Workspace ONE UEM and Workspace ONE Access Integration for Hub Services

I know there are a lot of SaaS customers out there who have only been using basic MDM functionality within Workspace ONE. The platform has moved on a lot in the last few years and if you haven’t already seen it i strongly suggest you check out hub services. This takes the Workspace ONE agent that is used for device management and adds additional functionality to the application such as a unified app catalogue, people search and a notifications platform to name but a few!

When i talk to people about this though, many don’t know where to start, so i thought i’d make a short video to get you started. First off Hub services requires integration between UEM and Access. The good news is that whatever version of Workspace ONE you have, you are entitled to Access. For those of you using SaaS the access tenant is a SaaS tenant. For those still on prem there is an option to deploy an on prem version.

Some customers will have been sent details of their access tenant already when they signed up, but, depending on when this was you may not have a SaaS access tenant. Don’t worry though as its super easy to create one and set up the integration. In this video i’m going to show you just how easy it is

Workspace ONE Access FIDO2 integration

As of this month (Feb 2021) All Workspace ONE Access SaaS tenants, now supports FIDO2 as an authentication method. So, I thought i’d put together a short video showing how easy it is to configure it and some different device types using the solution.

For all my demos i used a Yubikey5NFC. It’s a pretty cool token that works using standard USB or NFC – https://www.yubico.com/gb/product/yubikey-5-nfc/?utm_source=google&utm_medium=pd:search&utm_campaign=UK_B2C_LeadGen_Google_SEM_Brand&utm_content=&gclid=Cj0KCQiAvbiBBhD-ARIsAGM48bxh6yCcxBkjXbce5CjjNDBoN_RYIBbgETQQH2BZSQ44KQhfS9oo-pQaAmTBEALw_wcB

These are a list of the supported authenticators at time or launch

Here is a link to my video, showing how to confiure FIDO2 authentication and some examples of it in use across a range of devices.

Workspace ONE UEM – Windows 10 enrolment

If you’re an existing Workspace ONE UEM administrator, you’ll know there are lots of ways to enrol a variety of devices. Whether you’re a seasoned admin or a newbie though, you might not be aware of some of the Windows 10 enrolment methods.

First, lets introduce some key concepts we’ll be covering:

OOBE or Out of the box experience – this is the concept of powering on a Windows 10 device and configuring it via a series of wizard driven screens. A lot of organisations still use legacy Windows imaging to prepare machines. This involves wiping off the factory image and replacing it with a new cusotmer one. OOBE is an alternate method which uses the image shipped from the factory and simply customises it.

Factory provisioning – Preparing a Windows 10 device with enrolment details and software, either in the factory or the IT department so that desktops can be provisioned quicker and easier. The main advantage of factory provisioning is that the OOBE process can be customised for your organisation, and custom software can be pre-installed ready and usable straight after the first logon. Several manufacturers support the factory provisioning process.

In this series of videos i’m going to show you various methods that could be used in typical organisations.

Factory Provisioning with AzureAD join – In this video we are going to use factory provisioning to prepare a new Windows 10 machine to enrol into Workspace ONE UEM using AzureAD. This is ideal if your users only access SaaS based resources and you have limited requirement for on premises domain resources.

Factory Provisioning with localAD join – In this video we are going to use factory provisioning to prepare a new Windows 10 machine to enrol into Workspace ONE UEM and join an on premises AD. This is ideal if the bulk of your apps and data reside on premises.

Silent enrolment using AD Group policy – Not all the Windows 10 machines you want to enrol will be new machines. There may be occassions where existing domain joined machines need to be enroled. In this video we’ll show you how to silently enrol a domain joined machine into Workspace ONE UEM.

Windows 10 Enterprise Reset – There are always times when things go wrong and Windows 10 is no exception. Sometime a great way to fix Windows 10 machines is to perform a reset. This puts the machine back into its factory delivered state. VMware have introduced Enterprise Reset. When issued, a Windows 10 machine will perform a full reset but will stay under UEM management and will remain a member of the domain. This means once issues the machine will fully reconfigure itself and redeliver any apps assigned.

How to use Workspace ONE to turn a Windows 10 PC into a single app kiosk

Occasionally people have a requirement to turn a Windows 10 PC into a single app kiosk, or re purpose a Windows device for digital signage. This video shows how to use VMware Workspace ONE to lock a Windows 10 PC into single app kiosk mode running only Internet Explorer

Continue reading “How to use Workspace ONE to turn a Windows 10 PC into a single app kiosk”

How VMware and Dell are improving the Windows 10 on boarding experience

I’ve already written a blog post entitled ‘the end of imaging’ which explains how out of the box enrolment can now be used to simplify the rollout of Windows 10 devices.

Continue reading “How VMware and Dell are improving the Windows 10 on boarding experience”

Workspace ONE reference architecture

If you’ve not seen this yet, I suggest you check the new website at VMware.com called techzone. It has some amazing content and is updated all the time. Here is the link to the VMware techzone site

…and here is a link to the new Workspace ONE SaaS reference architecture

https://techzone.vmware.com/resource/vmware-workspace-one-reference-architecture-saas-deployments