VMworld 2019 Recap: What’s New with Workspace ONE UEM and Modern Management
Greetings from VMworld 2019—this year from the Golden City of San Francisco! If you missed our End-User Computing Showcase Keynote yesterday, this blog recaps all the modern management announcements. Led by Shankar Iyer (EUC GM) and Shawn Bass (EUC CTO), the session was action-packed, to say the least. We announced numerous industry-first and industry-leading capabilities that continue to push the boundaries of innovations in Workspace ONE. Here’s a quick snapshot:
Looking at this, it should surprise no one that Workspace ONE is consistently rated by analysts as a leader in unified endpoint management (UEM)—including being ranked as a UEM leader for the second year in a row in the 2019 Gartner UEM Magic Quadrant. Let’s look at the top UEM announcements from VMworld and the ways in which Workspace ONE continues to deliver on its promise of the most breadth and depth across OS platforms:
Enabling IT to Deliver the Best Employee Experience
Employee Experience was clearly the central theme of this year’s keynote. Today, we are seeing a definite need within IT organizations to continuously measure and improve performance across the various workspace technologies and services consumed by employees. To address this, Workspace ONE now brings a tech preview of Digital Employee Experience Management—a new service that proactively addresses user experience issues across the digital workspace, including hardware, OS, apps, network, user behavior, etc. Combining the power of Workspace ONE UEM and Intelligence, the service uniquely delivers cross-platform insights across mobile and desktop as well as real-time automation and cloud-based remediation of experience-related issues. The result is improved employee engagement, higher CSAT for IT and reduced cost to business.
Cross-platform Remote Assistance for IT Help Desks
If an issue arises with an employee’s digital workspace, it is critical that IT quickly identifies the root causes and provides a fix to minimize employee downtime and improve first-call resolution rate. To achieve this, Workspace ONE Assist (formerly Advanced Remote Management) features expanded capabilities for remote support across the Windows 10 (available now) and macOS (coming soon) devices often used by knowledge workers. This is in addition to the list of devices already supported by Assist—including field worker and ruggedized endpoints running iOS, Android, Windows Mobile and Windows CE. Now, administrators can optimize employee experience by remotely diagnosing and fixing user issues across mobile and desktop platforms to get them back up and running quickly from within the Workspace ONE UEM console.
Modern Management of Microsoft Windows 10
VMware is committed to helping customers immediately unlock the full potential of Windows 10 mobile-cloud efficiencies—so much so that we are now activating a new Windows 10 PC on Workspace ONE every few seconds. Enabling this is both the most depth in PC management workloads from the cloud and automation to help ease modern management adoption.
Introducing Workspace ONE AirLift 2.0
AirLift has seen tremendous success over the past year. Customers appreciate that AirLift provides dynamic connectivity between their current PCLM tool and Workspace ONE and helps them programmatically adopt modern management at their own pace. It reduces the burden on IT and automates the migration of device collections while simplifying device enrollment and even exporting apps to the cloud. AirLift 2.0 expands upon these automation capabilities to now include full GPO migration to Workspace ONE—enabling 100% GPO management from the cloud. AirLift 2.0 also adds support for role-based access control for admin and viewer roles and a more simplified UI. That’s in addition to dashboards that feature smart filtering and search capabilities for IT admins.
Enterprise App Repository
Windows apps are hard. Two-thirds of IT effort is spent simply getting these apps ready for the user, i.e. in packaging and testing, and the rest in keeping these apps up-to-date or patched. Workspace ONE is introducing a new Enterprise App Repository built for IT, which serves as a one-stop-shop to source hundreds of commonly used, pre-packaged, pre-configured and pre-tested apps that IT can instantly deploy to an end-user’s Intelligent Hub catalog. Further, the apps are kept up-to-date and tested across the latest OS builds ensuring fail-safe install. This ensures that IT spends less time packaging, testing and updating apps and more time delivering value-added services to users.
Dell Technologies Unified Workspace
Dell Technologies Unified Workspace is a comprehensive cloud-based solution that simplifies the entire PC lifecycle for IT (deploy, secure, manage and support) while delivering a personalized and ready-to-work experience for employees. Workspace ONE adds new capabilities to offer customers the most secure PC experience with Unified Workspace. This includes the ability for a Workspace ONE agent to persist on a device—to act as a software “LoJack”—and reclaim management remotely if the agent is intentionally (e.g. lost or stolen device) or accidentally uninstalled. For compliance and stronger protection against BIOS-level threats, Workspace ONE can also remotely set and escrow Dell BIOS Admin passwords within the console. Also, integration with Dell SafeBIOS technology ensures continuous verification of the BIOS settings helps avoid configuration drift and allows for remote remediation.
New Desktop Client for Workspace ONE Tunnel
We are excited to introduce a new Win32 Workspace ONE Tunnel client for Windows 10 Desktop. This new Win32 client app for the Tunnel is available in the Microsoft Store in addition to the existing Unified Windows Platform (UWP) client. In addition to the core capabilities of secure Intranet browsing and per-app tunneling, the new client lets customers immediately take advantage of an enhanced UI to provide users with a clear view of connectivity status and their privacy settings, support device traffic rules for apps and managed domains and automatically detect Trusted Networks where Tunnel should not be engaged.
Choice and Best User Experience on Apple Platforms
Workspace ONE continues to expand its market-leading capabilities for securing Apple devices and providing a unified management pane that promotes “Mac as Choice” programs in the enterprise.
A New Way to BYO with iOS 13 and iPad OS
Workspace ONE will deliver Day ONE beta support for self-service User Enrollment of BYO devices. With user enrollment, Apple is taking a fundamentally different approach to BYO that uses Managed Apple IDs to support personal devices without full device ownership by MDM. With user enrollment, Workspace ONE will only manage a user partition on devices where all business apps and services reside and have limited device-wide controls (e.g. cannot see user installed apps, perform device wipe, install device-wide VPN, etc.). This will give IT the ability to deliver business apps and services while keeping in check the requirements of tight security and user privacy; i.e., ensuring a clear separation of personal and work data within mail, contacts, files, keychain, etc. As we head closer to the iOS 13 release in Fall, check out our blogs for more details on enabling user enrollment and signing up as a beta customer.
Modern Update Management for Apple Platforms
Workspace ONE will enable a new cloud-based modern update management approach for Apple devices that ensures devices are always up-to-date across any network. Workspace ONE minimizes risky OS changes with fine-grain controls across major and minor updates to reduce disruption and enables the configuration of a multi-phase rollout strategy using SmartGroups. Admins can pause or auto-approve all or critical OS updates based on the company risk profile. Update checks and OS reboots can be scheduled at defined time intervals to maintain the desired state and ensure successful application of critical updates.
Extending Modern Mac Management Capabilities
Workspace ONE is bringing the next generation of script management for macOS within the UEM console. This powerful solution for Mac admins will support a variety of scripting languages, such as bash, python, PowerShell, and allow them to create actionable scripts that run operations to customize OS, make system changes, install apps and deploy quick fixes (e.g. printer configurations). These scripts may be made available for users as self-service actions that users can execute on-demand from within the Intelligent Hub Catalog. Further macOS integrations include complete FileVault encryption lifecycle management to simplify key escrow and recovery and automate key refresh for compliance. Also available now is System Integrity Protection (SIP) support, providing macOS health check and compliance status within UEM.
Continue to Accelerate Google Enterprise Adoption
Workspace ONE was the first UEM to provide modern management of Chrome OS devices and a recognized leader in embracing Android Enterprise. New UEM innovations aim to continue driving growth across each of these platforms:
Migrating to Android Enterprise Just Got Easier with Workspace ONE
Google announced in 2017 that it will deprecate legacy Android management (Device Administrator) in favor of Android Enterprise, which is set to take effect in the upcoming Android Q release. So, customers who haven’t yet begun to migrate to Android Enterprise are at a risk of losing key Android management capabilities. Workspace ONE now features a unique Android Enterprise migration tool that makes it simple for IT and users to move devices from legacy Android administrator to Android Enterprise management with just a few clicks from within the UEM console. The migration tool supports batch-testing, staged migration, and the ability to simultaneously retain legacy administration so customers can scale confidently. Real-time monitoring helps track progress and device health as they are being migrated.
Workspace ONE Gets a Chrome Enterprise Upgrade
A new Workspace ONE UEM Extension for Chrome OS will now allow full certificate lifecycle management of the device. Admins can silently deploy device- or user- based authentication certificates with zero user intervention, configure and report on deployed certificates—including status and expiration dates—and even revoke and renew certificates remotely from the UEM console. At VMware, we are also excited about the new Dell Latitude Chromebook Enterprise devices that combine best-in-class hardware, the end-user simplicity of Chromebook, and the business benefits of a Chrome Enterprise Upgrade (management, security, work data access). Workspace ONE now extends its unified management capabilities for Chrome OS to Dell Technologies Unified Workspace to support the new Latitude Chromebook Enterprise without the need to purchase an additional Chrome Enterprise License.
Industry-First UEM to Support Okta Universal Directory
Workspace ONE has always embraced customer choice and heterogeneity—whether it’s supporting diverse device platforms, app types, or an ecosystem of security and IT tools. We believe that the same should be true with customers’ primary IDP. On that note, VMware and Okta are excited to integrate Workspace ONE with Okta Universal Directory (UD) and accelerate customers’ journey to the cloud. The integration enables customers to embrace Okta UD as their main user information store or support a hybrid environment with UD and other stores such as AD, Azure AD or an existing LDAP solution.
This is without a doubt some of the richest set of UEM capabilities we have ever announced at VMworld, ensuring value add across customer investments on every platform. Stop by our event booth (#949) to meet the experts and get all your questions answered. Also, stay tuned to the EUC blogs as we publish more details across each of these capabilities. Cheers!