Intelligence Use Case: Automated Remediation Process for Critical Resources
Automated Remediation Process for Critical Resources
When we deploy critical resources (business-critical applications, profiles, or products), we would like to make sure that they are installed and remain on the devices. With Workspace ONE UEM, you can deploy these resources automatically. Understandably, you might expect a 100% deployment success rate. However, in practice, that may not always be the case. You might have some devices that lose internet connectivity while downloading the apps or profile install failure due to one reason or another.
To remediate the issue, you will traditionally need to go into the Workspace ONE UEM console and re-push those resources to the devices. And, although that provides an effective resolution, it is not the most efficient way to do so. You could find yourself logging into the console once a day and re-pushing those resources until most devices have gotten them, and you are a few misclicks away from re-pushing the resources to all devices, not just those without the resources.
Intelligence Automation Engine
Workspace ONE Intelligence can help you automate that process, freeing up your time to do other important tasks. Here is an example screenshot of automation workflow here shows how you can set up an automated process where, every 12 hours, the Intelligence Automation Engine evaluates whether the assigned version (22.04.0.1) of Boxer is installed. If it is not installed, then we queue up the application install command to the devices. You can adjust this process however suits your deployment.
Figure: Workflow to re-push Boxer application every 12 hours for devices without the app installed
After the workflow was enabled, you can see the activity of this workflow as it queues up Install Internal Application commands for devices yet to have Boxer installed. I have two devices enrolled in my sandbox environment, so we can see two actions created here. Note that when the status shows COMPLETED, it means that Workspace ONE Intelligence successfully executed the defined action. In this case, it makes an API call to Workspace ONE UEM to push the app install command. The COMPLETED status does not necessarily mean that the device has the app installed — just that the command is queued up.
Figure: Workflow activity after it is enabled
In Workspace ONE UEM, if you navigate to Device Details > Troubleshooting > Commands tab, you can see the command queued up here as well, waiting for the device to pick up.
Figure: Correlated action in Workspace ONE UEM
Because both of my devices are purposefully turned off, obviously it will not be able to consume the app install command. And, as the devices still do not have the app installed, Workspace ONE Intelligence automatically queues up app install commands for these two devices every 12 hours. The following screenshot shows the activity associated with this workflow after I let it run for a few days. The commands are queued up at 3 AM and 3 PM every day since the workflow was enabled.
Figure: Workflow activity after some time has passed showing the 12-hour cycle
Setting up similar workflows is a terrific way to ensure that your critical applications, profiles, and products are properly installed on the devices. Even if these resources get removed accidentally, the workflows will allow you to ensure that every 12 hours (or any other frequency interval of your choosing), the commands will be queued up to install those missing resources.
And of course, do not forget to use Workspace ONE Intelligence Historical Dashboard to monitor your critical deployments!
Look out for the next blog in this series, Intelligence Use Case: Integration with your IT Service Management Tool.