VMworld 2018 US: What’s New With Workspace ONE Unified Endpoint Management
It Takes a Modern Platform…
The iPhone influenced a major industry shift for endpoint management tools. It stood out as the first modern endpoint that was no longer a physical “box” but a combination of the edge device and cloud services. It offered management from the cloud, deployments and updates as a service, as well as apps on demand from app stores. Others followed suit, e.g., years later Google did the same with Android Enterprise. Soon, MDM tools were no longer managing just the endpoint but the associated cloud services as well like app stores, enrollment services, OS updates, security and so on.
Given the cloud-based management efficiencies mobile has delivered, PC operating systems are now evolving to be mobile-like, e.g., with High Sierra, macOS is now just like iOS driving the industry toward mobile device management (MDM). Microsoft did something similar with Windows 10 by introducing major changes in the OS with built-in mobile management APIs, more frequent cloud updates, and modern store apps. Unlike traditional PC lifecycle management (PCLM) that was bound to the network, this new approach allowed modern management at scale and in real-time for PCs anywhere – reducing IT costs, improving security, and ensuring a better user experience.
So, what does this mean for the market and your end-user computing teams? First, modern management is inevitable as mobile and new desktop computing systems increasingly become SOP for your business. Platform vendors – including Microsoft, Apple, and Google – will continue to build deeper APIs and platform services in the cloud, constantly pushing the envelope of what’s achievable with modern management. Second, recognize that siloed management tools across platforms will lead to increased IT complexities and costs. So, you will need a unified solution that can fully manage the idiosyncrasies across a mix of modern devices, enable employee choice, and ensure that your legacy app investments and process requirements are not forgotten.
That’s where the value of VMware Workspace ONE Unified Endpoint Management (UEM) comes in strong. The modern platform puts an end to IT management silos and helps you tame the marginal cost of diversity. The core tenet of Workspace ONE platform extends beyond UEM across platforms. The heterogeneity extends to any identity, any app / app type, ownership model and use cases. This enables a consistent, user-centric approach to managing any app and device – including desktops, mobile, rugged, wearables, and IoT. So, no wonder Workspace ONE has been consistently recognized as a leader in UEM by analysts not only for the breadth of platforms supported, but importantly for the management depth it offers across each of these platforms.
“Unification for the sake of unification is not a win, unless the required management depth on each platform is delivered.” – Jeff McGrath, Sr. Director, End-User Computing, VMware
The UEM Innovation Doesn’t Stop Here…
At VMware, we don’t just sit back and rest on our accolades. We continue to push the boundaries of innovation! At our EUC Showcase Keynote yesterday, we announced many such industry-first capabilities for Workspace ONE that further strengthen the modern platform narrative, making it the only UEM platform that can transform every aspect of your modern management journey. Below is a quick snapshot of the UEM capabilities that we announced.
- VMware is partnering with Dell to bring customers a unique factory services offer – Dell Provisioning for VMware Workspace ONE – that ships a “ready-to-work” desktop to the user, pre-configured (e.g. directory services, Workspace ONE enrollment, etc.) and pre-loaded with required work apps (e.g. Win32 apps). This ensures day zero productivity for the user and a significantly lower TCO for IT in PC setup and restore tasks.
- Workspace ONE will also feature Industry Standard Baselines – a new turnkey approach to deploy industry recommended and trusted policy templates derived from CIS benchmarks, Microsoft and others. The templates allow over-the-air configuration of Group Policies in minutes without the need to sift through thousands of settings and ensures your compliance requirements are met with 100% policy coverage beyond limited native MDM policies.
- Also, customers reeling with the complexities of Windows as a Service and what many consider as the worst patching months of June and July can finally breathe easy! Workspace ONE will feature new Device Update Readiness and CVE Vulnerability Remediation capabilities to help IT patch with confidence and break free from the constant testing and servicing cycles. Update readiness allows IT to automate patch rollout based on intelligence derived from Windows Analytics and Workspace ONE Intelligence app crash and performance data. In addition, IT can proactively manage vulnerabilities from becoming enterprise-wide risk with automated patch remediation based on a CVE risk profile.
- Integration with Windows Defender Device Guard allows Workspace ONE to act as a Trusted Software Authority for UWP and Win32 app installs and prevent spread of malware. This limits Workspace ONE app as a trusted installer for company recommended apps and blocks users from installing unsanctioned or unsafe applications from the Web or external sources.
- Workspace ONE will feature sensors – a capability that allows admins to query using PowerShell scripts any asset attribute such as system information, custom hardware inventory, registry and app data and even custom WMI data, and perform actions to remediate the endpoint to a desired state.
- Workspace ONE AirLift connector for SCCM is now GA, enables migration of SCCM workloads to Workspace ONE, and accelerates transition to Windows 10 modern management through automation. AirLift dynamically maps SCCM Collections to Workspace ONE smartgroups, silently onboards PCs and even moves Win32 apps in SCCM to Workspace ONE without the need for repackaging.
macOS and iOS
- Managing OS patches, particularly on macOS has always been an arduous task for admins, as maintaining a device on a desired patch typically involved additional effort of standing up a corporate SUS or package updates – which was high touch. Apple and VMware are making OS patch management for macOS and iOS easy by allowing admins to provision the updates right from the Workspace ONE UEM console and even defer updates up to 90 days, allowing for time to certify the release for business-critical apps.
- Native Software on macOS in the enterprise predominantly contains package installers and disk images distributed from a decentralized system by the individual developers. Workspace ONE UEM (with integrated open source Munki) provides a streamlined solution for package software management and patching and optionally keep software in the desired state at all times.
- Supporting and troubleshooting issues for remote users on iOS has always been a challenge as ability to remotely transmit an active user session over the air is found lacking, except the limited casting capabilities available with AirPlay. Workspace ONE UEM now makes it simple for IT to launch an advanced remote view session right from the console to remotely view a device from any location globally.
- Just as every year, Apple is gearing up for release of a new operating system this fall. And Workspace ONE UEM will be ready with the latest and greatest enterprise capabilities available on iOS 12.
Android and ChromeOS
- Workspace ONE support for the most Android enterprise personas including new Corporate Owned Personally Enabled (COPE) and a unique Multi-User mode. COPE brings together the user experience efficiencies of the Work Profile – meaning clear separation of work and personal data; and the secure device management capability of Work Managed mode for corporate owned devices.
- VMware is also enabling high security customers to take advantage of the best in Android security. Integration with the SafetyNet Attestation API helps admins validate the integrity of the device and assess security and compatibility of the Android environments in which your apps run.
- VMware is also first to announce support for Android enterprise and Samsung Knox harmonization, so admins can configure Knox Platform for Enterprise policies in the same profile as Android.
- Workspace ONE was the first UEM with support for Chrome OS management and we have continued to add new API support, including Require Verified Mode, Force re-enrollment, Task Manager Restrictions, App Blacklisting, Bookmarks and History Policies, and more.
Peripherals and Rugged
- For rugged and purpose-built devices, Workspace ONE added automated file sync actions to sync device and Network File Share (NFS) folder/files on a schedule, and thus keep mission critical device up and running without disruption.
- The Workspace IoT support now includes support for Google Glass Enterprise Edition 15 and Avery Dennison mobile printers, further extending the broad support for enterprise wearables and peripherals.
These latest announcements are a clear demonstration that VMware continues to out innovate other siloed management solutions. Workspace ONE is here and ready today to help customers accelerate their digital transformation journey and realize cost, security and user efficiencies – faster!
Don’t forget to check back in the next few days for deeper dive blogs on each of the UEM platforms and capabilities. You can find additional information at www.workspaceone.com and www.airwatch.com. Read our EUC announcements press release here.