi-enrollment via CSV file or by connecting the EMM service via LDAP connector to an Active Directory to transfer users from there.

User und Endgeräte kann man einzeln oder in einer Massenoperation per CSV-Import hinzufügen.

Users and end devices can be added individually or in a mass operation via CSV import.

The users will then receive a request to register their device by e-mail or SMS.

Anwender erhalten wahlweise per E-Mail oder SMS eine Aufforderung, ihr Gerät im Device-Management anzumelden.

Users receive a request to register their device in Device Management either by e-mail or SMS.

Windows 10 users enter the received EMM credentials in the Settings app under Access Work or School Account. This automatically assigns the computer to EMM device management.

Windows-10-User müssen ihre EMM-Zugangsdaten in der Systemsteuerung eingeben, um das Gerät für das Management zu registrieren.

Windows 10 users must enter their EMM credentials in the Control Panel to register the device for management.

With support for Microsoft Autopilot, administrators can also automatically provision Windows 10 PCs for centralized device management in this way. This requires an on-prem EMM instance and its connection to the Azure Active Directory.

Multi-device management under one roof

The administrator can view, configure and control the devices transferred to management from his console. Despite the differences between operating systems, most parameters can be managed using an identical methodology.

Many settings can be changed uniformly for all device types using device profiles, such as password rules or access to cloud services. The console allows a hierarchical structuring of the devices and thus an inheritance of assigned profiles.

Asset management provides detailed information on hardware and software equipment and the configuration status of the devices via dashboard and reports. The administrator can use this information to check the compliance status of the devices or to check the app equipment, for example.

The installation of updates can be configured for individual PCs or across device groups, for example, whether they should be installed automatically.

Management of Windows applications

The integrated Enterprise App Manager helps you manage the applications you need. The EMM first takes an inventory of all programs available on the Windows 10 PCs and also allows remote uninstallation.

Das EMM inventarisiert automatisch die auf Windows-10-PCs installierten Anwendungen.

The EMM automatically inventories the applications installed on Windows 10 PCs.

An own software collection can be defined via EMM and rolled out to specific computers. To do this, the administrator must upload in-house applications to the EMM and assign them to the device or profile.

Aus der Web-Konsole können Administratoren unerwünschte Windows-Anwendungen löschen und deren Installation verbieten.

From the Web console, administrators can delete unwanted Windows applications and prohibit their installation.

Enterprise App Manager also supports targeted restriction of applications included in Windows 10, such as OneDrive, and blacklisting of selected apps from the Windows Store.

Comprehensive security management

The central task of the AppTec software is to support IT in protecting all devices and the data stored on them against unauthorized access and to prevent unauthorized actions by users.

For this purpose, the software offers a variety of security-related settings across all device types, such as the definition of password policies, the use of cameras, the use of Cortana or Microsoft accounts.

Lost end devices can be locked or remotely wiped via remote wipe to prevent confidential data from falling into the hands of unauthorized persons. Windows 10 PCs can be located via GPS. This function can be activated, for example, depending on the specifications of the works council, only by entering two passwords.

If a device is taken out of service or an employee has to return it, the system is reset to the factory settings at the touch of a button and the process is recorded in a log.

In the Windows Security Center, administrators can remotely control all security settings and components provided by Microsoft, such as the firewall and the anti-virus software Windows Defender.

Administratoren können zahlreiche Einstellungen von Windows 10 bis hin zur Konfiguration von Sicherheitsparametern vornehmen.

Administrators can make numerous settings from Windows 10 to the configuration of security parameters.

Drive encryption with Bitlocker can also be activated and configured on Windows 10 Enterprise and Professional systems.

Bitlocker kann für die Verschlüsselung der Laufwerke von Windows-10-PCs aktiviert und konfiguriert werden.

Bitlocker can be activated and configured to encrypt the drives of Windows 10 PCs.

Provide secure connections centrally

In connection management, presettings and restrictions for WLAN, VPN and Bluetooth can be defined.

The optional AppTec Universal Gateway contains its own VPN server and comes with VPN clients for the various device types. The EMM solution can thus fully automate the VPN setup for all mobile devices as well as for computers running Windows 10.

The connection to Exchange and other mail servers is defined via the PIM management. Active Sync is used for the exchange with Exchange.

TeamViewer is integrated for the remote support of users. The EMM administrator only has to define his TeamViewer account once and then roll out the TeamViewer Quicksupport app on the end devices.

Synchronize data securely between devices

The AppTec component ContentBox is designed to make the transfer of data and its exchange among employees as secure as possible. This dropbox alternative provides cloud storage for all types of documents that users access via a dedicated app or via the EMM web interface.

The administrator can configure the cloud storage via the EMM console, assign access rights and store mandatory data for users in it. ContentBox supports multiple storage options including Amazon S3, Sharepoint, (S)FTP, ownCloud, WebDAV and Windows drives.

Prices and availability

AppTec users can choose between an on-premise instance or a cloud variant with servers in Germany and Switzerland.

While SaaS use only requires registration to start with device management, for a private instance the virtual appliance delivered in OVF format must first be started and configured on a supported hypervisor (VMware ESXi, Hyper-V, VirtualBox or Citrix XenServer).

Especially interesting for smaller companies is the free license for up to 25 devices. It offers the full range of functions, is unlimited in time and can be downloaded from the manufacturer’s website.

If you want to administrate more devices, you pay 0.99 € per device and month for the on-premise version. The use of add-ons like Universal Gateway, ContentBox and Custom Launcher costs extra.

Device management in the cloud costs an additional € 0.49 per device and month with a minimum term of 24 months.


The EMM software from AppTec360 convinces with a wide range of features with quick commissioning and easy operation via the Web console. The management solution is also relatively inexpensive.

The support for devices of all kinds, from smartphones to Macs and Windows 10 PCs, should be particularly useful for SMEs. Uniform management for the various clients simplifies the task of ensuring end-to-end security and compliance and equipping users with the desired OS configurations and applications.

AppTec expressly does not (yet) see itself as a competitor to established client management solutions. For example, neither packaging for applications nor OS deployment is planned.

, 07.04.2020


This is a translation from the original German version.

Get more information about AppTec360°




AppTec GmbH
St. Jakobs-Strasse 30
CH-4052 Basel
Phone: +41 (0) 61 511 32 10
Fax: +41 (0) 61 511 32 19


Recommend us
Go to Top