In my day job (yes I have one outside of blogging – thats why I’ve not blogged for a while!) I’ve been spending some of the lockdown time looking at various products for unified endpoint management, which is the new marketing term used for device management. In particular I’ve been really impressed with Workspace One. This post is going to serve two purposes, firstly as a brain dump for my thoughts, and secondly for you guys to understand a little bit about what it can do with no marketing bias.
Workspace One UEM is a VMware product that they aquired back in 2014 and rebranded away from its Airwatch branding. Originally known as a MDM (mobile device management) it was particular strong at managing IOS and android devices but the product has grown substantially since then and now does a whole lot more. There will be a certain slant to this post, as. certain functionality is not needed within my business however I’ve classified it’s functionality into 4 difference sections:
- Application Management
- Endpoint Management
- Identity Management
One of the big challenges for most businesses is ensuring that a consolidated list of supported apps is deployed and managed centrally. Traditionally, tools such as SCCM or JAMF have been used to ensure this is achieved but with the move away from on-premise devices, this can be more challenging. Likewise, managing your mobile device and tablets and your workstation estate in a single console, to give your end users a consistent experience is key.
Workspace One allows you to create your own ‘store’ for your business and assign those apps to smart groups, a term used to describe groups that can define access based on platforms, devices, or users. Those apps can be automatically be deployed, or installed on-demand by the user should they require it. On IOS and Android, these apps can be added and auto-updated easily, as the source is the Apple Store and Google Play Store. Adding apps for Mac OSX and Windows is more of a manual process at the moment as there is no central store available for all products which is a bit of a hinderance.
N.B. Workspace One Product Managers – giving us auto-updating of apps should be priority number one!
Having said that, from a Windows perspective, the process for adding an app to your store is super simple, and incredibly configurable, allowing you to add via MSI, via EXE and put any number of modifications on install. Its very impressive, but also very intuative.
- Handles apps for pretty much all platforms
- Highly configurable installation options
- No auto-updating of apps on Windows as the process is manual
This is rather a broad subject, and I’ve kinda done this on purpose as it allows me to lay out all the features that don’t fit into the other categories… I know lazy huh? 😉
Onboarding and Enrollment
The first challenge of endpoint management is ensuring you can manage the endpoint. Sound ridiculous – but can be a real challenge. The great thing about modern operating systems is that there are options both in the workstation and mobile world. Apple have the Device Enrollment Program (commonly known as DEP), Google have Android Enterprise and Windows gives you plenty of options including online and offline AD join, Azure Premium and non-Premium join and workgroup too. Oh and if you’re a Dell house for your devices, they’ll do it out of the factory for you. In short, enrollment is easy!
So once you’ve got the devices enrolled, WS1 silently sits there in the background, applying policies, baselines, and applications. Assuming you’ve spent the time setting up those clever smart groups, and silent installs – this will be a fantastic experience for your end users as they will just need to wait while WS1 installs the apps on your machine for you. This works whether you’re on Android, IOS, Windows or MacOSX. Where it falls down a little is that the experience isn’t always the same on each device, despite the end product being the same. I think the WS1 team are working on providing a consistent application which provides a store for your business. Essentially a list of applications that can be installed by the end user, requested, or what not.
Side note here, if you are clever like Stagecoach, you’ll be working on integrating your IdP (*cough* Okta) and it will pull down all the relevanet web based apps from within your Okta tenant too!
- Enrollment is simple, and ridiculously simple if you buy your devices from Dell
- WS1 Intelligent Hub is very simple to use
- Intelligent Hub experience isn’t consistent across different platforms
Workspace One can also act as your IdP (Identity Provider) or integration with an existing provider if you use one… so what does that mean. It means if you use SaaS products as Okta, Ping or Azure AD, or on premise tools such as ADFS it will integrate with them. And if you want to use AD on premise, it’ll work with that too. Once it has that data about your users’ identities, then it can single sign them on to applications, provide MFA to web or virtual apps. Now all that sounds like a load of marketing crap, but believe me it works. And not only does it work for SSO, it’ll use SCIM (a very new technology) to ensure accounts in your IdP that get disabled or created, are instantly replicated in WS1. Meaning if you close someone’s account, they are closed everywhere, whether that be logging onto Salesforce, Office 365 or your super-duper secure finance system. Oh and to top it off, its available as a SaaS product, so big tick there too.
I sound like a broken record on this, but if your business is using lots of SaaS products, Identity Management is very important. SSO is fantastic for your end users, MFA is great for your information security team, and SCIM is king for service delivery processes and batting off those pesky auditors.
- Integration with third party IdPs is great and allows business flexibility
- IdP integration is long winded and complex at the moment
Useful link to the WS1 Identity Manager integration into Okta: LINK
This section is the most critical for me in my searches for the best software, because putting it bluntly, it is all about whether the product enhances the users’ experience or productivity. One thing I always bang on about (and those who work with me will be nodding at the moment), is that a majority of IT folk are there to either develop a product, or to utelise products that improves productivity or efficiencies. This is the one area in particular where UEM (unified endpoint management) as a whole excels, as it allows the user access to the tools to do their job, as frictionless as possible. Although I don’t think Workspace One has nailed this on all platforms yet, they are making superb headway, irrelevant if your users are using flat-client apps, cloud-only or a combination of the two.
Their concept of the Intelligent Hub, basically an app which allows you to install, request or remove desktop apps, but also provides links to your cloud-based SaaS apps (linked from your IdP) is fantastic. I can see it reducing tickets with your servicedesk as they no longer need to install apps manually (or via script), but aside from that gives the user a feeling of independance, and less like ‘IT are watching’ (even though we are….!)
- User based app management is very slick on desktop, almost like Apple App Store / Google Play
- Integration to SaaS apps gives that one-stop shop for all app
- Just getting that consistent experience across all devices would be great for the end user
What would I like to see next?
As I’ve said above, getting the consistent app across all platforms is critical, and also on Windows having auto updating of apps would be useful too. That will drive a familiar experience for end users no matter which device they are using. There is the potential for it then to be user-centric. For example if I installed Word on my iPad, it would be good for WS1 to say “Hey, do you want that installing on your Mac and your iPhone too?”. There is some work to do, but its a fantastic platform, and there’s a reason its been a Gartner leader for sometime.
I may add a few more posts on WS1 as its peaked my interest somewhat – so watch this space!