Business Continuity Featured VMware Horizon VMware Workspace ONE

End User Computing Announcements at VMworld 2019 Europe

It’s been an eventful autumn of 2019 for VMware End User Computing (EUC). We started with one of our biggest events of the year, VMworld 2019 US. We announced several industry-firsts, including the new AI-powered Virtual Assistant enabled by IBM Watson and integrated into Workspace ONE Intelligent Hub. We also announced new Horizon hybrid and multi-cloud VDI and apps management innovations. These enable organizations to embrace multi-cloud hybridity, delivering benefits including flexibility and scalability, as well as to drive new use cases like disaster recovery, datacenter extension and cloud bursting.

Then last week, Gartner announced Workspace ONE scored highest in two of the four use cases in the 2019 Gartner Critical Capabilities for Unified Endpoint Management and second in the remaining two. Workspace ONE was the only solution to achieve top two in every use case, once again re-affirming Workspace ONE’s leadership.

Now live from Barcelona, it’s VMworld 2019 Europe, and the VMware EUC and Workspace ONE commitment to delivering a great customer experience keeps on rolling.

Here’s a quick summary of what you can find below:

1. Continuing the theme of the best user experience, Workspace ONE Day 0 support, a new partnership with HID Global and other user experience-related announcements

2. New Zero Trust announcements including EUC publishing a Zero Trust architecture for Workspace ONE to secure the digital workspace, plus news on Carbon Black integration, additions to Workspace ONE Intelligence, Workspace ONE Verify and new Trust Network partners

3. Announcements for Horizon Control Plane, multi-cloud, Horizon Cloud on Microsoft Azure and Horizon 7 on VMC on AWS

4. Last but not least, new Modern Management innovations and partners, plus Workspace ONE for new Microsoft Endpoint Manager

Let’s get into it.

Employee Experience

Zero Day Support for New Hires

Building on Workspace ONE’s out-of-the-box onboarding options across all platforms – iOS, Android, Win 10, and macOS – day zero support enables organizations to engage employees even before they’ve officially started.

When new hires accept offers, the HRIS systems kick off provisioning of new accounts across the different services the user will need for their role. Workspace ONE can leverage this provisioning to provide the new user with secure access to Workspace ONE Intelligent Hub prior to the official start date! IT admins can provision just a subset of applications and workflows to Intelligent Hub for these, such as access to employee directories, intranet, benefits signup and new device selection. This enables the employee to dive in prior to day one, allowing organizations to provide an exceptional new employee experience and drive engagement as soon as a candidate accepts their offer.

First in the Market Announcement with HID Global

We are happy to announce that two leaders in employee digital workspace and physical access management are coming together to offer a seamless and secure employee experience. HID Global, the leader in physical access control systems, and VMware will integrate HID access solutions with Intelligent Hub. Blending employee technology experiences with physical experiences, the new Workspace ONE Intelligent Hub “Passport” feature simplifies employee access to physical office locations. With a tech preview this quarter and release expected next year, employees will be able to use the Intelligent Hub app on their personal or company-owned mobile device to gain entry to buildings.

VMworld 2019
This new tech preview offers a unique integration of technological and physical experiences.

New Privacy Guard Notifications

Privacy Guard informs Workspace ONE users how changes to app and device management policies impact their privacy in real-time. Privacy Guard provides full transparency into the data that apps collect and the permissions that apps may require on the device. Similarly, Privacy Guard shows users of managed devices what personal apps and data IT cannot see and what data is being collected. Privacy Guard is a useful solution not only for users but also for IT when introducing the concept of managed devices to users and assuring them their personal data, pictures or surfing habits are not being touched by the organization. Developers can add these capabilities to any app by leveraging the Workspace ONE Privacy SDK, available to all Workspace ONE customers.

VMworld 2019
Privacy Guard shows users exactly what data and resources are accessible to the organization

New Workspace ONE Smartfolio
Workspace ONE Smartfolio is a secure app that makes it easy to find and access content critical to business functions or job roles. An early example of this type of requirement has been in the aviation industry, where it has replaced the heavy flight bag pilots had to carry, electronically making available the pertinent pre-flight documents to pilots before they board.

New Workspace ONE Cards
Networking can be incredibly valuable to you and your business – and it’s so frustrating when you lose those contacts that you work hard to make. Workspace ONE Cards helps you save and organize connections by taking a picture of business cards and automatically adding the detail into your contacts. Simple, yet effective.

Zero Trust Security for the Digital Workspace

According to Brian Madden, Zero Trust is the inevitable endgame – and we agree. As Brian outlines, most organizations already have some elements of zero trust in place, but often don’t know how to take the next steps towards fully implementing it. Workspace ONE combines the key elements of a zero trust strategy, securing cloud apps and services, mixed OS device fleets and ownership (BYOD), and remote work styles. Workspace ONE delivers the continuous verification required to grant least privilege across all your applications.

Integration of Carbon Black CB Defense
Following the recent acquisition of Carbon Black, we are pleased to announce a new Workspace Security add-on offering for Workspace ONE Advanced that brings these two solutions together. Carbon Black’s next-gen anti-virus and behavioral endpoint detection will send detected threats to Workspace ONE Intelligence for analytics, remediation, and orchestration across devices. Additionally, Carbon Black LiveOps will allow IT and SecOps teams to perform deeper system queries and inspection of the device. VMware Workspace Security will be available for purchase later in 2019.

Workspace ONE Intelligence Ingest API
A new Workspace ONE Trust Network Ingest API allows partner security vendors to easily integrate their threat detection with Workspace ONE Intelligence. This increases the number of factors that Intelligence can apply to security decisions, enabling increased authentication and automated remediation, and orchestrating responses with customers’ ITSM investments.

New Workspace ONE Trust Network Partners
Mobile Threat Defense companies Wandera and Zimperium are joining our growing Trust Network ecosystem, enabling information to be consumed into Workspace ONE Intelligence and utilized in access control policies and device management, compliance and remediation. Wandera, Zimperium, and Zscaler are the first partners committed to leveraging the Trust Network Open Ingest API.

Workspace ONE Verify Multi-Factor Authentication
VMware Verify is being integrated directly into Workspace ONE Intelligent Hub, eliminating the need for a separate authenticator app. When an app is accessed that requires MFA, an actionable notification is sent to Intelligent Hub for the user to click to approve the request, authenticate the user’s identity through the use of the local device biometrics, and launch the required app. Verify is built into the Workspace ONE platform, requiring no additional integration work once Workspace ONE Access is configured. Workspace ONE can also be integrated with 3rd party MFA solutions.

New Workspace ONE Intelligence Orchestration Workflows
New orchestration workflows are being announced for Jira Service Desk, BMC Remedy Service Desk, and PagerDuty. These workflows further the automation and tracking of compliance and remediation events across your organization’s tracking systems.

VMworld 2019

Zero Trust Architecture and Services for the Digital Workspace
These new additions discussed above continue to reinforce VMware’s commitment to enabling Workspace ONE customers to enable intrinsic Zero Trust across datacenter, cloud, networking and end-user solutions. These announcements enhance existing Workspace ONE methods of zero trust enforcement including:

Device Management and Compliance: Enables organizations to empower users with their devices of choice, managing all devices, assessing compliance to policy, and establishing device trust.
Conditional Access: Enables organizations to utilize identity, device, network and intelligence information to determine the level of trust applied to that access scenario. This trust can vary depending on these factors, ensuring the smoothest access experience for users while ensuring data is protected.
Multifactor Authentication: Integrated MFA into Intelligent Hub used in conjunction with conditional access policies to ensure applications and data are secured.
Per App VPN and App Proxy: Least privilege access to on-premises applications ensure applications can only access the resources required for that app rather than access to all data center resources.
Desktop and App Virtualization: Published desktops and apps support zero trust access by securing information in the data center or cloud preventing data from being copied locally to a user’s device.
Risk Analytics: Launched at VMworld 2019 U.S., risk analytics enable Workspace ONE to consume risk attributes from the Workspace One platform and Zero Trust network partners and apply this risk score to conditional access policies.
Automated Remediation & Orchestration: To further the use of intelligence, automated remediation can identify specific scenarios such as the application of security updates and orchestrate them across your environment supporting critical ITSM investments for ticketing, notifications, and actions.

A Workspace ONE Zero Trust reference architecture and implementation guides for different use cases will be made available on VMware Workspace ONE Tech Zone to help customers get started. To help customers accelerate zero trust projects, new professional services offerings are also being introduced with more information to follow.

Workspace ONE Intelligence for Consumer Apps
We are pleased to announce a new Intelligence-based solution that is separate from the broader digital workspace platform. Based on Apteligent technology VMware acquired and migrated into Workspace ONE Intelligence, VMware will offer a new standalone Workspace ONE Intelligence for Consumer Apps offering that can be integrated into consumer-facing apps to monitor app engagement and performance. This helps app developers understand how their applications are being used, identify when issues impact the user’s experience and aid in the troubleshooting and fixing of the app to lead to higher app ratings.

Horizon Virtual Desktops and Apps

Simplified Hybrid and Multi-Cloud VDI and App Management
At VMworld 2019 U.S., we announced new Horizon Services for Multi-Cloud. These management services are being built into the Horizon Control Plane to help customers manage hybrid and multi-cloud desktop and app workloads more efficiently and directly from the cloud. The Monitoring Service is now available, enabling administrators to surface Horizon performance data so they can proactively monitor, troubleshoot and remediate their environment from a single, cloud-based console. In addition, the Horizon Image Management Service will enter beta testing phase before the end of 2019. Once available, the service will help admins create and manage images, and easily reuse those images distributed across all of Horizon deployments.

VMworld 2019

Generally available at the beginning of next year for Horizon 7, including Horizon 7 on VMC on AWS, a new version of App Volumes will enable customers to simplify app packaging and lifecycle management by leveraging new algorithms for AppStack delivery. By decoupling package management and delivery, application owners and packagers can work freely and respond more quickly to user requests.

Enhancements to Horizon Cloud on Microsoft Azure
Available now, updates to Horizon Cloud on Microsoft Azure include high availability for Pod Manager, custom Azure Resource Tags, enhanced logging and auditing, and enhanced alerting during pod upgrades. These updates help simplify Day 2 administrative work for enterprises and deployments of all sizes.

Horizon and App Volumes REST API
Support for Horizon and App Volumes APIs is now available and provides extensibility and flexibility in management. More information is available on

New PCI certifications
New certification for Horizon Cloud on Microsoft Azure, adding to existing HIPAA and SOC2 certifications, are now available. This includes compliance for the Horizon Control Plane, the Horizon Cloud software layer, and the Microsoft Azure IaaS layer.

Persistent Virtual Desktop Management from Workspace ONE UEM Console
Admins can now manage their Horizon persistent virtual desktops alongside all other physical and virtual workspaces from the Workspace ONE UEM console. Leveraging UEM for day-to-day desktop operations, such as new patches and policies, deploying applications, etc., minimizes the need to create new desktop images for smaller updates, reducing re-imaging frequency and associated time and cost.

Improved Microsoft Teams Support
A new beta is available for an audio-optimized experience with Microsoft Teams for Horizon.

Modern Management, Workspace ONE and Microsoft 365

At Dell Technology World 2019 earlier this year, Dell, Microsoft and VMware announced several joint workstreams around Windows modern management, Microsoft 365 conditional access, and other integrations between Microsoft 365 and Workspace ONE. Providing an update to that announcement, VMware will partner with Microsoft to deliver a unique integration called VMware Workspace ONE for Microsoft Endpoint Manager.

The first phase of this integration will focus on Workspace ONE maximizing employee experiences on Microsoft Endpoint Manager-managed Windows 10 devices – including unique employee onboarding workflows, digital employee experience management, proactive troubleshooting of IT issues and consistent access to enterprise services and Microsoft Endpoint Manager-managed apps.

Another area of collaboration will be Windows Virtual Desktop (WVD). VMware will be able to extend Microsoft Windows Virtual Desktop capabilities to customers using Horizon Cloud on Microsoft Azure. Targeted for tech preview in our Q4, Horizon Cloud on Microsoft Azure will add industry-leading functionality to the benefits that customers can only receive on Azure with Windows Virtual Desktop, in particular Windows 10 Enterprise multi-session and up to three years of free Extended Security Updates for Windows 7.

Finally, VMware will extend a tech preview in Q4 for Workspace ONE conditional access to Office 365 apps for unmanaged/BYO devices via integration with Microsoft Azure AD and Intune. General availability off this capability is expected in first half of CY2020.

Other modern management capabilities announced include:

Windows 10 Baselines and Baselines Auditing
Workspace ONE customers using Windows 10 custom or out-of-the-box configuration Baselines (e.g. CIS Benchmarks) now have automated auditing capabilities to protect against policy configuration drift. Workspace ONE will also soon make available Microsoft Security Baselines for Windows 10 (both MDM and GPO) that were announced at Dell Technologies World earlier this year.

New Management Support for VR Headsets
Including Pico, Vive, and Oculus, including streamlined onboarding and configuration, app deployment, and security management.

Custom iOS 13 Enrollments
Custom enrollments for iOS 13 devices allows IT to customize authentication requirements for enrollment and branding and messaging viewed by users during the enrollment process.

New PIV-D support for Android Enterprise devices, allowing civilian agency employees to use derived credentials to authenticate without requiring a card reader.

It’s been a busy 90 days, but two VMworlds and a Magic Quadrant later, we are back to work to drive the next round of employee experience, modern management, multi-cloud VDI and apps, and zero trust security capabilities for Workspace ONE customers.

If you’ve got this far, we’re sure you’ll be signing up to either attend or view the EUC keynote: Digital Workspace Keynote: Becoming a Champion of Employee Experience [DW3459KE] live from Barcelona at 15:00 – 16:00 local time.