Go beyond uptime. Monitor the digital experience.

SaaS runs the modern workplace. But in your digital workspace, the real challenge isn’t just whether an app is “up”… it’s whether it actually works well for the employee and is even being used!

In 2026, SaaS application monitoring has shifted from the server room to the “last mile” of work: the browser, the home network, the endpoint, and the third-party apps that power productivity.

That’s the real world, and it’s where things silently break. As employees, we’ve all experienced it when a page hangs, Microsoft Teams drops audio, or Zoom spins. Meanwhile, IT dashboards are likely still smiling green.

IT leaders are asking different questions about how to monitor SaaS applications now:

• How do we see SaaS performance for off-network users… on unmanaged devices… using Shadow SaaS apps we don’t even officially approve?
• How do we spot issues before the help desk ticket lands?
• How do we prove SaaS investments are driving adoption and actually improving productivity?

This guide walks through the top SaaS monitoring solutions for 2026 and why blending observability, DEX, remediation, and software reclamation is the only way to close the visibility gap. Let’s see what’s happening out there.

SaaS Monitoring is the Backbone of The Digital Workspace

Today’s SaaS monitoring platforms provide comprehensive insights into application performance, user experience, and potential bottlenecks across browsers, networks, devices, and cloud services. They give IT way more than telemetry; they provide a reality check on what employees actually experience. 

For IT directors and digital workspace managers, these tools are indispensable because they help:

• Manage sprawling digital ecosystems
• Uncover Shadow IT before it becomes a risk
• Validate SaaS adoption to see if tools are truly worth the money
• Keep integrations from silently breaking workflows

In short, SaaS app monitoring has evolved. It doesn’t stop at “visibility.” Effective SaaS and web app monitoring in 2026 adds proactive remediation. With AI layered on top, platforms can now:

• Identify “Shadow IT” and “Shadow AI”: Discover unapproved SaaS and AI tools that bypass official procurement to sneak into workflows.
• Optimize License Spend via Reclamation: Track feature-level engagement to “right-size” budgets by reclaiming unused seats.
• Protect UC performance: Monitor the quality of collaboration tools like Microsoft Teams and Zoom in real-time to catch issues before calls implode.

This shift turns monitoring from rear-view analysis into forward-looking prevention.

Why Traditional Monitoring Still Fails SaaS

Most monitoring stops at the data center edge. But modern IT lives far beyond it. Admins now face three unavoidable technical hurdles:

1. The “last-mile” network

Local ISP congestion, home Wi-Fi interference, and bad peering to SaaS CDNs are all invisible to traditional NOCs.

2. Browser-level contention

Heavy JavaScript, misbehaving extensions, and memory churn feel like outages but never appear in backend logs.

3. Shadow SaaS and Shadow AI

Tools that never went through procurement quietly drain resources and increase risk. And when someone reports “Teams keeps freezing,” every traditional monitoring dashboard still shows green, yet productivity is gone.

Put simply: the problem isn’t in your NOC (Network Operations Center dashboards) anymore; it’s in the last mile. The best SaaS monitoring gives leaders the data they’ve been missing and the ability to act on it.

Top SaaS Monitoring & Observability Tools for 2026

Each of the tools currently available in the market specializes in addressing a specific facet of the complex challenge of comprehensive SaaS monitoring, such as performance, security, user experience, and so on. To gain a complete picture of their SaaS environment’s health and performance, organizations often need to combine multiple monitoring tools. Here’s our roundup:

Datadog: Great for Back-End Observability

Datadog stands out as a comprehensive monitoring and analytics platform for infrastructure, apps, and DevOps teams. If you’re running containers, Kubernetes, microservices, or complex distributed systems, Datadog gives you deep visibility into metrics, traces, and logs — all in one place.

In other words, it’s built for environments where you own the app, and you need to watch every layer of it.

Where it helps admins:

• strong, unified observability across infrastructure, apps, and logs
• real-time dashboards that make performance issues easier to correlate
• excellent integration library (450+), so it plugs into almost anything
• great for spotting issues caused by deployments, code changes, or scaling problems

Key strength:

Excellent for back-end SaaS monitoring when your organization controls the application code.

2026 update:

Datadog has leaned harder into AI by adding smarter anomaly detection and noise filtering so microservice-heavy environments don’t drown admins in alerts.

Where it can fall short for monitoring SaaS apps:

• Focuses more on servers/services than actual user sessions
• Doesn’t show what happens in the browser (especially off-network)
• Troubleshooting often still requires devs/SREs to jump in
• Not built to explain why Salesforce/Workday/ServiceNow feels slow to users

Bottom line:

Datadog is a powerhouse for complex environments and DevOps teams, and it absolutely has its place in the stack. But if the ticket says: “Salesforce is slow again…” Datadog likely shows everything is healthy because the problem isn’t in the app code. It’s somewhere in the last mile.

SolarWinds: Dependable Network Monitoring Software with Strong Troubleshooting

SolarWinds has long been a staple on the lists of best network monitoring tools, and that reputation still holds. Its Network Performance Monitor (NPM) gives admins solid visibility into routers, switches, firewalls, and WAN paths… basically, everything between the user and the cloud.

If you think the problem lives somewhere on the network, SolarWinds can help you prove (or disprove) it fast.

Where it helps admins:

• Visual maps and path analysis to trace where traffic slows
• Intelligent alerts when network thresholds are exceeded
• Good tools for diagnosing latency, packet loss, and failures
• Familiar workflows that many IT teams already know

Key strength:

Ideal when you need network-level insight and want to see how traffic moves across your environment.

Limitations to keep in mind:

• Doesn’t track performance inside the browser
• No real view of SaaS from the employee’s device
• Doesn’t account for unmanaged or remote endpoints
• Still assumes most issues live on “your” network

Bottom line:

SolarWinds is strong and, in many environments, it’s essential. But when the user is working from home and says, “Everything else works… except this SaaS app,” there’s a good chance SolarWinds won’t show the full story.

Zluri / Zylo: SaaS Management Platforms That Are Good for Spend

Zluri and Zylo live in the SaaS Management Platform (SMP) category. These tools are designed to help IT and finance teams understand what SaaS your organization has, who’s using it, and how much it’s costing — often pulling data from expense systems, procurement records, and usage logs.

They excel at answering questions like:

• “Why did we suddenly get billed for a new subscription?”
• “Who has access to this tool?”
• “Are we paying for seats nobody uses?”

If you’re trying to tame SaaS sprawl or optimize vendor spend, SMPs are a smart investment.

Where it helps admins:

• Shadow SaaS discovery by combining financial records and usage data
• License and renewal tracking to avoid surprise charges
• Ownership, contract, and vendor metadata in one place
• Usage trends that inform renewals and rightsizing decisions

Key strength:

Ideal for governance, cost control, and compliance around SaaS portfolios.

Where it falls short in performance troubleshooting:

• Doesn’t monitor real-time application responsiveness
• No user session data; you won’t see slow page loads or errors
• Doesn’t track latency, browser behavior, or endpoint performance
• Limited value when an employee reports a slow or failed login

Bottom line:

Zluri and Zylo are excellent SaaS inventory and spend tools, especially when shadow subscriptions are out of control or finance teams are pushing back on renewal costs.

But they don’t help you diagnose or fix performance issues. If someone walks up and says, “ServiceNow is lagging again,” you still need a tool that sees the session (not just the contract).

New Relic: Powerful APM with Growing Observability Capabilities

New Relic built its name on application performance monitoring (APM), and it’s still one of the strongest tools in that category. It gives deep insight into application code, database queries, transactions, and backend dependencies.

In 2026, New Relic expanded further into “full-stack observability,” giving teams broader visibility into infrastructure alongside application data.

Where it helps admins (and DevOps especially):

• Detailed tracing to find slow transactions and failing components
• Real-time dashboards that are great during incidents
• AI-powered anomaly detection to surface unusual behavior
• Strong tooling for environments that deploy code frequently

Key strength:

Outstanding for custom application monitoring when performance issues originate in the codebase.

Limitations for SaaS-heavy environments:

• Still primarily designed for developers, not IT service teams
• Not focused on browser-level or endpoint-level visibility
• Doesn’t explain performance issues inside third-party SaaS tools
• Limited value when apps are fully vendor-managed

Bottom line:

If you run apps you build and maintain, New Relic is incredibly valuable. But if your world looks more like Microsoft 365, Salesforce, ServiceNow, Zoom/Teams, and HR/Finance SaaS tools… New Relic won’t tell you why users are suffering, because the issue usually isn’t in the app code at all.

ControlUp: Observability & Remediation For The Hybrid Workplace

While many know ControlUp for its roots in VDI, it has evolved into a full digital employee experience (DEX) platform spanning SaaS, browsers, endpoints, and virtual environments. Think of it as a comprehensive observability and remediation layer for the entire digital workplace, designed for admins who need to fix problems and not just observe them.

ControlUp ONE is the all-in-one DEX platform that makes it all happen, while ControlUp for Apps provides SaaS performance monitoring directly from the user’s perspective. It does so in real time, wherever work happens.

Where it stands out:

• Holistic SaaS visibility: Monitor any web app, whether it runs inside VDI or on a local device (macOS, Windows, Linux). See page load times, errors, and latency from the user’s actual session.
• Shadow IT & Adoption Intelligence: Get a single view of third-party SaaS usage, including apps not behind SSO. Spot risky tools and validate which apps people really use.
• Active Software Reclamation: Go beyond monitoring to action. Identify unused or underutilized licenses and reclaim them automatically to cut wasted spend.
• Root-Cause Isolation Without Guessing: Quickly see if performance issues come from the user’s ISP, a bad browser extension, CPU/RAM contention, or a vendor outage. No more finger-pointing between teams.
• UC Performance Tracking: Track real-time quality metrics for Teams and Zoom across remote and hybrid environments. See jitter, packet loss, and call quality trends, especially for remote workers.
• Proactive Remediation: Use guided actions to move from alerts to automated fixeswhere possible, reducing repeat tickets and mean time-to-resolution (MTTR).

Key strength:

By pinpointing and quickly fixing issues, ControlUp for Apps helps employees remain focused, so productivity is maintained.

Read more about SaaS application monitoring made easy.→

Watch our webinar on-demand to see it in action. →

Limitations to keep in mind:

• ControlUp for Apps is purpose-built for application experience insights, with a deliberately scoped role alongside broader ControlUp offerings.
• While it provides unmatched depth for core workflows across Chrome and Edge on Windows, expanding its “last mile” visibility to a broader range of browsers (Safari, Firefox) and operating systems (macOS, Linux) is in-the-works.

Bottom line:

Unlike tools that stop at the server, ControlUp extends visibility into the browser and the physical endpoint. See everything, troubleshoot faster and better, remediate easier, and reclaim the budget being wasted on unused SaaS.

Quick Comparison: Which tool solves which problem?

Deep Dive: How ControlUp Solves the “SaaS Visibility Gap”

Modern organizations struggle with a visibility gap: they can see their internal servers, but they are blind to the third-party SaaS experience. ControlUp for Apps closes this by using lightweight browser extensions to capture performance and usage metrics directly from the user’s perspective.

Here’s the real pain admins feel: “We can see our servers, our network, and our VDI… but we have no clue what’s happening inside SaaS apps from the user side.”

ControlUp for Apps plugs that hole by capturing telemetry directly from the browser, without requiring the app vendor to cooperate.

Admins finally get something nobody else gives them → evidence. And evidence makes conversations like this a lot easier:

“No, this isn’t our network. The issue is happening inside the vendor’s region.”

Or:

“Yep, it’s your Chrome extension. Disable it.”

Tickets close faster. Triage gets smarter. Stress levels drop!

Strategic Implementation: How to Choose The Right Tool

Features on a comparison sheet are great, but picking a SaaS monitoring platform is ultimately about solving the right problems, in the right order.

Start with these core questions:

Does it actually monitor the last mile and not just the cloud?

If the tool only watches the SaaS provider, you’re blind to the real cause. It should see browser behavior, local network, and endpoint health, not just “vendor status.”

Assess the last mile: Does it monitor the user’s browser and local network — or only the cloud provider?

Is it built for productivity or strictly security?

CASB tools stop Shadow IT. DEX tools ensure the apps employees actually use… actually work.

Define the goal clearly: Security (CASB) vs Productivity/Experience (DEX), they are not the same job.

Does it help you consolidate instead of fragment?

Tool sprawl slows triage. If you need three consoles to troubleshoot a SaaS complaint, you’re already behind. 

Consolidate your stack: Prefer platforms that span VDI, physical endpoints, and SaaS visibility in one place.

Can it help fix problems vs just report them?

Monitoring that stops at “we see an issue” and “something’s broken” just dumps tasks on your team. You need to reduce ticket volume without adding more noise and more workload.

Prioritize guided remediation and automation: Choose platforms that turn monitoring into value by providing guided fixes, actionable insights, and automations, on top of alerts and pretty dashboards.

Evaluation Steps: A Practical (and Technical) Playbook

Rolling out SaaS monitoring isn’t a “turn it on and walk away” project. To get real value, your plan must link visibility to outcomes. This is crucial for remote workers, unmanaged devices, and SaaS platforms that you do not control.

Assess Current Infrastructure

Start by mapping where visibility stops today. Look at the network path (including VPN routing), the endpoint, the browser session, and the SaaS provider. If you can’t tell whether an issue is local, network-based, or vendor-side, that’s your monitoring gap.

Define Monitoring Objectives

Set objectives tied to experience, not just uptime: fewer “it’s slow” tickets, faster MTTR, better Teams/Zoom quality, or discovery of Shadow SaaS. Align these with business goals so success is measurable.

Choose the Right Tools

Match tools to architecture. CASB protects against Shadow IT. APM is ideal when you own the code. A network monitoring tool diagnoses routing. DEX/SaaS experience tools monitor the last mile and the user session. Favor platforms that avoid tool sprawl and support both VDI and physical endpoints.

Train and Empower Teams

Make sure service desk and admin teams know how to interpret real-user telemetry. They should recognize if a problem is related to the endpoint, network, or vendor. They also need to know when they can fix issues immediately instead of escalating them.

Continuously Monitor and Optimize

Review performance trends and ticket patterns regularly. Tune alerts, eliminate duplicate tools, and adjust as SaaS usage changes. Monitoring should evolve alongside the business, not remain static.

Final Takeaway

In 2026, the help desk ticket is your most expensive metric. The biggest SaaS failures happen in the “last mile”… within the browser, home Wi-Fi, or during a Teams call.

Traditional infrastructure tools that only monitor the cloud backend are now only half a solution. By failing to account for the user session, they leave IT admins blind to the actual root cause of productivity loss.

ControlUp gives you the missing half. By integrating it into your stack, you move from “it’s broken” to “it’s fixed” (and “it’s paid for correctly”). It transforms raw telemetry into faster troubleshooting, indisputable evidence, and proactive software reclamation.

As the distinction between IT monitoring and workforce productivity vanishes, organizations that thrive will be those that view SaaS observability as a foundational element of the Digital Employee Experience (DEX). Whether your users are on a persistent VDI instance or a local browser, ControlUp ensures their productivity—and your visibility—remains uninterrupted.

Ready to see how your SaaS applications are actually performing? 

Book a Demo

Welcome to part 3, the last part of this continuing series of blog articles that explore the differences between Citrix Profile Containers and FSLogix. In part 1 I laid out my configuration and the environment I am testing in. Part 2 went over FSLogix and how its “AppX optimization” operates. In this article I’m going to explore how Citrix Profile Containers implement their “AppX optimization” and I’ll investigate how it works and the findings I’ll come across.

To start my investigation, I’ll do the same initial set of steps I need to gather all the information around the logon process. I’m going to run a Process Monitor capture and follow along with their log files to try and provide some context for what each solution is doing — with a focus on Citrix Profile Containers in this article. Specifically, I want to explore the enhancements the solutions attempt to do to increase performance with AppX packages.

1. New Information
2. Getting Started
3. Citrix Virtual Apps and Desktops 2402LTSR – UWP App Roaming
4. Citrix Virtual Apps and Desktops 2402LTSR – End Result
5. Citrix Virtual Apps and Desktops 2507LTSR – UWP App Acceleration
6. What are Default Associations?
7. What’s causing it to run multiple times?
8. What if Default File Associations Policy is Disabled?
9. What is the final result?

New Information

I want to highlight something that came to my attention during the course of researching this information. I originally started this article with version 2402 LTSR of the Citrix Virtual Apps and Desktop’s product. In version 2402LTSR, the only ‘optimization’ available for Appx/UWP apps was an app-roaming feature.

A VERY big change occurred on Citrix Virtual Apps and Desktops 2507 LTSR. Citrix released a feature called “Enable UWP app load acceleration”. This feature promises to make a difference in how long the AppX phase of a logon took. I’ll investigate this claim in this article alongside the prior version.

Getting Started

To capture the logon information I’ll use the ControlUp script action “ProcMon – Trace System Activity”

I defined the Duration to be 200 seconds to ensure that I’ll capture the entire logon process. Process Monitor (procmon.exe) needs to be stored in a folder readable by the machine. In my example, I have procmon.exe within the C:\swinst\sysinternals folder with the process monitor log stored in the D:\ProcMonLogs folder.

It’s important to note that procmon, when run at the system level, captures about 1GB of information per minute (sometimes a bit more, sometimes less, but this seems to be the average).

Once the Procmon script started, I logged into the machine. It’s important to note that I am using profiles that exist — that is I’ve logged into a machine previously that created these profiles. The reason why this is important is that a first logon where a profile container needs to be created does slow down the logon process as it has a series of steps required to get the profile container created and ready. Another note for this document is that procmon does increase logon duration but it tends to do so proportionally from a non-procmon monitored logon.

Citrix Virtual Apps and Desktops 2402LTSR – UWP App Roaming

Running the ControlUp Analyze Logon Duration action gave me the output to examine the logs for the timestamps that related to user profile management and the AppX phases:

In the output for the logon I can clearly see the Citrix Profile Container stage at the start of the process take 3.2 seconds… Not too bad. But the “AppX – Load Packages” phase still seems to take a very long time… about ~37 seconds. Does the Citrix Profile Management Log file say anything occurred?

Examining the Citrix Profile log file (found in C:\Windows\System32\LogFiles\UserProfileManager), I can look to see if anything in the log occurred at the 8th minute, 42 second-ish phase:

There is nothing that occurred during that time, the log goes from 08:18.416 to 10:47.136. This might make some sense as the UWP App Roaming feature appears to ensure that pre-user AppX packages are able to roam. The packages that affect logon times tend to be system-level packages. Per-user packages can be mounted at any time after a user logs on so I would think the expectation of them processing anything during a logon would be very low. And this appears to be the case for me here.

Using the Process Monitor log, I looked to see if anything was read regarding AppX or UWP.

I can see that Citrix runs a Powershell command, and sure enough it’s to “RegUwpApps”. I did not have any per-user AppX packages loaded (my registry value, as highlighted in the screenshot, shows “NAME NOT FOUND”).

This was the command:

PowerShell.exe -WindowStyle hidden -Command "(Get-Item HKCU:\Software\Citrix\UserProfileManager\RegUwpApps).Property|%{Get-ItemPropertyValue HKCU:\Software\Citrix\UserProfileManager\RegUwpApps -name $_}|%{Add-AppxPackage -Register $_ -DisableDevelopmentMode}"

When looking at the procmon logs, this powershell command ran past my process monitor capture (90 seconds later it was still running). This does mean that the Citrix User Profile log doesn’t appear to log when this action occurs and nothing is present in the event log. I suspect the long launch and operation of this powershell command is due to me using a Powershell profile which can take between 5 and 30 seconds to run and all the modules installed on my machine which are automatically loaded during the powershell startup. Citrix may benefit from starting the powershell process with -noprofile.

Citrix Virtual Apps and Desktops 2402LTSR – End Result

The end result of Citrix Virtual Apps and Desktops (CVAD) 2402 and optimizing for logon duration with AppX packages is there is none. And enabling the UWP App Roaming (if it’s not needed) could add to logon times because Powershell can take CPU time away from other tasks.

Citrix Virtual Apps and Desktops 2507LTSR – UWP App Acceleration

Citrix has invested some time in optimizing logon times with CVAD 2507. This is claimed to be done by this feature, “Enable UWP app load acceleration”.

In the first article in this series I enabled the UWP App Roaming for 2402, I’m going to continue here to describe what I did to enable UWP App Acceleration in CVAD 2507.

To enable the UWP app load acceleration is set here:

Citrix – enable UWP app load acceleration setting

Simple enough, set this registry value to a path where a VHDX can be saved and read from. 

With this value set, I’m going to run process monitor and start tracing the machine and logon.

After logon, I ran Analyze Logon Duration to breakdown the logon into phases:

 It looks like enabling this UWP App Acceleration removes AppX from being processed!

This is huge! Typical time spent in AppX Packages ranges between 20-30 seconds in my environment. 

However, there appears to be a drawback that I can’t figure out. I had large gaps of time and when I investigated it was Default Associations being applied. I added when Default Associations are started and when they are ended to the Analyze Logon Duration script. The Default Associations is started asynchronously but if it doesn’t complete before other processing then it will block logons for the phase identified (Default Associations appears to apply at the User Profile and Group Policy phases). I wanted to see if a Azure Virtual Desktop machine was having the same thing with Default Associations applied multiple times — was this a Microsoft issue or is something else initiating multiple Default Associations applications?

What are Default Associations?

Default Associations are set via Group Policy:

Configuring this allows you to setup file type associations, essentially what program should launch a particular file type or if it should be listed as an option to open it.

How this policy works is it will read the XML file listed in the path.  It turns out that parsing the XML and then applying each registry key in order is a bit slow. The process monitor capture I took earlier can show when it’s accessed. I setup a filter to match the file I was looking for:

I can validate that the ALD script is accurate because each ‘ReadFile’ of the XML file is the start of the default association application loop and the last “CloseFile”.

Explorer.exe also processes the DefaultAppList.xml I have configured, but this is after the desktop is ready so it is not included in ALD but it is visible in process monitor.

Sure enough, setting a RegSetValue filter on the Process ID (PID) what’s happening is it’s writing to the registry one entry at a time:

What’s causing it to run multiple times?

Is Citrix doing something here to trigger this behaviour or is it Microsoft? As a test I logged onto a Azure Virtual Desktop machine.

When I logged onto a Azure Virtual Desktop published desktop resource, I did not see output for Default File Associations in Analyze Logon Duration:

For launches to a published desktop in Azure Virtual Desktop, Microsoft expects Explorer.exe to apply the policy and Explorer.exe does so after the desktop is loaded so logons are not impeded. But a published resource doesn’t have explorer.exe to apply default associations, how does it operate?

The published app for AVD showed lots of time spent in the Pre-shell phase, but almost no AppX – Load Packages and no Default Associations applied.

Looking at the procmon log for the file type associations being applied and the list was blank!

File associations are not set for Azure Virtual Desktop published applications. So it doesn’t seem to be a behaviour with Microsoft calling Default Associations to be applied during the Citrix logons.

This strongly suggests this behaviour is being caused by Citrix as I don’t have any other options left. 

What if Default File Associations Policy is Disabled?

With Default File Associations Policy disabled (or not configured) then Default File Associations are not processed at all for a Citrix logon:

What is the final result?

Doing this exercise has uncovered two new logon optimization opportunities. One of those opportunities is a bit frustrating though as it appears Citrix may leverage a feature of Windows (applying Default File Associations) too aggressively causing logon delays. The other appears to resolve AppX Package Load Times entirely. Getting both combined and setup could bring a fair amount of savings to your environment if they are affecting you.

For the File Type Associations application, if you want your users to have file type associations applied to their logons and maintain optimal logon performance, you’ll need to look at applying the FTA’s via a script or some other mechanism. The only utility that I’m aware of to programmatically set FTA’s via command line is SetUserFTA.exe or through a tool like Citrix Workspace Environment Manager (I haven’t tested that to see when it applies though).

Frontline workers keep the world running. They move products, care for people, repair equipment, deliver goods, and keep facilities operating. Their work is mobile, high pressure, and deeply dependent on the performance of the devices and applications they carry every day.

Yet despite their importance, frontline workers continue to face significant mobile technology challenges; the impact on productivity, customer experience, and cost is massive. ControlUp for Frontline Workers helps organizations take a proactive, data-driven approach to optimizing the frontline Digital Employee Experience (DEX).

Frontline Workers Are Struggling with Device Issues

Device issues are widespread and disruptive:

• 80% of frontline workers experience device issues at least once per month
• 82% report connectivity problems with WLAN or mobile networks
• 74% encounter app stability issues
• 61% struggle with poor battery life
• 60% require device reboots
• 38% work with broken devices
• 34% deal with lost or stolen devices

And most surprising: when issues are reported, it takes 30 minutes on average to resolve them, yet most issues go unreported!

These problems directly affect service delivery, employee satisfaction, and operational efficiency. But they also create hidden costs: lost worker time, customer dissatisfaction, unnecessary replacement of devices or batteries, and unpredictable mobility spend.

ControlUp Provides “Mobile DEX” Visibility into the Frontline Experience

Reactive troubleshooting isn’t enough. The goal is to find and fix issues before they impact workers or customers. To support frontline workers effectively, IT needs real‑time, actionable visibility into Mobile DEX metrics like:

• Device health
• Battery performance
• App usage and stability
• Network connectivity
• Cellular data consumption
• Location and status of devices

That’s where ControlUp for Frontline Workers makes all the difference. It empowers IT teams to:

• Proactively detect issues with devices, apps, batteries, and networks
• Monitor performance across warehouses, stores, and field routes
• Export data to Excel, Power BI, or analytics tools for deeper insights
• Accelerate resolution with granular, real-time performance data
• Gain complete visibility and accountability across mobile assets

Going beyond troubleshooting, this is a complete operational intelligence system for frontline mobility.

→ Read a related blog: Improve Frontline Worker Productivity and ROI with the New ControlUp for Frontline Workers

Finance is Feeling the Pain, Too

It’s not just IT that struggles with poor visibility, Finance teams lack timely, accurate reporting to answer critical questions:

• Which devices are being used daily… and which ones sit idle?
• Are we paying for cellular overages we could avoid?
• What’s our ROI on mobile assets, apps, and licensing?
• How many devices go missing each month?

Without robust reporting, companies overspend on hardware, data plans, replacements, and support.

ControlUp delivers real-time intelligence that helps drive smarter procurement and budgeting decisions.

 Enable Accountability & Actionable Insights

With ControlUp’s unified reporting and analytics, organizations can:

• Identify underused or unused devices and reclaim licenses
• Track app and firmware versions across the fleet
• Reduce unnecessary battery replacements (eliminating “No Trouble Found” waste)
• Spot devices that exceed cellular data limits and find the root cause
• Locate and recover lost or stolen devices and SIM cards
• Build custom reports showing real‑time mobile usage and health

This drives accountability across IT, operations, and finance.

→ Read our deep dive: Beyond Mobile Device Management Software: Mastering Mobile DEX

Frontline DEX Provides Real Business Impact

Optimizing the frontline worker experience is not just an IT initiative… it’s a business imperative.

With proactive mobile experience management, organizations can do so much:

• Improve productivity and reduce downtime
• Deliver faster, higher‑quality customer experiences
• Control mobility costs and prevent overages
• Reduce asset loss and unnecessary purchases
• Protect frontline workers from frustration and burnout

In short: better DEX means better business outcomes.

Want to see how your frontline mobility challenges stack up against industry trends? Explore the latest research in the State of Enterprise Mobility Report and uncover the data every IT and operations leader should know.

Curious about mobile DEX for your organization?

Take an Interactive Tour

Non-persistent environments such as Citrix Virtual Apps and Desktops, Azure Virtual Desktop (AVD), and VMware Horizon are designed for one core purpose: predictability.

Whether you’re using a read-only image or refreshing machines daily or weekly, you know exactly what your environment should look like every morning. Same OS, same applications, same versions. That predictability is one of the main reasons enterprises choose non-persistent desktops—it delivers stability, simplifies troubleshooting, and makes performance far more consistent.

But there’s one silent disruptor that often goes unnoticed: auto-updates.

In this blog, I will dive into common auto-update scenarios and how our disk monitoring solution from the ControlUp Innovation Guild helps you stay in control.

The Impact of Auto-Updates on Citrix, AVD, and VMware Horizon

Let’s walk through a situation most EUC admins will recognize.

You build a clean golden image.

All applications are tested, approved, and validated. Performance is solid, boot times are predictable, and logons are fast. You seal the image, publish it, and your non-persistent desktops start doing exactly what they’re supposed to do.

Everything looks fine.

Then, somewhere in the background, a small updater wakes up.

No user clicks anything. No admin triggers a deployment. It’s just an application doing what it was designed to do: check for updates.

In a Citrix PVS environment, the OS disk is read-only. The updater doesn’t know that—it simply starts writing. New binaries, temp files, extracted installers, log files. None of it goes to the image; all of it goes into the write cache.

At first, you don’t notice.

The cache absorbs the writes. CPU ticks up slightly. Disk I/O increases just enough to blend into the noise. But the updater doesn’t stop after one file. It downloads tens or hundreds of megabytes, extracts them, verifies versions, and retries failed writes—because from its perspective, something keeps “breaking”.

Eventually, the RAM cache fills.

Now every additional write spills over to disk, and suddenly:

• Logons take longer
• Applications feel sluggish
• Disk latency increases
• User complaints start coming in

Nothing has “changed” in the image, yet performance is clearly worse.

Your next step: the reboot illusion

You reboot the machine. Performance is back. Users are happy again.

Problem solved… right?

Except the machine boots from the same read-only image. The application is back to the old version. The updater sees this, assumes it’s out of date, and starts the entire process again.

Same writes. Same cache pressure. Same performance degradation. Every reboot resets the symptoms, not the cause.

And because the environment is non-persistent, the updater never actually succeeds. It just keeps trying.

What happens if you have the same issue, but you aren’t using PVS?

Now take the same story and move it to Azure Virtual Desktop or VMware Horizon.

You might not be using a read-only disk, but you are:

• Reverting to a snapshot/disk
• Recreating machines daily or weekly
• Resetting desktops to a known-good state

From the updater’s point of view, nothing has changed.

Each morning, the VM starts in an “outdated” state. The updater kicks in during boot or user logon, competing with:

• FSLogix profile mounts
• GPO processing
• Logon scripts
• Application launches

Users don’t see an update prompt. They just experience slower sessions.

And because the machine will be reset again anyway, the updater work is thrown away, only to be repeated the next day.

Common VDI Auto-Update Culprits (Microsoft, Edge, Chrome, Zoom)

Often, the biggest culprit is Microsoft itself. Not only Windows Updates, but also Microsoft 365 (Office) updates and Microsoft Edge browser updates can have a significant impact. In addition, other web browsers such as Google Chrome, and communication tools like Zoom and Slack, all rely on auto-update mechanisms.

Most of these auto-updates can be found in the Windows Task Scheduler. For example, Microsoft Office updates are triggered through scheduled tasks that periodically check for new versions and attempt to apply them, even in non-persistent environments.

They could also be due to Microsoft Edge updates, and you would need to make sure to remove all the auto-update scheduled tasks before sealing your images.

There are also some applications like Adobe Reader who use an auto-update service so make sure to also check that those services are disabled.

How to Monitor VDI Disk Writes and Identify Update Processes

This used to be a tough question—the same as “what’s filling up my PVS cache?” And we can now answer this easily! Last year, we released a disk monitor solution that can show you exactly which files are modified on the system drive by which processes.

One of our partners has recently successfully found out that Microsoft Edge was causing the PVS RAM Cache to fill-up with the Disk Monitor. They had already disabled the Office update scheduled task, but forgot the Edge ones. And the ControlUp Disk Monitor showed this to them easily.

Want to know more about the ControlUp Disk Monitor and see more use cases read everything you need to know here: https://support.controlup.com/docs/disk-monitor-overview

If you are an IT admin managing devices all over the globe, you know that the modern workplaces are dynamic… and noisy. When hunting for issues in your environment, the sheer volume of notifications often makes it impossible to know what to prioritize.

While static thresholds are useful and valuable, they are no longer enough to provide a full picture of the modern digital workplace. When every minor variation triggers a ping, IT teams can feel overwhelmed by “alert fatigue” and spend valuable time with manual tuning

Imagine this: It’s Monday morning at 9AM. You keep receiving “High CPU” notifications as everyone logs in. This behavior is perfectly normal for your environment, but because a static threshold doesn’t recognize this pattern, you are inundated with false positives.

We’ve heard this from customers time and again: they need additional alerts tuned to their specific environment. They need a system that learns what’s normal for them so it can highlight only what is truly unusual. This is why we developed Anomaly Detection Alerts— to complement static alerts in your environment.

Why Static Thresholds Alone Are No Longer Enough

Modern IT environments are fluid ecosystems where “normal” varies by the hour. In these dynamic environments, static thresholds may not adapt to natural fluctuations or catch early warning signs of unusual behavior.

Of course, there are situations that require a static threshold. For instance, 0% free disk space should always trigger and alert, regardless of historical patterns. But this is no longer enough.

When your alerting system does not also adapt to environmental context, you face two major challenges:

• Alert Fatigue: Teams are overwhelmed by predictable spikes in usage (like login storms). Over time, this “noise” leads to desensitization, causing admins to tune out and lose focus on critical issues.

• The “Slow Burn” Risk: Real problems—like gradual memory leaks or performance degradation—often develop slowly. Because these issues don’t always cross a sudden, arbitrary “tripwire,” they remain hidden until they impact a large number of users.

By using anomaly detection to complement static alerts, you can reduce the noise and focus on the issues that truly impact your environment.

Introducing Anomaly Detection Alerts

To address these challenges, we are introducing Anomaly Detection Alerts.

This behavior-based alerting capability is designed to learn the unique baseline of your specific environment. Instead of checking against a rigid, fixed number, it triggers alerts when it detects a significant deviation from that established baseline. Because it is built to adapt as your environment and usage patterns evolve, it serves as the flexible and complementary tool to static thresholds.

Anomaly Detection Alerts are designed to reduce alert noise, require minimal tuning, and catch issues static thresholds may miss.

Designed for the Modern Admin: Why Behavior Matters

We know that IT teams expect proactive notifications and complete visibility. By adding a behavior-based model to our alerting features, we allow you to take the unique pulse of your environment.

• Determine Intent: We’ve prioritized minimal manual tuning for anomaly detection alerts to align with modern observability standards. We empower you to set the intent—defining what matters and the desired sensitivity—while the system handles the baselining.

• Contextual Awareness: This design recognizes that a spike in usage isn’t inherently a problem—it’s only a concern if it’s “out of character” for your specific infrastructure. By prioritizing behavior, Anomaly Detection Alerts filter out predictable daily noise, ensuring your team remains focused on genuine disruptions.

As a first-class capability within our DEX platform, Anomaly Detection Alerts bring sophisticated observability directly to your fingertips.

The Bottom Line: Reclaiming Your Time and Focus

The goal of Anomaly Detection Alerts is to give IT teams their time back. By adding dynamic, behavior-based alerts, you can stay aware of important deviations and shift your focus from “managing the noise” to “driving the business.”

To see the future of alerting in action, schedule a demo with us today!

While hardware refresh cycles often get the most attention in IT budgeting, the largest area of preventable IT overspend in most enterprises isn’t devices — it’s software. And unlike hardware mistakes, software waste compounds every month.

In 2024, enterprise organizations spent ~$100 million on applications their employees didn’t use, didn’t need, or no longer had access to. With SaaS adoption surging and shadow IT growing unchecked, reclaiming unused software licenses is now one of the fastest and least disruptive ways to reduce operational costs.

ControlUp brings the visibility needed to make this possible.

The Staggering Reality of SaaS Sprawl and Software Waste

The financial impact of unused software is staggering across the board. While the average enterprise wastes roughly $18M annually on idle licenses, larger organizations can see that figure skyrocket past $127M. This isn’t just an enterprise problem; even SMBs lose up to $2M each year to software that sits dormant.

When companies are only utilizing 49% of the SaaS licenses they provision, the need for deep-dive reporting into 30-day activity tracking becomes a financial imperative rather than a luxury.

Quantifying SaaS Overspend: High-Tier Subscriptions vs. Real-World Use

The cost of oversight becomes clear when you look at individual high-tier subscriptions. Paying $840 per user annually for Adobe or $456 for Microsoft 365 E5 is a sound investment for power users, but it becomes pure waste for employees who only require basic tools like MS 365 E1, which costs just $120.

These discrepancies—from $200 Claude seats to $192 Miro licenses—create significant budget leakage when organizations lack a ‘single pane of glass’ to correlate what they bought with what is actually being used.

Even a single application can have a massive financial impact, especially if multiplied across many users in various business groups:

For CIOs and CFOs, these numbers underscore a simple truth: Software oversight is no longer just an IT issue — it’s a financial strategy problem.

Why Organizations Struggle with Software Spend Optimization

Software waste is rarely intentional. It happens because traditional processes simply can’t keep up with the complexity of modern environments.

IT teams struggle because:

• They deploy and provision software but rely on manual notification to deprovision.
• They lack visibility into whether apps are actually being used.
• Employees change roles, departments, or workflows without software being reclaimed.
• Devices are re‑imaged without software cleanup.
• SaaS access remains active long after an employee leaves.

Finance and business units struggle because:

• Department managers purchase shadow IT tools with a credit card
• There is no unified view of actual usage vs. spending
• Renewals happen automatically without evidence‑based justification
• Cost forecasting becomes impossible when licensing is opaque
• Organizations don’t know whether users need high‑tier licenses or lower‑tier options

This creates an environment where software footprints continuously expand… and costs expand with them.

The Risks of Inefficient License Management: Overspend, Risk & Inefficiency

Without accurate usage data, organizations face several risks:

1. Overprovisioning: Buying more licenses than needed — a direct financial loss.
2. Under provisioning: Teams share licenses, work inefficiently, or lack tools needed for productivity.
3. Unplanned true‑ups: Vendors penalize organizations based on discovered usage gaps.
4. Shadow application proliferation: Unapproved tools create security and compliance risks.
5. Vendor lock‑in: Renewal negotiations happen without leverage or data — increasing long‑term cost.

Software reclamation addresses all these issues simultaneously.

Bridging the Data Gap: Why IT and Finance Lack a Shared Source of Truth

The core challenge isn’t a lack of policy—it’s a fundamental lack of visibility. Most organizations struggle because they cannot easily correlate what has been installed on an endpoint with what is actually being used by a human being. Without a “single pane of glass” to connect these data points, stakeholders are left guessing about the status of their software estate.

True optimization requires understanding not just what is licensed, but how often those applications are accessed and whether the user associated with that license even still exists within the organization. Furthermore, the complexity of modern work means organizations must distinguish between activity on managed versus unmanaged devices to get a full picture of consumption. Without this multi-layered correlation, it remains impossible to make data-driven decisions on renewals, provisioning, or tier-level licensing adjustments.

Leveraging Real-Time Visibility for Automated Software Reclamation

ControlUp provides the data required to understand actual usage across SaaS apps, including information about who logs in and how often, what devices they are using, active users, and license tier.

This visibility enables IT and Finance to work together, using real data to drive immediate cost reductions.

Optimizing Your 2026 Budget with the ControlUp License Reclamation Dashboard

ControlUp bridges the gap between ‘Installed’ and ‘Active’ by providing a visibility-first License Reclamation Dashboard. This solution empowers admins to input contract entitlements to immediately generate a Utilization Heatmap, which compares total deployed seats against real-world usage. By providing an instant calculation of Total Potential Savings, we give strategic leaders the financial insight they need to justify every seat during the 2026 budget cycles.

In one example, ControlUp identified 192 installations of Microsoft Office that were never activated or used, saving $12,000 instantly.

Software Reclamation: The New Frontier of IT Cost Optimization

Most organizations focus on shrinking hardware budgets.
But the biggest savings opportunity lies in software — especially SaaS.

With ControlUp, enterprises can finally answer the questions that matter:

• Who is actually using this license?
• Do they need it?
• Is there a cheaper tier that fits?
• Should we renew this contract at all?

Stop Paying for Shelfware: Data-Driven Governance for 2026

For years, organizations have been forced to accept “budget leakage” as an unavoidable cost of doing business in a SaaS-heavy world. But as 2026 budget cycles approach, the tolerance for “shelfware” has disappeared. Leadership teams are no longer asking if they can save money on software—they are asking where and how much.

ControlUp transforms software reclamation from a manual, error-prone chore into a high-yield financial strategy. By providing the granular, real-time data needed to answer the questions that actually matter—Who is using this? Do they need this specific tier? Can we reclaim this seat today?—we empower IT and Finance to act with total confidence.

Don’t enter your next renewal negotiation or budget audit with blind spots. Shift your strategy from defensive provisioning to proactive optimization and turn your software estate into a lean, high-ROI engine for growth.

Here’s what a typical Tuesday looks like for most IT admins: You get five tickets from users saying Microsoft Teams keeps freezing on their laptops. You open your endpoint management console to check the affected devices. CPU looks fine, memory’s okay, nothing jumping out. You switch to your network monitoring tool to see if there’s a connectivity issue. Everything looks normal. You jump into the Teams admin center to check service health. No outages reported. You open your patch management system to see if a recent update might be causing it. There was a Windows update last week, but it went to everyone, not just these five users. You check ServiceNow to see if there are more tickets you haven’t seen yet. Now you’re 30 minutes in, you’ve visited six different admin consoles, and you still don’t know why Teams is crashing.

This is the reality of modern IT operations. The tools got better, the data got richer, but the cognitive load on IT teams keeps growing. You’re not just managing technology anymore, you’re playing detective across a dozen different admin consoles, trying to connect dots that shouldn’t be scattered in the first place.

We think there’s a better way.

Introducing Pulse AI: The Heartbeat of Autonomous IT

Today we’re launching ControlUp AI Assistant, the first feature powered by Pulse AI, our agentic AI service that’s going to transform how IT operations work.

But before we talk about what the AI Assistant does, let’s talk about what Pulse AI actually is.

Pulse AI is ControlUp’s  intelligence layer, continuously correlating signals across your IT environment, understanding context and driving action without manual intervention.  Autonomous not in a hand wavy, science fiction sense, but in a practical one: systems that understand what’s happening, anticipate issues and take action without waiting for humans to connect the dots. It’s the AI service that will eventually connect every tool in your IT stack, understand the relationships between them, predict problems before they happen, and resolve issues without waiting for someone to notice.

Think of it as the central nervous system for your digital workplace. Right now, your IT environment is a collection of disconnected systems that don’t communicate. Pulse AI is the intelligence layer that makes sense of all of it. Correlating data, understanding context, taking action, and learning from every interaction.

The AI Assistant is just the beginning of what Pulse AI will do.

AI Assistant: The First Feature Powered by Pulse AI

AI Assistant is how we’re starting this journey. It’s  AI that lives inside the ControlUp platform and fundamentally changes how you interact with your IT environment.

Instead of logging into six different admin consoles and manually correlating data, you just ask. “Why is Teams freezing for these five users?” The AI Assistant goes to work, it checks your ControlUp data, pulls information from your integrated services (Intune, Teams admin center, your network monitoring, your ticketing system), correlates everything, and gives you an actual answer with context. Not a report to interpret. Not a bunch of metrics to cross-reference. An answer.

But here’s where it gets interesting: The AI Assistant doesn’t just query data. It understands what that data means in the context of your environment. If it sees that those five users are all running a specific GPU driver version, combined with a recent Teams update and a particular Windows build, it connects those dots. It knows that these things together tell a story, and it tells you that story in plain language.

The best part? It can take action. Want to run a remediation script? Update a ticket? AI Assistant can do it, right from the conversation. You’re not just talking to a chatbot that reads databases, you’re working with an extension of your IT team that has access to everything and can actually help you fix problems.

Why This Matters More Than You Think

Yes, having “ChatGPT for IT” is huge. Being able to ask questions in natural language instead of building complex queries or clicking through endless menus is genuinely game-changing. Any IT admin who’s tried it immediately gets why this matters.

But the AI Assistant is solving a bigger problem than natural language interfaces. It’s solving the context-switching nightmare that kills productivity in modern IT operations.

Right now, when something goes wrong, you’re not just troubleshooting the technical issue, you’re troubleshooting your own workflow. Which console has the data I need? What’s the relationship between this metric and that one? Did I check the related service? Is there an open ticket about this already? Your brain becomes the integration layer between all your tools, and that’s exhausting.

The AI Assistant eliminates that overhead. It already knows where all your data lives. It already understands how your services relate to each other. It’s already checked everything that matters. You get to focus on making decisions and solving problems instead of hunting for information and playing correlation detective.

What IT Teams Can Actually Do With This

The use cases are broader than you might think. Obviously, troubleshooting is huge, when something breaks, you want answers fast, and the AI Assistant delivers. But that’s just the beginning.

Users complaining about slow performance? You used to check CPU across all hosts, memory usage, disk I/O, network latency, then correlate with time of day and active sessions. Now you just ask ‘why is performance slow in the accounting department?’ and get an answer.

Security and compliance turn into natural interactions. “Show me all devices that haven’t checked in for 30 days and are still marked as active in our inventory.” The AI Assistant knows where to look, what to correlate, and how to present findings that you can actually act on.

Onboarding new team members gets dramatically faster. Instead of training someone on where to find data across a dozen different tools, you teach them to ask good questions. The AI Assistant handles the rest. The knowledge that usually lives in the heads of your senior admins becomes accessible to everyone.

Even strategic planning changes. “What would happen to our VDI performance if we migrated the engineering team to Azure Virtual Desktop?” AI Assistantcan pull historical usage patterns, compare them against AVD capabilities, and give you a real assessment based on your actual environment, not generic best practices from a whitepaper.

The Bigger Picture: What Pulse AI Will Power Next

AI Assistant is powerful on its own, but it’s really just the first capability powered by Pulse AI. As we continue building, Pulse AI will drive more and more autonomous operations, moving your IT infrastructure from reactive problem-solving to predictive, self-healing systems.

Imagine waking up to a message that says “I noticed a pattern in your session host performance that typically leads to login storms. I’ve already scaled up capacity during your peak hours for the next two weeks, and I’m monitoring to see if we need to make this permanent.” That’s not science fiction. This is where we’re heading.

Or picture this: a ransomware variant starts spreading through your environment. Pulse AI notices the anomalous behavior, automatically isolates the affected endpoints, kicks off your incident response playbook, generates the executive summary for your CISO, and starts remediation, all before you’ve finished your morning coffee. That’s autonomous IT operations powered by intelligent AI agents.

AI Assistant is us proving that agentic AI can meaningfully help IT teams right now, today, with real problems. But it’s also the foundation for everything else Pulse AI will power, predictive analytics, autonomous remediation, intelligent automation, and eventually a self-managing IT environment.

This Changes How You Think About IT Tools

Here’s something we’ve learned building this: once you have an AI service that can talk to all your tools, the individual tools matter less and the data matters more. You stop caring about which admin console has the feature you need because you’re not visiting admin consoles anymore, you’re having conversations that pull from everything.

This is why we’re investing so heavily in integrations for Pulse AI. Every service we connect makes AI Assistant smarter and more useful – and makes future Pulse AI-powered features even more powerful. Your Azure environment, your EDR platform, your ticketing system, your identity provider, when Pulse AI can pull from all of them and correlate the data, you get insights that were previously impossible without manual detective work.

IT professionals shouldn’t be glorified data gatherers. You’re problem solvers, architects, innovators—but you’re spending your days copying information between admin consoles instead of actually solving problems.

We’re building Pulse AI for IT teams who are done accepting this as normal. Your job is to solve problems, not to be the integration layer between your tools. Let Pulse AI handle the correlation. 

This is just the beginning of what Pulse AI can do. We’re shipping fast, learning constantly, and building toward a vision of IT operations that’s genuinely different from what exists today. An IT environment that’s smart enough to manage itself, predictive enough to prevent problems, and autonomous enough to free your team from the tedious work that eats up their day.

The future of IT operations isn’t about better dashboards or more alerts. It’s about intelligent systems that understand themselves and take care of themselves. Pulse AI is the engine that makes that possible, and we’re building new capabilities on top of it every day.

Want to see what this looks like for your environment? Reach out to our team.

Most IT issues don’t announce themselves with a press release. They surface quietly through rising crash counts, unusual behavior patterns, or a sudden increase in “something feels off” tickets.

By the time issues are widely documented, many IT teams have already been fighting to resolve them for weeks, often without enough context to understand whether a problem is isolated or systemic. Closing the gap between when issues begin and when they are understood is precisely what we set out to address.

Exposing Real-World IT Problems as They Emerge

Over the past several months, the ControlUp Innovation Guild ‘s team of experts has been analyzing anonymized crash and performance metadata across our global customer base to identify real issues as they emerge. Not one-off events. Not anecdotes. But patterns that consistently appear across environments.

Through this work, and utilizing the power of the ControlUp ONE platform, we have uncovered a growing set of meaningful findings. These include application crash surges, unstable components, configuration-related failures, and emerging stability risks that many teams were already experiencing without yet knowing the root cause.

A Recent Example: Catching a Global Crash Issue Early

One of the most striking examples surfaced through our crash anomaly detection: a sudden, global spike in Microsoft Word crashes tied to a specific build.

Within days, crash volumes jumped from a steady baseline of a few hundred per day to tens of thousands of crashes across hundreds of organizations. At the time, there was no formal Microsoft advisory and very little public discussion of the issue. Yet IT teams were already experiencing increased user tickets and unexplained instability.

By correlating crash signatures across environments, we were able to:

• Identify the affected Word build
• Isolate the faulting module
• Understand the scope and scale of impact across the global dataset

This visibility helped IT teams quickly rule out local misconfigurations, avoid prolonged investigation cycles, and take informed action while awaiting an official fix. It’s a textbook example of how early, data‑driven insight can significantly reduce investigation time and operational noise.

Introducing Global DEX Findings by ControlUp

Today, we’re making this work easier to access with the launch of Global DEX Findings by ControlUp.

Global DEX Findings surface real‑world application and system stability issues identified through ControlUp’s anonymized global dataset. These findings highlight emerging risks, configuration‑related failures, and performance anomalies to help IT teams:

• Recognize problems early
• Understand their impact
• Take informed action

Each finding is structured, evidence‑based, and focused on practical relevance. They reflect patterns observed across many customer environments in near-real-time, often before issues are widely documented or formally acknowledged by vendors.

Turning Insight into Action

In several cases, these insights have already informed deeper technical investigations and provided clearer guidance for teams encountering similar issues. They offer a broader frame of reference, answering critical questions such as:

• Is this happening only in my environment, or everywhere?
• How widespread is the issue?
• Is this likely configuration‑related, or tied to a specific application or build?

By making these insights visible, Global DEX Findings help teams move from reactive troubleshooting to proactive understanding.

Where Global Telemetry Meets Community Expertise

To delve deeper, join the ControlUp Community to get notified when new findings are published. It’s also a place to ask questions, share observations from your own environment, and contribute insights that help validate and refine the data.

This is where global telemetry and real-world, community-sourced expertise come together to help IT teams respond faster and with greater confidence.

To stay ahead of emerging issues, explore our findings.

IT teams are under constant pressure to move faster, resolve issues, and support the business without adding headcount. Yet many critical IT processes still rely on manual-effort tickets passed between teams, checklists tracked in spreadsheets, and tasks repeated across multiple, disconnected systems.

ControlUp Workflows is built to change that. Rather than focusing on fixing individual issues, Workflows is designed to automate end-to-end IT processes. By connecting people, systems, and actions into reliable, repeatable automation, IT transforms from a “maintenance loop” into a direct engine for business growth.

Workflows: Purpose-Built for IT Automation

Introduced in 2025, ControlUp Workflows helps IT teams transform complex, multi-step tasks into automated outcomes. The objective is simple: remove manual coordination, standardize execution, and ensure IT processes run the right way every time.

Workflows enable IT teams to:

• Automate processes across dissimilar systems (ServiceNow, Slack, Entra ID).
• Replace hand-built checklists with logic-driven automation.
• Scale expertise by packaging senior engineering knowledge into repeatable flows.
• Free experienced engineers to focus on high-value digital architecture.

The result is faster delivery, better consistency, and IT operations that scale with the business.

Use Cases: Turning Manual Work into Automated Flows

User Lifecycle Automation from Day One

Onboarding and offboarding are typically time-consuming tasks. With ControlUp Workflows, these processes are fully orchestrated. When a new hire is detected, a workflow creates the user in Entra ID, assigns M365 licenses, triggers device shipping, and notifies the managers, IT, and HR via Teams—all without a single manual click.

What once required hours of coordination now runs automatically, delivering a consistent experience for both IT and end users.

Orchestrating Work Across Disconnected Systems

Most IT work isn’t complex because of the task itself; it’s complex because it spans too many tools.  When endpoint management, identity, and ITSM tools don’t talk to each other, IT teams are forced into manual, error-prone “swivel-chair” workflows.

ControlUp Workflows act as the orchestration layer between these systems. By unifying actions across ServiceNow, Teams, Slack, and your endpoint stack, Workflows ensures:

• Instant Execution: Requests automatically trigger the correct downstream actions across your entire stack.
• Total Synchronization: Systems stay in sync in real-time without manual data entry or status updates.
• Automated Transparency: Stakeholders receive proactive notifications the moment a process advances.

This orchestration eliminates the “scripts and spreadsheets” bottleneck, reducing delays and ensuring process reliability at scale.

Scaling Expertise Across the Organization

Every IT organization has a few “hero” engineers who hold the keys to complex processes. But relying on tribal knowledge creates a bottleneck that doesn’t scale. ControlUp Workflows allows teams to capture senior-level expertise and transform it into automated, reusable logic.

Instead of senior staff repeatedly performing the same manual fixes, they can define a workflow once and empower the entire team to execute it. The result:

• Democratized Resolution: Level 1 support can resolve complex issues that previously required escalation.
• Standardized Excellence: Every task is executed according to your best engineer’s standards, every single time.
• Eliminated Single Points of Failure: Technical knowledge is embedded in the platform, reducing dependency on specific individuals.

Standardization becomes a built-in feature of your operations, not a manual policy that’s difficult to enforce.

What’s New: Supercharging Your Environment with Next-Gen Workflows

ControlUp is redefining the “Action Layer” with Workflows, moving beyond basic alerts into an environment of intelligent problem-solving. We are continuously expanding the Workflow engine to drive growth and minimize downtime. Recent developments include:

Pausing at key Decision Points in the Flow  

Decision nodes bring a layer of intelligent oversight to your automation by allowing workflows to pause at critical moments for manual approval. By integrating these “checks and balances” into repetitive processes like employee onboarding, IT admins can automate the heavy lifting while maintaining final control over sensitive tasks like account creation or license assignment.  

This perfect blend of autonomy and oversight empowers teams to do more with less, replacing manual guesswork with a proactive, orchestrated environment. 

Forms-triggered Workflows  

Turn manual data entry into instant action by allowing anyone to launch complex IT processes through a simple interface. For example, when onboarding a contractor, you simply submit their details via a form, and ControlUp automatically handles the heavy lifting, creating the user profile and granting specific system access, in seconds. 

Event- and Condition-Driven Logic Powered in Real-Time

Workflows can be triggered by events and conditions. Whether it’s a new user, a service request, or a change in system state, automation runs the moment it’s needed.

This event‑driven approach allows IT to execute tasks automatically and on time, reduce backlogs from manual triage, and keep systems and processes aligned without constant oversight

By triggering actions based on real-time events rather than manual guesswork, workflows deliver perfectly timed support while eliminating the wasted effort of ‘blind’ coordination. For example, onboarding a new user involves a complex chain of tasks from ordering hardware to assigning M365 licenses and ControlUp Workflows can automate those instantly.

Prebuilt Templates

To speed adoption, ControlUp provides a library of prebuilt workflow templates covering common IT automation scenarios, including:

• User onboarding and offboarding
• Access and license management
• Device lifecycle tasks
• Service request fulfillment

Teams can deploy these templates immediately or customize them to fit their internal processes, effectively delivering value in days, not months.

 Sync Your Entire Tech Stack

To break down the silos between endpoint management and service delivery, we have expanded our library to include 63 integrations. With bi-directional integrations for platforms like ServiceNow, Slack, and Teams, your workflows become a core part of your business process. Automatically open, resolve, and close tickets or send real-time alerts to the right channel without a single manual click.

Audit-Ready Orchestration and Governance

Automation at scale requires trust and oversight. ControlUp Workflows includes enterprise‑grade governance features such as:

• Detailed execution histories
• Version control and collaboration
• Role‑based access and permissions

IT leaders gain full visibility into how automation is used, who created it, and how it evolves—ensuring security, compliance, and accountability.

The Bottom Line

At ControlUp, the goal is a proactive, orchestrated environment where IT can do more with less.

With a no-code visual builder and a rich library of pre-built templates, Workflows make advanced, autonomous IT management accessible to every organization. It’s time to stop managing manual tasks and start delivering a frictionless digital experience that supports business growth with speed and simplicity.

Whether you’re remediating alerts, onboarding users, managing devices, or automating service delivery, ControlUp Workflows is your force multiplier for modern IT.

IT teams today face an impossible challenge: maintaining fast, reliable, and secure digital experiences while juggling countless devices, apps, and endpoints—all without interrupting end users. Yet most monitoring tools still rely on delayed, averaged, or stale data.

That gap between what’s actually happening on a device and what your tools show can lead to mistrust, wasted time, and missed opportunities to fix issues before they escalate.

At ControlUp, we’re changing that.

Our new Live Remote Management experience delivers an accurate, instantaneous window into the health and activity of any endpoint. No more one-minute averages. No more switching between tools. No more guessing why a device is misbehaving. Live Remote Management gives IT teams the visibility, control, and confidence they’ve been asking for, especially those managing large, distributed environments where every second matters.

Real-time Visibility Matters More Than Ever

Customers have told us loud and clear: delayed data makes troubleshooting inefficient and unreliable. When an IT administrator sees CPU spikes on a device, but the monitoring dashboard shows something different, trust in the tool erodes and root cause analysis becomes nearly impossible.

Live Remote Management solves this by providing a true real-time data stream that hasn’t been averaged, showing exactly what’s happening on a device the moment it happens. That means:

• Identifying high resource processes as they misbehave
• Diagnosing transient performance incidents that averages hide
• Validating whether scripts, configurations, or policies applied successfully
• Reducing toggling between tools and preserving workflow context

Simply put: Live Remote Management helps IT teams replace guesswork with insights.

What Live Remote Management Delivers

Live Remote Management surfaces immediate, accurate telemetry on CPU, memory, disk I/O, network usage, processes, services, and more. This isn’t a refresh every 60 seconds; it’s a live stream. Admins can watch a device’s behavior change in real time as they troubleshoot, deploy fixes, or validate configuration updates.

1.    Live Performance Metrics Monitoring

ControlUp’s ‘device dashboard view’ streams critical performance data at 3-second intervals. This helps IT gain a better view of live performance metrics critical for troubleshooting without disturbing the users.

2. Active Processes Management

provides comprehensive real-time visibility into process activity. It enables system administrators to monitor process activity which helps to investigate resource usage issues, and it allows security analysts to validate injected DLLs.

3. Live Network Activity

The Network Monitor provides comprehensive real-time visibility into system network activity through multiple complementary views. It enables network administrators, security analysts, and system engineers to monitor TCP connections, analyze network interfaces, visualize geographic traffic patterns, and understand network topology.

4. Live Storage Utilization

The Storage Activity Monitor provides comprehensive real-time visibility into process file write activity. It enables system engineers to investigate storage usage questions.

5. Live Disk and Registry Editor

File Browser is a comprehensive file system navigation and management tool that provides system administrators with advanced file operations:

Registry Editor is a ‘replica’ of the Windows Registry editor with all CRUD functions for keys and values and includes import and export of .reg files.

A Single Pane of Glass for Multiple Roles

Live Remote Management isn’t just for system administrators. It supports multiple stakeholders:

• Security teams can review active network connections and identify suspicious activities.
• Asset managers can verify installed software to ensure licensing compliance.
• IT onboarding teams can run health checks to ensure proper configuration.

A Foundation for the Future of IT Troubleshooting

This release is more than a feature; it’s a foundational capability to assist organizations in monitoring and managing modern endpoints. It strengthens trust, accelerates problem resolution, and reduces operational risk. It also lays the groundwork for deeper insights and automation powered by upcoming updates. Each step brings us closer to a unified, end-to-end troubleshooting experience that empowers IT to solve problems before users even notice them.

See Everything. Miss Nothing. Fix Issues Faster.

Live Remote Management transforms how IT teams understand the health and behavior of their environment. It replaces guesswork with clarity. It turns reactive firefighting into proactive problem solving. And it ensures that what you see is what’s truly happens every second.

This is the future of endpoint monitoring and management…And we’re just getting started.