By Robert Coggins, CISSP and Workspace ONE expert, VMware
Like any major paradigm shift, transitioning from traditional endpoint management to modern management (MM) is not without its own set of issues. Case in point, our IT team discovered there were gaps when it came to supporting global enterprise devices and colleagues (end users), especially given the user interface (UI) did not have everything our team needed right out of the box. This challenged VMware’s goal of offering superior experiences to colleagues anywhere and anytime, on any device.
An answer right at hand
The answer was found in extending VMware Workspace ONE® to meet VMware IT’s demands for Unified Endpoint Management (UEM). Workspace ONE’s APIs were able to fully augment the out-of-box features found in the UI, creating a comprehensive and powerful solution that met the demands of our team.
The overall directives were fairly simple—enable every colleague to be truly mobile, ensure superior security and compliance at every endpoint, eliminate cumbersome imaging, and employ zero-touch IT to further enhance IT productivity. Then apply these directives to every operating system within the VMware ecosystem, including Android, iOS, macOS, Windows 10, and eventually Linux. Tools utilized would include Bash and Python scripting, Powershell on Windows 10, the Workspace ONE APIs, and serverless Function-as-a-Service (FaaS).
For example, with Windows 10 our team enabled an out-of-box-experience (OOBE) that ensured colleagues were up and running within minutes of turning on a new device. There was no domain to join, and every device was automatically connected to Windows Hello for Business. Likewise, with macOS we took advantage of Apple’s Device Enrollment Program (DEP) and Enterprise Connect to allow seamless device setup and ongoing use. And neither OS required imaging!
Challenges (that ultimately weren’t so challenging)
Our team did encounter some challenges along the way. Zero-touch IT meant that our engineers could no longer preconfigure some device attributes asked for by colleagues. The good news, as mentioned, is that colleagues are often able to download any required apps on their own rather than calling the support desk. And while automation and conditional access policies have mitigated many traditional support desk issues (primarily around log-on access), there is still significant untapped potential about what we can do with these technologies.
Workspace ONE becomes the one
Today, more than 24,000 colleagues across the globe enjoy effortless connections regardless of device, wherever they choose to connect, without having to worry about security or compliance issues—even if they have just received a new device for the first time. Internal surveys continue to show positive opinions of the self-administration features, and our IT teams have realized significant productivity gains as well. Workspace ONE has both demonstrated its UEM capabilities and its ability to adapt/extend to meet any enterprise requirement.
VMware on VMware blogs are written by IT subject matter experts sharing stories about IT’s transformation journey using VMware products and services in a global production environment. Visit our portal to learn more.