What Is VMware Workspace ONE Unified Endpoint Management (UEM)?

Device management made easy!

Workspace ONE Unified Endpoint Management (UEM) is a single solution that manages all device types on all platforms in all use cases. It incorporates modern device management, application management, and security to give IT teams control over the highly diversified device deployments found in so many organizations today. Take a look at this introductory demo to learn how Workspace ONE UEM can help you.

Now that you have a high-level overview of what Workspace ONE UEM can do for you and your organization, read on to learn about the key features and architecture.

Key Features

Today's modern workforce expect IT to offer technologies that help them work from anywhere, any time, and on any device. That means that IT needs to manage multiple device platforms, whether that be Windows, MacOS, iOS, Android, ChromeOS, and to allow access to work and data across all of those devices. This makes it challenging for IT to provide a consistent and seamless user experience. Workspace ONE UEM meets that challenge.

Workspace ONE UEM can be implemented using an on-premises or a cloud-based (SaaS) model. Both models offer the same key features and functionality to make your life as an IT admin easier:


Description automatically generated with medium confidence

Unified Endpoint Management

With Workspace ONE Unified Endpoint Management (UEM), you can manage devices used in the field and even in low-bandwidth environments. You can manage the full lifecycle of any endpoint – mobile (Android, iOS), desktop (Windows, macOS, Chrome OS), rugged and even IoT – in a single management console.

  • Bring your own. Supports every type of device that your end users might use: Choose-your-own, Corporate Owned, Locked Down, and more.
  • Supports full life-cycle management. Workspace ONE UEM supports full life-cycle management of a wide variety of devices: phones, tablets, Windows, and rugged and special-purpose devices.
  • Provides numerous enrollment options. Provides you with a wide variety of enrollment options, including auto-enrollment, QR code enrollment, sideload, in bulk, barcode enrollment like Zebra StageNow and Honeywell Enterprise Provisioner.

Assurance and productivity

You can deliver a great employee experience that is consistent on any device, no matter where your end users are located, by combining an easy login experience via Intelligent Hub with SSO, a self-service unified app catalog, and more. 

  • Single Sign-On. Utilizes certificates to establish trust, providing a password-less, single sign-on (SSO) experience. Your end users log in once. They don’t have to remember a bunch of credentials or type in the same password every time they access another app.
  • Easy Login via Intelligent Hub. End users can login to the Intelligent Hub to seamlessly launch the apps they need. And if they try to access an app with confidential data, the Hub prompts them to elevate management on their device.
  • Self-Service Access to Apps. Provides your end users with self-service access to the apps they need to get their jobs done. The App Catalog displays an individualized menu of applications and virtual desktops that each end user is entitled to. They can organize their options and select favorites to customize the catalog for easy use.

Automation and analytics

You can leverage intelligent insights and rule-based automation to optimize the end-user experience, ease the strain on IT, and allow proactive management and security. Workspace ONE UEM provides visibility and key analytics.

  • Automatic deployment. Provides automatic deployment or self-service application access for end users.
  • Device tracking. Provides you with the ability to track a device in the Workspace ONE UEM Console after it is enrolled, and to gather critical data such as system diagnostics, network information, certificates, apps, custom attributes, and more.
  • Customizable dashboards. Provides you with the ability to customize dashboards in infinite ways to provide the data that matters most, as well as analytics that help resolve issues that can impact user experience.
  • Dynamic policy engines. Provides you with the ability to set dynamic policies to automate routine processes that minimize manual tasks. For example, configuring a policy to proactively update drivers based on data retrieved during a vulnerability scan, or to optimize firmware settings that improve performance and stability.
  • Self-service capabilities. Provides you with the ability to grant self-service capabilities to end users, which reduces support requests. For example, recommending action based on data suggesting a battery is about to fail.

Corporate data and app protection

You can defend against modern-day security threats with the rich set of customizable controls that Workspace ONE UEM provides. You can address security on multiple fronts by customizing security and compliance policies, conditional access, device posture checks, and more. Workspace ONE UEM offers a comprehensive security approach that encompasses user, endpoint, app, data, and network.

  • Security settings. Provides you with the ability to configure security settings for both end users and devices that comply with all security requirements, and yet simplify access at the same time.
  • Troubleshooting. When things go wrong, you can utilize troubleshooting functionality, such as remote assistant or remote logging, to fix issues in real-time.
  • Monitoring and supervision. Provides built-in features for system settings, data protection, apps, device controls, and more, that can restrict actions like sharing sensitive data between apps and syncing with unknown devices to prevent data leakage. Corporate-owned devices can be supervised for higher levels of control.
  • Certificate lifecycle management. Provides a service that can renew certificates automatically or manually.
  • VMware Workspace ONE® Tunnel. Encrypts traffic from individual applications to the back-end systems they talk to with “least privilege access” through the VMware Unified Access Gateway™, which proxies and protects the application.


As an IT admin, you can use Workspace ONE UEM to handle device enrollment, a customized app catalog, policy enforcement, compliance, and integration with email, social media, and more.

In the following diagram, you can see your end users with their devices accessing a Workspace ONE UEM tenant in the cloud, which is powered by the AirWatch Cloud Connectors and Active Directory domain controller.

Graphical user interface, diagram</p>
<p>Description automatically generated

Workspace ONE UEM Components

Here are some of the key components that make up Workspace ONE UEM:

  • Workspace ONE UEM Console.
    Provides you with a friendly and intuitive console where you can configure policies to monitor and manage devices in your environment. The console is a service that is hosted in the cloud and managed for you as a part of the SaaS offering. It provides multi-tenancy, role-based access, profiles, app management options, smart groups, and more.
    Graphical user interface, application</p>
<p>Description automatically generated 
  • Workspace ONE UEM Device Services.
    Provides the ability to communicate with all of your managed devices for device enrollment, application provisioning, delivering commands and receiving data from devices, and hosting the self-service catalog.
  • AirWatch Cloud Connector.
    Provides you with the ability to integrate Workspace ONE UEM powered by AirWatch with your back-end enterprise systems. The AirWatch Cloud Connector runs in the internal network, and securely transmits requests from Workspace ONE UEM to your critical infrastructure components. The Cloud Connector integrates with internal components such as email relay, directory services, Email Management Exchange, Syslog, and more.
  • Workspace ONE UEM REST API.
    Provides support for developers creating their own applications to utilize the information in Workspace ONE UEM. You can use these APIs in Workspace ONE to query information, take actions, or create new items such as applications.
  • VMware Tunnel.
    Provides a secure and effective method for individual applications to access corporate resources hosted in the internal network. The Tunnel sets up a VPN connection between corporate apps and corporate resources. This provides greater security, especially for apps that contain sensitive data, including encryption, data protection, compliance, and removal of apps when a device is unenrolled.

Here are some of the additional members of the Workspace ONE family that interact with Workspace ONE UEM:

  • Workspace ONE Access (formerly VMware Identity Manager).
    It provides a seamless single sign-on (SSO) experience to web, mobile, software-as-a-service (SaaS), and legacy applications. VMware Workspace ONE Access provides application provisioning, an intuitive hub catalog, conditional access controls, directory integration, user authentication, and integration with resources such as Horizon.
  • Workspace ONE Intelligence.
    A cloud service built for the VMware Workspace ONE platform that provides deep insights into the entire digital workspace, allows smart unified endpoint management (UEM) planning, and delivers powerful automation for the entire digital workspace.
  • Workspace ONE Intelligent Hub.
    The Workspace ONE Intelligent Hub application allows end users to access enterprise and Web apps, stay connected with colleagues, and be productive on any device (Android, iOS, macOS, Windows) from anywhere.
    Graphical user interface, application</p>
<p>Description automatically generated 

Top 5 things you should know

Now that you’ve got an idea what Workspace ONE UEM can do, check out this video for the top 5 things you should know about Workspace ONE UEM.

Learn more

Here are some great places to go to learn more about Workspace ONE UEM:

Learn more about other VMware projects

If you are interested in other VMware projects, see the following introductions:

Filter Tags

Workspace ONE Workspace ONE UEM Document Announcement Overview Design App & Access Management Business Continuity DEX