Workspace ONE Drop Ship Provisioning (Online) Explanation

Workspace ONE Drop Ship Provisioning (Online) is an alternate method to provision devices before they ship to your workplace or to your end users. This method provides a more dynamic way to assign and provision because you can add and update what you want provisioned over the air (OTA). Make changes anytime, and update the payloads dynamically. They become part of your resources suite for future devices.

With Workspace ONE Drop Ship Provisioning (Online), you configure the system in the Workspace ONE UEM console. You also work with the manufacturer order devices for Workspace ONE Drop Ship Provisioning (Online). Your OEM requests specific information about your Workspace ONE UEM console, along with any Workspace ONE UEM tags that you want to apply to these devices to determine payload assignments. With this information, the manufacturer builds your devices and puts a Provisioning Agent from Workspace ONE UEM on the devices. This agent communicates with Workspace ONE UEM to get your profiles, apps, and device login method. This process results in your device user receiving a device from the manufacturer that is current with your business's approved settings, apps, and resources.

How Does Workspace ONE Drop Ship Provisioning (Online) Work?

Workspace ONE UEM uses the Workspace ONE OEM Provisioning Service to store your device registration information from the manufacturer. It communicates with your devices through the Provisioning Agent ensuring the devices are provisioned with your desired resources. The device provisioning workflow over the air follows the listed steps.

1. Enable Workspace ONE Drop Ship Provisioning (Online) in Workspace ONE UEM.
2. Create a tag and assign payloads to the assignment groups using the smart groups defined with the tag.
3. Order your devices and give the manufacturer your Workspace ONE UEM information.
4. The manufacturer registers the devices with Workspace ONE OEM Provisioning Service. Optionally, the devices can be self registered using the self registration flow in the UEM console.
5. The manufacturer builds your devices and puts the Provisioning Agent on them.
6. The Workspace ONE UEM scheduler syncs or you manually sync and get registered information from the OEM Provisioning Service. Devices are now listed on the Enrollment Status page in the console.
7. The manufacturer powers on the device and the Provisioning Agent communicates with the OEM Provisioning Service.
8. The Provisioning Agent enrolls with Workspace ONE UEM and gets the current profiles, apps, and login configurations for the current device.
9. The Provisioning Agent deploys the assigned payloads and shows a Green success screen to the operator.

The device is ready to ship, fully provisioned based on your most current Workspace ONE UEM payload assignments.

Requirements

Before you can configure Workspace ONE Drop Ship Provisioning (Online), you must meet the following requirements.

• Tasks required for the admin.
  • Use the Workspace ONE Intelligent Hub for Windows 20.10 or later.
  • From the UEM console, navigate to Groups & Settings > All Settings > Devices & Users > Windows > Windows Desktop > Intelligent Hub Application.
    • Publish Intelligent Hub
      • Check Publish Workspace ONE Intelligent Hub for “Unknown or has not been set” as well as any other Device Ownership Types in use by the OG.
    • Configure Intelligent to Update automatically
      • Check Intelligent Hub Automatic Updates.
  • Configure Software Distribution in the organization group where your Workspace ONE Drop Ship Provisioning (Online) settings reside. For details about this system, access Software Distribution of Win32 Applications.
  • Use Workspace ONE UEM 2105 or later (SaaS only).
  • Workspace ONE Drop Ship Provisioning (Online) does not support On-Demand or User context applications. Ensure your app assignments are in the Device context, and are set to Automatic deployment.
• Tasks and packages required for the device.
  • Register all devices with the Workspace ONE OEM Provisioning Service.
  • Stage all devices by booting into Sysprep audit mode, then installing the Provisioning Tool with Generic PPKG.

Step 1: Configure Workspace ONE Drop Ship Provisioning (Online) in the Workspace ONE UEM console.

1. Select the organization group you want to configure Workspace ONE Drop Ship Provisioning (Online).
2. Go to Devices > Lifecycle > Devices & Users > Drop Ship Provisioning.
3. Click Enable Workspace ONE Drop Ship Provisioning.
4. Copy the Organization Group UUID and give it to your manufacturer.
5. Save the settings.

Step 2: Create a tag in the Workspace ONE UEM console.

The Workspace ONE Drop Ship Provisioning (Online) system uses this tag to match your Workspace ONE UEM configurations with your registered devices. Record the tag value and give it to your manufacturer.

1. Select the applicable organization group.
2. Go to Groups & Settings > All Settings > Devices & Users > Advanced > Tags and select Create Tag.
3. Enter a name for the tag. You can use any name you want. Consider using a name that identifies the business unit that uses these provisioned devices. For example, enter the name RnD for the research and development unit.
4. Save your tag.

Step 3: Create a smart group in the Workspace ONE UEM console and assign the tag to it.

Workspace ONE UEM uses the tag to match your configurations to the devices in the smart group.

1. Ensure you are in the right organization group.
2. Go to Groups & Settings > Groups > Assignment Groups and select Add Smart Group.
3. Enter a name for the smart group and use the Criteria type.
4. Select the Tag section and enter the tag you previously created.
5. Save your smart group.

Step 4: Configure the log in experience in the Workspace ONE UEM console for end users.

To create local accounts for access, create a local administrator account using a Custom Settings profile and using Microsoft's Accounts CSP. For access to the SyncML for this profile, see VMware Policy Builder.

If you have an on-premises domain, you can join your devices to the domain and enable users to login with their Active Directory credentials. Find information on domain join through Workspace ONE UEM at How Do You Deploy Domain Join Configurations for Windows Desktop?.

Step 5: Assign profiles and apps to the Workspace ONE Drop Ship Provisioning (Online) smart group in the Workspace ONE UEM console.

Configure or edit profiles and assign them to the provisioning smart group you previously created. Also, publish apps to this smart group. Workspace ONE Drop Ship Provisioning (Online) does not support On-Demand or User context applications. Ensure your app assignments are in the Device context, and are set to Automatic deployment.

Step 6: Register devices with the manufacturer and give them your item information (checklist).

Work with your device manufacturer to order your devices. The manufacturer registers your devices using the Workspace ONE UEM tag and the Organization Group UUID .

Here is a checklist of the items you give your manufacturer.

• Give them the Origination Group UUID you captured when you enabled Drop Ship Provisioning.
• Give them the tag you created in Workspace ONE UEM in the Tags area.

Step 7: Sync devices in the Workspace ONE UEM console, either manually or wait for the scheduler.

You can wait for the scheduler job to sync your registered devices from the manufacturer or you can initiate a sync.

1. Ensure you are in the correct organization group.
2. Go to Devices > Lifecycle > Enrollment Status.
3. Select Sync Devices > Windows.

Your registered devices display on the Enrollment Status page.