Enrolling Head-Mounted Wearables with VMware Workspace ONE UEM

Overview

In the enterprise, Internet of Things (IoT) technology and smart connected devices will completely revolutionize how we work. While high costs, protocol fragmentation, and security and connectivity issues have slowed mass adoption of large-scale enterprise IoT projects, a subset of lightweight IoT-type endpoints, called Workspace IoT, has emerged as the IoT of now. Today, Workspace IoT—which includes wearables, peripherals, and single-purpose endpoints—are being used alongside mobile devices, across a variety of verticals and use cases, to dramatically increase productivity, efficiency, and employee and customer experience.

The VMware Workspace ONE Unified Endpoint Management (UEM) platform enables organizations to securely manage any device—from laptops and smartphones to rugged devices and wearables—from a single console, but enrollment is the first step.

For head-mounted wearables, enrollment can be challenging. While Android is the operating system of choice for head-mounted wearables, they are all running Android Open Source Project (AOSP) and the out-of-the-box experience varies widely. The Workspace ONE UEM team has been partnering with hardware manufacturers to ensure the best possible management experience of these devices.

Purpose of This Guide

The purpose of this guide is to show you how to set up your Workspace ONE UEM instance to onboard wearable devices, as well as to navigate the specific nuances of all of the head-mounted wearable devices that Workspace ONE UEM supports. From the navigation bar to the left, you can select from the variety of options are covered, to which more are periodically being added:

Note: This guide contains two types of useful links. External links take you to other resources on the web, and internal links take you to other sections within this guide. After you click an internal link and read its content, you can return to your original location by clicking the Back button of your browser.

Audience

This guide is intended for IT professionals planning to take advantage of the growing market of wearable technologies and to use VMware Workspace ONE UEM to deliver scalable management and app delivery for Android head-mounted wearables. Familiarity with VMware Workspace ONE UEM, directory services, and supporting technologies is assumed.

Initial Workspace ONE UEM Setup

VMware Workspace ONE Unified Endpoint Management (UEM) enables you to securely manage your head-mounted wearables from a single console, with an easy onboarding process.

Regardless of the type of wearable devices you are enrolling, this process begins with the initial Workspace UEM setup. The Workspace UEM setup includes verifying prerequisites, registering Android EMM with Google Play account, and configuring enrollment settings, restrictions, and messaging.

Verifying Prerequisites

Before starting the enrollment process, make sure you meet the prerequisites for your particular type of wearable devices:

Google Glass:

  • VMware Workspace ONE UEM version 1908 or newer
  • Google Glass Enterprise Edition 2

HTC VIVE Focus or VIVE Focus Plus:

  • VMware Workspace ONE UEM version 1908 or newer
  • VIVE Focus Plus running firmware 4.14.623.1 or newer or
  • VIVE Focus running firmware 3.13.623.1

HTC VIVE Focus 3:

  • VMware Workspace ONE UEM version 1908 or newer
  • VIVE Focus 3 running firmware 3.0.999.456 or newer

Magic Leap 2:

  • VMware Workspace ONE UEM version 2006 or newer
  • Magic Leap 2 with OS version 2208.18 or later

Oculus For Business:

  • VMware Workspace ONE UEM version 2006 or newer
  • Oculus For Business version 29 firmware
  • Oculus For Business Device Manager
  • Android Phone/Tablet with Oculus for Business Application installed

Oculus Quest 2 (Consumer):

Pico G2 4K, Pico Neo 2 , Pico Neo 3:

  • VMware Workspace ONE UEM version 1908 or newer
  • G2 4K running PUI 3.11.3 or newer
  • Neo 2 running PUI 3.13.1 or newer (for certificate management)
  • Neo 3 running PUI 4.3.34 or newer
    Note: Passcode policy is not supported on Pico Neo 2 or Pico Neo 3. Contact Pico for a custom ROM that addresses this issue.

RealWear:

  • VMware Workspace ONE UEM version 1908 or newer
  • HMT-1 or HMT-1Z1 running v11 firmware or newer

Vuzix:

  • VMware Workspace ONE UEM version 1908 or newer
  • M400 or M4000 running v2.0.1 firmware or greater

Registering Android EMM with Google Play Account

After you verify that you meet all prerequisites, the first step in the enrollment process is to register Android EMM with a Google Play account.

  1. Log in to your Workspace ONE UEM Console using your Administrator Account. Note that certain functions might require advanced roles, such as account creation. Check with your Workspace ONE UEM Console Administrator for proper role assignments.
  2. From the Customer Level Organization Group (OG), navigate to Getting Started > Workspace ONE > Android EMM Registration.

    Note: If you prefer to not use the wizard for Android EMM Registration, or if the wizard is not available in your environment, you can navigate to Groups & Settings > All Settings > Devices & Users > Android > Android EMM Registration.
  3. Make sure that you are signed into Google with your preferred (corporate account specific to your environment) Google account credentials, and select Configure.
  4. In the Android EMM Registration window, click Register with Google. If you are already signed in with your Google credentials, you are redirected back to the Workspace ONE console.
     
  5. On the Bring Android to Work window, select Sign In, if you are not already signed in, enter your Google credentials, and then select Get Started.
     
  6. Enter your Organization Name. The Enterprise Mobility Manager (EMM) provider field populates automatically as VMware Workspace ONE UEM.
  7. Select Next. The Data Protection Officer and EU Representative information is optional. Make sure to confirm that you have read and agreed to the Managed Google Play agreement.
  8. Select Confirm > Complete Registration.
  9. When you are redirected to the Workspace ONE Console, verify that your Google Service Account credentials are automatically populated, and select Save > Test Connection to verify that the service account is set up and connected successfully.

Configuring Enrollment Settings

After registering Android EMM with the Google Play account, the next step of the initial process is to configure enrollment settings. We recommend creating a Child Level OG for these settings.

  1. In your Workspace ONE UEM Console, navigate to Groups & Settings > All Settings > Devices & Users > Android > Android EMM Registration, and select the Enrollment Settings tab.
  2. In the Enrollment Settings window, select the Override radio button to change the default settings.
  3. For Work Managed Enrollment Type, select AOSP / CLOSED NETWORK, select WORK MANAGED DEVICE, and then click Save.
    Graphical user interface, text, application

Description automatically generated
    Note: All of the devices covered by this guide run Android Open Source Project (AOSP) version of Android, which does not include Google Mobile Services (GMS). For this reason, Work Managed is the only mode of management supported and certain features need to be turned off as a result.

Configuring Enrollment Restrictions

After configuring enrollment settings, the next step of the initial process is to set up enrollment restrictions.

  1. In your Workspace ONE UEM Console, navigate to Groups & Settings > All Settings > Devices & Users > Android > Android EMM Registration, and select the Enrollment Restrictions tab.
  2. In the Enrollment Restrictions window, select the Override radio button to change the default settings.
  3. From the Define the enrollment method for this organization group dropdown menu, select Always use Android.
  4. In the Allow Work Profile Enrollment field, select Disable, as this mode isn’t supported on these devices. Click Save, and close the Settings window.
     
  5. Your Android EMM Registration status should show as Complete.

Setting up Intelligent Hub Settings

After setting up enrollment restrictions, the next step of the initial process is to set up Workspace ONE Intelligent Hub Settings for this Organizational Group.

  1. In your Workspace ONE UEM Console, navigate to Groups & Settings > All Settings > Devices & Users > Android > Intelligent Hub Settings.
  2. Select the Override radio button to change the default settings.
  3. For Require Google Account, select the DISABLED button.
    Graphical user interface, application

Description automatically generated 
  4. Scroll down, then select the ENABLED button, for AirWatch Cloud Messaging.
    Graphical user interface, application, Teams

Description automatically generated 
  5. Click Save.

Creating a Basic User Account (optional)

After setting up AirWatch Cloud Messaging, the final step of the initial process is to create a basic user account.

Note: Workspace ONE UEM manages devices by keeping track of the users of each device. Therefore, it is necessary to create and integrate user accounts for devices to enroll into Workspace ONE UEM. See Workspace ONE UEM documentation for detailed information on advanced topics, such as integrating Workspace ONE UEM with Directory Services.

  1. From the Customer Level Organization Group (OG), navigate to Accounts > Users > List View, select Add, then Add User.
  2. In the General tab of the Add / Edit User window, complete the following settings to add a Basic User.
  • Setting - Description
  • Security Type - Select Basic to add a basic user.
  • Username - Enter a username with which the new user is identified. For testing purposes, we recommend using lower case, alpha, and no special characters.
  • Password - Enter a password that the user can use to log in. This will be included in the QR Bar Code setup. A user will not need to enter this in manually.
  • Confirm Password - Confirm the password.
  • Full Name - Complete the First Name, Middle Name, and Last Name of the user.
  • Display Name (Optional) - Represent the user in the UEM console by entering a name.
  • Email Address - Enter or edit the user's email address.
  • Email username (Optional) - Enter or edit the user's email username.
  • Domain (Optional) - Select the email domain from the drop-down setting.
  • Phone Number (Optional) - Enter the user's phone number including plus sign, country code, and area code. This option is required if you intend to use SMS to send notifications.
  1. In the Enrollment tab, complete the following settings to add a Basic User:
  • Enrollment Organization Group - Select the organization group into which the user enrolls. Default settings are recommended.
  • Allow the user to enroll into additional Organization Groups - You can allow the user to enroll into more than one organization group. If you Enable this option, but leave Additional Organization Groups blank, then any child OG created under the Enrollment Organization Group can be used as a point of enrollment. Default settings are recommended.
  • Additional Organization Groups - This setting only appears when the option to allow the user to enroll into additional OGs is Enabled. This setting allows you to add additional organization groups from which your basic user can enroll. Default settings are recommended.
  • User Role - Select the role for the user you are adding from this drop-down setting. Default settings are recommended.
  1. In the Notification tab, complete the following settings to add a Basic User, and then click Save:
  • Message Type - Select the type of message you want to send to the user, Email, SMS, or None. Selecting SMS requires a valid entry in the Phone Number option.
  • Message Template - The basic user activates their account with this notification. For security reasons, this notification does not include the user's password. Instead, a password reset link is included in the notification. The basic user selects this link to define another password. This password reset link expires in 24 hours automatically. Select the template for email or SMS messages by selecting one from this drop-down setting. Optionally, select Message Preview to preview the template and select the Configure Message Template to create a template.

The following profile settings are recommended for Android based VR devices. Other settings should be configured based on customers individual requirements. You must also have a smart group defined to include the VR headsets.

  1. While logged into Workspace ONE UEM, change to the Organization Group (OG) that manages your headsets.
  2. Navigate to Resources > Profiles & Baselines > Profiles and select Add and then Add Profile.
  3. Select Android.
  4. Enter the profile the Name: Headset Config.

    Optional: Add Description.
  5. Set Permissions payload.
    1. Scroll down and locate the Permissions payload.
    2. Select ADD (to the right). The Summary panel on the right side of the screen displays the added payload. You are now able to make changes to the Permissions payload.
    3. Under the Permissions drop down menu, for Permission Policy, select Grant All Permissions.
  6. Set Restrictions payload.
  1. Scroll down and locate the Restrictions payload.
  2. Select ADD to include the Restriction payload to the summary.
  3. Under the Restrictions drop down menu, untick (deactivate) the following two options.
    1. Allow All Keyguard Features
    2. Allow Keyguard
  1. Set Application Control payload.
  1. Scroll down and locate the Application Control payload.
  2. Select ADD to include the Application Control payload to the summary.
  3. Under the Application Control drop down menu, leave all check boxes in their default positions. In order for the payload to be configured with the default options, deselect and then immediately select one of the checkboxes.
  1. Select the Next button.
  2. Under Assignment, select an appropriate smart group.
  3. Under Deployment, make the following selections.
  1. Assignment Type – Auto
  2. Allow Removal – Always
  3. Managed By – select the organization group you specified in a previous step.

    Result: The Preview screen to the right displays, showing a preview of the devices included in the smart group you selected above. If this screen displays Total Assigned Devices 0, you can add devices to the smart group later. The profile you just made is assigned to this smart group whether it contains devices or not.
  1. Select the Save & Publish button.

Installing ADB for VR Device Enrollment

Some VR devices require the use of the Android Debug Bridge (adb) to install software or configure the device. ADB can be downloaded here: https://developer.android.com/studio/releases/platform-tools

Install ADB and make sure that the adb command is accessible from the laptop/desktop command line.

Note: ADB is not required for Meta Quest 2 Consumer Device enrollment, since Workspace ONE ConQuest includes ADB.

Note: ADB is not required for Pico Neo 3 enrollment when using QR Code.

Next Step: Specific Device Enrollment

After you have completed the initial Workspace UEM setup, select one of the following specific devices to finish enrollment from the navigation bar on the left:

  • Google Glass Enrollment
  • HTC VIVE Focus 3 Enrollment
  • HTC VIVE Focus & Focus Plus Enrollment
  • Magic Leap 2
  • Meta Quest 2 (Consumer) Enrollment
  • Oculus For Business Device Enrollment
  • Pico VR Enrollment
  • RealWear Enrollment
  • Vuzix Enrollment

Oculus For Business Device Enrollment

VMware Workspace ONE Unified Endpoint Management (UEM) platform enables you to securely manage your Oculus For Business Headsets from the same console you use for your more traditional devices, after an easy onboarding process. This section describes how to conduct an Oculus for Business Headset enrollment into Workspace ONE UEM.

Oculus Quest 2 for Business: Everything you need to know | Unbound VR

After completing the initial Workspace UEM setup, you are now ready to enroll your Oculus for Business Headset devices.

Initial Device Setup

Before enrolling the device into Workspace ONE UEM, the Oculus For Business device must be registered with Oculus for Business. Follow the instructions at: Getting Started.

Using Oculus Device Manager to deploy Workspace ONE UEM Agent

Oculus For Business requires that the Oculus Device Manager be used to configure MDM. The Workspace ONE UEM Agent (aka AirWatch agent) should be deployed using Oculus Device Manager. Once installed, a user or administrator can enroll the device into Workspace ONE UEM.

To deploy the Workspace ONE UEM Agent:

  1. Log into your Oculus for Business Dashboard.
  2. At the top of the screen, select the Apps menu.
    Graphical user interface, text, application

Description automatically generated 
  3. Download the AirWatch Agent:
    https://awagent.com/mobileenrollment/airwatchagent.apk
  4. Select Add App and add a new app for the Workspace One Agent with a URI to a hosted location in which the APK file can be downloaded by the headset. For example:
    https://awagent.com/mobileenrollment/airwatchagent.apk
  5. Select Mobile Device Management > Workspace ONE from the dropdown. If this is not available, contact your Oculus For Business representative.
    Graphical user interface, text, application

Description automatically generated 
  6. Click Add App.
  7. Click Device Fleet.
  8. Select a device you want to manage with Workspace ONE UEM.
  9. Under Mobile Device Manager, edit the MDM Authority and change it to Workspace ONE.

     
  10. Click Save. This forces a device factory reset and reboots the device.
  11. After the device is rebooted, you must pair your device using the Oculus For Business mobile application (Android only). Follow the instructions here: https://business.oculus.com/support/764685520644699
  12. Complete the Oculus For Business setup procedure.
  13. When setup is complete, the device should launch the Workspace ONE Intelligent Hub App, allowing you to enroll the device.

Enrolling

Place the headset on, and continue registration from within the device as follows:

  1. On boot-up, the Hub app should be launched automatically by the device.
  2. Enter the following in the next few screens to enroll the device:
  • Server: Device Services Server address (for example: ds135.awmdm.com)
  • Group ID: Organization Group ID
  • Enrollment User/Password: Enrollment User & password
  1. Click through one privacy statement, and wait until the device runs through enrollment and displays the enrolled user, email address, and some informational items.
  2. From the Customer or Child OG, within the Workspace ONE UEM Console, navigate to Devices > List View. You should see your device enrolled into the Workspace ONE UEM Console. You should now be able to manage these devices using Android Enterprise-based profiles.

Managing Device PIN Code

Note the following limitation:

  • If you move an Oculus For Business device into a different Oculus Device Manager group, the PIN code will be removed. If a PIN code policy has been set in Workspace ONE UEM, this will cause Hub to request the user to reset the device PIN.

Managing Kiosk Mode

Note the following limitation:

  • Use the Oculus Device Manager to set up kiosk mode.
  • Workspace ONE UEM LockTaskMode and Workspace ONE Launcher are not supported on Oculus for Business devices.

Conclusion

You have now completed enrollment of your Oculus For Business VR Headset into Workspace ONE UEM. For information about enrolling other wearable devices with Workspace ONE UEM, see the following sections of this guide and select from the navigation bar to the left:

  • Google Glass Enrollment
  • HTC VIVE Focus 3 Enrollment
  • HTC VIVE Focus & Focus Plus Enrollment
  • Magic Leap 2
  • Meta Quest 2 (Consumer) Enrollment
  • Oculus For Business Device Enrollment
  • Pico VR Enrollment
  • RealWear Enrollment
  • Vuzix Enrollment

Meta Quest 2 (Consumer) Enrollment

VMware Workspace ONE Unified Endpoint Management (UEM) platform enables you to securely manage your Meta Quest 2 consumer devices from the same console you use for your more traditional devices. This section describes how to conduct a Meta Quest 2 (consumer) device enrollment into Workspace ONE UEM.

Oculus Quest 2 for Business: Everything you need to know | Unbound VR

After completing the initial Workspace UEM setup, you are now ready to enroll your Meta Quest 2 (consumer) Headset devices.

Initial Device Setup

Before enrolling the device into Workspace ONE UEM, the Meta Quest 2 device must be connected to the Oculus Mobile App.

To connect the Meta Quest 2 device to the Oculus Mobile App:

  • Ideally, the device should not have been previously set up. If it was, factory reset the device using the Oculus Mobile App.
  • If you're new to Meta, or using Meta Quest, a Facebook or Oculus Test account is required to use your device, apps, and the app store (https://developer.oculus.com/resources/test-users/). Set up a Facebook or Oculus Test account before using the device.
  • Your user must be registered as a developer to enroll devices using ConQuest. You can register as a developer by joining an existing organization or creating a new one.

To join an existing organization:

  1. Request access from the admin to the existing organization.
  2. You will receive an email invite. Accept the invite to become a member of the organization.

To create a new organization:

  1. Go to https://developer.oculus.com/manage/organizations/create/
  2. Fill in the appropriate information.
  3. Download and install the Oculus Mobile App to your iOS or Android device.
  4. Log in with your Facebook or Oculus Test Account credentials.

Installation and Enrollment

To set up your device for Workspace ONE UEM enrollment:

  1. Download Workspace ONE ConQuest App from https://flings.vmware.com/workspace-one-conquest.
  2. Select ConQuestApp.zip for download from the dropdown.
  3. Install .NET Desktop Runtime.
  4. Extract and run the ConQuestApp.exe.
  5. Configure ConQuestApp to use credentials, credentials.xml, credentials.bin, or staging package zip.
  6. Choose whether or not you want ConQuest to run after a device is connected to USB (Autostart USB).
  7. Connect the Meta Quest 2 to the PC using USB Cable (you might need to use a phone USB-C cable).
  8. Power on your device and press the Oculus button on both controllers to wake them.
  9. Follow instructions in the Oculus Mobile App to pair your headset with the Mobile app.
  10. In the Mobile App, select Menu > Devices, and select your headset from the dropdown menu.
  11. Configure a Wi-Fi using the Oculus Mobile App.
  12. Under Headset Settings, select Developer Mode and toggle it on.
  13. Put on the headset and select Allow Connections to PC (in the Oculus headset).
    Note: Make sure to authorize USB debugging in the headset when prompted (you may be asked to do this several times).
  14. Monitor the progress in the connected headset.
    1. ConQuest should quickly go through a process to configure the headset, and launch Intelligent Hub App, and auto- enroll the device using the credentials supplied.
    2. You may be asked to remove accounts. If so, click Remove Accounts and remove any existing accounts listed.
  15. When the privacy statement appears, click the agreement, and wait as the device setup completes.
  16. When the Workspace ONE ConQuest is complete, open the Workspace ONE UEM Console, and from the Customer or Child OG, navigate to Devices > List View. You should see your device enrolled into the Workspace ONE UEM Console. You should now be able to manage these devices using Android Enterprise-based profiles.

Managing Device PIN Code

Note the following limitation:

  • The Meta Quest 2 consumer device only supports pattern passcode. If you need to set a passcode policy, set the policy in Workspace ONE UEM to Any.

Managing Kiosk Mode

Note the following limitation:

  • Workspace ONE UEM LockTaskMode and Workspace ONE Launcher are not supported on Meta Quest 2 consumer devices.

Managing In-Headset Experience

You can use Workspace ONE UEM to control what users have access to when using the device. This may be necessary to prevent users from accessing consumer focused or inappropriate content and apps. For example, you can:

  • Restrict access to the Oculus Store
  • Restrict access to the Explore application
  • Restrict access to Oculus Events
  • Stop users from adding user accounts

Restricting Access to Apps

Use the following steps to restrict user access to certain applications:

  1. In the Workspace ONE UEM Console, select the appropriate organizational group for your Meta Quest 2 devices.
  2. Select Groups & Settings from the left side navigation menu.
  3. Select Groups > App Groups from the middle navigation menu.
  4. Select Add Group.
  5. Select the Type dropdown and select Denylist.
  6. Select the Platform dropdown and select Android.
  7. Select the Name field and type in a suitable name for your group.
  8. Click Add Application, and enter the name of the application you wish to block.
  9. Enter the application ID (for example: com.oculus.store).
     
  10. Click Add Application to add other applications (such as com.oculus.explore, com.oculus.browser, etc.), and then click Next.
  11. Click the Organizational Group you wish to assign the deny list to, and then click Finish.

Preventing the Addition of More Users

Use the following steps to stop users from adding additional users to the device:

  1. Access the Workspace ONE UEM Console and select the appropriate organizational group for your Meta Quest 2 devices.
  2. Select Resources from the left side navigation menu.
  3. Select Profiles & Baselines from the middle navigation menu.
  4. Select Profiles.
  5. Click Add, and then select Android.
  6. Add a Name to your profile.
  7. Find the Application Control payload from the list and click Add.
  8. Enable Disable Access to Denied Apps.
  9. Find the Restrictions payload from the list and click Add.
  10. Disable Allow adding Goggle Accounts.
  11. Disable Allow adding/deleting accounts, and then click Next.
  12. Select the smart group you wish to assign the profile to, and then click Save & Publish.

Conclusion

You have now completed enrollment of your Meta Quest 2 device into Workspace ONE UEM. For information about enrolling other wearable devices with Workspace ONE UEM, see the following sections of this guide and select from the navigation bar to the left:

  • Google Glass Enrollment
  • HTC VIVE Focus 3 Enrollment
  • HTC VIVE Focus & Focus Plus Enrollment
  • Magic Leap 2
  • Meta Quest 2 (Consumer) Enrollment
  • Oculus For Business Device Enrollment
  • Pico VR Enrollment
  • RealWear Enrollment
  • Vuzix Enrollment

Pico VR Device Enrollment

VMware Workspace ONE Unified Endpoint Management (UEM) platform enables you to securely manage your Pico VR Headsets from the same console you use for your more traditional devices, after an easy onboarding process. This section describes how to conduct a Pico VR Headset enrollment into Workspace ONE UEM.

Pico Neo 3 | Empowering Leaders in Enterprise VR | 6DoF All-In-One VR headset

Figure 1 Pico Neo 3

A picture containing remote, video, wii, game

Description automatically generated

Figure 2 Pico Neo 2

Pico G2 4K: Full Specification - VRcompare

Figure 3 Pico G2 4K

After completing the initial Workspace UEM setup, you are now ready to enroll your Pico VR Headset devices.

There are two options for installation and enrollment of Pico devices:

  • Pre-installed or USB key-based QR Code and user enrollment during device setup (Pico Neo 3 only)
  • Manual / scripted enrollment by IT (requires connecting device to a PC or laptop with ADB)

Installing and Enrolling – QR Code (Pico Neo 3 only)

Pico devices support a QR Code-based enrollment during device setup. This requires that a QR Code generated by Workspace ONE UEM be converted to a PNG format file, and either placed on the root of the device or on the root of a USB key plugged into the device during boot.

For ordering at volume from Pico, you can request that a QR Code be placed on the root of the device. Contact Pico for more information. Alternatively, a QR Code can be placed on the root of a FAT32 formatted USB-C key to be inserted into the device at boot.

To generate a QR Code, follow the instructions: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2011/Android_Platform/GUID-AWT-GENERATEQRCODEWITHENROLLCONFIGWIZ.html

Download the QR Code PDF file, open the file, and screenshot or image capture the QR Code. Save the QR Code image as QRCode.PNG.

Send your QRCode.PNG file to Pico or save it to the root of a FAT32 formatted USB-C key.

For users or administrators who power on the device for the first time:

  1. Take the device out of the box, and make sure that the device and the controllers are charged.
  2. If necessary, plug in the USB-C Key with the QR Code into the headset.
  3. Power on the Pico device.
  4. Follow the in-headset instructions to complete the initial setup of the device.
  5. If you have specified Wi-Fi configuration in the QR Code, the user can skip Wi-Fi configuration.
  6. The user will be prompted to select Quick Setup (as seen below):
    Graphical user interface

Description automatically generated 
  7. Click Quick Setup.
  8. Wait as this launches a process that configures Wi-Fi (if specified in the QR Code), then download and install the Workspace ONE UEM agent and enroll the device.
  9. If you did not provide credentials in the QR Code, the user will be prompted to enter the enrollment username and password.
  10. When the device is enrolled, the user is asked to accept the privacy statement for the Workspace ONE UEM agent.
  11. Once enrolled, the device downloads the appropriate profiles, applications, and content from Workspace ONE UEM.
  12. Within the Workspace ONE UEM Console, from the Customer or Child OG, navigate to Devices > List View. You should see the device enrolled into the Workspace ONE UEM Console. You should be able to manage these devices using Android Enterprise-based profiles.

Installing and Enrolling – Manual

To register a shared device with a Workspace ONE UEM environment, start with the installation and enrollment process.

  1. Download the following APK and have it on your computer: http://discovery.awmdm.com/mobileenrollment/airwatchagent.apk
  2. If you are not starting with a new device, do a factory reset of the Pico HMD through the settings menu on the device.
  3. After the device is powered on, connect to a Wi-Fi network, and follow the steps in the headset to get to the Pico main screen.
  4. Critical: Launch the browser and verify that you can connect to your Workspace ONE URL. For example, https://ds135.awmdm.com (a successful connection means you will be re-directed, and you should see a Workspace ONE login screen). If you cannot connect to this site, you must switch to a Wi-Fi network that can, before you continue.
  5. Make sure that your system is updated to the latest firmware by launching the System Update (in Settings) app and updating.
  6. Plug the headset into your setup machine (where you downloaded the agent) by using the USB cable provided, and begin an ADB session.
  7. Type adb devices and press Enter. This should result in showing your connected device authorized for access.
  8. If this shows no devices connected, enable developer mode by clicking Settings > More Settings > System | Developer Options > Turn On.
  9. Install the apk you downloaded earlier onto the Pico using the adb install command. This should result in a success message.
  1. Run the following adb command to set up the Airwatch agent as the device owner:
    adb shell dpm set-device-owner com.airwatch.androidagent/com.airwatch.agent.DeviceAdministratorReceiver
  2. Place the headset on, and continue registration from within the device as follows:
  3. Launch the Hub app that you installed above.
  4. Enter the following in the next few screens to enroll the device:
  • Server: Device Services Server address (for example: ds135.awmdm.com)
  • Group ID: Organization Group ID
  • Enrollment User/Password: Enrollment User & password
  1. Click through one privacy statement, and wait until the device runs through enrollment and displays the enrolled user, email address, and some informational items.
  2. From the Customer or Child OG, within the Workspace ONE UEM Console, navigate to Devices > List View. You should see your device enrolled into the Workspace ONE UEM Console. You should now be able to manage these devices using Android Enterprise based profiles.

Setting Up Certificate Management

If you need to install private certificates (certs with a password), setting a device pin is required to enable the Android keystore. In order to support a device pin, you need to ensure your devices are running the following firmware: G2 4K (PUI 3.11.3) and Neo 2 (PUI 3.13.1). Contact your Pico representatives to request this firmware.

Passcode policy does not work in the latest versions of Pico UI (PUI). Contact Pico to access a custom ROM to address this issue.

Managing Device PIN Code

Note the following limitations:

  • Setting a passcode on a Pico Neo 2 and 3 device is not supported. Pico Neo 2 and 3 no longer correctly renders the PIN setting UI. Contact Pico for a custom ROM to address this issue
  • Setting a passcode on Pico Neo 3 will cause Workspace ONE UEM to prevent users from using the device. Do not set Passcode policy on the Pico Neo 3. Setting a PIN Code on the Pico Neo 3 is not supported. Contact Pico for a custom ROM to address this issue.

Managing Kiosk Mode

Note the following limitation:

Setting Up Controller Binding

If you are using the device in kiosk mode, you should bind the controller to the HMD. For more information, see http://static.appstore.picovr.com/docs/ControllerBinding/chapter_two.html.

Conclusion

You have now completed enrollment of your Pico VR Headset into Workspace ONE UEM. For information about enrolling other wearable devices with Workspace ONE UEM, see the following sections of this guide and select from the navigation bar to the left:

  • Google Glass Enrollment
  • HTC VIVE Focus 3 Enrollment
  • HTC VIVE Focus & Focus Plus Enrollment
  • Magic Leap 2
  • Meta Quest 2 (Consumer) Enrollment
  • Oculus For Business Device Enrollment
  • Pico VR Enrollment
  • RealWear Enrollment
  • Vuzix Enrollment

HTC VIVE Focus 3 Device Enrollment

The HTC VIVE Focus 3 device needs a different installation and enrollment flow than its predecessors, the VIVE Focus and VIVE Focus Plus. The VIVE Focus 3 can be automatically enrolled into Workspace ONE from boot via QR Code enrollment.

Vive Focus 3 Specs: 5K, New Lenses, Swappable Battery, $1300

After completing the initial Workspace UEM setup, you are ready to enroll your HTC VIVE Focus 3 Headset device.

Note: Workspace ONE UEM currently supports HTC VIVE Focus 3 headsets running firmware version of 3.0.999.456 or newer.

QR Code Installation and Enrollment

To install and enroll your HTC VIVE Focus 3 Headset into Workspace ONE UEM:

  1. To generate your Workspace ONE UEM enrollment QR Code, see: https://www.vive.com/hk/support/focus3/category_howto/setting-up-vmware-airwatch-agent-via-qr-code.html.
  2. Unbox and power on the HTC Device. When the device is powered on, a welcome screen is displayed.
  3. When the welcome screen appears, press the Headset button three times to enable passthrough.
  4. Use the onscreen QR code scanner to scan the QR code displayed on your computer screen.
  5. The MDM Setup window appears. The VMware AirWatch agent then automatically enrolls the headset. When enrollment is complete, follow the onscreen instructions to finish setting up the headset.
  • Click through one privacy statement, and wait until the device runs through enrollment and displays the enrolled user, email address, and additional information.
  1. From the Customer or Child OG within the Workspace ONE UEM Console, navigate to Devices > List View. You should see your device enrolled into the Workspace ONE UEM Console. You should now be able to manage these devices using Android Enterprise-based profiles.

Batch Configuration Installation and Enrollment

Alternatively, you can set up your headset using the HTC VIVE Batch Configuration process: https://business.vive.com/uk/support/dms/category_howto/creating-batch-configuration-file.html

  1. Add the AirWatchAgent.apk file to your batch configuration setup.
  2. Add a Workspace ONE UEM credentials.bin file (from a Staging Package) to your configuration setup  (https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/ProdProv_All/GUID-5C3B4CFC-6DFA-4C07-BCD0-1FE95C254DCB.html).
  3. Add the following text to a file named enroll_script, and add it to the batch configuration setup:
    am start -a android.intent.action.MAIN -n com.airwatch.androidagent/com.airwatch.agent.ui.activity.SplashActivity -e hideui true --user 0
    sleep 5
    #pm grant com.airwatch.androidagent android.permission.READ_EXTERNAL_STORAGE
    am broadcast -a com.airwatch.agent.action.IMPORT_CREDENTIAL_XML -e file /sdcard/credentials.bin --user 0
    sleep 5
    am broadcast -a com.airwatch.agent.action.AUTO_ENROLL --user 0
    ls -la /data
    ls -la /sdcard
    rm -rf /sdcard/Download
    rm -rf /data/sys_log

After you have created your batch configuration file, you can continue to enroll the headset.

To install and enroll your HTC VIVE Focus 3 Headset into Workspace ONE UEM:

  1. On a Windows/Mac device, unzip your Batch Configuration zip file (created using the Batch Configuration process above), then copy RichuImage.zip and key to the SD card.
  2. Unbox and power on the HTC Device.
  3. When the device is powered on, connect to a Wi-Fi network and follow the steps in the headset to get to the HTC main screen.
  4. Ensure your system is updated to the latest firmware: version 3.0.999.456 or later.
  5. Insert the SD card with the batch configuration package into the Focus 3 (behind the magnetic facial interface).
  6. Initiate a Factory Reset by navigating to Settings > Advanced > Reset device > Reset.
  7. Reboot and the device should complete batch configuration, displaying a success dialog in the VR environment.
  8. The device automatically launches the Intelligent Hub App and conducts device enrollment using the credentials provided in the batch configuration.
  9. From the Customer or Child OG within the Workspace ONE UEM Console, navigate to Devices > List View. You should see your device enrolled into the Workspace ONE UEM Console. You should now be able to manage these devices using Android Enterprise-based profiles.

Managing Device PIN Code

Note the following limitations:

  • If you want the user to set a passcode, ensure the passcode policy is set prior to device enrollment.
  • If a passcode policy is set after enrollment, the user will not be notified via Intelligent Hub App and the user will not be forced to set a device passcode.

Managing Kiosk Mode

Note the following limitation:

Conclusion

You have now completed enrolling your HTC VIVE Focus 3 Headset into Workspace ONE UEM. For information about enrolling other wearable devices with Workspace ONE UEM, see the following sections of this guide and select from the navigation bar to the left:

  • Google Glass Enrollment
  • HTC VIVE Focus 3 Enrollment
  • HTC VIVE Focus & Focus Plus Enrollment
  • Magic Leap 2
  • Meta Quest 2 (Consumer) Enrollment
  • Oculus For Business Device Enrollment
  • Pico VR Enrollment
  • RealWear Enrollment
  • Vuzix Enrollment

HTC VIVE Focus & Focus Plus Device Enrollment

This section describes how to conduct an HTC VIVE Focus / VIVE Focus Plus VR Headset enrollment into Workspace ONE UEM.

VIVE Focus Plus

After completing the initial Workspace UEM setup, you are ready to enroll your HTC VR Headset devices. The following instructions should be followed to register a shared device with a Workspace ONE UEM environment.

Note: Workspace ONE UEM currently supports HTC VIVE Focus Plus headsets running firmware version of 4.14.623.1 or newer, as well as VIVE Focus headsets running version 3.13.623.1 or newer.

Installing and Enrolling

To install and enroll your HTC VR Headset into Workspace ONE UEM:

  1. Download the following APK and have it on your computer: http://discovery.awmdm.com/mobileenrollment/airwatchagent.apk
  2. If you are not starting from a new device, do a factory reset of the HTC HMD by clicking Settings > More Settings > Personal | Reset > Factory Data Reset.
  3. Once the device is powered on, connect to a Wi-Fi network, and follow the steps in the headset to get to the HTC main screen.
  4. Critical: Launch the browser and verify that you can connect to your Workspace ONE URL. For example, https://ds135.awmdm.com (a successful connection means you will be re-directed, and you should see a Workspace ONE login screen). If you cannot connect to this site, you must switch to a Wi-Fi network that can connect before you continue.
  5. Ensure your system is updated to the latest firmware by launching the System Update (in Settings) app and updating. Again, your VIVE Focus Plus must be running version 4.14.623.1 or newer, while your VIVE Focus must be running version 3.13.623.1 or newer.
  6. Plug the headset into your setup machine (where you downloaded the agent) via the USB cable provided, and begin an adb session.
  7. Type adb devices and press Enter. This should result in showing your connected device authorized for access.
    If this shows no devices connected, enable developer mode by clicking Settings > More Settings > System | Developer Options > Turn On.
  8. Install the apk you downloaded earlier onto the HTC using the adb install command. This should result in a success message.
  9. Run the following adb command to set up the Airwatch agent as the device owner:
    adb shell dpm set-device-owner com.airwatch.androidagent/com.airwatch.agent.DeviceAdministratorReceiver
  10. Place the headset on, and continue registration from within the device as follows:
  11. Launch the Hub app that you installed earlier.
  12. Enter the following in the next few screens to enroll the device:
    • Server: Device Services Server address (for example: ds135.awmdm.com)
    • Group ID: Organization Group ID
    • Enrollment User/Password: Enrollment User & password
    • Click through one privacy statement, and wait until the device runs through enrollment and displays the enrolled user, email address, and some informational items.
  13. From the Customer or Child OG, within the Workspace ONE UEM Console, navigate to Devices > List View. You should see your device enrolled into the Workspace ONE UEM Console. You should now be able to manage these devices using Android Enterprise-based profiles.

Conclusion

You have now completed enrolling your HTC VIVE VR Headset into Workspace ONE UEM. For information about enrolling other wearable devices with Workspace ONE UEM, see the following sections of this guide and select from the navigation bar to the left:

  • Google Glass Enrollment
  • HTC VIVE Focus 3 Enrollment
  • HTC VIVE Focus & Focus Plus Enrollment
  • Magic Leap 2
  • Meta Quest 2 (Consumer) Enrollment
  • Oculus For Business Device Enrollment
  • Pico VR Enrollment
  • RealWear Enrollment
  • Vuzix Enrollment

Magic Leap 2 Enrollment & Management

This section describes how to enroll Magic Leap 2 device into Workspace ONE UEM. VMware Workspace ONE Unified Endpoint Management (UEM) platform enables you to securely manage your Magic Leap 2 device from a single console, after an easy onboarding process.

A pair of sunglasses

Description automatically generated with medium confidence

After completing the initial Workspace UEM setup, you are now ready to enroll your Magic Leap 2.

Creating an Enrollment QR Code

The QR code enrollment method sets up and configures Magic Leap 2 through simply scanning a QR code. The QR code contains a payload of JSON values with all the information needed for the device to connect to a Wi-Fi network, download the WS1 Intelligent Hub and be enrolled all with one quick scan. Although this can also be set up manually with a third party QR Code generator and a manual JSON payload, Workspace ONE UEM provides an easy wizard for creating a QR Code that can be used to enroll Magic Leap 2 devices.

  1. From the Customer Level OG, navigate to Devices > Lifecycle > Staging > List View > Configure Enrollment.
  2. In the Enrollment Configuration Wizard window, select the Android panel.
  3. Select the QR Code panel, and click the Configure button.
    Graphical user interface, application

Description automatically generated 
  4. Select the Wi-Fi Security Level of the encrypted Wi-Fi Network to be used for automatic configuration, when scanning the QR Code. This could be a temporary Wi-Fi Network used for Staging only. (This does not support EAP-TLS Cert based Wi-Fi Networks.) Once the device is enrolled, a Production Wi-Fi Profile can be pushed to the device from the Workspace ONE UEM Console.
    Graphical user interface, text, application

Description automatically generated 
  5. Complete the form by providing the SSID and Password, and click Next.
  6. Select the download location for the Workspace ONE Intelligent Hub, and click Next. Use the default value unless you intend to host the server from which the Workspace ONE Intelligent Hub can be downloaded.
    Graphical user interface, text, application, email

Description automatically generated 
  7. Configure the Organization Group (OG). This will determine the OG to which the device will be enrolled. Select the Enabled button, then select the OG from the dropdown box.
  8. Configure the Login Credentials. This is the Basic User that you created earlier. Select the Enabled button, then click in the Username field, and choose the user from the dropdown list. Next, provide the correct associated password for that user.
  9. Keep the System Apps Enabled, and Force AOSP/Closed Network Enrollment Disabled. Click Next.
    Graphical user interface, application

Description automatically generated 
  10. To save a .pdf document to your hard drive, select the Download File option. To scan the Enrollment QR Code directly from your PC Screen, select the View PDF option.
  11. Alternatively, when adding users to Workspace ONE UEM, a message can be sent via email that includes their enrollment QR Code. See Device and User Message Templates Settings for more information.

Finishing Magic Leap 2 QR Code Enrollment

After creating an enrollment QR Code, the final step is to complete the enrollment process on the Magic Leap 2 device.

  1. Power on the ML2 device, go through the OOBE Steps using device:
    • Pair the controller.
    • Note: It might be necessary to plug the controller into the Magic Leap 2 device using the USB-C cable.
    • Select the language.
    • Complete or skip the prescription insert instructions.
    • Accept the EULA.
    • Choose Enrollment to enroll your device into Workspace ONE UEM.
  2. Select Start Scan with the Magic Leap 2 controller to scan the QR Code:
     
  3. Position the Magic Leap 2 device so that the QR Code is inside the target rectangle. Note that it might take a few seconds to scan the QR Code.
    • If you have issues scanning the QR Code:
      1. Zoom in on the QR code in the PDF document so that it is at least 8” x 8” in size when viewed on the screen / a PC monitor.
      2. Maximize the window on the monitor. QR Code image should be at least 8 inch by 8 inch in size.
      3. View it at a large magnification (such as full screen) on a very large monitor that has a 3 : 4 aspect ratio. (Higher aspect ratios will negate the largeness of the monitor.)
      4. The monitor needs to have a matte / anti-reflective finish (or be situated with special background lighting).
      5. The ambient lighting for the area around the monitor should be bright to avoid head-pose loss as the qr code detection is currently head pose sensitive.
      6. The monitor settings might need to be tweaked for contrast, brightness, and sharpness (a midway setting for each of them is recommended).
      7. Some amount of movement (for position and viewing angle) of the wearable (or the monitor) might be required to help with the capture.
      8. Scan the QR Code with a Viewing distance between 12” – 36”.
  4. If scanned successfully, you will be presented with the following:
     
  5. Click Accept & Continue using the Magic Leap 2 controller.
  6. Click Next.
    A picture containing graphical user interface

Description automatically generated 
  7. Device enrollment begins with:
     
  8. Shortly, the device becomes enrolled, and the Workspace ONE Intelligent Hub app shows the current user.
  9. Press the Home button on the Magic Leap 2 controller to get back to the Magic Leap home application.
  10. From the Customer or Child OG in the Workspace ONE UEM Console, navigate to Devices > List View. You should see your device enrolled into the Workspace ONE UEM Console. You should now be able to manage these devices using Android Enterprise-based profiles.

Updating Firmware with Over The Air (OTA) Updates

Note: OTA updates require VMware Workspace ONE UEM version 2206 or later.

Workspace ONE UEM can push firmware updates to the Magic Leap 2 device. Follow these steps to perform an OS upgrade:

  1. Download the latest Magic Leap 2 OS OTA Update file (available as and when Magic Leap publish OTA updates).
  2. In Workspace ONE UEM, create a Provisioning > Component > File/Action.
    • Upload the Magic Leap 2 OS OTA ZIP file.
      • Use the path $osupdate$/
    • Add an OS Upgrade action to the Manifest.
      • Select the uploaded ZIP file for the OS File.
  3. In Workspace ONE UEM, go to Provisioning > Product List View.
    • Select Add a Product, and then select Android.
    • Add details to the product, and select a smart group to assign the OS update to.
    • Add a File/Action – Install action to the Manifest.
      • Select the OS Upgrade File/Action component you created.
    • Add any conditions or deployment schedule to the product.
    • Click Activate to start the OS upgrade process.

For more information on OS updates for Work Managed devices, see Android OS Update for Work Managed Device.

Accessing Device Logs

Workspace ONE UEM can collect logs using two primary mechanisms:

  1. Request Device Log from Workspace ONE UEM Console.
    1. To collect Hub, System, or Security logs, see Request Device Log.
      1. Note: For device system logs, users will need to access Intelligent Hub on the Magic Leap 2 devices. Use the controller to click the top bar of the application, and click Share on the Bug Report notification.
  1. Pull device logs using Workspace ONE Assist:
    1. To collect system logs using remote ADB commands, see Command-Line Interface, Android.

Managing Applications

Applications can be silently installed remotely to the Magic Leap 2 device using Workspace ONE UEM. In summary:

  • Application APKs and supporting files must be either uploaded to Workspace ONE UEM or placed on a web/file server that is accessible by the device.
  • Applications and any supporting files are installed by Workspace ONE UEM to all assigned devices.

For more information on managing applications, see Deploying Internal Application on Android Devices.

Magic Leap Resources

For more information on the Magic Leap 2 devices, the following articles from Magic Leap can be useful:

 You can also contact Magic Leap support at care@magicleap.com.

Conclusion

You have now completed enrolling your Magic Leap 2 device into Workspace ONE UEM. For information about how to enroll other types of wearable devices with Workspace ONE UEM, see the following sections of this guide and select from the navigation bar to the left:

  • Google Glass Enrollment
  • HTC VIVE Focus & Focus Plus Enrollment
  • HTC VIVE Focus 3 Enrollment
  • Meta Quest 2 (Consumer) Enrollment
  • Oculus For Business Device Enrollment
  • Pico VR Enrollment
  • RealWear Enrollment
  • Vuzix Enrollment

RealWear Device Enrollment

This section describes how to conduct a RealWear HMT-1 (Non-Intrinsically Safe) or HMT-1Z1 (Intrinsically Safe) wearables/Workspace ONE enrollment. RealWear wearables are designed for hands-free use in hazardous environments. VMware Workspace ONE Unified Endpoint Management (UEM) platform enables you to securely manage your RealWear wearables from a single console, with an easy onboarding process.

After completing the initial Workspace UEM setup, you are ready to enroll your RealWear HMT-1 (Non-Intrinsically Safe) or HMT-1Z1 (Intrinsically Safe) wearable devices.

Creating an Enrollment QR Code

The first step in the device enrollment process is to create Enrollment QR codes.

  1. From the Customer Level OG, navigate to Devices > Lifecycle > Staging > List View > Configure Enrollment.
  2. In the Enrollment Configuration Wizard window, select the Android panel.
  3. Select the QR Code panel, and click the Configure button.
    Graphical user interface, application

Description automatically generated 
  4. Select the Wi-Fi Security Level of the encrypted Wi-Fi Network to be used for automatic configuration, when scanning the QR Code. This could be a temporary Wi-Fi Network used for Staging only. (This does not support EAP-TLS Cert based Wi-Fi Networks). Once the device is enrolled, a Production Wi-Fi Profile can be pushed to the device from the Workspace ONE UEM Console.
    Graphical user interface, text, application

Description automatically generated 
  5. Complete the form by providing the SSID and Password, and click Next.
  6. Select the download location for the Workspace ONE Intelligent Hub, and click Next. Use the default value unless you intend to host the server from which the Workspace ONE Intelligent Hub can be downloaded.
    Graphical user interface, text, application, email

Description automatically generated 
  7. Configure the Organization Group (OG). This will determine the OG to which the device will be enrolled. Select the Enabled button, then select the OG from the dropdown box.
  8. Configure the Login Credentials. This is the Basic User that you created earlier (this only supports basic users). Select the Enabled button, then click in the Username field, and choose the user from the dropdown list. Next, provide the correct, associated password for that user.
  9. Keep the System Apps Enabled, and Force AOSP/Closed Network Enrollment Disabled. Click Next.
    Graphical user interface, application

Description automatically generated 
  10. To save a .pdf document to your hard drive, select the Download File option. To scan the Enrollment QR Code directly from your PC Screen, select the View PDF option.

Checking Firmware Version

After creating an enrollment QR Code, the next step in the device enrollment process is to conduct a firmware versions check.

Note: The RealWear HMT-1 needs to be running the latest version of firmware that supports Android Enterprise (AOSP) enrollment. The minimum version is Android 8.1 (Build Number greater than v11).

  1. Power on your RealWear HMT-1 device. (For device operations, see the instruction manual provided by RealWear.)
  2. Check the display to make sure that the battery level is greater than 30%, as a Software update cannot be performed if the battery is not at 30% or higher.
  3. Speak the Show Help command to show the list of available commands on the screen.
    Graphical user interface, application

Description automatically generated 
  4. Speak the My Programs command.
  5. Speak the About Device command to determine the version of firmware running on the device.
    Graphical user interface, application

Description automatically generated 
  6. If the version of firmware is lower than the one shown here, you’ll need to upgrade the firmware to complete the QR Code enrollment process. Skip the Firmware Update Section below, if your firmware is already updated to this version or higher.

Updating Firmware

After conducting a firmware versions check, the next step in the device enrollment process is to conduct a firmware update.

Note: The RealWear HMT-1 needs to be running the latest version of firmware that supports Android Enterprise (AOSP) enrollment. The minimum version is Android 8.1 (Build Number greater than v11). If the version of your firmware is lower, upgrade the firmware before proceeding. If your firmware is already updated to this version or higher, skip this Firmware Update section, and proceed to Finish Enrollment.

  1. Power on your RealWear HMT-1 device. For device operations, see the instruction manual provided by RealWear.
  2. Check the display to make sure that the battery level is greater than 30%, as a Software update cannot be performed if the battery is not at 30% or higher.
  3. Speak the Navigate Home command to return to the home screen.
  4. Speak the My Programs command to view the My Programs screen.
  5. Speak the Configuration command to scan a QR Bar Code that will establish Wi-Fi Settings for the device, in order to download the latest version of firmware.
  6. On your PC or MAC, navigate to https://realwear.setupmyhmt.com. Click the Configuration button.
    Diagram

Description automatically generated 
  7. Click the First Time Setup button.
    Table

Description automatically generated with medium confidence 
  8. Select your preferred language, then select NEXT.
    Graphical user interface, application

Description automatically generated 
  9.  Set your time and date, then select NEXT.
    Graphical user interface, text, application

Description automatically generated 
  10. Provide your preferred WiFi Settings for the device, and select NEXT.
    Graphical user interface, text, application

Description automatically generated 
  11.  Scan the QR Code with the HMT-1 Camera to configure your device.
    Qr code

Description automatically generated 
  12. The Wi-Fi should be configured at this point. Speak the Wireless Update command. If available, follow the commands on the screen to complete the Wireless Update.

Finishing the RealWear HMT-1 QR Code Enrollment

After updating firmware, the final step is to complete the RealWear HMT-1/Workspace ONE enrollment.

Note: The RealWear HMT-1 needs to be running the latest version of firmware that supports Android Enterprise (AOSP) enrollment. The minimum version is Android 8.1 (Build Number greater than v11).

  1. After a firmware update, the HMT-1 should have performed a factory reset. Within a few minutes, this will automatically present the Configuration screen through the HMT-1 viewer, allowing for a QR Code scan.
  2. Aim your HMT-1 Camera at the QR Code that you created in the Enrollment QR Code Creation section.
    Graphical user interface, application

Description automatically generated 
  3. The camera will automatically capture the QR Code, and the enrollment process will begin. The Downloading Status screen will appear as the WS1 Hub is downloaded from the cloud, followed by an Installing… notification.
  4. When the Accept & Continue Screen appears, speak the command Accept & Continue. Enrollment will begin.
  5. Shortly, the device will become enrolled, and the Workspace ONE Intelligent Hub app will show the current user. Speak the command Navigate Home. The Hub Icon should be present in your My Programs screen.
    A screen shot of a cell phone

Description automatically generated with medium confidence 

From the Customer or Child OG, within the Workspace ONE UEM Console, navigate to Devices > List View. You should see your device enrolled into the Workspace ONE UEM Console. You should now be able to manage these devices using Android Enterprise based profiles.

Conclusion

You have now completed a RealWear HMT-1 or HMT 1Z1 enrollment into Workspace ONE UEM. For information about how to enroll other types of wearable devices with Workspace ONE UEM, see the following sections of this guide and select from the navigation bar to the left:

  • Google Glass Enrollment
  • HTC VIVE Focus 3 Enrollment
  • HTC VIVE Focus & Focus Plus Enrollment
  • Magic Leap 2
  • Meta Quest 2 (Consumer) Enrollment
  • Oculus For Business Device Enrollment
  • Pico VR Enrollment
  • RealWear Enrollment
  • Vuzix Enrollment

Google Glass Enrollment

This section describes how to enroll Google Glass EE2 smart glasses into Workspace ONE UEM. VMware Workspace ONE Unified Endpoint Management (UEM) platform enables you to securely manage your Google Glass EE2 smart glasses from a single console, after an easy onboarding process.

A pair of sunglasses

Description automatically generated

After completing the initial Workspace UEM setup, you are now ready to enroll your Google Glass EE2 smart glasses.

Creating an Enrollment QR Code

The QR code enrollment method sets up and configures Google Glasses through simply scanning a QR code. The QR code contains a payload of JSON values with all the information needed for the device to connect to a Wi-Fi network, download the WS1 Intelligent Hub and be enrolled all with one quick scan. Although this can also be set up manually with a third party QR Code generator and a manual JSON payload, Workspace ONE UEM provides an easy wizard for creating a QR Code that can be used to enroll Google Glasses.

  1. From the Customer Level OG, navigate to Devices > Lifecycle > Staging > List View > Configure Enrollment.
  2. In the Enrollment Configuration Wizard window, select the Android panel.
  3. Select the QR Code panel, and click the Configure button.
     
  4. Select the Wi-Fi Security Level of the encrypted Wi-Fi Network to be used for automatic configuration, when scanning the QR Code. This could be a temporary Wi-Fi Network used for Staging only. (This does not support EAP-TLS Cert based Wi-Fi Networks). Once the device is enrolled, a Production Wi-Fi Profile can be pushed to the device from the Workspace ONE UEM Console.
     
  5. Complete the form by providing the SSID and Password, and click Next.
  6. Select the download location for the Workspace ONE Intelligent Hub, and click Next. Use the default value unless you intend to host the server from which the Workspace ONE Intelligent Hub can be downloaded.
     
  7. Configure the Organization Group (OG). This will determine the OG to which the device will be enrolled. Select the Enabled button, then select the OG from the dropdown box.
  8. Configure the Login Credentials. This is the Basic User that you created earlier. Select the Enabled button, then click in the Username field, and choose the user from the dropdown list. Next, provide the correct, associated password for that user.
  9. Keep the System Apps Enabled, and Force AOSP/Closed Network Enrollment Disabled. Click Next.
     
  10. To save a .pdf document to your hard drive, select the Download File option. To scan the Enrollment QR Code directly from your PC Screen, select the View PDF option.

Finishing Google Glass EE2 QR Code Enrollment

After creating an enrollment QR Code, the final step is to complete the enrollment process on the smart glasses.

  1. From a factory refreshed state, EE2 presents a provisioning application. After the device boots up, you should be presented with the following screen. If you do not see this screen upon boot up, you need to factory reset your device.
    A picture containing drawing, bird

Description automatically generated 
  2. From this screen, a tap on the right temple of the Google Glass will launch the camera in the EE2 eyepiece, allowing for a QR Code scan.
  3. Aim your EE2 Camera at the QR Code that you created in the Enrollment QR Code Creation section.
    A screenshot of a computer

Description automatically generated 
  4. The camera will automatically capture the QR Code, and the enrollment process will begin. The Downloading Status screen will appear as the Workspace ONE Intelligent Hub is downloaded from the cloud, followed by an Installing… notification.
  5. If the Accept & Continue Screen appears, tap the right temple of the glass for Enrollment to begin.
  6. Shortly, the device will become enrolled, and the Workspace ONE Intelligent Hub app will show the current user. Swiping down on the right temple from here should exit to the home screen of the device.
  7. From the Customer or Child OG, within the Workspace ONE UEM Console, navigate to Devices > List View. You should see your device enrolled into the Workspace ONE UEM Console. You should now be able to manage these devices using Android Enterprise based profiles.

Conclusion

You have now completed enrolling your Google Glasses into Workspace ONE UEM. For information about how to enroll other types of wearable devices with Workspace ONE UEM, see the following sections of this guide and select from the navigation bar to the left:

  • Google Glass Enrollment
  • HTC VIVE Focus 3 Enrollment
  • HTC VIVE Focus & Focus Plus Enrollment
  • Magic Leap 2
  • Meta Quest 2 (Consumer) Enrollment
  • Oculus For Business Device Enrollment
  • Pico VR Enrollment
  • RealWear Enrollment
  • Vuzix Enrollment

Vuzix M400 & M4000 Enrollment

This section describes how to enroll Vuzix M400 or M4000 smart glasses into Workspace ONE UEM. VMware Workspace ONE Unified Endpoint Management (UEM) platform enables you to securely manage your Vuzix smart glasses from a single console, after an easy onboarding process.

After completing the initial Workspace UEM setup, you are now ready to enroll your Vuzix smart glasses.

Creating an Enrollment QR Code

The QR code enrollment method sets up and configures Vuzix glasses through simply scanning a QR code. The QR code contains a payload of JSON values with all the information needed for the device to connect to a Wi-Fi network, download the Workspace ONE Intelligent Hub, and be enrolled all with one quick scan. Although this can also be set up manually with a third party QR Code generator and a manual JSON payload, Workspace ONE UEM provides an easy wizard for creating a QR Code that can be used to enroll Google Glasses.

  1. From the Customer Level OG, navigate to Devices > Lifecycle > Staging > List View > Configure Enrollment.
  2. In the Enrollment Configuration Wizard window, select the Android panel.
  3. Select the QR Code panel, and click the Configure button.
    Graphical user interface, application, Teams

Description automatically generated 
  4. Select the Wi-Fi Security Level of the encrypted Wi-Fi Network to be used for automatic configuration, when scanning the QR Code. This could be a temporary Wi-Fi Network used for Staging only. (This does not support EAP-TLS Cert based Wi-Fi Networks). Once the device is enrolled, a Production Wi-Fi Profile can be pushed to the device from the Workspace ONE UEM Console.
    Graphical user interface, text, application

Description automatically generated 
  5. Complete the form by providing the SSID and Password, and click Next.
  6. Select the download location for the Workspace ONE Intelligent Hub, and click Next. Use the default value unless you intend to host the server from which the Workspace ONE Intelligent Hub can be downloaded.
    Graphical user interface, text, application

Description automatically generated 
  7. Configure the Organization Group (OG). This will determine the OG to which the device will be enrolled. Select the Enabled button, then select the OG from the dropdown box.
  8. Configure the Login Credentials. This is the Basic User that you created earlier. Select the Enabled button, then click in the Username field, and choose the user from the dropdown list. Next, provide the correct, associated password for that user.
  9. Keep the System Apps Enabled, and Force AOSP/Closed Network Enrollment Disabled. Click Next.
    Graphical user interface, application

Description automatically generated 
  10. To save a .pdf document to your hard drive, select the Download File option. To scan the QR Code directly from your PC Screen, select the View PDF option.

Finishing Vuzix QR Code Enrollment

After creating an enrollment QR code, the final step is to complete the enrollment process on the smart glasses. Out of the box, the Vuzix glasses can follow the procedure below.

Note: If the device has been configured previously, it will require a factory reset to take advantage of this provisioning method (Settings > System > Reset options > Erase all data).

  1. On the screen below, press and hold the front-most button on the glasses for 3 to 4 seconds until the Provisioning App launches.
    A picture containing text

Description automatically generated 
  2. This will immediately launch the camera. Aim the Vuzix camera at the QR Code that you created in the Enrollment QR Code Creation section.
    Graphical user interface, application

Description automatically generated 
  3. The camera will automatically capture the QR Code, and the enrollment process will begin. The Downloading Status screen will appear as the Workspace ONE Intelligent Hub is downloaded from the cloud, followed by an Installing… notification.
  4. If the Accept & Continue Screen appears, press the rear-most button to continue.
  5. Just before the process finishes, you will be presented with the Vuzix End User License Agreement, which you need to read and accept. You can accept and continue the process by again pushing the rear-most button on the glasses.
    Text

Description automatically generated 
  6. Shortly afterward, the device will become enrolled, and the Workspace ONE Intelligent Hub app will show the current user.
  7. From the Customer or Child OG, within the Workspace ONE UEM Console, navigate to Devices > List View. You should see your device enrolled into the Workspace ONE UEM Console. You should now be able to manage these devices using Android (Enterprise) based profiles.

Conclusion

You have now completed enrolling your Vuzix smart glasses into Workspace ONE UEM. For information about how to enroll other types of wearable devices with Workspace ONE UEM, see the following sections of this guide and select from the navigation bar to the left:

  • Google Glass Enrollment
  • HTC VIVE Focus 3 Enrollment
  • HTC VIVE Focus & Focus Plus Enrollment
  • Magic Leap 2
  • Meta Quest 2 (Consumer) Enrollment
  • Oculus For Business Device Enrollment
  • Pico VR Enrollment
  • RealWear Enrollment
  • Vuzix Enrollment

Summary and Additional Resources

Wearable technologies are becoming ever more popular—particularly augmented reality (AR), mixed reality (MR), and virtual reality (VR) head-mounted displays (HMDs)—and interest is expected to grow rapidly. To address this growing market and its resulting challenges, VMware has partnered with leading vendors to deliver scalable management and app delivery for Android and Windows 10-based wearables. This guide walks you through the steps toward Workspace ONE UEM enrollment for Meta Quest, HTC VIVE Focus, Pico, Magic Leap, RealWear, Pico, and Google Glass devices.

Additional Resources

For more information about delivering and managing wearable devices through VMware Workspace ONE UEM, explore the following resources:

Changelog

The following updates were made to this guide.

Date

Description of Changes

2022‑09‑30

Added new section about enrolling and managing Magic Leap 2 devices with Workspace ONE UEM, and updated the guide throughout

2022‑06‑28

Updated enrollment processes for Meta Quest 2 and HTC VIVE Focus 3, which now supports QR Code enrollment

2022‑06‑16

Added new section about controlling in-headset experience with Meta Quest 2 (Consumer) and updated throughout

2022‑05‑24

Updated Pico enrollment options and new QR Code option

2022‑03‑22

Added HTC VIVE Focus 3, Meta Quest 2 Consumer, Oculus For Business, and Pico Neo 3 device enrollment procedures

2021‑01‑20

Added Vuzix M400 & M4000 enrollment procedures

2020‑11‑19

Added HTC VIVE Focus & Focus Plus Headset enrollment procedures

2020‑10‑01

Initial publication of RealWear, Pico VR, and Goggle Glass enrollment procedures

Authors and Contributors

The following authors, contributors, and subject-matter-expert reviewers collaborated to create this guide.

Authors

  • David Dwyer, Sr. Solution Engineer, End-User-Computing Technical Marketing, VMware
  • Matt Coppinger, Director, End-User-Computing Product Management, VMware
  • Jon Duncan, Group Product Line Manager, UEM IoT, Mobile PM, EMM VMware

Contributors

  • Christina Minihan, Senior Staff End-User-Computing (EUC) Architect, End-User-Computing Technical Marketing, VMware

Feedback

To comment on this paper, contact VMware End-User-Computing Technical Marketing at euc_tech_content_feedback@vmware.com.


Associated Content

From the action bar MORE button.

Filter Tags

Workspace ONE Workspace ONE UEM Document Fundamental Intermediate Deploy Manage