VMware Workspace ONE Unified Endpoint Management (UEM) has extensive capabilities to manage the various endpoints, including Windows 10 desktops, that are part of the growing range of technology in the workplace. Modern desktop management on Windows operating system (OS) continues to evolve as more enterprises around the world are taking the leap into Windows 10. With every release of the Windows 10 OS, Microsoft builds robust Mobile Device Management (MDM) hooks into the platform that allows UEM tools such as Workspace ONE to configure policies and settings to enable the admin to maintain the device’s security posture and the user to have access to all the corporate resources to be productive.
Introducing Policy Builder
Today, we are introducing Policy Builder, a new fling tool that makes it even easier for admins to take advantage of these MDM hooks and ensures day zero support for the OS any day! Policy Builder dumbs down the Configuration Service Providers (CSP) for each version of the OS to the relevant fields that are exposed. The tool automates the construction of the SyncML, which means no more code formatting and no more value errors! The cloud-hosted tool is always up-to-date with the latest fixes and features and when they are available for the OS. Let’s drill down to learn more.
What is a CSP and why is it important?
Configuration Service Providers (CSP) are the interfaces used to read or set policies on the Windows device.
CSP capabilities have continued to grow with each release of the Windows 10 operating system. More capabilities can now be managed over the air using modern methods reducing the dependency on traditional methods like the requirement to log on to the domain network to get updated policies or the need to a desk at a branch location. Configuration on devices can be updated in real time ensuring security and compliance at all times.
How can I use a CSP?
The Workspace ONE UEM console allows admin to configure policies through Profiles. Those policies that are used often and across industries and provide easy configuration through the GUI. The admin can simply toggle switches or use the text fields to set up these policies. The Workspace ONE UEM console also provides a Custom Settings profile that is extensible to any custom xml that can be sent to the device leveraging the existing infrastructure to securely communicate with the device. Admins can leverage the Custom Settings profile to configure any CSP and publish those settings to devices. The xml used to configure a CSP which the Open Mobile Alliance Device Management (OMA DM) client in the operating system can understand parse to apply the appropriate settings is called SyncML.
How can I get the SyncML to configure my Custom Settings profile?
The Policy Builder is a great tool that can help admins generate SyncML in minutes using an experience similar to the already familiar Profiles allowing admins to leverage all the latest updates available on the platform without the hassle of writing out error free xml. The tool is currently available as a fling that is hosted on the VMware flings website. It is a cloud-hosted tool and admins can also access it directly. You can use your MyVMware credentials to log in to use the tool.
Steps to generate SyncML:
- Log into Policy Builder
- The tool lists all the CSP available to configure by operating system version. Pick the operating system using the dropdown or go with the default 1709 list.
- Pick the CSP you wish to configure. Click Next
- Use the dynamically generated form UI to set the appropriate values. As you populate the form, the corresponding SyncML will be generated on the right.
- Click the Copy button when you are ready to create your Custom Settings Profile in the UEM console.
- Simply paste the xml in your profile and publish.
The tool also provides the ability to modify SyncML. If you already have a custom settings profile that you want to enhance or modify follow the steps below.
- Copy the existing SyncML
- Log into VMware Policy Builder
- Click on the Modify tab and use the drop-down to select the operating system version that you are trying to configure. If you are unsure you can edit the SyncML against the default 1709 version
- Paste the copied SyncML into the SyncML text box on the right.
- The tool will search for and fill out the corresponding CSP form with the appropriate values. You can now easily change the values or add new fields.
Why should I use Policy Builder?
The Policy Builder is an easy to use tool that will save time and effort throughout your journey to modernize management of Windows 10 devices.
- The Policy Builder reduces the complexity to hand rolling xml that is difficult and error-prone. Admins can use the easy form-based UI to generate or modify xml.
- The tool supports the configuration by operating system version reducing the chances of error if a specific node is not supported in the operating system version of the device receiving the xml.
- Support for configuring or modifying multiple CSPs at a time for your convenience.
- Policy Builder dynamically generates SyncML for nodes that you populate. Which makes it easy to edit as you go or delete whole nodes if they are no longer necessary. The corresponding block of SyncML is removed if a node has no value.
- The ability to generate GUIDs if needed to populate SyncML is included in the tool.
- An easy to use Filter helps avoid the need to scroll through the list to find the CSP required
- The tool is cloud-hosted and can be updated quickly and easily with new features and bug fixes greatly reducing turn around time.
See the Policy Builder in action here: https://youtu.be/sg-tQ6iCn1Y
Tell Us What You Think
We are very excited to help drive time and cost savings by reducing the effort it takes to configure and manage policies. We are working towards gathering feedback to better address your requirements and business needs as you progress towards your goals. Please send your thoughts, comments, and suggestions to our product team at firstname.lastname@example.org.