After creating the content you want to push to devices in Workspace ONE UEM, you can put all that content, including the applications, the files, and installation rules, in a product to be provisioned. Creation of the product also defines the order in which content is installed.
Prerequisites
Procedure
- Navigate to Devices > Provisioning > Product List View > Add Product.
- Select the Platform you want to create a product for.
- Complete the General text boxes.
Setting Description Name Enter a name for the product. The name cannot be longer than 255 characters. Description Enter a short description for the product. Managed By Select the organization group that can edit the product. Smart Groups Enter the smart groups the product provisions. Smart groups are collections of devices that are built by identifying very specific device elements such as model, OS version, device tags, how the device was enrolled, how it's managed, and so forth. You can also build a smart group out of individual users and user groups. - Optionally select Add Rules and use Assignment Rules to control which devices receive the product.
You can apply application rules to unmanaged applications installed on the device. Because the Workspace ONE UEM console does not manage ALL applications, these rules are available for certain system applications and third-party applications.
You are restricted from selecting Assignment Rules for organization groups of type Partner and Global.
Setting Description Add Rule Create a rule for product provisioning. Displays the Attribute/Application, Operator, and Value drop-down menus.
The Attribute/Application drop down menu can include the following device metrics. Combined with strategic use of operators, support for device metrics enables you to isolate a single serial number, a range of IP addresses, physical storage type & size, and much more.
- MAC Address
- IP Address
- Serial Number
- Physical Storage (internal, total internal, available external, total external, this is always measured in MB)
- Battery Level
- SSID (a service set identifier is the string that uniquely names a wireless local area network WLAN).
Add Application Rule (Android Only) Android Only: Select to create an application rule for product provisioning. This rule allows you to require applications to have specific versions installed on the device for the rule to pass. Displays the Attribute/Application, Operator, and Value drop-down menus. Add Logical Operator You can make more complex rules by using logical operators such as AND, OR, NOT, and parentheses. Attribute/Application The custom attribute or application used to designate which devices receive the product. You create custom attributes separately.
Android Only: Only internal applications display in the drop-down menu. You can use Enter Manually to enter the package ID of any application that must be present on the device.For more information, see Custom Attributes.
Operator This operator compares the Attribute to the Value to determine if the device qualifies for the product.
Note:When making an assignment rule, comparisons using the less than (<) and greater than (>) operators (and their variants) can only be used to compare numerical values including integers.
The exception is when you are comparing OEM build versions, you can apply < and > operators on non-numerical ASCII strings. An example is when an OEM update filename includes hyphens, periods, and other characters together with numbers. Such assignment rules must identify a device manufacturer in the rule logic and that comparison is deemed accurate when the format on the device matches the one specified on the server.
Value The value of the custom attribute. All values from all applicable devices display here for the Attribute selected for the rule. - Select Save and add the Assignment Rule to the product.
- Select the Manifest tab.
- Select Add and select the Action(s) To Perform for the Manifest.
Action(s) to Perform Drop-Down Menu Settings Install Profile In the Profile text box, select the profile to install during the staging configuration. This component must be made before adding it to the manifest. Uninstall Profile In the Profile text box, select the profile to remove during the staging configuration. Install Application (Android Only) In the Application text box, select the App to install during the staging configuration. This component must be made before adding it to the manifest. Uninstall Application (Android Only) In the Application text box, select the App to remove during the staging configuration. Install Files/Actions In the Files/Actions text box, select the Files/Actions component to install during the staging configuration. This component must be made before adding it to the manifest. Uninstall Files/Actions In the Files/Actions text box, select the Files/Actions component to remove during the staging configuration. Reboot (Android Only) Reboots the device during the staging configuration. This action works best as the last step of the manifest. Warm Boot/Cold Boot (WinRugg Only) Warm Boot reboots the device during the staging configuration. This action works best as the last step of the manifest.
Cold Boot shuts down the device, forcing a restart by the end user. This action works best as the last step of the manifest.
Install Event Action (Android and WinRugg Only) In the Event Action text box, select the Event Action component to install during the staging configuration. This component must be made before adding it to the manifest. Uninstall Event Action (Android and WinRugg Only) In the Event Action text box, select the Event Action component to remove during the staging configuration. - Optional step for Android only - Enable or deactivate App Tunneling. Application Tunneling lets you run applications through a virtual private network.
- In order for App Tunneling to function correctly, you must first create a VPN profile for your Android device.
Create a VPN profile by navigating to Devices > Provisioning > Components > Profiles, select the Add Profile button, then select between the Android and Android (Legacy) platforms.
For details about the platform-specific settings available for VPN profiles, see the Platform Guides for Android and Android Legacy, both available on https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/index.html.
The console supports platform-specific VPN profiles when you enable the App Tunneling check box: you can select one VPN profile for Android and a separate VPN profile for Android Legacy.
- In order for App Tunneling to function correctly, you must first create a VPN profile for your Android device.
- Android and Windows Rugged only - Enable or deactivate Persistent through enterprise reset. Enable to keep the profile, application, files/actions, or event action on the device after an enterprise reset. For more information, see Product Persistence, Android and WinRugg.
- When finished with the single Manifest action, select Save.
- Select Add again to add additional Manifest actions. You can adjust the order of manifest steps using the up and down arrows in the Manifest list view. You can also edit or delete a manifest step.
- Select the Conditions tab if you want to use conditions with your product.
These conditions are optional and are not required to create and use a product.
- Select Add and select either Download Conditions, Install Conditions, or both.
- A Download Condition determines when a product is downloaded but not installed on a device.
- An Install Condition determines when a product is installed on a device.
- Select the Deployment tab if you want to control the time and date that products are activated and deactivated.
This tab is optional and is not required to create and use a product.
Setting Description Activation Date Enter the time when a product automatically activates for device job processing.
If the activation date is defined and the product is saved, the product stays inactive until the activation date is met according to the Workspace ONE UEM server time. The policy engine wakes up and automatically activates the product. You can manually activate products with activation dates beforehand. Manually activating a product overrides the activation date.
Deactivation Date Enter the time when a product automatically deactivates from current and new device job processing.
If the deactivation date is defined and the product is saved and currently active, it stays active until the deactivation date is met according to the Workspace ONE UEM server time. The policy engine wakes up and automatically deactivates the product. You can manually deactivate products with deactivation dates beforehand. Manually deactivating a product overrides the deactivation date.
A deactivation date cannot be set earlier than the activation date.
Pause/Resume Enable to ensure that an interrupted product provisioning due to Wi-Fi connectivity issues is retried in the following manner.
If you use a relay server, the Workspace ONE Intelligent Hub makes five attempts to contact the relay server to download the product. If the download fails or Wi-Fi connectivity fails, then the Hub makes five attempts to connect to the Device Services URL by way of HTTPS. On-premises admins can configure this setting at Groups & Settings > All Settings > Admin > Content Delivery Settings > File Sources Include HTTPS. This HTTPS setting is enabled by default in SaaS environments. If the product is still unavailable, then the job is moved to a Paused state.
After a while, the Hub changes the job state to Started and makes another five attempts to connect to the relay server and another five attempts on the Device Services (provided the option is enabled).
It repeats this process for a maximum 24 hours after the first connection failure. If, after this 24-hour period, the download is still not complete, the job is set to Failed.
Product Type Determine if a product is Required or Elective.
A required product provisions to assigned devices when deployment settings are met. An elective product is only provisioned when it is manually pushed on the Device Details View of a provisioned device.
Deployment Mode Select from the following how the product is to be deployed.
Relay Server with Workspace ONE Server as Backup – This is the default deployment mode. The device attempts to receive the product from the relay server initially, making five separate attempts, then falling back to device services as a secondary source.
Relay Server Only – The device attempts to receive the product from the relay server only. In a scenario where the relay server is not configured or deactivated, the fallback source is device services.
If multiple relay servers are assigned to a device, the Workspace ONE Intelligent Hub attempts to download the product five times from each relay server.
Expedite Deployment Enable this check box to give priority to this product. The Expedite Deployment check box is editable only when the product is inactive. For more information, see Prioritize Your Product With Expedited Deployment. - Select the Dependencies tab if you want to set the product to only provision devices that have other products provisioned as well.
- Select Add and add a dependent product.
You can add as many dependent products as you want.
- Select Add and add a dependent product.
- Select to deploy the product immediately by selecting Activate or wait to deploy later and select Save.