Wednesday, January 8, 2020

Managing Windows 10 Applications with Workspace ONE UEM

VMware has done a lot of work in the past few years with Application Deployment as part of our Windows 10 Management capabilities.

That is why it's taken me so long to get to this article - I didn't know where to start without being overwhelmed!

For Application Deployment on Windows 10 with Workspace ONE UEM, we (predominantly) support .MSI .EXE and .ZIP files as installers. We also have a lot of parameters and capabilities around deploying these to cover many scenarios. Below you'll find a good overview of what we can do and why you may want to choose one over the other.

Tuesday, December 31, 2019

Add Android Applications to Workspace ONE UEM

Pop quiz: Which came first? Android or iOS?

Don't worry I had to look this up too. Technically it was iOS, because the first device with an OS called Android came a year or so after.

Not relevant to this post, but I had to check this myself before writing this because I needed a good intro.

Android itself has taken many changes over the years. But one of the biggest changes has to be the change from Device Administrator mode to Android Enterprise (formerly Android for Work). This fundamentally changed the way a device is managed using an EMM and as a result, changed the way that we can deploy, install and manage applications as well.

Given that Android Device Administrator has been deprecated as of version 10, this guide will only talk about deploying Android Applications using Android Enterprise.

Obviously for this to make sense to your deployment, you'll need to have set up Android Enterprise.

Monday, October 14, 2019

Adding iOS Applications to Workspace ONE UEM

There are three main ways to get an application installed onto an iOS device. The most common way will be to install applications on devices directly from the iOS App Store, or if your organisation has developed their own application in-house or through a developer you can deploy this as an internal application.

Once the application is added to the Workspace ONE UEM Console it is will be available to install by end users. All pretty straight forward however there is more ways can we make this process even easier.

Tuesday, October 8, 2019

The nuances of enrolling Android Devices in Workspace ONE

So Android is Android right? Well not exactly. There are technically four modes where you can utilise Android on a managed device, but one doesn't really count anymore because its been deprecated by Google.

Android has come along way in the last few years and has some very interesting and unique features. Some of these features are only available in the different modes, where those modes can only enabled on a device during enrollment.

This may be a little confusing to start with but I'll explain a bit more in the rest of this article.

Wednesday, October 2, 2019

Introduction to Organisation Groups and Smart Groups

Workspace ONE UEM right back to the early days when it was Airwatch is inherently multi-tenanted. We achieve this through Organisation Groups.

Our Shared SaaS tenants are the same codebase as what you'd get to deploy On-Premises so even we rely on Org Groups to achieve the required separation.

With this in mind, there are many reasons why you as a customer may need to rely on this capability. Read on to find out more.

Tuesday, October 1, 2019

How to build your Workspace ONE Sandbox

Workspace ONE is incredibly powerful. But with so many features and functions, its no wonder people can get lost when working out where to start on configuring it to test with your scenarios in your environment.

As part of VMware Testdrive, other than getting access to a pre-configured testing environment and walkthroughs you also get a full fledged trial environment we refer to as a Sandbox.

This has all the capabilities of Workspace ONE where you can integrate it with all services to test it in your environment with real users and real devices.

So, this is where this guide comes in. Even I struggle to explain or give a place for my customers to go for all they need to get started. I'll add to the below information over time but this will be enough to get you started with Workspace ONE as part of a pilot or proof of concept.

Configuring Mobile SSO for iOS Devices in Workspace ONE

One of big differentiators we have with Workspace ONE is ability to use MobileSSO to drastically improve security and the user experience.

MobileSSO with Workspace ONE leverages certificates deployed to devices to seamlessly sign the user into the Workspace ONE Intelligent Hub and any federated SaaS services.

This solution requires both Workspace ONE UEM (to deploy and manage the lifecycle of the certificates) and Workspace ONE Access (to challenge the device for the certificate and authenticate the user). On iOS MobileSSO technically uses Kerberos by validating the certificate on the device and generating a Kerberos token the device can then present back for authentication.

In this post I'll discuss how to configure Workspace ONE Access for iOS MobileSSO and how to create a profile in Workspace ONE UEM to deploy the required certificate and approve the domains and applications that can use it.