Workspace ONE UEM provides customized levels of device and application management to help you balance corporate security and end-user privacy in a BYOD scenario.

Each management type provides a different balance of privacy and device management. You should work with your legal team and IT teams to determine which balance is best for your BYOD users. Use the following comparison to help make the most practical choice.

Table 1. Privacy Versus Security
Minimal Management Adaptive Management Required Management
<- -- ->
Devices
  • No MDM profile - devices cannot be managed by the enterprise.
  • No Profiles for Wi-Fi, VPN, Native Email, restrictions, etc.
  • No Device passcode complxity enforcement.
  • Factory wipe and remote device lock not allowed.
  • Flexible - end users choose whether their devices are managed by Workspace Services.
  • Configuration profiles for Wi-Fi, VPN, Native Email, restrictions, etc. are available after users enable Adaptive Management through Worspace Services.
  • Device passcode and complexity requirement enforced.
  • Factory wipe and remote device lock not allowed.
  • MDM profile - devices are fully managed by the enterprise using the Workspace ONE Intelligent Hub.
  • Configuration profiles for Wi-Fi, VPN, Native Email, restrictions, etc.
  • Device passcode and complexity requirement enforced.
  • Factory wipe and remote device lock enabled.
Applications
  • User manage application installation and permissions

    • Users must trust unknown sources (Android) or Trust Developer (iOS) to install internal, SDK, or wrapped applications.
    • Admins cannot deploy AppConfig & Per-App VPN or push applications.
  • Users access VMware Email, Content, and Browsing applications through VMware Workspace ONE.

  • Users are prompted to Enable Workspace Services when they initially access an application where management is required.

    • With Workspace Services enabled, all Required Management - Applications functionality is enabled.
    • With Workspace Services disabled, all Minimal Management - Applications functionality is enabled.
  • Admins push and pull public, internal, SDL, and wrapped applications to devices using MDM actions.
  • Admins monitor blacklisted applications and take compliance actions od devices.
  • Admins configure SSo and Per-App VPN.
  • Admins manage applications with AppConfig.
Privacy
  • User-centric privacy model

    • Minimal device and user information collected in applications.
    • Users configure privacy options for each application installed.
    • GPS location not tracked.
  • Balanced privacy model

    • Workspace Services profile optimizes functionality and minimizes privacy infringement.
    • Customized privacy notice communicates IT policies and collected data to end users.
    • GPS location not tracked.
  • Enterprise-centric privacy model

    • Corporate data protected at device and application level.
    • Workspace Services available.
    • GPS location tracking and geofencing available.