Technical Guides Workspace ONE Unified Endpoint Management

Binge watch The Ascent – Our complete series on modern endpoint management with Workspace ONE

A successful transition to modern management hinges on understanding how to architect and implement features correctly to ensure it can be operationally managed. But tactically, how do you take the leap? What if we had a bingeable series that walks you through these steps in easy-to-digest 15-35 minute episodes?

Now you can binge watch an entire season at work and your manager won’t mind!

Our series, The Ascent, dives deep into how you can navigate your modern management journey, focusing mainly on the transition from traditional PCLM to Workspace ONE for Windows devices. (Although this series calls out Windows 10 specifically, Workspace ONE supports Windows 11 as well!) In each episode, our esteemed hosts take a topic, break it down, and implement it for their brand-new company and new Workspace ONE customer, Modern Peak.

The Ascent series in its entirety can be found here. You can start from the beginning and play the whole series through. Or if you’re interested in specific topics, we’ve included a “TV Guide” description of each episode below so you can easily choose your own adventure.

Episode Breakdown

Episode 0: Welcome to The Ascent!

Meet our new hypothetical company, Modern Peak, and embark on your Modern Endpoint Management journey.

Episode 1: Foundations – Part 1: The AirWatch Cloud Connector

Learn the most fundamental integration to your Workspace ONE UEM environment: Active Directory. Join us as we install the AirWatch Cloud Connector and connect to the Active Directory of their brand-new company, Modern Peak.

Episode 2: Foundations – Part 2: Workspace ONE Access Connector

On to another Active Directory Integration – this time with Workspace ONE Access. Access houses the unified application catalog and provides SaaS/web applications to the end user. Learn how to configure the Workspace ONE Access Connector, map AD attributes, and configure the Directory Integration.

Episode 3: Your First Automated Windows 10 Enrollment

Now you’re ready to enroll your first device! We’re starting with command-line enrollment (CLI); the cornerstone of automated device enrollment. Learn about the CLI options available, how to do staging enrollment, and the options available for automatically assigning devices to enrolled users.

Episode 4: Even Easier Windows 10 Enrollment!

The previous episode covered an automated enrollment method for bulk deployment by IT. But what about users trying to enroll their BYO devices? Is there a way to make this experience easy? Discover email autodiscovery and how Agent Based Enrollment works on a Windows 10 device.

Episode 5: UEM Console Basics – Part 1: Organization Groups and RBAC

Part 1 (of 2) covers two grouping methods, Organization Groups (OG) and Roles Based Access Control (RBAC). Learn about how OG structure works, parent/child relationships, the impact on console settings, and best practices for managing a multi-admin Workspace ONE environment.

Episode 6: UEM Console Basics – Part 2: User Groups and Assignment Groups (or is it Smart Groups?)

Part 2 (of 2) covers two other core grouping methods in Workspace ONE UEM – User Groups and Smart Groups. Each method is used for different purposes and is fundamentally different to Organization Groups.

Episode 7: Making it Pretty – Branding Your User and Admin Experience

Enable Hub Services to provide end users a unified catalog of resources from Workspace ONE UEM and Workspace ONE Access. Then for a change of pace, prettify your Workspace ONE instance with branding and color schemes for Intelligent Hub, the Self-Service Portal, and the admin consoles.  

Episode 8: OMA-what? Deploying MDM Profiles to Windows 10

Profiles are the foundation of configuring Windows 10 devices through Workspace ONE UEM. Learn to create profiles using the Windows 10 Configuration Service Providers (CSPs) from Microsoft, create custom setting profiles, and track and troubleshoot profile deployments in the UEM console.

Episode 9: Securing your Devices with BitLocker

BitLocker encryption is almost always the first security measure that customers enable in Workspace ONE. Learn to implement BitLocker management in Workspace ONE, then enable a virtual TPM in VMware Workstation to test and show that BitLocker encryption has been applied on a virtual machine.

Episode 10: Software Distribution Essentials – Enterprise App Repository and MSI App Deployment

Previously on The Ascent, we provided and branded a unified catalog to users. But the catalog is empty! Learn to deliver your first Windows apps with two methods: 1) uploading the app as an MSI directly into the console, and 2) using the Enterprise App Repository.

Episode 11: SaaS-ing Up the Catalog with Salesforce

For SaaS apps, discover how identity federation works and how to federate Workspace ONE Access to one such app – Salesforce.

Episode 12: Software Distribution Essentials – EXEs and Scripted App Installs

Previously on The Ascent, we showed how to deliver MSI-based applications. But MSIs are not the only Windows app format that you have to deliver. This session focuses on deploying other Windows app formats, such as EXEs and scripted installations.

Episode 13: Windows 10 Out-of-box Experience (OOBE)

The Windows 10 out-of-box-experience (OOBE) provides a method of onboarding Windows 10 devices into an organization’s environment. OOBE allows an end user to join Azure AD using their Microsoft account and enroll into MDM as part of getting access to the OS. Learn the configuration steps here.

Episode 14: Customizing OOBE with Autopilot

Autopilot allows organizations to register devices as company-owned and customize the end-user experience during the onboarding process. This episode covers customization options available and demonstrates the end users’ experiences when they get a brand new device.

Episode 15: Certificate Integration (AD CS via DCOM)

Throwback to a fundamentals-style episode, certificate integration is a fundamental feature of Workspace ONE UEM. Learn how to integrate Workspace ONE with an internal Active Directory Certificate Authority to deliver certificates that can be used for authentication to a VPN, WiFi, etc.

Episode 16: Wiping Windows 10 Devices – you have options!

Wiping and resetting a Windows device is an integral part of a standard operating procedure for an IT administrator. Workspace ONE UEM makes this easy for an admin, with three different wipe and reset options available to fit the intended requirement – enterprise wipe, device wipe and enterprise reset – and in what situations to use each of those options.

Episode 17: The Modern Way to do Windows Updates

Windows releases/patches are more frequent and incremental. Endpoint admins need to collaborate closely with apps teams to ensure OS updates don’t negatively impact app performance. Learn how modern Windows Updates work, how to configure it in Workspace ONE UEM, and different deployment considerations for an administrator.

Episode 18: Using Baselines to Apply Industry-Recommended Settings

Baselines allow an admin to apply an industry-recommended policy set onto a Windows 10 device and apply additional custom settings to meet your policy requirements.

Binge watch The Ascent series now

We hope you find this series useful and that it helped you take the first steps to start your modern management journey.

If you’re looking for more information, check out our Understanding Windows Modern Management Learning Path on Tech Zone.

Related Articles