Get Apple devices up and running quickly and gain full visibility to devices connecting to corporate resources. 

Manage iPhone, iPad and iPod touch alongside your macOS and Apple TV devices in a unified console

A new way to BYO with self-service user enrollment using Managed Apple IDs (coming soon with iOS 13)

Support varying device use cases across your organization, including: corporate-owned, BYOD, kiosk, shared and iBeacons

Use industry templates to guide you through setup of key mobility initiatives in your industry with recommended workflows, apps and policies

Leverage Apple Business Manager, including Device Enrollment Program (DEP) integration for out-of-the-box configurations

Gain full visibility over all assets through real-time dashboards, including AppleCare warranty information

Enable users with the apps that keep them productive. 

Deploy any app to any iOS device with a silent install, prompted install or in an enterprise catalog

Deploy key business apps, like Office 365 apps and our suite of productivity apps

Integrate directly with the App Store to easily import any publicly available app into the console for distribution

Support user- or device-based license assignments for apps purchased through the VPP

Develop internal apps using tools like our SDK or following AppConfig Community standards

Manage the full app lifecycle spanning procurement, security, deployment and management

Secure corporate data while restricting IT access to an employee’s own information. 

Separate work data from an employee’s own information using the native app management framework in iOS

Set device restrictions to disable the camera, file sharing between apps, syncing with unknown devices and more to prevent data loss

Get multi-layer security using built-in features for system settings, encryption, data protection, apps, network connections, device controls and more

"Supervise" corporate-owned devices for additional control over configurations and restrictions

Use built-in controls to customize management for supervised, corporate-owned and BYO devices

Managing the Modern Enterprise App Lifecycle with Apple

Learn more about the app lifecycle and how apps can be delivered and managed in today’s IT environment.

Read the Blog

Why Workspace ONE?

Workspace ONE Unified Endpoint Management (UEM) technology now powers VMware Workspace ONE, an integrated platform for the digital workspace.

Learn More

Hands-on Lab: Getting Started with Workspace ONE

Explore the features and functionality of our integrated digital workspace platform from the comfort of your browser.

Try It Free

Your Top Questions Answered

What are the most common capabilities for iOS in Workspace ONE UEM?

1) Automated, out-of-the-box device activation and configuration with User Enrollment to keep the user’s personal data completely separate from work data.  2) Unified app catalog enables self-service for users as well as admin-controlled app download and management.  3) Security: Comprehensive certificate lifecycle management, per-app tunnel to encrypt traffic, settings to avoid data leakage and more.  4) Shared device mode allows multiple users to customize experiences via check-in/check-out.

How should I manage my user's personally owned Apple devices?

Users who want to use their own devices for work (commonly called Bring your own device or BYOD) have several options. The newest method is enrolling iOS devices with Apple's User Enrollment. This is a native enrollment method that separates work and personal data automatically on devices. This protects your user's privacy while securing enterprise resources simultaneously. Alternatively, users can gain immediate access to apps, native and SaaS, and other enterprise resources by logging into the Workspace ONE Intelligent Hub.

What is User Enrollment?

User enrollment is a new BYOD enrollment scenario with an intense focus on user privacy.   On a user-enrolled device, organizations can enable the user’s work experience by providing apps, content, and single sign-on, but do not gain access to full device management or device-unique identifying information.

How can I enable a self-service experience for my employees?

Workspace ONE Intelligent Hub provides a consistent user experience across all Apple platforms (iOS, iPadOS, macOS) enabling employees to access a unified app catalog – consisting of SaaS, Native and Virtual apps with Single Sign On. Intelligent Hub takes it a step further by creating a one-stop shop for corporate resources through services such as People Search, Support and a customized notification tab for corporate communication

How should I deploy my internally developed apps to my users?

Deploying internal apps can be achieved in two ways with Workspace ONE UEM. The first and preferred method is with Apple Business Manager or Apple School Manager integration. This method allows you to privately publish your apps, called "In-House" apps, to the App Store and install those apps to your users via Workspace ONE UEM. These apps are not visible to users on the public App Store yet take advantage of all the App Store features like TestFlight.  The alternative method is to sign your enterprise applications with an Apple Enterprise Signing certificate and upload the .ipa file directly to Workspace ONE UEM. This method offers additional flexibility but comes with more admin overhead to manage.

How does Workspace ONE provide Single Sign On for Native iOS apps?

Workspace ONE uses the native iOS Kerberos capabilities along with technology developed in VMware Workspace ONE Access that provides a bridge between SAML and Kerberos for authentication. Check out this whitepaper for more information.

What options are available to allow my employees to securely and easily share iOS devices?

Workspace ONE UEM offers two options for sharing iOS devices between multiple users.

1.  The newest and preferred method is with Apple's Shared iPad through Apple Business Manager. This provides a unique data partition for each user on an iPad and protects each user's data. The second option is using Workspace ONE UEM's Check-In/Check-Out solution through the Intelligent Hub app. This allows users to log in and out of the app which reconfigures apps and policies based on the current user.

2.  Alternatively, there are solutions like Apple's Provisioning Utility and GroundControl (acquired by Imprivata) that work with Workspace ONE UEM to perform full device wipes and create user sessions via a tethered connection. This helps ensure all user data is deleted when moving devices between users.

What is a Shared iPad?

iPads configured to do so can be shared between users by allowing users to check-in and check-out devices.   Using the Workspace ONE Intelligent Hub, users can sign-in to an iOS device to use the apps and content to which they’re assigned, and then sign-out when they’re done (making the iOS device ready for the next user).   With shared iPad for business or school, integration with Apple Business Manager or Apple School Manager allows a user to sign in with a managed Apple ID and use apps and content to which they’re assigned.

What are Mobile Flows?

Workspace ONE Mobile Flows are the latest addition to the VMware Workspace ONE platform. Mobile Flows help device users perform tasks across multiple business back-end systems from a single app like VMware Boxer. This eliminates the need for end users to visit multiple websites or apps while performing business tasks.