VMware Workspace ONE lowers the cost of managing an organization’s Windows deployments, secures endpoints and data on any network across any application, and delivers peak user experience across any device.
In this article, I will try to explain how to enroll a Windows 10 device into Workspace ONE UEM and how to configure and deploy restriction profiles and applications to your enroll device.
I briefly talk about Workspace ONE UEM. Workspace ONE UEM, powered by AirWatch technology enables you to support every endpoint and every user from a single management console and helps ensure enterprise security at every layer.
Workspace ONE UEM Admin Console
First of all we need to login to the Workspace ONE UEM Admin Console.
- Double-click the Chrome Browser then navigate to Workspace ONE UEM Console.
- When the page loaded enter your Username. This is your email address that you have associated with your VMware Learning Platform (VLP) account. Then enter the Password and click the Login
- Accept the end user license agreement.
Create Test User Account
Basic accounts are created locally in the AirWatch admin console. They are not imported from an active directory. Now, we will create a Basic User account to use for enrollment.
- In the top right corner of the Workspace ONE UEM console, Click Add -> Click User
2. In the pop-up window, enter the username, password, first & last name and email information. Then click Save.
3. You should see a confirmation that user is created successfully.
Enrolling Your Windows 10 Device with the Created Basic Account
Now we will enroll our Windows 10 device in Workspace ONE UEM. First, we will need to download the Workspace ONE Intelligent Hub. Workspace ONE Intelligent Hub is the app you use to register your device for access to resources within your organization.
- Enter https://www.getwsone.com in the navigation bar and press Enter.
- Click Download Hub for Windows 10.
- Click Keep when warned about the AirWatchAgent.msi download.
- Click the msi file in your download bar.
- Click Run to proceed with the installation.
After the installation finished, the Native Enrollment application will launch to guide you through enrolling into Workspace ONE UEM.
- Click Server Detail.
- The first step is to make sure you know what your Organization Group ID is. To find the Group ID, hover your mouse over the email tab at the top of the screen. Your Group ID is displayed at the bottom of the Organization Group pop up.
3. Enter Server Details and Group ID then Click Next.
4. Enter basicuser in the Username field. Then enter your password in the Password field and click Next.
5. A few minutes later your Windows 10 device is now successfully enrolled into Workspace ONE UEM.
Configuring a Device Profile for Windows 10
Profiles allow you to modify how the enrolled devices behave. In this section we configure and deploy a restrictions profile that we can verify has applied to the device later in the section.
In the upper-right corner of Workspace ONE UEM Console:
- Select Add and Select Profile.
2. Select the Windows icon.
3. Select Windows Desktop.
4. Select Device Profile.
5. Enter a profile name in Name field and click in the Smart Groups field. Select the All Devices.
6. Select the Restrictions tab then click the Configure button to set restrictions.
7. Set restrictions and click Save & Publish.
8. Click Publish.
9. We navigate to Profiles List View. Select Devices -> Profiles & Resources -> Profiles. We should now see our Restrictions Profile within the List View of the Devices Profiles window.
NOTE: To edit the profile, click the profile name, then select Add Version. Update the profile and click Save & Publish to push the new settings to the assigned devices.
Delivering Apps on Windows 10
Applications can be distributed to Windows 10 devices, allowing for a seamless user experience. Now we will create and distribute an application to Windows 10 device.
In the upper-right corner of Workspace ONE UEM Console, Select Add -> Select Internal Application.
I seem to hear you say what the internal application is. So, let’s talk briefly about the types of applications.
- Internal Applications: These applications are being developed internally. Applications can be installed in the Workspace ONE UEM console or imported from an external application pool. These applications are also known as “Enterprise Applications”.
- Public Applications: These applications are available in the platforms’ own stores (App Store, Play Store, Windows Store, etc.).
- Purchased Applications: These applications are categorized as VPP (Volume Purchased Program) and Custom B2B applications. VPP allows businesses and educational institutions to purchase publicly available iOS applications. B2B applications are third-party iOS applications developed specifically for distribution to corporate devices.
- Web Applications: Web applications allows end users to access a specific URL directly through an icon in the menu of their device.
Okay, let’s continue creating our app. When we select the Internal Applications, a pop-up screen will open. With “Upload” we will upload the exe file of our application.
When upload process finished, click Continue.
In Details tab, enter the Application Name and select the Supported Processor Architecture.
Select the Files tab. Scroll down to find the App Uninstall Process section and enter the following for Uninstall Command: “7z1604-x64.exe /Uninstall”
Select Deployment Options. Scroll down until you see the option for Install Command. Enter Install Command as: “7z1604-x64.exe /S”
Scroll down to find the When To Call Install Complete section. Select Defining Criteria for Identity Application By. Click Add.
Select File Exists for the Criteria Type. Enter your exe file path for the Path. Click Add.
After all settings are completed, click Save and Assign. Then select Assignment Groups and App Delivery Method (Auto or on Demand). Click Save and Publish.
When Windows 10 device is enrolled, the restriction profile and application created earlier will be installed on the device.
When we go to Local Disk -> Program Files, we can see the application was installed.
Un-enrolling Windows 10 Device
To delete the device enrollment, we will delete the enrollment from the console. This also removes all applications and profiles pushed from the Workspace ONE UEM console.
From the Workspace ONE UEM Console,
- Click on Devices
- Click on List View
- Select the check box next to your device friendly name.
- Click on More Actions
- Click on Delete Device
6. Enter reason and click Delete.
When the deletion is finished, the device will be removed successfully and no devices will appear in List View.
In addition to managing mobile devices, Workspace ONE UEM can also manage your Windows 10 applications as well.
I hope this article about Windows 10 management gives you a clear picture of how you can manage your Windows 10 devices by configuring restrictions and profiles and deploying applications.