Drop Ship Provisioning: Workspace ONE Operational Tutorial

VMware Workspace ONE UEM 2105 and later

Overview

Introduction

VMware provides this operational tutorial to help you with your VMware Workspace ONE® environment. This tutorial covers the process for Workspace ONE Drop Ship Provisioning.

In this tutorial, you will export apps from the Workspace ONE UEM console as a Windows provisioning package (.ppkg), create a configuration file (unattend.xml) and validate these files on a Windows 10 virtual machine using the Workspace ONE Provisioning Tool.

For virtual machine settings, see Creating a Windows 10 Virtual Machine to Test Workspace ONE.

Audience

This operational tutorial is intended for IT professionals and Workspace ONE administrators of existing production environments. Both current and new administrators can benefit from using this tutorial. Familiarity with networking and storage in a virtual environment is assumed, including Active Directory, identity management, and directory services. Knowledge of additional technologies such as VMware Workspace ONE® Access (formerly VMware Identity Manager) and VMware Workspace ONE® UEM is also helpful.

Workspace ONE Drop Ship Provisioning

Workspace ONE Drop Ship Provisioning Overview

Workspace ONE Drop Ship Provisioning allows Windows 10 Device OEMs and Workspace ONE administrators to provide a virtually zero IT touch onboarding experience with virtually zero user downtime. This means users are productive as soon as they receive their Windows 10 device. 

Configurations, settings, and applications are preloaded at the factory. Now, instead of waiting for apps, policies, and settings to download and apply, you can have a ready-to-work experience on the first boot of the device. If you need to perform a PC reset or recovery in the future, Zero Touch Restore functionality allows applications and management to persist, minimizing downtime and unnecessary hours to "re-image" the device like traditional PCLM tools.

Configuration for Workspace ONE Drop Ship Provisioning is straightforward: just export applications from Workspace ONE UEM as a provisioning package (.ppkg) and complete a wizard to generate a configuration file (unattend.xml).

Note: To use Workspace ONE Drop Ship Provisioning with Dell, you must participate in Dell Configuration Services. To begin the Dell Configuration Services project setup, see Configuration Services and click Contact Us.

Supported Use Cases

The Workspace ONE UEM console steps you through how to build a standard unattend.xml configuration file to be applied in the factory as part of Workspace ONE Drop Ship Provisioning. 

This controls Windows setup, including domain join (workgroup, On-Premises Active Directory, Hybrid-domain, Azure AD Basic, and Azure AD Premium), out-of-box experience (OOBE) modifications, and automatic enrollment of devices into MDM, automatically on first boot. 

Workspace ONE Drop Ship Provisioning supports the following Active Directory (AD) Types (use cases):

User Authentication Method Configurations Use-Cases
Workgroup
  • Automatic enrollment to MDM.
  • Device logs in with local Account.
Kiosk Devices
Purpose-Built Devices
On-Premises Active Directory
  • Automatic enrollment to MDM.
  • Ability to join the on-premises active directory domain.
  • The device needs access to the domain when booting up for the first time to join the domain successfully.
  • Workspace ONE Tunnel can be used to connect to on-premises Active Directory for user login.
  • Device logs in with on-premises Active Directory user credentials.
Corporate User

Azure Active Directory Basic

  • Automatic enrollment to MDM.
  • Ability to join AAD without a premium license and still enroll into Workspace ONE UEM.
  • Device logs in with Azure Active Directory basic user credentials.
  • User will be prompted to sign in to the Workspace ONE Intelligent Hub.
Corporate User

Azure Active Directory Premium

  • Automatic enrollment to MDM.
  • Ability to join AAD with the option of using Autopilot as well.
  • Device logs in with Azure Active Directory Premium user credentials.
  • Can use hybrid domain join to join the device to Azure Active Directory and on-premises Active Directory.
Corporate User

Roles and Responsibilities

This operational tutorial focuses on the technical process of how to set up, configure, and validate Workspace ONE Drop Ship Provisioning. However, this is just one part of the overall process. You should also note the following parties and their responsibilities: 

Role Responsibility

Your Company

VMware End-User Computing Specialist
  • Interacts with OEMs and your company to reach a readiness state for Workspace ONE Drop Ship Provisioning.
Dell Configuration Services
  • Engaged by Dell Sales applying the Factory Provisioning for Workspace ONE SKU. 
  • Validates Workspace ONE Licensing, coordinates obtaining configuration files via Dell File Transfer.
  •  Verifies that configuration files are correct, then sends the order to Dell Factory.

OEM Factory

  • Applies configurations on devices and ships them to your company or directly to end-users.

End-User

  • Unboxes devices, boots device with Internet access, logs in and is ready to work from home or the office!

Workspace ONE Drop Ship Readiness Checklist

The following checklist provides an overview of the entire process and what you need to complete as part of Workspace ONE Drop Ship Provisioning.

  1. Workspace ONE UEM on-premises environments MUST have Workspace ONE Factory Provisioning Service installed.
  2. Have Windows 10 Applications in the Workspace ONE UEM Console. Add apps in the following ways:
  3. Complete Provisioning Package Wizard in the Workspace ONE UEM console.
    • Devices > Lifecycle > Staging > Windows
  4. Successfully Downloaded and tested the PPKG  and XML using the Workspace ONE Provisioning Tool.
  5. Work with the OEMs on their process for retrieving the provisioning files.

Online & Offline Provisioning

As today's workforce transitions to remote work, businesses must deliver an efficient onboarding experience on Windows computers to their remote workers. 

Workspace ONE Drop Ship Provisioning offers various ways to provision remote Windows 10 desktop devices to your users who are not in traditional offices.

Workspace ONE Drop Ship Provisioning (Offline)

With Workspace ONE Drop Ship Provisioning (Offline), you send your manufacturer a provisioning package (PPKG) with all the apps you want pre-loaded to devices. After creating the PPKG and unattend.xml configuration file, you can edit and delete your templates and packages in Workspace ONE UEM.

Note:

  • Application installers must be offline installers that do not need an internet connection.
  • The device will receive application updates from Workspace ONE UEM when connected to the internet. If the application needs to be updated for the Users First Launch experience, then you will need to generate a new PPKG file with the latest application version.

Workspace ONE Drop Ship Provisioning (Online)

With Workspace ONE Drop Ship Provisioning (Online), you can dynamically assign Workspace ONE UEM payloads like profiles and applications. You can also provision your Windows 10 devices with assignments at the manufacturer (OEM) and ship devices directly to your end-users.

Note: 

  • Application installers can be online installers because internet connectivity is available.
  • The latest versions of the applications are installed on the machine.

Requirements

To take advantage of Workspace ONE Drop Ship Provisioning, ensure that you:

  1. Contact Your OEM for Availability
    • To use Workspace ONE Drop Ship Provisioning (Online & Offline), contact your OEM (original equipment manufacturer) representative.
  2. Have Provisioning Packages Created
    • You can also create encrypted PPKGs to provision devices yourself. This process does not use Workspace ONE Drop Ship Provisioning (Offline). You can provision devices either using the device OOBE or by running the PPKG on a device.
  3. Meet Workspace ONE UEM Requirements for Drop Ship Provisioning (Offline)
    1. Workspace ONE UEM 2008 or later.
    2. Workspace ONE Intelligent Hub for Windows 20.08 or later.
    3. On-premises deployments.
  4. Meet Workspace ONE UEM Requirements for Drop Ship Provisioning (Online)
    1. Workspace ONE UEM 2010 or later.
      • Workspace ONE Drop Ship Provisioning (Online) does not support On-Demand or User context applications. 
      • Ensure your app assignments are in the Device context and are set to Automatic deployment.
      • Disable the Auto Enrollment setting in the Workspace ONE UEM console found at Groups & Settings > All Settings > Device & Users > Windows > Windows Desktop > Auto Enrollment.
    2. Workspace ONE Intelligent Hub for Windows 20.10 or later.
    3. On-premises deployments
    4. Requirements for the device include the listed processes and packages.
      • Register ALL devices with the Workspace ONE OEM Provisioning Service.
      • Stage all devices with the Generic PPKG file, an answer file (unattend.xml), and run Sysprep.
  5. Test and Validate
    1. Validate using a Windows 10 Professional device (physical or virtual machine).
    2. See Creating a Windows 10 Virtual Machine to Test Workspace ONE.
    3. Note: Drop Ship Provisioning for Workspace ONE with Dell Machines is only supported on Enterprise Dell systems such as Latitude, Precision, OptiPlex, and XPS notebooks.

Workspace ONE UEM File Storage and Software Distribution

Drop Ship Provisioning for Workspace ONE requires enabling some of the following components depending on your deployment type:

  1. Enable Software Distribution
    • Configure Workspace ONE UEM to recognize the deployment of Win32 applications through the software distribution method.
    • For Workspace ONE UEM 2008 and later, this is done automatically.
  2. File Storage
    • Workspace ONE UEM functionality uses a dedicated file storage service to handle processing and downloads, which reduces the overall burden on your Workspace ONE UEM database and increases its performance. Configuring file storage manually is only applicable to on-premises customers. It is automatically configured for SaaS customers.
  3. CDN
    • A content delivery network (CDN) is a highly distributed platform of servers that responds directly to the end-user requests for the web content. The content delivery network acts as an intermediary between the Workspace ONE UEM servers and the end-user devices to mitigate the challenges of delivering the content over the Internet.

Refer to the table for components required for your deployment.

Workspace ONE UEM Deployment Software Distribution File Storage CDN
SaaS shared Enabled by default N/A Enabled by default
SaaS dedicated version 2008 and later Enabled by default N/A Enabled by default
On-premises version 2008 and later Enabled by default Required Disabled by default, but recommended.

Install Workspace ONE Factory Provisioning Service for On-Premises Deployments

This process installs the Workspace ONE Factory Provisioning Service into your environment. Only On-Premises customers must install this service. Consider reviewing the VMware Workspace ONE UEM Recommended Architecture Guide before installing the service.

Ensure that the servers the Factory Provisioning Service are installed on can reach and connect to your REST API server. The URL for REST API is set under Groups & Settings > All Settings > System > Advanced > Site URLs > REST API URL.

Use TLS to ensure that the traffic between the Factory Provisioning Service server and the Workspace ONE UEM console is secured. To use TLS, you must install a certificate for the Factory Provisioning Service server and enable HTTPS.

1. Install Workspace ONE Factory Provisioning Service for On-Premises Deployments

The Workspace ONE Factory Provisioning Service enables exporting of applications from Workspace ONE UEM console into a Windows Provisioning Package (.ppkg).

This service must be installed and configured in order to use Workspace ONE Drop Ship Provisioning.

Download the Workspace ONE Factory Provisioning Service Installer

Note: ASP.NET core is required to run the Workspace ONE Factory Provisioning Service. Depending on the version of the installer and if your system does not already have this installed, you maybe required to download and install ASP.NET.

1.1. Welcome

dell factory, enterprise server, provisioning tool, provisioning toolkit

Launch the Workspace ONE Factory Provisioning Service installer, then click Next.

1.2. License Agreement

dell factory, enterprise server, provisioning tool, provisioning toolkit
  1. Click I accept the terms in the license agreement.
  2. Click Next.

1.3. Destination Folder

dell factory, enterprise server, provisioning tool, provisioning toolkit

Optionally, you can change the install location, then click Next.

1.4. Ready to Install the Program

dell factory, enterprise server, provisioning tool, provisioning toolkit

Click Install.

1.5. Successfully Completed

dell factory, enterprise server, provisioning tool, provisioning toolkit

Click Finish.

You have successfully installed the Factory Provisioning Service. Now verify that it is running properly, and take a look at the logging locations.

2. Validating Factory Provisioning Service and Logging Locations

dell factory, enterprise server, provisioning tool, provisioning toolkit

The installation log for the Workspace ONE Factory Provisioning Service is located in the same directory as the setup executable. If the setup fails, see this log for more details.

2.1. Validate Workspace ONE Factory Provisioning Service is Running

dell factory, enterprise server, provisioning tool, provisioning toolkit
  1. Right-click the taskbar.
  2. Click Task Manager.

2.2. Services

dell factory, enterprise server, provisioning tool, provisioning toolkit
  1. Click Services.
  2. Ensure that the AirWatchFactoryProvisioningService is Running.

2.3. Factory Provisioning Service Log

dell factory, enterprise server, provisioning tool, provisioning toolkit

Open File Explorer and browse to the install directory of Factory Provisioning Service.

  1. Expand Install Directory (such as C:\AirWatch) > AirWatch > Factory Provisioning Service > Services > logs.
  2. The AW.FactoryProvisioning.Service.log contains all of the details of the actions taken by the Factory Provisioning Service. Note the log entry which states it created the C:\AirWatch\ProvisioningPackaging directory.
  3. Close the File Explorer by clicking the red X.

3. Update the Factory Provisioning Service Site URL

dell factory, enterprise server, provisioning tool, provisioning toolkit

Return to the Workspace ONE UEM Console, and update the Factory Provisioning Service URL by navigating to All Settings:

  1. Click System > Advanced > Site URLs.
  2. Update the Factory Provisioning Service URL. Enter https://FPS_Hostname/FactoryProvisioning/Package, where FPS_Hostname is your Factory Provisioning Service hostname.

Note: In order for the HTTPS URL to function properly, a certificate must be properly requested for the Factory Provisioning Server.

4. Factory Provisioning Service Health Check

dell factory, enterprise server, provisioning tool, provisioning toolkit

You can check to see if the Factory Provisioning Service is properly started and running by navigating to https://[FPS_Hostname]/FactoryProvisioning/hc, where FPS_Hostname is your Factory Provisioning Service hostname. Remember that this should be accessible from the Workspace ONE UEM Console server. If successful, you should see the above response.

Workspace ONE Provisioning Tool

The VMware Workspace ONE Provisioning Tool helps you test and validate your applications (exported as a .ppkg file) and the special-purpose unattend.xml configuration file as part of Workspace ONE Drop Ship Provisioning. This tool simplifies the testing and validation of this process in your own environment before these files are sent and applied at the OEM factory.

In this section we will download the tool from the myWorkspaceONE portal.

1. Log In to My Workspace ONE Portal

Log In to My Workspace ONE Portal

Log into https://my.workspaceone.com/ and click the hamburger menu on the top left corner.

  1. Select Products
  2. Select All Products
  3. Search for Workspace ONE Provisioning Tool
Log In to My Workspace ONE Portal
  1. Search for Workspace ONE Provisioning Tool
  2. You can also find the tool directly at https://my.workspaceone.com/products/Workspace-ONE-Provisioning-Tool

2. Download Workspace ONE Provisioning Tool

Download Workspace ONE Provisioning Tool
  1. Select the following options from the drop-down menu:
    • Select a platform – Select Windows
    • Select an app version – Select the latest version
    • Filter by Console Version – Select All
  2. Select Installs and Upgrades.
  3. Click the Workspace ONE Provisioning Tool link to download.
Download Workspace ONE Provisioning Tool
  1. Note: If the download doesn't begin automatically, click Download Resource

TIP: Save the Workspace ONE Provisioning Tool in a location to use for testing later in this tutorial.

Boot Windows into Audit Mode

To boot the operating system into Audit Mode, we will use Sysprep.

Sysprep (System Preparation) prepares a Windows installation (Windows client and Windows Server) for imaging, allowing you to capture a customized installation. 

With Sysprep you can configure the PC to boot to audit mode, where you can make additional changes or updates to your image. Or, you can configure Windows to boot to the Out-of-Box Experience (OOBE).

For more information, see:

In the next steps, we will use the Command Line to reboot a machine into Audit Mode.

1. Use Command Line to enter Windows 10 Audit Mode

Using Command Line to enter Windows 10 Audit Mode
  1. Enter cmd in Windows Search.
  2. Run Command Prompt as Administrator.
Using Command Line to enter Windows 10 Audit Mode

In this example, we are going to generalize the operating system, and reboot the machine to audit mode.

Enter the following in Command Prompt:

%WINDIR%\system32\sysprep\sysprep.exe /generalize /reboot /audit

TIP: Enter Audit Mode during Windows Set-Up

To enter audit mode, during Windows setup, when Windows enters the OOBE phase, do one of the following:

  • Fusion: SHIFT+FN+CONTROL+F3
  • Workstation: CTRL+SHIFT+F3 or CTRL+SHIFT+FN+F3 (on some laptops)

2. Confirm Windows is in Audit Mode

Confirm Windows is in Audit Mode

After successfully initiated, the machine will reboot into audit mode. 

The System Preparation Tool (Sysprep) will be running: ignore it. 

The next steps would be to use the Workspace ONE Provisioning Tool to validate the PPKG and Unattend XML files.

Setting Up Workspace ONE Drop Ship Provisioning (Offline)

Obtaining Workspace ONE Enrollment details

Use the following reference sheet and obtain the  Workspace ONE Enrollment details for Drop Ship Offline. 

Drop Ship Details Example Your Workspace ONE Enrollment details

Enrollment Server

https://dsXXX.awmdm.com/DeviceServices  

Enrollment OG

techzoneOG  
Staging Account staging@techzoneOG.com  

Staging Password

MXXf9Lg  

1. Retrieve Workspace ONE Enrollment Details

Workspace ONE Enrollment Details

In the Workspace ONE UEM Console:

  1. Click Groups & Settings.
  2. Click All Settings.

1.1. Windows Staging & Provisioning

In this step, we will obtain the Enrollment OG, Staging Account and Staging Password.

Windows Staging & Provisioning
  1. Expand to Devices & Users > Windows > Windows Desktop > Staging & Provisioning.
  2. Copy the UPN value.
    • This is the Staging Account
  3. Copy the Secret (staging password).
    • This is the Staging Password
  4. Copy the Group ID by pointing to your email address.
    • This value is used in Enrollment OG

2. Workspace ONE Enrollment Server (Device Services URL)

Workspace ONE Device Services URL

In the Workspace ONE UEM console:

  1. Navigate to Groups & Settings > All Settings > System > Advanced > Site URLS.
  2. Review your Device Services URL. This is the Workspace ONE UEM enrollment server URL.

Creating New Provisioning Package (offline)

As the IT administrator, you can leverage the Provisioning Package wizard in the Workspace ONE UEM console to create the configuration file and export the apps. In the next steps, we will configure:

  • Onboarding Methods
    • Factory Provisioning or Encrypted Package
  • Configurations
    • Directory Type
      • Configure Workplace, On-Premises Active Directory,  or Azure Active Directory.
    • OOBE Configuration
      • Hide EULA Page and Privacy Settings
      • Configure Operating System Language and Region and Keyboard Settings
    • System Configuration
      • With a Windows 10 Enterprise license, you can also choose to set the provisioning configuration for removal of consumer applications bundled with Windows 10
    • Workspace ONE Enrollment
      • Configure Automatic MDM Enrollment with Workspace ONE
  • Applications
    • Select application to have installed ready for the user.

1. In the Workspace ONE UEM Console

In the Workspace ONE UEM Console

In the Workspace ONE UEM Console:

  1. Click Devices.
  2. Click Lifecycle.
  3. Click Staging.
  4. Click Windows.
  5. Select New

2. General Tab

General Tab
  1. Enter the Provisioning Package Name.
    • In this example we have called this Sales AD User as the User will log in with On-Premises AD credentials.
  2. Enter in a Description
    • The description can include notes like apps installed or any specific configurations.
  3. Review Managed By
    • Ensure that the PPKG file is created at the Organizational Group where other admins have permission to edit.
  4. Click Next to move to the Onboarding Methods

3. Onboarding Methods

The provisioning configuration is exported in Windows unattend XML file format.

This file follows the standard unattend XML schema, with some additional configuration for MDM enrollment into Workspace ONE UEM.

The configuration is applied when the device first boots.

Onboarding Methods

Select the Onboarding Method:

  • To create a PPKG for Workspace ONE Drop Ship Provisioning, select Factory Provisioning.
  • To create an encrypted PPKG for  IT Provisioning, select Encrypted PPKG. Select Next.

4. Configurations

The following table details all of the options for the configuration file and provides a detailed explanation of each field.

Settings Description
Select AD Type Select the type of Active Directory to use. The settings below change, based on your AD type.
Note:This information is saved in plain text in the XML file. Ensure that this file is always secured and not sent over insecure connections.
OOBE Configuration
Show EULA Page Select Yes/No to show the EULA page during the OOBE.
Show Privacy Page Select Yes/No to show or hide the privacy page during the OOBE.
Operating System Language If No is selected (and thus hidden from OOBE), select the language below to pre-configure the system to that locale.
Show Region and Keyboard Settings Select Yes/No to show the region and keyboard settings during the OOBE.
System Configuration
Domain Name Enter the name of the domain you want the device to join.
This setting displays when you set the AD type to On-Prem AD Join.
Note: This information is saved in plain text in the XML file. Make sure this file is always secured and not sent over insecure transports.
Domain Username Enter the username that has Domain Join privileges.
This setting displays when you set the AD type to On-Prem AD Join.
Note: This information is saved in plain text in the XML file. Make sure this file is always secured and not sent over insecure transports.
Domain Password Enter the password for the Domain Join user.
This setting displays when you set the AD type to On-Prem AD Join.
Note: This information is saved in plain text in the XML file. Make sure this file is always secured and not sent over insecure transports.
AD Organization Unit (OU) Enter the organization unit for the AD.
Th OU must follow the correct formatting:
OU=,OU=,DC=Company,DC=com
This setting displays when you set the AD type to On-Prem AD Join.
Workgroup Enter the workgroup you want the device to join. The workgroup name must be 15 characters or fewer.
This setting displays when you set the AD type to Workgroup.
Registered Owner Enter the registered owner for the device. This will show up in system information
Registered Organization Enter the registered organization for the device. This will show up in system information
Remove Windows 10 Consumer Apps Select Yes to prevent consumer apps from appearing in Windows 10.
This setting is only supported for Windows 10 Enterprise or Education. Entering a Windows 10 Enterprise or Education key is required.
Product Key Enter the Windows 10 product key.
You must follow the correct format:
12345-54CDE-XYZ78-ONM98-456TY
Create Local User Select Yes to create a local user account.
If you select No, the user is prompted during OOBE.
This setting displays when you set the AD type to Workgroup or On-Premises AD.
Local Username Enter the username for creating an additional local user account.
This setting displays when you set the AD type to Workgroup or On-Premises AD.
Local User Password Enter the password for the local user account.
This setting displays when you set the AD type to Workgroup or On-Premises AD.
Make Administrator? Select to make the local account an administrator.
You must make the local user account an administrator to start Workspace ONE enrollment automatically.
During OOBE, the device prompts the user to enter their enrollment credentials.
This setting displays when you set the AD type to Workgroup or Azure AD.
Computer Name Computer name will be randomized by default so that every system coming from the factory is unique. To create a naming convention, use the Registered Owner and Registered Organization fields. The computer name will take  the first 7 characters from Registered Org or Registered Owner as the  prefix and then randomize the rest up to the max of 15 characters. For example, setting both of those fields to be "VMWARE-" (without quotes) yields a computer name of VMWARE-8QJJCTJB where the last 8 characters are randomized for every system.
See Microsoft documentation for more information. If you require a more customized computer name using serial number or service tag, for example, please engage your Dell CS Project Manager to have that added to your order.
Enable Administrator Account You must enable the built-in administrator account to facilitate Workspace ONE enrollment.
You can later disable this account after enrollment is complete.
Administrator Password Enter a password for the administrator account.
Auto Admin Login A one-time administrator logon is needed to enroll the device. Auto admin logon has been turned on and the local administrator account is now required to be set up
User Account Control Select the level of User Account Control (UAC).
Additional Synchronous Commands Add commands that automatically run at the end of the Windows setup process but before any user logs in.
First Logon Commands Add commands that automatically run the first time a user logs in.
This setting requires the user have local admin privileges.
Workspace ONE Enrollment
Note: This setting will NOT show if directory type Azure Active Directory - Premium is selected
Enrollment Server Enter your Workspace ONE UEM enrollment server URL.
Find the enrollment URL by navigating in the Workspace ONE UEM console to Groups & Settings > All Settings > System > Advanced > Site URLs.
Enrollment OG Enter the devices organization group.
Staging Account Enter the username for the staging account.
Find this username by navigating in the Workspace ONE UEM console to Groups & Settings > All Settings > Devices & Users > Windows  > Windows Desktop > Staging & Provisioning.
Staging Account Password Enter the password for the staging account.
Device Services URL Enter your device services URL.
Find the device services URL by navigating in the Workspace ONE UEM console to Groups & Settings > All Settings > System > Advanced > Site URLs.

4.1. Configurations Details

Directory Type

Select the Active Directory Type, OOBE Configuration and configure the System Configuration

Workspace ONE Enrollment Details

Enter in any Additional Synchronous Commands and First Logon Commands

  1. Additional Synchronous Commands
    • You can add commands that will automatically run at the end of the Windows setup process, but before any user login
  2. First Logon Commands
    • You can add commands that will automatically run the first time a user logs on (Requires the user to have local admin privileges)

Check out the Factory Provisioning for VMware Workspace ONE Script samples on VMware {code} for sample commands to use for Additional Synchronous and First Logon Commands.

4.2. Workspace ONE Enrollment Details

Workspace ONE Enrollment Details

Enter your Workspace ONE UEM enrollment details.

See Obtaining Workspace ONE Enrollment details for Drop Ship Offline.

  1. Enrollment Server
    • Enter your Workspace ONE UEM enrollment server URL.
    • Find the enrollment URL by navigating in the Workspace ONE UEM console to Groups & Settings > All Settings > System > Advanced > Site URLs.
    • For example, https://ds138.awmdm.com/DeviceServices
  2. Enrollment OG
    • Enter your Workspace ONE UEM enrollment Organisational Group Name.
  3. Staging Account
    • Enter the username for the staging account.
    • Find this username by navigating in the Workspace ONE UEM console to Groups & Settings > All Settings > Devices & Users > Windows > Windows Desktop > Staging & Provisioning.
  4. Staging Password
    • Enter the password for the staging account.
    • Find this password by navigating in the Workspace ONE UEM console to Groups & Settings > All Settings > Devices & Users > Windows > Windows Desktop > Staging & Provisioning.

5. Applications

  1. Select the checkbox next to the applications to add them.
  2. For any applications with Transform (.mst) files, select the transform (.mst) file.
  3. Click Next.

Important: Ensure that Applications are offline installers and can install on the machine without any internet connectivity.

6. Review the Configurations and Applications

Summary
  1. Click Save and Export.

TIPS FOR PPKG EXPORT:

  • After you initiate the PPKG export process, a confirmation is shown. On completion of PPKG export, a notification is sent to the Workspace ONE UEM console with a link to download the PPKG.
  • A console administrator can have one PPKG export in progress at a time.
  • To start a new PPKG export, the console administrator needs to wait for the existing PPKG export to complete. A new PPKG export request overwrites any previously exported PPKG for that administrator.
  • Multiple console administrators can concurrently request PPKGs to be exported though. You may need to refresh the page to see the status update.
  • The number of apps you chose to export determines how long the export takes. The Unattend XML configuration file will be ready to download right away.

Downloading New Provisioning Package (PPKG) & Unattend XML

Follow these steps to download the Unattend XML and the PPKG file.

1. Confirm Unattend XML and Provisioning Package Ready to download

Confirm Unattend XML and Provisioning Package Download

In the Workspace ONE UEM console

  1. Review the status of the PPKG
    • Status can be Draft, In Progress and Download Options
  2. Refresh the page after a few minutes to refresh the status.
  3. Select the PPKG and the Unattend XML to download.

2. Confirm download of PPKG and Unattend XML

Confirm Unattend and Provisioning Package Download
  1. Confirm that the download was successful. This exported provisioning package and unattend.xml are used in a future step.

If you have CDN configured, the filename is a random string of characters. It is recommended to manually rename for easier tracking. If you do not have CDN configured, the filename matches the name of the Provisioning Package configured during the wizard.

Validating using Workspace ONE Provisioning Tool

Now that you have both enterprise applications and provisioning configuration packaged, the two files (.ppkg and unattend.xml) are ready to be tested in your own environment.

To do this, we will boot a windows machine into audit mode, and download and run the Workspace ONE Provisioning Tool to validate the PPKG and Unattend XML provisioning files.

Ensure that you have:

Important: Validating the PPKG and Unattend XML is a critical step in successfully validating the Workspace ONE Drop Ship Provisioning process.

1. Build and Validate on your Windows 10 Virtual Machine to test Workspace ONE

  1. Have a test device, either physical (recommended for OEM software) or a Windows 10 virtual machine.
  2. Boot the system into Audit Mode.
    • This can be done at the OOBE screen by pressing Ctrl+Shift+F3. (or Ctrl+Shift+Fn+F3 on some systems).
    • You can also enter Audit Mode from an existing Windows 10 system by running Sysprep.exe (C:\Windows\System32\Sysprep\Sysprep.exe)
    • Open command prompt as admin and use this command to run sysprep and reboot the system into audit mode.
    • %WINDIR%\system32\sysprep\sysprep.exe /generalize /reboot /audit
    • For more information, see Booting Windows into Audit Mode.

2. Copy Files to the Virtual Machine

Copy over Files to the Virtual Machine
  1. You have successfully entered Audit Mode when you see System Preparation Tool (Sysprep) running on the desktop.
  2. After the machine has been booted in Audit mode, copy the following files.

3. Install and Launch the Workspace ONE Provisioning Tool

This section will cover how to install the Workspace ONE Provisioning Tool and run it on a test machine for validation of the PPKG and Unattend XML.

3.1. Install the Workspace ONE Provisioning Tool

Installing the Workspace ONE Provisioning Tool
  1. Extract the installer for the downloaded Workspace ONE Provisioning Tool ZIP file.
  2. Run the installer on the machine.

3.2. Launch the Workspace ONE Provisioning Tool

Launching the Workspace ONE Provisioning Tool

After installation, to find the utility:

  1. Navigate to C:/ drive.
  2. Locate VMwarews1ProvisioningTool application and run it.

4. Validate PPKG - Apply Apps Only

Validate PPKG - Apply Apps Only

It is important to test that the applications exported into the PPKG file install correctly on the machine.

  1. Ensure that you TURN OFF NETWORK connectivity. You can do this by changing the network to airplane mode.
  2. Upload the PPKG file. Click select and choose the PPKG file.
  3. Click Apply Apps Only to only install apps from the PPKG.
  4. The right pane of the Workspace ONE Provisioning Tool shows the status as each app installs and the overall process.

Important: Ensure that you TURN OFF NETWORK connectivity.

The test device must be offline (disconnected from the internet) before running the VMware Workspace ONE Provisioning Tool to prevent Windows Updates from deploying during provisioning. This also mimics the Offline process that the factory would do.

TIP: ONLY Device-Context apps are applied during this test.

As there is no user for the device, user-context apps do not apply. If an app requires a reboot to finish installation, the tool prompts you to schedule a reboot. During the reboot, the device is told to resume installation after reboot, and the tool relaunches.

5. Verify Application Installation

Verifying Application Installation

There are a few ways to verify that applications have been installed on the device.

  1. Verify Successin the Workspace ONE Provisioning Tool
    • As illustrated in the previous screenshot, after the applications have been installed, you will see the status changes to "Installed" with a green check.
  2. Verify the Windows registry value.
    • Navigate to the following location in the Windows registry: HKEY_LOCAL_MACHINE\SOFTWARE\AIRWATCHMDM\AppDeploymentAgent\S-1-5-18
    • This should show the applications installed.
  3. Navigate to the PPKGFinalSummary log file:
    • C:\ProgramData\Airwatch\UnifiedAgent\Logs\PPKGFinalSummary.log

5.1. Validate Application Installation via Windows Registry

Validating Application Installation via Windows Registry

The VMware Workspace ONE Provisioning Tool tracks and monitors the app install statuses automatically for you. However, if you want to check them yourself, you can  look in the Registry at HKEY_LOCAL_MACHINE\SOFTWARE\AIRWATCHMDM\AppDeploymentAgent\S-1-5-18. The number of folders should match the number of apps exported and included in the provisioning package.

  1. Navigate in the Windows Registry to HKEY_LOCAL_MACHINE\SOFTWARE\AIRWATCHMDM\AppDeploymentAgent\S-1-5-18
  2. Select the folder.
  3. Review the Application Name.
  4. Review the Installed status.

5.2. Read the PPKG Final Summary Log

Reading the PPKG Final Summary Log

After the VMware Workspace ONE Provisioning Tool finishes applying the PPKG to the device, a summary log generates. You can find the logs in C:\ProgramData\Airwatch\UnifiedAgent\Logs\PPKGFinalSummary.log. These logs are useful for troubleshooting. Dell or the OEM may ask for these logs if there are issues provisioning devices.

The logs cover important information such as the OS details, client network details, device model and manufacturer, and PPKG details. If you do not set the device into audit mode, a note is made in the log to help troubleshoot why the process failed. You can also see a log of the status updates that were displayed in the tool during processing.

6. Validate Unattend XML - Apply Full Process

  1. If you select a configuration file (XML) to test, you can select what happens after by setting After Applying Sysprep.
  2. You can choose to shutdown, restart, or quit after configuration. If you restart the machine, the OOBE runs. If you select quit, the VMware Workspace ONE Provisioning Tool closes after applying Sysprep

The right pane of the VMware Workspace ONE Provisioning Tool shows the status as each app installs and the overall process.

7. Confirm Success: Sysprep is Working

Confirming Success: Sysprep is Working

If both your provisioning package (.ppkg) and configuration file (unattend.xml) apply successfully, the device begins the Sysprep process and restarts or shuts down automatically.

If you select a configuration file to test, you can select what happens after by setting After Applying Sysprep. You can choose to shutdown, restart, or quit after configuration. If you restart the machine, the OOBE runs. If you select quit, the VMware Workspace ONE Provisioning Tool closes after applying sysprep.

8. Successfully Provisioned Device

As the system goes through the workflow as defined in the configuration file, the expected workflows are as follows:

AD Type Description

Workgroup

OOBE prompts for username creation as well as password.
After logging in, the Workspace ONE Intelligent Hub prompts for credentials (see the next image).
Be sure to enter the end user's Active Directory credentials or the credentials that are synced into the Workspace ONE console into Intelligent Hub.
On-Premises Domain Join Ensure that the system is plugged into a LAN that has access to a domain controller before booting.
After booting, the system joins the domain and automatically logs in as a local administrator so that you can stage enrollment.
After enrollment has been completed for the staging user, log out and then log in using the end user's domain account.
Workspace ONE enrollment automatically re-assigns to the domain user.
Azure Active Directory Premium

Go through OOBE and authenticate with Azure Active Directory credentials.
Automatic Enrollment to MDM kicks off enrolling the device to Workspace ONE UEM.

These credentials should also be synced into Workspace ONE UEM console, otherwise, enrollment will fail.

Azure  Active Directory Basic Go through OOBE and authenticate with Azure Active Directory credentials.
After logging in, Workspace ONE Intelligent Hub prompts for credentials (as it does like Workgroup Join).
Be sure to enter the end user's Active Directory credentials or the credentials that are synced into the Workspace ONE console.

9. Tips for Successful Testing

  1. Make sure your applications (especially Office 365) install successfully with your command line outside of Workspace ONE UEM. This ensures the commands in UEM can be successful.
  2. After importing to the console, export your PPKG in small chunks (1-3 apps) to ensure those work by themselves. This is especially helpful if you have a large PPKG file with multiple applications.
  3. After you verify that all apps install correctly via PPKG, you can export the "Full PPKG" with all of your applications.
  4. Because the factory is fully offline, disconnecting the NIC adapter on your VM during the PPKG install process ensures that every app installs fully offline. Some products reach out to internal servers during installation and might fail during offline installation.

Drop Ship Tips and Tricks

General Tips and Tricks

The following items provide general guidance and tips about common issues and questions for Workspace ONE Drop Ship Provisioning.

  1. Application Files and Provisioning Packages
  2. Configuration File (unattend.xml) Tips
  3. Domain join tips and logs

1. Application Files and Provisioning Packages

1.1. Prioritize largest apps first and apps that need immediate access by end-users (like VPN, Office 365 and Security Applications)

This solution gives you the flexibility to prioritize what you include in the PPKG and what you leave to deploy and install over-the-air from Workspace ONE UEM. The apps in the PPKG are immediately available to the user but less dynamic with Drop Ship Offline.

If you have a new version of the app updated in the Workspace ONE console, the app itself will update after enrollment, but that may take a little bit of time. Ideally, you would update the PPKG that you give to the OEM no more than once a quarter. This means the minimum viable solution has the latest application updates.

It's important to decide on the biggest and highest priority apps, and leave the rest dynamic (over the air).

1.2. Make a list and note details of your required apps

This helps organize and ensure that you have your apps built and uploaded in the Workspace ONE UEM console if you are coming from another PCLM tool. Here are some columns that can be helpful:

Make a list and note down details of your apps needed

In the Workspace ONE UEM console, navigate to Resources > Applications > Native > Internal

  1. In the upper-right corner, select Layout.
  2. Select Custom.
  3. Customize the fields required.
  4. Select Export.
  5. Select CSV or XLSX file.

The following is a sample screenshot of the template. Add additional columns as required to make notes. This might include what applications are configured as which Workspace ONE Organizational Unit.

Make a list and note down details of your apps needed

1.3. Do not forget about AirLift App migration!

Are you currently using Microsoft ConfigMgr (SCCM)? If so, definitely take advantage of Workspace ONE AirLift - It's free! It can automatically migrate applications from Microsoft Endpoint Configuration Manager (ConfigMgr) to Workspace ONE with just a few clicks.

For more information on Workspace ONE Airlift Application migration, see:

1.4. Be careful of OEM Specific Applications

The easiest way to iterate quickly on testing and validation is to create your PPKG in a way that can be deployed on any Windows Hardware type (including virtual machines, Dell, Lenovo, HP, etc).

For example, do not include VMware Tools in the PPKG, because that will fail to install if you try to deploy to a Dell.

Likewise, some OEM software (like Dell Command Suite products) can fail to install on a VM since it is not Dell hardware

1.5. Add applications to a ZIP file correctly. For example, Microsoft Office 365 ProPlus.

This is a common mistake when using Workspace ONE software distribution (SFD). SFD automatically extracts the ZIP and maintains the same structure it was zipped up as. However, most people go to the top-level folder, right-click it, and click Send to compressed folder. This creates a zip file with the parent folder and all content inside. Most do not realize this and therefore put command line Installer commands wont work. The easiest way to fix this is to select all content and then zip the files up.

Putting Applications in a .ZIP file the right way. Like Microsoft Office 365 ProPlus
Putting Applications in a .ZIP file the right way. Like Microsoft Office 365 ProPlus

When you are finished, open up the ZIP to make sure you have the right structure.

For more information on software distribution and working with ZIP files in Workspace ONE UEM, see :

1.6. How do I order the app installs similar to a Task Sequence?

Freestyle Orchestrator enables Workspace ONE UEM administrators to create complex workflows that fit specific requirements with flexibility and speed. Freestyle workflows can be used to set up resources such as applications, profiles, sensors, and scripts. These workflows use conditions to apply resources to devices based on granular criteria. Freestyle Orchestrator can sequence applications over the air after the device is enrolled.

However, security products, like McAfee, are common examples where applications need to be installed in a sequence locally on the device at the factory. Creating a simple batch file like this can accomplish sequencing in an easy manner:

@echo off
REM pushd %~dp0
ECHO Installing McAfee Agent
McAfeeAgent\FramePkg.exe /INSTALL=AGENT /SILENT
ECHO Installing ENS Common
ENS_Common\setupCC.exe
ECHO Installing Threat Prevention
ENS_Threat_Prevention\setupTP.exe
ECHO Installing Adaptive Threat Protection
ENS_Adaptive_Threat_Protection\setupATP.exe
How do I order the app installs similar to a Task Sequence?

Zip up content (keeping in mind to zip the apps correctly) and each install in the order you want.

1.7. Do not use quotes in the path for "File Exists" detection criteria

When configuring the application install complete criteria, do not use quotes in the file path. In the following image, there are no quotes used in the file Path. The When to call install complete criteria can be tested by enrolling a device and installing the application to the device. When configured correctly, Workspace ONE will recognize the application as installed using the file exists criteria.

1.8. If multiple admins are working on this process, it is recommended to enter notes in the Change Log section

Ensuring that each admin adds notes in the Change Log with their name, date, and other pertinent information helps to track who is doing what. Change Log notes do not show up in the Workspace ONE catalog.

1.9. Assign the app in Workspace ONE console to Auto to your smart groups

With this PPKG export process, you are not required to assign and deploy automatically to a smart group, but it is still recommended to do this for the following benefits:

  1. If someone enrolls or goes through OOBE or AutoPilot on a system that does not come from the factory, they will still get the same apps.
  2. If these are deployed as auto, they automatically come back on PC Refresh
  3. Because the PPKG has applied these same apps in an offline state, after the system comes online, SFD attempts to deploy but detects that they are already installed and moves on. They also report as Installed in the Workspace ONE console.

1.10. The PPKG is larger than the files sizes of my app(s)

This is due to the PPKG automatically including the Workspace ONE Hub app (AirwatchAgent.msi). The factory stages these files on the client and the XML uses for automatic enrollment. So if you upload a 23 MB app and wonder why the PPKG is over 100 MB, this is why.

2. Configuration File (unattend.xml) Tips

2.1. What is an unattend.xml and what does it do?

An unattend.xml file is a tried and true method of configuring first-time setup of Windows. Tools like ConfigMgr and MDT use this, but it is hidden behind their Task Sequence wizards. The unattend.xml file includes the most commonly used settings to keep it streamlined, as well as to eliminate the need for you to build this yourself.

2.2. Removing consumer apps via Windows 10 Enterprise key

Do not forget that you can easily and quickly remove consumer apps from the generic Windows 10 image that is applied in the factory. These consumer apps include games like Candy Crush, but do not include other Microsoft apps such as Photos, Xbox, or Calculator.

To remove the consumer apps, select Remove Windows 10 Consumer Apps when configuring the XML and put in the public, Windows 10 Enterprise KMS client key (you can also use Windows 10 Education key). After the system boots for the first time, it automatically converts the system to Enterprise or Education and these apps are removed.

2.3. Remove ALL Windows 10 Pre-loaded Microsoft Store Apps

To remove ALL Windows 10 store apps, including the Microsoft productivity apps, there are a number of sample scripts you can use. But before trying them, ask yourself if it is really that bad to have some of these productivity apps on there? Many are very useful (such as Calculator and Photos). Sometimes just deploying your own start menu can solve this problem by hiding them from view so users do not realize those apps are there.

2.4. How do I sent a computer naming convention?

The computer name will be randomized by default so that every system coming from the factory is unique. To create a naming convention, use the Registered Owner and Registered Organization fields. The computer name will take the first 7 characters from Registered Org or Registered Owner as the prefix and then randomize the rest up to the max of 15 characters.

For example, setting both of those fields to be "VMWARE-" (without quotes) yields a computer name of VMWARE-8QJJCTJB where the last 8 characters are randomized for every system. See Microsoft documentation for more information.

If you require a more customized computer name using a serial number or service tag, for example, engage your Dell CS Project Manager to have that added to your order.

2.5. How to use synchronous commands (time sync)

If the Azure join and Workspace ONE enrollment did not work, it might be because the system shipped with OOBE was not getting their times automatically synced. To solve this, you could have deployed a script in the PPKG to add additional time servers to the client NTP list. However, an easier way is to add the commands to the XML. To set this up, add the commands to the Additional Synchronous Commands section.

You can do this for any number of one-line commands (including PowerShell scripts).

  1. cmd /c w32tm /config /update /manualpeerlist:"internalNTPserver1 internalNTPserver2 time.windows.com time.apple.com time.google.com" (note this is a space-delimited list)
  2. cmd /c sc config "W32Time" start= auto 

2.6. Are my credentials stored in the XML?

Yes, they are. The local administrator password or any other local account passwords are saved using the Base64 encoding scheme.

This is simply obfuscation and not full encryption. The AD join username and password are saved in plain text due to Microsoft requirements. Make sure you do not send this file via email or copy/paste the content. Save in a secure place!

The XML is programmed to automatically delete itself after the system is booted so credentials are not stored on the system.

3. Domain join tips and logs

If you select the on-premises domain join, the following tips are recommended:

  1. Create a service account that is dedicated to doing the domain join and only give it permissions to do just that.
  2. You can specify the OU in the XML, which gives you more control over where these computer objects get created. Do not forget to give permissions to that account on the OU as well.
  3. Test this account by manually joining a client to the domain to see if it works.
  4. When successful, add to the XML and run through the process with the Workspace ONE Provisioning Tool.
  5. The client uses djoin.exeto do the actual join. The logs for this are found on the client after Sysprep is completed
    • C:\Windows\Panther\Unattendgc\setuperr.log
    • C:\Windows\Panther\Unattendgc\setupact.log
  6. If Sysprep takes a long time, this generally means a failure as the domain join process is trying and failing over and over and will eventually timeout.

3.1. How do I do a domain join for a system that is shipped directly to an end user at their home or somewhere off network

This is a great question and one that many people ask. However, this comes down to the architecture of Active Directory. It was built when everything was on the network. A more modern approach is to use Azure Active Directory. This is cloud AD (mostly - although there are a lot of significant differences) and provides the benefit of being able to do client joins from anywhere.

  • OOBE is built to support Azure AD joins. So definitely check that out first if this is a big use case for you. You do not necessarily have to pay for Azure AD Premium, as Drop Ship Provisioning for Workspace ONE supports the non-premium version as well. If you still have to use on-premises AD, then this is technically still possible.
  • First, you need to set up a VPN connection that automatically runs when the system is booted, to give line-of-site to your DCs to do the join. Then you also have to have a VPN at login to fire so that the user can log in for the first time as well. While still technically possible, it is not a great solution and is very difficult to automate. You are better off spending time and resources on getting Azure AD and Windows Hello for Business setup first (when you have those, your client behaves nearly identically to a domain-joined system).
  • Workspace ONE Tunnel can be used with Drop Ship Provisioning Online to domain join machines.

3.2. What if I have multiple AD domains?

You have a few options for this.

  • The first option would be to create an XML per domain that you have and then ask Dell to create a different SKU for each. The XML itself can only support one domain.
  • The second option would be to create a script that automatically does the join itself, or has a GUI to pop up automatically in the administrator profile. In this case, you would configure the XML to call this script automatically in the First Logon Commands or Additional Synchronous Commands section, depending on how you want to deploy it.
  • PowerShell has a lot of options here and silent scripts can be created, as well as GUI-based ones that do dynamic joins.

Tips and Tricks Drop Ship (Offline)

1. Do not include apps that cannot be installed in a fully offline state

When using Drop Ship Offline, the OEM Factory will not access the Internet, so make sure that every application included in the PPKG can be fully installed with no Internet OR internal network connection. 

This not only applies to Internet connectivity; but intranet connectivity as well. Some apps, such as security products like McAfee, CrowdStrike, and so on, might need to communicate to their internal servers upon installation. These might even work when testing on a VM, but they might fail after you deploy in a fully offline state. I saw this happen with some security products, like CrowdStrike. It installed perfectly on a VM inside our network, but it failed when we tried to install it in an offline state. 

 

TIP: The easiest way to ensure applications Install using Drop Ship Offline is to disconnect the Network of your test VM during PPKG installation.

Summary and Additional Resources

Conclusion

This operational tutorial provided the steps to take advantage of the Workspace ONE Drop Ship Provisioning offering. This tutorial explored exporting  applications from the Workspace ONE UEM console as a Windows provisioning package (.ppkg), create a configuration file (unattend.xml) and using the Workspace ONE Provisioning tool to validate these files on a Windows 10 virtual machine.

Workspace ONE Drop Ship Provisioning allows Windows 10 Device OEMs and Workspace ONE administrators to provide a virtually zero IT touch onboarding experience with virtually zero user downtime. This means users are productive as soon as they receive their Windows 10 device.

This service enables you to provision Windows 10 devices without creating or maintaining custom operating system images. Custom imaging is a complex and expensive process, and by eliminating custom imaging, organizations can deploy, secure and manage Windows 10 devices using modern management techniques, dramatically simplifying the provisioning process.

Additional Resources

For more information about Workspace ONE, explore the VMware Workspace ONE Activity Path. The activity path provides step-by-step guidance to help you level up in your Workspace ONE knowledge. You will find everything from beginner to advanced curated assets in the form of articles, videos, and labs.

For information about deployment, see Deploying Workspace ONE Intelligence and VMware Carbon Black Cloud: Workspace ONE Operational Tutorial.

Additionally, you can check out the VMware Workspace ONE and VMware Horizon Reference Architecture which provides a framework and guidance for architecting an integrated digital workspace using VMware Workspace ONE and VMware Horizon. 

For more information on Managing Windows 10 Devices with Workspace ONE, see the Understanding Windows 10 Management activity path. The content in this path helps you establish a basic understanding of Windows 10 management in the following categories:

Change Log

The following updates were made to this guide:

Date Change
2021/07/20
  • Updated screenshots
  • Added more verbiage about Drop Ship Online and Offline
  • Renamed Factory Provisioning to Workspace ONE Drop Ship
2020/04/29
  • Changed references from Dell Factory Provisioning to Factory Provisioning for Workspace ONE
  • Removed Pre-1811 Workspace ONE UEM chapter

About the Author

This tutorial was written by:

  • Josué Negrón, Staff Architect, End-User-Computing Technical Marketing, VMware
  • Darren Weatherly, Senior Architect, End-User Computing Technical Marketing, VMware

With appreciation and acknowledgment for contributions from the following subject matter experts:

  • Brooks Peppin, Senior Solutions Architect, End-User Computing, VMware. 

Feedback

Your feedback is valuable. 

To comment on this tutorial, contact VMware End-User-Computing Technical Marketing at euc_tech_content_feedback@vmware.com.

Filter Tags

Workspace ONE Workspace ONE UEM Document Operational Tutorial Advanced Windows 10 Deploy Modern Management