Workspace ONE UEM offers an extensive assortment of services, queues, certificates, and scheduler tasks as part of our software. Learn more about the services, queues, certificates, and admin scheduler tasks including descriptions that enhance your understanding of the full Workspace ONE UEM offering.

List of Services

Learn more about the Workspace ONE UEM offered services and their purpose within your environment.

Service

Description

AirWatch API Workflow This service processes device commands from REST API.
AirWatch Background Processor Service This service is used for asynchronous execution of long running jobs.
AirWatch Batch Processing Service This service processes batch requests from the AirWatch system.
AirWatch Cloud Messaging Service This service runs a message queueing server which transfers messages to and from devices and AirWatch servers.
AirWatch Compliance Service This service handles compliance rule level evaluations and takes action on the scheduler level.
AirWatch Content Delivery Service This service pushes staging and provisions content to relay servers.
AirWatch DataPlatform Service This service pushes data to the Intelligence platform.
AirWatch Device Scheduler This service orchestrates scheduled jobs across the console and devices.
AirWatch Directory Sync Service This service synchronizes uses and user groups from external user stores.
AirWatch Entity Change Queue Monitor This service monitors the event log queue and send outbound event logs.
AirWatch Entity Reconcile Service This service reconciles and syncs for entities linked to smart groups.
AirWatch Eventlog Processor Service This service monitors the event log queue, enriches them, and posts to the Intelligence platform.
AirWatch GEM Inventory Service This service communicates instance specific information to the GEM.
AirWatch Integration Service This service integrates AirWatch with third-party applications.
AirWatch Interrogator Service This service reads device sample information from the queues and writes the information to the database.
AirWatch MEG Queue Service This service reads and processes mobile email gateway requests from the message queues.
AirWatch Messaging Service This service sends messages to the respective device cloud services (Exmaple: APNS, FCM, and others).
AirWatch Outbound Queue Monitor Service This service subscribes for outbound event notifications.
AirWatch Policy Engine This service determines the product and the product set applicability and compliance for devices. If needed, project jobs are sent to the device to install/uninstall profiles, files, actions, and applications.
AirWatch Provisioning Package Service This service generates PPKG packages for the factory provisioning flow.
AirWatch Smart Group Service This service is responsible for smart group device map updates.
AirWatch SMS Service This service is used by AirWatch to send SMS messages to devices.
AirWatch Tunnel Service This service manages tunnel configuration for devices and servers such as traffic rules and outbound configurations.
MetadataTransformService This service stores the DDUI metadata information that is used to render the UI. Also, the service creates the final device profile before sending it to the device.

List of Message Queues

The following is a list of Workspace ONE UEM message queues and descriptions.

Queue Name Description
APNSOutbound iOS Outbound APNS Messages
AWAdminBatchQueue Administration Group Batch Processing
AwAdminPasswordNotificationQueue Password Expiration Management for Local Basic Admins
AWAppleCareGsxIntegration AppleCare Model Information Request
AWApplicationEventSample Application Analytics for iOS Content Locker
AWApplicationFeedback Used for Managed Application feedback samples
AWApplicationListSample iOS Application List Samples (From Device)
AWApplicationReport Handles report messages sent by the device SDK
AWAppScanTpiQueue App Scan requests to Third-Party Apps
AWAppWithUpdatesQueue VPP Applications Auto Update
AWAsyncExportQueue Async exports of Telecom data from console
AWAutoDiscovery Used for auto discovery messages
AWAvailableOsUpdatesListSample

Process the available OS Updates Samples for Devices

AWBaselineSample Baseline sample information from devices (in 1909, but not used)
AwBackgroundJobsReports Batch processing for legacy SSRS reports.
AWBiosSample Dell BIOS Samples
AWBluetoothInformationSample Android/WinMo Bluetooth Samples (From Device)
AWCallLogSample Android/WinMo Call Log Samples (From Device)
AWCellInformationSample Android/WinMo Cellular Information Samples (From Device)
AWCellSignalQualitySample Android/WinMo Cell Signal Quality Samples (From Device)
AWCellTowerInformationSample Android/WinMo Cell Tower Information Samples (From Device)
AWCertificateListSample iOS Certificate List Samples (From Device)
AWCMOutbound AWCM Outbound Messages [For Rugged]
AWComplianceReconciliationQueue
AWComplianceDeviceQueue Real Time Device Compliance for enrollment and reenrollment flows
AWComplianceServiceQueue Queue for standalone Compliance service
AwConditionalAccessConfiguredQueue decouples one-time upload (sync) large operation when configuring conditional access for Microsoft
AWContentBatchQueue Multi-file delete support for content
AWDepBatchQueue Process DEP sync and assign profile requests
AWDeviceCapabilitySample Android Device Capability Samples (From Device)
Awdevicecomplianceactionsqueue Installer changes to add a new queue for device compliance actions.
AWDeviceComplianceAttributeQueue TrustPoint Integration
AWDeviceCustomAttributeListSample List of device custom attributes, used primarily by rugged devices (Android, QNX, WinMo, Mac, PCs)
AWdeviceDomainJoinResourceQueue Windows 10 Offline Domain Join
AWCdnv3OriginMigrationqueue Used to migrate Blobs to CDN v3
AWDevicePolicyRuleComplianceEvaluationQueue Handles evaluation of sample for existing rules in the app list policy.
AWDevicePolicyRuleComplianceQueue Handles evaluation of rules on policy edit and app groups edit.
AWDeviceSampleData Used for initializing devices for compliance
AwDeviceSensorQueue Stores Windows 10 Custom Samples before sending to AWS
AwDeviceStateChangeQueue Contains Device State change events like Enrollment/Unenrollments and Compliant/Noncompliant.
AWDeviceSyncQueue Generic MDM Queue
AWDiskEncryptionSample Disk Encryption Samples (From Device)
AWEasSample Generic MDM Queue
AWEfotaSample Samsung Efota Samples
AWEscrowedGatewayProcessingQueue Decouple cert validation and presence in Escrow Gateway service through a scheduler
AWEventActionSample Event Actions Samples (From Device)
AWEventLog Keeps various events related to device/system activities
AwEventLogProcessor Stores event logs messages before being sent to Elastic Search (Inactive)
AWExternalDirectoryBatchQueue Queue for User Authentication and Directory Sync for Workspace One Access
AWFetchAppUpdatesQueue VPP Applications Auto Update
AWGPSCoordinateSample Android/WinMo GPS Coordinate Samples (From Device)
AWGPSExtendedCoordinateSample Android/WinMo Extended GPS Coordinate Samples (From Device)
AWHealthAttestationSample Queue Health Attestation Sample
AWInstalledApplicationListSample Installed Application List Sample (Inactive)
AWIntegrationService This queue is for handling Web Sense certificate requests asynchronously.
AWIntegrationServiceGenericQueue Queue Compliance State for Windows 10 Devices
AWInventoryCheckinCommandQueue GEM Inventory Service
AWLocalBasicUserSyncQueue Used for triggering a local basic user sync at regular intervals (inactive)
AWLogManagerXml WinMo LogManager XML Samples (From Device)
AWManagedLicenseListSample Windows [Phone] 10 Application and License Status
AWManagedMediaListSample Managed Media List Sample (Managed Books)
AWMegPayloads MEG Payload Samples (from API)
AWMemorySample Android/WinMo Memory Samples (From Device)
AWMetricsSample New Product Provisioning
AWMobileDataUsageSample Android/iOS [Non-]Mobile Data Usage Samples
AWNetworkAdapterSample Android/WinMo Network Adapter Samples (From Device)
AWNetworkWLANSample Android/WinMo Network WLAN Samples (From Device)
AWOemUpdateSample Process the status of the OEMUpdate(s) for Devices
AwOEMProvisioningQueue Device information for Windows OEM reprovisioning (in 1909, but not used)
AwOemUpdateSampleSummaryQueue DELL OEMUpdate Samples Summary
AWOpsDeviceRegistrationQueue
AWOsUpdateStatustListSample Process the status of the OS Updates for Devices
AWOutboundEventLog Outbound queues for the "Outbound Event Notification" feature
AWPatchApplicationListSample Application List for Unmanaged Devices
AWPolicyListSample New Product Provisioning
AWPolicyProductListSample New Product provisioning
AWPowerSample Android/WinMo Power Samples (From Device)
AWPrinterNotification Common MSMQ to send notifications to Zebra and Toshiba Print Servers
AWProfileListSample iOS Configuration Profile List Samples (From Device)
AwProvisioningPackageServiceQueue Cleans up the PPKG from the storage location (CDN)
AWProvisioningProfileSample iOS Provisioning Profile Samples (From Device)
AWPublishQueue iOS Bulk Profile Publish (From Console)
AWRestrictionsListSample iOS Restrictions List Samples (From Device)
AWRosterSyncQueue Queues an event for making a roster sync call to Apple API when an admin makes an on-demand request from the console.
AWScheduleOsUpdateResultListSample Process the results of the ‘Install OS Updates’ Command
AWSecurityInformationSample iOS Security Information Samples (From Device)
AWSeedSystemAppsQueue
AWSEGCompliance Compliance Information for SEG
AWSegFastCompliance MEM High Priority Compliance Commands
AWSelectiveApplicationListSample Application Sample Query for iOS 7+ Devices
AWSmartGroupDeviceMapCleanup
AWSmartGroupEvent Data for Monitoring User Group Change Events
AWSmartGroupPublish Smart Group Publish Events
AWSMSLogSample Android/WinMo SMS Log Samples (From Device)
AWTimeWindowSampleQueue
AWWindowsDeviceStatusSample Windows Device Status Sample
AWSWindowsInformationSample Windows Information Sample (Windows 8 Devices only)
AWSystemSample Android/iOS/WinMo Device/System Information Samples (From Device)
AWToMagOutboundQueue Queues message to be sent to MAG through AWCM
AWUemEnrollmentEventQueue
AWUpdateManagedAppleId
AWUpdateListSample Microsoft EMM: Handles messages related to Windows Updates Revisions
AWUploadToCdnQueue Seed Agents to CDN
AWUserBatchQueue User Batch Processing Information
AWUserDataSample OneDrive Integration for User Data Recovery and Migration (Inactive)
AWUserGroupsBatchQueue Process User Group actions (sync user attributes, add missing users)
AWUserListSample Used for saving user list sample changes.
AWVMInstanceSample OS X VMware Flex Integration – Flex VM Status Reported from OS
AWVppBulkDeployment Process Users for VPP bulk registration of users and licenses
AWVppLicensePreAssignmentQueue Queues an event for making a license preassignment call to Apple API when an admin makes this on-demand request from the console.
AWVppLicenseSyncQueue Queue to process the VPP apps for license sync
AwWindows10KioskQueue Kiosk profile publishing
AwWindowsPpkgPackagingQueue Export applications from WS1 into the PPKG format
AwWindowsSecurityInformationSample Windows 10 DeviceGuard / Security Information Sample (Inactive)
awwindowsupdatequeue Windows 10 (Microsoft EMM)
AWWindowsWmiSample Windows device queue for WMI samples
AWWnsNotification Windows Notification Service (WNS) Notifications
AWWorkflowEvent Process all workflow events
AWWorkflowStatusSampleQueue Workflow status must go through MSMQ for changes of Rate-Limit WF Status Processing
awvpplicensesmanagement To store the message about the device ID and list of application IDs to revoke licenses for.
C2DMOutbound Android Outbound C2DM Messages
FastLaneAPNSOutbound iOS Outbound APNS Messages
FastLaneWnsOutbound Critical WNS Outbound Messages
GCMOutbound Android Google Cloud Messaging Outbound
SyncDirectoryAdminAttributesQueue Queues for the Directory Sync Service
SyncDirectoryGroupsQueue Queues for the Directory Sync Service
SyncDirectoryUserAttributesQueue Queues for the Directory Sync Service
WorkFlow-DeviceCommands API Workflow

List of Certificates

The following is a list of Workspace ONE UEM certificates bundled in the installer and the certificate generated by the installer.

File Name Installed Location Purpose
AppleAPNs_Entrust2048.cer

Trusted Root Certification Authorities

Apple Push Notification Service

AppleComputerRootCertificate.cer Trusted Root Certification Authorities Apple Root CA
AppleWWDRIntCA.cer Intermediate Certification Authorities Issuer for certificates used to sign software for apple devices
AW_Admin_User_Root.cer Trusted Root Certification Authorities Root certificate for client certificates used for authentication to admin APIs
AW_API_Client_Root.cer Intermediate Certification Authorities Used for authenticating SOAP APIs
AW_API_Root.cer Trusted Root Certification Authorities Root for AW_API_CLIENT_Root.cer
AW_API_Server.pfx Personal, Trusted People Binding to the SOAP APIs
AW_Device_Root.cer Trusted Root Certification Authorities Root certificate for device secure channel certificates
AWDSRoot.cer Trusted Root Certification Authorities Root certificate for device services/secure channel server certificates.
ca_cert.cer Trusted Root Certification Authorities Code Signing CA for third-party libraries
Symantec Class 3 Registration Authority TEST CA.cer Intermediate Certification Authorities Test integration with Symantec
VeriSign Class 3 TEST Public Primary Certification Authority.cer Trusted Root Certification Authorities Test integration with VeriSign
*Generated by Installer* Device Services Child Certificate Personal, Trusted Root Certification Authorities Secure channel server certificate. Used for application-level encryption of data sent from the device to the server.

List of Admin Scheduler Tasks

You can configure scheduler tasks by editing the frequency of individual tasks or by deactivating tasks. The following list explains each task.

Scheduler Task Description
Hub Package Process Repository Watches the package repository directory for WinMo Hub packages and pulls them in to the database.
Android Work Google Device Id Validation Job Upon enrollment into Android, the server waits for a Google generated deviceID, so that it can initiate the application assignment and push. There are a few minutes delay in getting this ID and this scheduler checks whether any new enrolled device has the ID updated and if yes, start the application sync process.
App EULA Update Notification Accounts for all devices for which App EULA acceptance is pending and sends notifications. After sending the final notification, the app is removed from the device.
Auto Renew Expiring Profile Checks for certificates that expired within a renewal grace period configured on certificate authority and renews them.
Auto-rotate Google Password Handles password provisioning and purging for integration with Google Sync.
BitLocker Recovery Key Rotation Job Rotates the BitLocker admin recovery key based on the values configured in the profile.
Command Publish Batch Job Rotates commands from held status to pending installation for application and certificate deployment.
Console Notifications Checks to see if any new notifications must be added to an admin's notification list (Example: APNs expiration notification). These notifications appear in the admin console and are emailed to the admins.
Device Based VPP Apps to Track Update Checks which VPP applications at an organization group have the device-based licensing and the auto update enabled. Apps are added or removed from the list used by the VPP auto update scheduler job.
Device Enrollment Program Update Initiates sync command from Apple to send the added and removed devices for a DEP token at a given OG to update our records.
Email Password Removal Removes Google password generated for email from Workspace ONE UEM database.
File Encryption Migration Encrypts or decrypts the content stored in the file storage based on the settings in All Settings > Admin > Storage.
Install Application On Demand Triggers install of Apple VPP applications upon VPP invite acceptance and triggers install of failed-eligible Apple VPP applications.
List View Export Checks when an admin requests an export for the device or the user list view. If it has, it schedules a background job to run asynchronously. Once that background job completes, the list view export is available for download.
MDM Application List Sample Collects the status of applications that are marked as 'MDM apps' from all the devices. Applicable only for iOS apps and devices. Scheduler is turned off by default and enabled only for customers who request the functionality.
MDM License Count Update Checks device enrollment counts and updates the customer's license counts. Used to track product usage.
P2P license true-up with vendor Identifies all the peer distribution server licenses that are about to expire, renews the licenses by communicating with the Adaptiva cloud licensing service, and distributes the renewed license key to the peer distribution server.
Peer Distribution Software Notification Job Identifies all the Peer Distribution servers that do not have the latest version installed and notifies the administrator to update.
Profile Publish Batch Job Profile publishes for the CA and the Tunnel profile queues the install profile command in held status is by Profile Publish Batch Job in batches.

Selects a batch and batch size, based on the settings configured in the Workspace ONE UEM Console (under Settings > Installation > Performance Tuning for on-premise environments).

Purge Marked For Delete This job deletes repos/folders/files under a repository that is marked for deletion.
Query Feedback Service Checks Apple's Feedback Service for statuses and causes of failed APNs commands.
Re-queue Device Commands Applicable only for Windows devices. Identifies devices with failed application installs and re-tries installation. The number of re-try attempts and the interval for the next attempt are identified from the performance tuning settings 'Max re-try attempts for failed app install' and 'Failed Application Install Retry Interval' respectively.
Run Compliance Engine The scheduler job evaluates compliance in scenarios where:
  • Compliance policy is created post-enrollment
  • Any subsequent changes are made to the compliance policy
  • Any changes made to smart group
  • Device moves organization groups
  • Changes made to app groups
  • Certain Telecom based compliance policies are enabled
  • Apple Templates are used
S/MIME Certificate Cleanup Checks for all S/MIME certificates that have completed their retention period and purges them.
Scheduled Application Batch Release Used to release internal application install commands created and held by 'Scheduled Application Publish' job. Selects queued application batch (roundrobin). Calculates device list using configured 'Batch Size' text box of performance tuning section. Releases install commands for batch.
Scheduled Application Publish Used to trigger the installation and removal of internal applications based on newly effective assignments. Creates held batch of install commands. Creates remove commands for the immediate release.
Send Apps to App Scan Vendor Send a unique list of applications installed across entire device fleet to the configured app scan vendor.
Send VPP Invites and Apps Checks for users assigned user-based VPP apps and either sends email or device notifications inviting users or devices to participate in user-based licenses of the Volume Purchase Program.
Server Action Task Handles Time Schedule profiles. The job runs at configured intervals and takes action of install or remove profile as per the time span configured for Time schedule profiles.
Staged Command Data Processing Job Used to schedule the processing of bulk commands from the Device List View page.
Sync Chrome OS Devices Retrieves new Chrome OS enrollments from Google and creates a corresponding device record in Workspace ONE UEM.
Sync Directory Groups Queries the directory to grab all members of synchronized directory groups. Stores users who are part of the group in the UserGroupEnrollmentUserMapSync table. Compares those users by Distinguished Name (DN) or other unique attribute in the UserGroupEnrollmentUserMapSync table to the Mobilemanagement.EnrollmentUser table. If the group is configured with add missing users enabled and User does not exist with that DN, then user details are pulled from the AD using user ExternalID and stored in the Mobilemanagement.EnrollmentUser table.
Sync Directory User and Admin Attributes Queries the directory to sync user attributes based on eternalID.
Sync External Content Syncs admin repo metadata for all the repositories where admin user credentials are set in the MCM console.
Sync MEM Device Resource ID Job Syncs Google device records with Workspace ONE UEM for approving new enrollments / mobile mail configurations
Telecom Assign Plans/Roll-up Usage Calculate usage limits for devices whose admin has enabled telecom tracking. Necessary to run reports, populate dashboard, and have the accurate list view for Telecom.
Temporary Session Key Clean Up Clears temporary encryption keys used to encrypt the admin provided passphrase in a downloaded configuration file. The key is removed from the database so that it is impossible to retrieve the passphrase from the configuration file after the 48-hour key rotation window has passed.
VPP Auto Update Checks iTunes for latest version of VPP applications from the list created by Device Based VPP Apps to Track Update job. Each app is checked once every 24 hours. If an update is available, the job kicks off the update command to assigned devices.
VPP Revoke Licenses Checks for users with associated licenses but no corresponding assigned application. It then issues a revoke command of the license from the user to disassociate it from the license so it can be reused.
Workflow Service Used with the App store restriction, if the restriction is enabled then only one app workflow is active at a time. If there is any issue with the application installation, it deletes in 15 minutes and next one starts.
Purge Job Removes orphan application blobs from the file storage, and CDN origin server if CDN is configured.

Removes expired SDK application log files from the database. By default, the application log files expire every 14 days.

Moves any application binary blobs to the file storage from the database if the file storage is configured.

Moves non-expired SDK application log files from the database to file storage, if the file storage is configured.

Global OG data does not get impacted with respect to the changes made to the blob purge. By default, the scheduler triggers every 24 hours and can either handle 2 GB of data from the database or actively perform tasks for two hours.