Managing Windows 10 Devices

Managing Windows 10 Devices

Introduction

This exercise introduces you to managing Windows 10 devices in Workspace ONE. Windows 10 Management helps you to create a restrictions profile, create and distribute an application to your Windows 10 device, and then enroll your device to test the results. The procedures are sequential and build upon one another, so make sure that you complete each procedure in this section before going to the next procedure.


Prerequisites

Before you can perform the procedures in this exercise, you must complete the following tutorials:

This exercise requires a user to enroll their device into Workspace ONE UEM. Note the user account information in the following table. The details provided in this table are based on a test environment. Your user account details will differ.

User Account Information

User name
testuser
Password VMware1!
Email testuser@company.com

You must also must satisfy the following requirements:

  • Workspace ONE Advanced Edition installed.
    Note: Although it is possible to use Standard edition, standard only allows deploying MSI apps. Advanced is required for deploying MSI/MST/MSP/EXE/ZIP apps.
  • A virtual machine or spare Windows device running Windows 10 with the latest updates installed.
    Note: Although it is possible to use Home edition, it is not recommended as some advanced capabilities such as BitLocker encryption, software distribution, and scripting are not supported.
  • Administrative rights to the virtual machine or spare Windows device.
  • A Windows 10 Desktop app (*.msi, *.exe, or *.zip), such as 7-Zip. To follow these instructions, download a 7-zip installation file, and save it in your Documents folder.

Important: Do not access the Workspace ONE UEM Console from the same machine you are managing.

Logging In to the Workspace ONE UEM Console

To perform most of the steps in this exercise, you must first log in to the Workspace ONE UEM Console.

1. Launch Chrome Browser

Launch Chrome Browser

On your desktop, double-click the Google Chrome icon.

3. Authenticate In to the Workspace ONE UEM Console

  1. Enter your Username. This is the name provided in the activation email.
  2. Enter your Password. This is the password provided in the activation email.
  3. Click the Login button.

Note: If you see a Captcha, be aware that it is case sensitive.

Configuring a Device Profile for Windows 10

Profiles allow you to modify how the enrolled devices behave. This exercise helps you to configure and deploy a restrictions profile that we can verify has applied to the device later in the section.

1. Add a Profile

Add a Restriction Profile

In the upper-right corner of Workspace ONE UEM Console:

  1. Select Add.
  2. Select Profile.

1.1. Add a Windows Profile

Add a Windows Profile

Select the Windows icon.

Note: Make sure that you select Windows and not Windows Rugged.

1.2. Add a Windows Desktop Profile

Add a Windows Desktop Profile

Select Windows Desktop.

1.3. Select Context - Device Profile

Select Context - Device Profile

Select Device Profile.

1.4. Define the General Settings

  1. Select General if it is not already selected.
  2. Enter a profile name such as Windows Restrictions in the Name text box.
  3. Copy the profile name into the Description field.
  4. Click in the Assigned Groups field. This will pop-up the list of created Assignment Groups. Select the All Devices Assignment Group.
    Note: You may need to scroll down to view the Assigned Groups field.

Note: You do not need to click Save & Publish at this point. This interface allows you to move around to different payload configuration screens before saving.

1.5. Select the Restrictions Payload

Select the Restrictions Payload

Note: When initially setting a payload, a Configure button will show to reduce the risk of accidentally setting a payload configuration.

  1. Select the Restrictions payload in the Payload section on the left.
  2. Click the Configure button to continue setting the Restrictions payload.

1.6. Adding a Restriction - Disable Cortana

Adding a Restriction - Disable Cortana
  1. Using the scroll bar on the right, scroll down to the Device Functionality section.
  2. Select Don't Allow for Cortana.
  3. Notice the 10 on the right side of the Restrictions window. These are all the restrictions that Workspace ONE UEM can apply to a Windows 10 computer.
  4. Click Save & Publish.

1.7. Publish the Restrictions Profile

Publish the Restrictions Profile

Click Publish.

3. Verify the Restrictions Profile Now Exists

Verify the Restriction Profile Now Exists

You should now see your Restrictions Profile within the List View of the Devices Profiles window.

Note: If you need to edit the Restrictions Profile, this is where you would do so. To edit the profile, click the profile name, then select Add Version. Update the profile and click Save & Publish to push the new settings to the assigned devices.

Delivering Apps on Windows 10

You can distribute applications to Windows 10 devices, allowing for a seamless user experience. This exercise helps you to create and distribute an application to your Windows 10 device.

This exercise uses the 7-Zip installation program downloaded and stored in the Documents folder.

1. Add Internal Application

Add Internal Application

In the upper-right corner of Workspace ONE UEM Console:

  1. Select Add.
  2. Select Internal Application.

2. Upload Application

Upload Application

Click Upload.

3. Find the Application MSI

Find the Application MSI

Click the Browse... button.

4. Upload the EXE File

Upload the MSI File

Navigate to your installation file. The 7-zip installation file has been downloaded to the server and placed in the Documents folder.

  1. Select Documents.
  2. Expand HOL.
  3. Select the Windows 10 folder.
  4. Select your installation file, for example, 7z1604-x64.exe.
  5. Click Open.

5. Save the EXE File

Saving the MSI File

Click Save.

6. Continue to the App Settings

  1. Select No for Is this a dependency app?
  2. Click Continue.

7. Configure App Details

  1. Enter a name for your application, for example, 7-Zip.
  2. Select 64-bit for the Supported Processor Architecture.

8. Configure Application Files

  1. Select the Files tab.
  2. Scroll down to find the App Uninstall Process section.
  3. Select Input for the Custom Script Type.
  4. Enter the following for Uninstall Command:
<p>7z1604-x64.exe /Uninstall</p>

Note: For information about copying text from the manual, see the Guidance section.

9. Select Deployment Options

  1. Select Deployment Options.
  2. Scroll down until you see the option for Install Command.
  3. Enter Install Command as:
<p>7z1604-x64.exe /S</p>

Note: For information about copying text from the manual, see the Guidance section.

10. Add Identify Application Condition

  1. Scroll down to find the When To Call Install Complete section.
  2. Select Defining Criteria for Identity Application By.
  3. Click Add.

11. Configure the Install Complete Defining Criteria

  1. Select File Exists for the Criteria Type.
  2. Enter C:\Program Files\7-Zip\7zFM.exe for the Path.
  3. Click Add.

Note: For information about copying text from the manual, see the Guidance section.

12. Save and Assign the Application

Click Save & Assign.

13. Add an Assignment

Add an Assignment

Click Add Assignment.

14. Add Assignment Group and Push Mode

Add Assignment Group and Push Mode
  1. Click the Select Assignment Groups search box and select All Devices (your.email@shown.here).
  2. Select Auto for the App Delivery Method.
  3. Click Add.

15. Save and Publish the Application

Save and Publish the Application

Click Save & Publish.

16. Preview the Assigned Devices

Preview the Assigned Devices

Click Publish.

Enrolling Your Windows 10 Device with a Basic Account

Next, enroll your Windows 10 device in Workspace ONE UEM.  First, download the Workspace ONE Intelligent Hub.

1. Download the Workspace ONE Intelligent Hub on the Windows 10 Device

From a new tab in the browser,

  1. Enter https://www.getwsone.com in the navigation bar and press Enter.
  2. Click Download Hub for Windows 10.
    NOTE: Wait until the Workspace ONE Intelligent Hub installer finishes downloading.  
  3. Click Keep when warned about the AirWatchAgent.msi download.

NOTE: If you do not see the warning about the AirWatchAgent.msi file, continue to the next step.

2. Launch the Workspace ONE Intelligent Hub Installer

Click the AirWatchAgent.msi file in your download bar.

NOTE: The installer may take a few seconds to launch, be patient after clicking the AirWatchAgent.msi file.

3. Click Run

Click Run to proceed with the installation.

3.1. Accept the Default Install Location

Leave the default install location and click Next.

NOTE: The Next button may take several seconds to enable while the required additional features are installed.

3.2. Accept the License Agreement

  1. Select I accept the terms of the license agreement.
  2. Click Next.

3.3. Start the Workspace ONE Intelligent Hub Install

Click Install to start the installer.

3.4. Allow the Workspace ONE Intelligent Hub Installer to Run (IF NEEDED)

If prompted to allow the app to make changes on your device, click Yes.

3.5. Complete the Workspace ONE Intelligent Hub Installer

Click Finish to complete the Workspace ONE Intelligent Hub installer.

NOTE: After you click finish, the Native Enrollment application launches to guide you through enrolling into Workspace ONE UEM.  It will take around 45-60 seconds to launch the agent.

4. Enroll Your Windows 10 Device Using the Workspace ONE Intelligent Hub

Click Server Detail.

4.1. Find your Group ID from Workspace ONE UEM Console

Finding your Group ID

The first step is to make sure you know what your Organization Group ID is.  

  1. To find the Group ID, hover your mouse over the Organization Group tab at the top of the screen. Look for the email address you used to log in to the Workspace ONE UEM Console.
  2. Your Group ID is displayed at the bottom of the Organization Group pop-up window.

4.2. Enter the Server Details

  1. Enter the Server Name, for example, labs.awmdm.com.
  2. Enter Your Group ID for the Group ID field.  If you forgot your Group ID, check the previous steps on how to retrieve it.

4.3. Enter Your User Credentials

  1. Enter your Username, for example, testuser.
  2. Enter the Password, for example, VMware1!.
  3. Click Next.

NOTE: Wait while the server checks your enrollment details.

4.4. Workspace ONE Application Launch

If your Workspace ONE UEM and VMware Identity Manager environments are linked, the Workspace ONE Application automatically opens after enrollment is complete. Click Close.

4.5. Finish the Workspace ONE UEM Enrollment Process

Click Finish to end the Enrollment process.  Your Windows 10 device is now successfully enrolled into Workspace ONE UEM.

Validating Windows 10 Device Enrollment

After your Windows device is enrolled, the restriction profile installs on the device.  Verify that the restrictions are applied on your device to confirm enrollment was successful and that the profile installed correctly.

1. Confirm Cortana is Disabled

1.1. Open Cortana

Open Cortana
  1. On the enrolled Windows 10 machine, open the Start menu.
  2. From the apps list, select Cortana.

1.2. Confirm Cortana Settings are Disabled

Note: The following screenshots show a before and after view of Cortana settings. Your screen should look like the one on the right (After: Cortana Disabled).

Cortana Disabled
  1. Confirm Cortana no longer displays a greeting.
  2. Confirm Device only provides basic search capabilities.

2. Confirm the Application File Installed

2.1. Open File Explorer

Open file explorer

From the bottom toolbar, open File Explorer.

2.2. Open 7-Zip

Open 7-Zip
  1. Select Local Disk (C:).
  2. Select Program Files.
  3. Select 7-Zip.
  4. Double-click 7zFM.exe to launch the 7-Zip File Manager.

Note: If you do not see the 7-Zip folder, your application may still be downloading. This can take several minutes to finish.

Now that you have confirmed enrollment, the Windows 10 Management section is complete.