It’s 2021, about to be 2022, yet I feel that a lot of people still don’t totally understand that VMware Workspace ONE UEM can be used to manage physical Windows 10 / Windows 11 laptops and endpoints. And not just for SMBs, but for enterprises, even those with over 100,000 physical Windows endpoints. So let’s dig into that in today’s post!
When I tell people about some of our customers who are managing hundreds of thousands of Windows 10 laptops with VMware Workspace ONE UEM, sometimes they respond with, “Wow, it sounds like you’re competing with Microsoft SCCM?”
“YES!”, I tell them, “If you use VMware Workspace ONE UEM for Windows device management, you can replace Microsoft SCCM, and you can replace Microsoft Intune!” (I.e., Microsoft Endpoint Manager or MEM.) We have many customers who’ve done that, ranging from smaller environments to huge enterprises with Windows laptops scattered around the globe. (Of course, we also have lots of customers who choose to use VMware Workspace ONE UEM alongside Microsoft SCCM and Intune / MEM and then integrate the two—enterprises are complex and there are many paths to success.)
But my purpose with this blog post is to make clear that VMware EUC does more than VDI and mobile device management. VMware Workspace ONE UEM delivers all the physical Windows device management you’d expect—in real-time and from the cloud—including device provisioning, (out of box experience, AutoPilot, offline and online drop-ship provisioning, domain joins, BitLocker encryption with key escrow, etc.), MSIX and Win32 application packaging, installation, delivery and patching, security posture analysis, GPO baselines configuration management and device configuration drift, reporting, cloud-based intelligence, remote support, user experience management, modern user profile configuration and management, workflows, automations, etc.—all delivered via the cloud in a modern, secure, and flexible way.
Furthermore, VMware Workspace ONE UEM can be used to manage Windows laptops that are owned and fully managed by a company as well as used for devices that are employee-owned. (For employee-owned / BYOD devices, you can choose how much “management” you want. Maybe you only want to verify the patch levels, deliver user experience analysis, and deploy the Workspace ONE Intelligent Hub app with the corporate app catalog while allowing the user or another organization to manage the device itself. This is fine with us!)
What’s really wild about VMware managing physical Windows devices is that we’ve been doing it for more than a decade! And no, I’m not just talking about managing Windows VMs on laptops (which is something we do too, by the way), but I mean that we’ve been managing physical Windows devices since the Windows 7 days, and then via the Modern Management APIs when they first showed up in Windows RT and Windows 8.
Of course, the “U” in “UEM” stands for “Unified” Endpoint Management, so in addition to managing physical Windows devices via VMware Workspace ONE UEM, you can also use that same platform to manage your physical Macs, iOS, Android, Chrome OS, Linux, VR/AR headsets, rugged and industrial devices, IoT devices, virtual Windows desktops and apps running on VMware Horizon, third-party SaaS apps—it’s quite a long list! (And wow there is a TON of value in bringing your entire EUC device estate into the same management tent!)
But our broad platform support is not the point of this blog. Setting all that aside and focusing on just what we do with physical Windows devices, we’re excited to continue the momentum of the past decade and the past year into 2022 and beyond.
Speaking of the past year, even though we’ve been managing Windows devices for a decade, we still continue to innovate and build up our Windows management capabilities. For example, here’s a (partial) list of some of the Windows device management enhancements added to VMware Workspace ONE UEM in 2021:
- We added the ability to get your most popular Win32 enterprise applications added quickly and easily with our Enterprise App Repository, a capability where you can select common enterprise apps from a VMware-managed catalog and “one click” import them into your own environment to deploy them to your users. In other words, we do the packaging for you!
- Drop Ship Provisioning (Online) (In Tech Preview) lets you work with your laptop OEM (Dell, Lenovo, HP, etc.) to get configurations, settings, and applications preloaded at the factory which means devices can be shipped directly to end users ready to go, from the first boot, fully managed by VMware Workspace ONE UEM. (You can also simply reset devices to this fresh state at any time too.)
- We’ve integrated VMware Dynamic Environment Manager (DEM) into Workspace ONE, giving you a modern profile and configuration management experience for Windows devices (Check out the Profiles for Windows Desktop and DEM documentation for details.)
- You can build your own configuration baselines for Windows devices from scratch by simply selecting policies from our policy catalog. (Or of course you can still use our pre-configured templates). For more information, see Using Baselines.
- We have approvals workflows for new app install requests. Users can click a link for an app they want right from the app catalog, and we can even pop up a form for them to justify why they want that app. For more information, see App Approvals.
- We can do BitLocker key escrow, including BitLocker To Go support which lets you set policies around the encryption and key management of removable drives and USB sticks. (Check out the full Encryption in our device profiles documentation.)
- We have lots of domain join options. (Azure AD, on prem AD, hybrid, workgroup, etc.) For more information, see Domain Join Configuration for Windows Desktop.
- You can use the new Scripts feature to send code to devices to run processes. To keep sensitive data in your scripts safe, Workspace ONE UEM includes variables to obfuscate information such as email passwords and session tokens. If you integrate your Workspace ONE Intelligent Hub with Scripts, your device users can access these useful scripts any time they want. (See the Automate Endpoint Configurations with Scripts for Windows Desktop Devices documentation for details.)
- We’ve built upon our “Sensors” technology to let you collect data with sensors for Windows devices. You can use these sensors with Workspace ONE Intelligence, compliance reporting, automations, workflows, or any other way you need to manage your devices.
- We’ve added support for Registered Mode for Windows devices which lets you get many of the benefits of VMware Workspace ONE UEM device management while not taking full control of a device. For details, see our documentation about enrolling with registered mode.
- And, of course, we released Workspace ONE Freestyle Orchestrator, a graphical tool which lets you manage IT orchestration and workflows in a simple and modern way. (Seriously, people love managing Windows devices with Freestyle. It’s powerful and actually kind of fun!)
All of this is just a taste of the powerful capabilities that exist with VMware Workspace ONE when managing Windows devices. To learn more, check out the Understanding Windows Modern Management “hero’s journey” learning path on VMware Tech Zone. Or, cut to the chase and dig in to the actual product documentation for managing Windows endpoints with Workspace ONE. We also have some great VMworld videos with customers talking about their experience.
Hopefully you’ll join the thousands of customers supporting millions of Windows devices with Workspace ONE UEM in 2022. Happy New Year!
