Manage iPhone, iPad and iPod touch alongside your macOS and Apple TV devices in a unified console
A new way to BYO with self-service user enrollment using Managed Apple IDs (coming soon with iOS 13)
Support varying device use cases across your organization, including: corporate-owned, BYOD, kiosk, shared and iBeacons
Use industry templates to guide you through setup of key mobility initiatives in your industry with recommended workflows, apps and policies
Leverage Apple Business Manager, including Device Enrollment Program (DEP) integration for out-of-the-box configurations
Gain full visibility over all assets through real-time dashboards, including AppleCare warranty information
Deploy any app to any iOS device with a silent install, prompted install or in an enterprise catalog
Integrate directly with the App Store to easily import any publicly available app into the console for distribution
Support user- or device-based license assignments for apps purchased through the VPP
Manage the full app lifecycle spanning procurement, security, deployment and management
Separate work data from an employee’s own information using the native app management framework in iOS
Set device restrictions to disable the camera, file sharing between apps, syncing with unknown devices and more to prevent data loss
Get multi-layer security using built-in features for system settings, encryption, data protection, apps, network connections, device controls and more
"Supervise" corporate-owned devices for additional control over configurations and restrictions
Use built-in controls to customize management for supervised, corporate-owned and BYO devices
1) Automated, out-of-the-box device activation and configuration with User Enrollment to keep the user’s personal data completely separate from work data. 2) Unified app catalog enables self-service for users as well as admin-controlled app download and management. 3) Security: Comprehensive certificate lifecycle management, per-app tunnel to encrypt traffic, settings to avoid data leakage and more. 4) Shared device mode allows multiple users to customize experiences via check-in/check-out.
Users who want to use their own devices for work (commonly called Bring your own device or BYOD) have several options. The newest method is enrolling iOS devices with Apple's User Enrollment. This is a native enrollment method that separates work and personal data automatically on devices. This protects your user's privacy while securing enterprise resources simultaneously. Alternatively, users can gain immediate access to apps, native and SaaS, and other enterprise resources by logging into the Workspace ONE Intelligent Hub.
User enrollment is a new BYOD enrollment scenario with an intense focus on user privacy. On a user-enrolled device, organizations can enable the user’s work experience by providing apps, content, and single sign-on, but do not gain access to full device management or device-unique identifying information.
Workspace ONE Intelligent Hub provides a consistent user experience across all Apple platforms (iOS, iPadOS, macOS) enabling employees to access a unified app catalog – consisting of SaaS, Native and Virtual apps with Single Sign On. Intelligent Hub takes it a step further by creating a one-stop shop for corporate resources through services such as People Search, Support and a customized notification tab for corporate communication
Deploying internal apps can be achieved in two ways with Workspace ONE UEM. The first and preferred method is with Apple Business Manager or Apple School Manager integration. This method allows you to privately publish your apps, called "In-House" apps, to the App Store and install those apps to your users via Workspace ONE UEM. These apps are not visible to users on the public App Store yet take advantage of all the App Store features like TestFlight. The alternative method is to sign your enterprise applications with an Apple Enterprise Signing certificate and upload the .ipa file directly to Workspace ONE UEM. This method offers additional flexibility but comes with more admin overhead to manage.
Workspace ONE uses the native iOS Kerberos capabilities along with technology developed in VMware Workspace ONE Access that provides a bridge between SAML and Kerberos for authentication. Check out this whitepaper for more information.
Workspace ONE UEM offers two options for sharing iOS devices between multiple users.
1. The newest and preferred method is with Apple's Shared iPad through Apple Business Manager. This provides a unique data partition for each user on an iPad and protects each user's data. The second option is using Workspace ONE UEM's Check-In/Check-Out solution through the Intelligent Hub app. This allows users to log in and out of the app which reconfigures apps and policies based on the current user.
2. Alternatively, there are solutions like Apple's Provisioning Utility and GroundControl (acquired by Imprivata) that work with Workspace ONE UEM to perform full device wipes and create user sessions via a tethered connection. This helps ensure all user data is deleted when moving devices between users.
iPads configured to do so can be shared between users by allowing users to check-in and check-out devices. Using the Workspace ONE Intelligent Hub, users can sign-in to an iOS device to use the apps and content to which they’re assigned, and then sign-out when they’re done (making the iOS device ready for the next user). With shared iPad for business or school, integration with Apple Business Manager or Apple School Manager allows a user to sign in with a managed Apple ID and use apps and content to which they’re assigned.
Workspace ONE Mobile Flows are the latest addition to the VMware Workspace ONE platform. Mobile Flows help device users perform tasks across multiple business back-end systems from a single app like VMware Boxer. This eliminates the need for end users to visit multiple websites or apps while performing business tasks.