I know there are a lot of SaaS customers out there who have only been using basic MDM functionality within Workspace ONE. The platform has moved on a lot in the last few years and if you haven’t already seen it i strongly suggest you check out hub services. This takes the Workspace ONE agent that is used for device management and adds additional functionality to the application such as a unified app catalogue, people search and a notifications platform to name but a few!
When i talk to people about this though, many don’t know where to start, so i thought i’d make a short video to get you started. First off Hub services requires integration between UEM and Access. The good news is that whatever version of Workspace ONE you have, you are entitled to Access. For those of you using SaaS the access tenant is a SaaS tenant. For those still on prem there is an option to deploy an on prem version.
Some customers will have been sent details of their access tenant already when they signed up, but, depending on when this was you may not have a SaaS access tenant. Don’t worry though as its super easy to create one and set up the integration. In this video i’m going to show you just how easy it is
As of this month (Feb 2021) All Workspace ONE Access SaaS tenants, now supports FIDO2 as an authentication method. So, I thought i’d put together a short video showing how easy it is to configure it and some different device types using the solution.
If you’re an existing Workspace ONE UEM administrator, you’ll know there are lots of ways to enrol a variety of devices. Whether you’re a seasoned admin or a newbie though, you might not be aware of some of the Windows 10 enrolment methods.
First, lets introduce some key concepts we’ll be covering:
OOBE or Out of the box experience – this is the concept of powering on a Windows 10 device and configuring it via a series of wizard driven screens. A lot of organisations still use legacy Windows imaging to prepare machines. This involves wiping off the factory image and replacing it with a new cusotmer one. OOBE is an alternate method which uses the image shipped from the factory and simply customises it.
Factory provisioning – Preparing a Windows 10 device with enrolment details and software, either in the factory or the IT department so that desktops can be provisioned quicker and easier. The main advantage of factory provisioning is that the OOBE process can be customised for your organisation, and custom software can be pre-installed ready and usable straight after the first logon. Several manufacturers support the factory provisioning process.
In this series of videos i’m going to show you various methods that could be used in typical organisations.
Factory Provisioning with AzureAD join – In this video we are going to use factory provisioning to prepare a new Windows 10 machine to enrol into Workspace ONE UEM using AzureAD. This is ideal if your users only access SaaS based resources and you have limited requirement for on premises domain resources.
Factory Provisioning with localAD join – In this video we are going to use factory provisioning to prepare a new Windows 10 machine to enrol into Workspace ONE UEM and join an on premises AD. This is ideal if the bulk of your apps and data reside on premises.
Silent enrolment using AD Group policy – Not all the Windows 10 machines you want to enrol will be new machines. There may be occassions where existing domain joined machines need to be enroled. In this video we’ll show you how to silently enrol a domain joined machine into Workspace ONE UEM.
Windows 10 Enterprise Reset – There are always times when things go wrong and Windows 10 is no exception. Sometime a great way to fix Windows 10 machines is to perform a reset. This puts the machine back into its factory delivered state. VMware have introduced Enterprise Reset. When issued, a Windows 10 machine will perform a full reset but will stay under UEM management and will remain a member of the domain. This means once issues the machine will fully reconfigure itself and redeliver any apps assigned.
Occasionally people have a requirement to turn a Windows 10 PC into a single app kiosk, or re purpose a Windows device for digital signage. This video shows how to use VMware Workspace ONE to lock a Windows 10 PC into single app kiosk mode running only Internet Explorer
Anyone who has ever been involved in provisioning and managing Windows PCs will be familiar with the term ‘imaging’. For those of you not familiar with it, it refers to the process of preparing a computer before giving it to an end user by replacing the version of Windows on the machine.
As the number of mobile devices within organisations continues to grow, and the increasing use of the digital workspace, allows organisations to consume apps and data from anywhere, organisations perimeter boundaries are beginning to blur and this presents several new challenges: