Traditionally, IT teams have used mobile device management (MDM) or enterprise mobility management (EMM) tools to configure devices by implementing a cascading series of individual policies. Some of these policies are designed for BYOD devices, while others are tailored for corporate-owned devices (COPE). Additionally, different policies apply to various groups: some are relevant to IT teams, others to Sales and Marketing, specific policies for executives, and distinct sets for directors, managers, and staff members. For every device-user entity, there’s some overlapping set of policies that must be applied and managed within the MDM platform.
Dedicated devices, like self-service kiosks or point-of-sale terminals, present unique management challenges because they are not directly assigned to individual employees. An IT administrator can’t just email or slack the device owner to update to the latest version and reboot it. Who would they reach out to? It’s also more challenging for IT administrators to know and continuously manage the requisite policies for each device. There are so many factors to keep in mind: device manufacturer, model, use case and required apps, kiosk mode or multi-app, store location, connectivity (cellular, Wi-Fi, or both), and many more.
With dedicated devices, the administrative burden is higher — or at least significantly different than traditional MDM or EMM. Multiply that by a thousand or ten thousand, and the workload becomes unmanageable.
What’s the better way? Desired state management.
Desired state management is holistic and comprehensive. You define every way in which you want your device (un-attached from users) to behave, as well as how it is permitted to change. And then you allow and rely on the platform to enforce it (i.e. declarative management). If the device drifts away from the desired state, you can automate remediation — remotely reconfigure it back to the desired state — or manage those exceptions to understand whether the drift is acceptable or not. When the quarterly OS update rolls out, simply update the desired state and converge the devices to the new desired state (or schedule it for a more convenient time).
Traditional policy and patch-based management workflows often rely on reactive security measures, addressing threats after they've occurred. This can lead to data breaches, system downtime, and financial consequences. In contrast, desired state management takes a proactive approach to security. Continuously monitoring and enforcing device configurations prevents deviations from security policies, ensuring that devices remain compliant and protected at all times. This real-time approach to security minimizes the window of vulnerability, significantly reducing the risk of successful attacks. You can just about set it and forget it.
Blueprints: Create and Dynamically Manage Your Desired State
In the Esper platform, you define your desired device state with Blueprints. For example, Blueprints can condense your 38-page setup guide into a single, dynamic document that tells a device exactly what to do. You can then apply it to one device, a group of devices, or your entire fleet if it is homogenous.
Esper's Blueprints provide several advantages over traditional MDM device policies, particularly for IT Ops teams managing large fleets of dedicated devices. Here’s how the desired state management of Blueprints compares to traditional methods:
Dynamic Configuration Updates
- ❌ Traditional MDM Policies are often static and require manual intervention or device re-enrollment to apply changes.
- Esper Blueprints Updates to a Blueprint automatically propagate to all assigned devices in real time without requiring a reboot or factory reset.
Unified Policy & Configuration Management
- ❌ Traditional MDM Separates app management, policy enforcement, and compliance settings into different configurations.
- Esper Blueprints Combines all these elements into a single, structured Blueprint, making management more streamlined.
Consistency & Compliance Enforcement
- ❌ Traditional MDM Policies can be overridden or become inconsistent if applied manually across devices.
- Esper Blueprints Devices that deviate from the assigned Blueprint can be flagged and remediated automatically, ensuring strict compliance.
Simplified Bulk Management
- ❌ Traditional MDM Requires scripting or manual grouping for bulk updates, which can be complex and error-prone.
- Esper Blueprints Easily applies standardized settings across thousands of devices, reducing operational overhead.
Easier Provisioning & Scaling
- ❌ Traditional MDM New devices require a full setup process with multiple configurations applied individually. Changes typically require a factory reset and re-provisioning.
- Esper Blueprints New devices can be enrolled directly into a Blueprint, automatically receiving all required configurations.
Multi-Platform Support (Android & iOS)
- ❌ Traditional MDM Typically optimized for either Android or iOS, with different tools required for each.
- Esper Blueprints You can manage both Android and iOS devices with a single Blueprint, allowing organizations to manage mixed-device fleets more efficiently.
Lower IT Overhead & Faster Deployment
- Because Blueprints automates the configuration process and eliminates manual enforcement, IT teams can deploy and maintain devices more efficiently, saving time and resources.
If you’re managing a fleet of dedicated devices—like POS tablets, kiosks, or digital signage—Esper’s desired state management via Blueprints provides a more scalable, automated, and compliance-driven approach compared to traditional MDM policies. It reduces friction in device provisioning, ensures real-time consistency, and simplifies large-scale deployments. See how easy it is to create your desired state with a free trial today.
FAQ
Keep Exploring
.avif)
-25.svg){kind=small}
