Organizations are at an inflection point. Given the trends of mobile workers and the state of innovation across the industry, the client-server end user computer model is no longer meeting the demands of IT organizations.
What is the role of Workspace ONE UEM in the digital workspace?
Workspace ONE UEM brings endpoint security and full lifecycle management to the digital workspace.
The platform provides powerful automation tools and engines to alleviate manual tasks for both initial configuration and day-to-day management.
Workspace ONE UEM also includes next-generation security architecture to help mitigate risks and ensure compliance.
Unlike vendors whose unified endpoint management or UEM solutions emerged from a particular operating system platform, Workspace ONE UEM originated in the mobile era of platform heterogeneity, self-service, cloud technology, and it remains device-agnostic.
From one HTML5 console, IT can manage and secure all the endpoints users are using. And for any endpoint, Workspace ONE UEM can manage the use case and the lifecycle that comes with it.
For example, we can configure corporate-owned devices to be automatically configured during the initial power on. All of the policies are configured and assigned to that device before it’s even in the hands of a user—making it simple to just power ON and be up and running. But for employee-owned devices, end users can self-activate or register their device for work services by following a simple onboarding workflow and then the device is automatically configured with their work services. Should they leave the organization, IT can wipe the enterprise services from the device.
Or, you may want to push critical updates and applications immediately to corporate-owned tablets, but for line-of-business or LOB devices wait for off-hours to avoid disturbing operations.
Or, for a kiosk, you might want to lock it into single or multiple applications or a website, or restrict access to device settings to prevent tampering or misuse.
Workspace ONE UEM also helps IT with application management. With Workspace ONE UEM, we no longer need multiple application distribution tools for each application type. We can manage the full lifecycle of any application, deploy it to devices, and secure it with compliance policies. This includes EXE or MSI packages, and Web applications, as well as remote or universal applications. Any application that is purchased or that an organization develops using our application development tools can be distributed, managed, supported, and retired through the Workspace ONE UEM Console.
Workspace ONE UEM also helps IT address the challenge of securely deploying content to a wide variety of devices. Administrators use the Workspace ONE UEM Console to create, sync, or enable a file store. Once configured, this content deploys to end user devices with the Workspace ONE Content app, accessed through Workspace ONE.
In sum, Workspace ONE UEM brings to IT organizations increased management efficiency, comprehensive security and compliance, and lower costs.
And Workspace ONE UEM ensures that the digital workspace is not only consumer-simple, but also enterprise-secure.
Workspace ONE UEM Features
Workspace ONE is a digital workspace platform that enables IT to deliver a digital workspace that includes the devices and apps of the business choice, without sacrificing the security and control that IT professionals need. Workspace ONE features provide enterprise-class security without sacrificing convenience and choice for end users.
TestReal-time app delivery and automation:
Taking advantage of new capabilities in Windows, Workspace ONE allows desktop administrators to automate application distribution and updates. This automation, combined with virtualization technology, helps ensure application access as well as improve security and compliance. Provision, deliver, update, and retire applications in real time.
TestSelf-service access to cloud, mobile, and Native Apps:
After end users are authenticated through either the Workspace ONE app or the VMware Workspace ONE Intelligent Hub app, they can instantly access mobile, cloud, and Windows applications with one-touch mobile SSO.
Choice of any device, employee, or corporate owned:
Administrators can facilitate adoption of bring-your-own-device (BYOD) programs by putting choice in the hands of end users. Give the level of convenience, access, security, and management that makes sense for their work style.
TestDevice enrollment:
The enrollment process allows a device to be managed in a Workspace ONE UEM environment so that device profiles and applications can be distributed, and content can be delivered or removed. Enrollment also allows extensive reporting based on the device’s check-in to the Workspace ONE UEM service.
TestAdaptive management:
For some applications, end users can log in to Workspace ONE and access the applications without first enrolling their device. For other applications, device enrollment is required, and the Workspace ONE app can prompt the user to initiate enrollment.
Administrators can enable flexible application access policies, allowing some applications to be used prior to enrollment in device management, while requiring full enrollment for apps that need higher levels of security.
Conditional access:
Workspace ONE Access and Workspace ONE UEM have mechanisms to evaluate compliance. When users register their devices with Workspace ONE, data samples from the device are sent to the Workspace ONE UEM cloud service on a scheduled basis to evaluate compliance. This regular evaluation ensures that the device meets the compliance rules set by the administrator in the Workspace ONE UEM Console. If the device goes out of compliance, corresponding actions configured in the Workspace ONE UEM Console are taken.
Unified application catalog:
The Workspace ONE Access and Workspace ONE UEM application catalogs are combined and presented on either the Workspace ONE app’s Catalog tab or the VMware Workspace ONE Intelligent Hub app, depending on which is being used.
Secure productivity apps:
End users can use the included mail, calendar, contacts, browser, content, organization, and authentication capabilities, while policy-based security measures protect the organization from data leakage by restricting the ways in which attachments and files are edited and shared.
Mobile SSO:
One-touch SSO technology is available for all supported platforms. The implementation on each OS is based on features provided by the underlying OS. For iOS, one-touch SSO uses a technology known as the key distribution center (KDC). For Android, the authentication method is called mobile SSO for Android. And for Windows 10, it is called cloud certificate.
Secure browsing:
Using VMware Workspace ONE Web instead of a native browser or third-party browser ensures that access to sensitive Web content is secure and manageable.
Data loss prevention (DLP):
This feature forces documents or URLs to open only in approved applications to prevent accidental or purposeful distribution of sensitive information.
Resource types:
Workspace ONE supports a variety of applications exposed through the Workspace ONE Access and Workspace ONE UEM catalogs, including SaaS-based SAML apps, Citrix virtual apps and desktops, VMware ThinApp packaged apps delivered through Workspace ONE Access, and native mobile applications delivered through Workspace ONE UEM.
Closing Note
I hope it has been useful to you. In the next blog we will see Workspace ONE Logical Architecture. See you next!