Workspace ONE UEM offers an extensive assortment of services, queues, certificates, and scheduler tasks as part of our software. Learn more about the services, queues, certificates, and admin scheduler tasks including descriptions that enhance your understanding of the full Workspace ONE UEM offering.
List of Services
Learn more about the Workspace ONE UEM offered services and their purpose within your environment.
Service |
Description |
---|---|
AirWatch API Workflow | This service processes device commands from REST API. |
AirWatch Background Processor Service | This service is used for asynchronous execution of long running jobs. |
AirWatch Batch Processing Service | This service processes batch requests from the AirWatch system. |
AirWatch Cloud Messaging Service | This service runs a message queueing server which transfers messages to and from devices and AirWatch servers. |
AirWatch Compliance Service | This service handles compliance rule level evaluations and takes action on the scheduler level. |
AirWatch Content Delivery Service | This service pushes staging and provisions content to relay servers. |
AirWatch DataPlatform Service | This service pushes data to the Intelligence platform. |
AirWatch Device Scheduler | This service orchestrates scheduled jobs across the console and devices. |
AirWatch Directory Sync Service | This service synchronizes uses and user groups from external user stores. |
AirWatch Entity Change Queue Monitor | This service monitors the event log queue and send outbound event logs. |
AirWatch Entity Reconcile Service | This service reconciles and syncs for entities linked to smart groups. |
AirWatch Eventlog Processor Service | This service monitors the event log queue, enriches them, and posts to the Intelligence platform. |
AirWatch GEM Inventory Service | This service communicates instance specific information to the GEM. |
AirWatch Integration Service | This service integrates AirWatch with third-party applications. |
AirWatch Interrogator Service | This service reads device sample information from the queues and writes the information to the database. |
AirWatch MEG Queue Service | This service reads and processes mobile email gateway requests from the message queues. |
AirWatch Messaging Service | This service sends messages to the respective device cloud services (Exmaple: APNS, FCM, and others). |
AirWatch Outbound Queue Monitor Service | This service subscribes for outbound event notifications. |
AirWatch Policy Engine | This service determines the product and the product set applicability and compliance for devices. If needed, project jobs are sent to the device to install/uninstall profiles, files, actions, and applications. |
AirWatch Provisioning Package Service | This service generates PPKG packages for the factory provisioning flow. |
AirWatch Smart Group Service | This service is responsible for smart group device map updates. |
AirWatch SMS Service | This service is used by AirWatch to send SMS messages to devices. |
AirWatch Tunnel Service | This service manages tunnel configuration for devices and servers such as traffic rules and outbound configurations. |
MetadataTransformService | This service stores the DDUI metadata information that is used to render the UI. Also, the service creates the final device profile before sending it to the device. |
List of Message Queues
The following is a list of Workspace ONE UEM message queues and descriptions.
Queue Name | Description |
---|---|
APNSOutbound | iOS Outbound APNS Messages |
AWAdminBatchQueue | Administration Group Batch Processing |
AwAdminPasswordNotificationQueue | Password Expiration Management for Local Basic Admins |
AWAppleCareGsxIntegration | AppleCare Model Information Request |
AWApplicationEventSample | Application Analytics for iOS Content Locker |
AWApplicationFeedback | Used for Managed Application feedback samples |
AWApplicationListSample | iOS Application List Samples (From Device) |
AWApplicationReport | Handles report messages sent by the device SDK |
AWAppScanTpiQueue | App Scan requests to Third-Party Apps |
AWAppWithUpdatesQueue | VPP Applications Auto Update |
AWAsyncExportQueue | Async exports of Telecom data from console |
AWAutoDiscovery | Used for auto discovery messages |
AWAvailableOsUpdatesListSample | Process the available OS Updates Samples for Devices |
AWBaselineSample | Baseline sample information from devices (in 1909, but not used) |
AwBackgroundJobsReports | Batch processing for legacy SSRS reports. |
AWBiosSample | Dell BIOS Samples |
AWBluetoothInformationSample | Android/WinMo Bluetooth Samples (From Device) |
AWCallLogSample | Android/WinMo Call Log Samples (From Device) |
AWCellInformationSample | Android/WinMo Cellular Information Samples (From Device) |
AWCellSignalQualitySample | Android/WinMo Cell Signal Quality Samples (From Device) |
AWCellTowerInformationSample | Android/WinMo Cell Tower Information Samples (From Device) |
AWCertificateListSample | iOS Certificate List Samples (From Device) |
AWCMOutbound | AWCM Outbound Messages [For Rugged] |
AWComplianceReconciliationQueue | |
AWComplianceDeviceQueue | Real Time Device Compliance for enrollment and reenrollment flows |
AWComplianceServiceQueue | Queue for standalone Compliance service |
AwConditionalAccessConfiguredQueue | decouples one-time upload (sync) large operation when configuring conditional access for Microsoft |
AWContentBatchQueue | Multi-file delete support for content |
AWDepBatchQueue | Process DEP sync and assign profile requests |
AWDeviceCapabilitySample | Android Device Capability Samples (From Device) |
Awdevicecomplianceactionsqueue | Installer changes to add a new queue for device compliance actions. |
AWDeviceComplianceAttributeQueue | TrustPoint Integration |
AWDeviceCustomAttributeListSample | List of device custom attributes, used primarily by rugged devices (Android, QNX, WinMo, Mac, PCs) |
AWdeviceDomainJoinResourceQueue | Windows 10 Offline Domain Join |
AWCdnv3OriginMigrationqueue | Used to migrate Blobs to CDN v3 |
AWDevicePolicyRuleComplianceEvaluationQueue | Handles evaluation of sample for existing rules in the app list policy. |
AWDevicePolicyRuleComplianceQueue | Handles evaluation of rules on policy edit and app groups edit. |
AWDeviceSampleData | Used for initializing devices for compliance |
AwDeviceSensorQueue | Stores Windows 10 Custom Samples before sending to AWS |
AwDeviceStateChangeQueue | Contains Device State change events like Enrollment/Unenrollments and Compliant/Noncompliant. |
AWDeviceSyncQueue | Generic MDM Queue |
AWDiskEncryptionSample | Disk Encryption Samples (From Device) |
AWEasSample | Generic MDM Queue |
AWEfotaSample | Samsung Efota Samples |
AWEscrowedGatewayProcessingQueue | Decouple cert validation and presence in Escrow Gateway service through a scheduler |
AWEventActionSample | Event Actions Samples (From Device) |
AWEventLog | Keeps various events related to device/system activities |
AwEventLogProcessor | Stores event logs messages before being sent to Elastic Search (Inactive) |
AWExternalDirectoryBatchQueue | Queue for User Authentication and Directory Sync for Workspace One Access |
AWFetchAppUpdatesQueue | VPP Applications Auto Update |
AWGPSCoordinateSample | Android/WinMo GPS Coordinate Samples (From Device) |
AWGPSExtendedCoordinateSample | Android/WinMo Extended GPS Coordinate Samples (From Device) |
AWHealthAttestationSample | Queue Health Attestation Sample |
AWInstalledApplicationListSample | Installed Application List Sample (Inactive) |
AWIntegrationService | This queue is for handling Web Sense certificate requests asynchronously. |
AWIntegrationServiceGenericQueue | Queue Compliance State for Windows 10 Devices |
AWInventoryCheckinCommandQueue | GEM Inventory Service |
AWLocalBasicUserSyncQueue | Used for triggering a local basic user sync at regular intervals (inactive) |
AWLogManagerXml | WinMo LogManager XML Samples (From Device) |
AWManagedLicenseListSample | Windows [Phone] 10 Application and License Status |
AWManagedMediaListSample | Managed Media List Sample (Managed Books) |
AWMegPayloads | MEG Payload Samples (from API) |
AWMemorySample | Android/WinMo Memory Samples (From Device) |
AWMetricsSample | New Product Provisioning |
AWMobileDataUsageSample | Android/iOS [Non-]Mobile Data Usage Samples |
AWNetworkAdapterSample | Android/WinMo Network Adapter Samples (From Device) |
AWNetworkWLANSample | Android/WinMo Network WLAN Samples (From Device) |
AWOemUpdateSample | Process the status of the OEMUpdate(s) for Devices |
AwOEMProvisioningQueue | Device information for Windows OEM reprovisioning (in 1909, but not used) |
AwOemUpdateSampleSummaryQueue | DELL OEMUpdate Samples Summary |
AWOpsDeviceRegistrationQueue | |
AWOsUpdateStatustListSample | Process the status of the OS Updates for Devices |
AWOutboundEventLog | Outbound queues for the "Outbound Event Notification" feature |
AWPatchApplicationListSample | Application List for Unmanaged Devices |
AWPolicyListSample | New Product Provisioning |
AWPolicyProductListSample | New Product provisioning |
AWPowerSample | Android/WinMo Power Samples (From Device) |
AWPrinterNotification | Common MSMQ to send notifications to Zebra and Toshiba Print Servers |
AWProfileListSample | iOS Configuration Profile List Samples (From Device) |
AwProvisioningPackageServiceQueue | Cleans up the PPKG from the storage location (CDN) |
AWProvisioningProfileSample | iOS Provisioning Profile Samples (From Device) |
AWPublishQueue | iOS Bulk Profile Publish (From Console) |
AWRestrictionsListSample | iOS Restrictions List Samples (From Device) |
AWRosterSyncQueue | Queues an event for making a roster sync call to Apple API when an admin makes an on-demand request from the console. |
AWScheduleOsUpdateResultListSample | Process the results of the ‘Install OS Updates’ Command |
AWSecurityInformationSample | iOS Security Information Samples (From Device) |
AWSeedSystemAppsQueue | |
AWSEGCompliance | Compliance Information for SEG |
AWSegFastCompliance | MEM High Priority Compliance Commands |
AWSelectiveApplicationListSample | Application Sample Query for iOS 7+ Devices |
AWSmartGroupDeviceMapCleanup | |
AWSmartGroupEvent | Data for Monitoring User Group Change Events |
AWSmartGroupPublish | Smart Group Publish Events |
AWSMSLogSample | Android/WinMo SMS Log Samples (From Device) |
AWTimeWindowSampleQueue | |
AWWindowsDeviceStatusSample | Windows Device Status Sample |
AWSWindowsInformationSample | Windows Information Sample (Windows 8 Devices only) |
AWSystemSample | Android/iOS/WinMo Device/System Information Samples (From Device) |
AWToMagOutboundQueue | Queues message to be sent to MAG through AWCM |
AWUemEnrollmentEventQueue | |
AWUpdateManagedAppleId | |
AWUpdateListSample | Microsoft EMM: Handles messages related to Windows Updates Revisions |
AWUploadToCdnQueue | Seed Agents to CDN |
AWUserBatchQueue | User Batch Processing Information |
AWUserDataSample | OneDrive Integration for User Data Recovery and Migration (Inactive) |
AWUserGroupsBatchQueue | Process User Group actions (sync user attributes, add missing users) |
AWUserListSample | Used for saving user list sample changes. |
AWVMInstanceSample | OS X VMware Flex Integration – Flex VM Status Reported from OS |
AWVppBulkDeployment | Process Users for VPP bulk registration of users and licenses |
AWVppLicensePreAssignmentQueue | Queues an event for making a license preassignment call to Apple API when an admin makes this on-demand request from the console. |
AWVppLicenseSyncQueue | Queue to process the VPP apps for license sync |
AwWindows10KioskQueue | Kiosk profile publishing |
AwWindowsPpkgPackagingQueue | Export applications from WS1 into the PPKG format |
AwWindowsSecurityInformationSample | Windows 10 DeviceGuard / Security Information Sample (Inactive) |
awwindowsupdatequeue | Windows 10 (Microsoft EMM) |
AWWindowsWmiSample | Windows device queue for WMI samples |
AWWnsNotification | Windows Notification Service (WNS) Notifications |
AWWorkflowEvent | Process all workflow events |
AWWorkflowStatusSampleQueue | Workflow status must go through MSMQ for changes of Rate-Limit WF Status Processing |
awvpplicensesmanagement | To store the message about the device ID and list of application IDs to revoke licenses for. |
C2DMOutbound | Android Outbound C2DM Messages |
FastLaneAPNSOutbound | iOS Outbound APNS Messages |
FastLaneWnsOutbound | Critical WNS Outbound Messages |
GCMOutbound | Android Google Cloud Messaging Outbound |
SyncDirectoryAdminAttributesQueue | Queues for the Directory Sync Service |
SyncDirectoryGroupsQueue | Queues for the Directory Sync Service |
SyncDirectoryUserAttributesQueue | Queues for the Directory Sync Service |
WorkFlow-DeviceCommands | API Workflow |
List of Certificates
The following is a list of Workspace ONE UEM certificates bundled in the installer and the certificate generated by the installer.
File Name | Installed Location | Purpose |
---|---|---|
AppleAPNs_Entrust2048.cer | Trusted Root Certification Authorities |
Apple Push Notification Service |
AppleComputerRootCertificate.cer | Trusted Root Certification Authorities | Apple Root CA |
AppleWWDRIntCA.cer | Intermediate Certification Authorities | Issuer for certificates used to sign software for apple devices |
AW_Admin_User_Root.cer | Trusted Root Certification Authorities | Root certificate for client certificates used for authentication to admin APIs |
AW_API_Client_Root.cer | Intermediate Certification Authorities | Used for authenticating SOAP APIs |
AW_API_Root.cer | Trusted Root Certification Authorities | Root for AW_API_CLIENT_Root.cer |
AW_API_Server.pfx | Personal, Trusted People | Binding to the SOAP APIs |
AW_Device_Root.cer | Trusted Root Certification Authorities | Root certificate for device secure channel certificates |
AWDSRoot.cer | Trusted Root Certification Authorities | Root certificate for device services/secure channel server certificates. |
ca_cert.cer | Trusted Root Certification Authorities | Code Signing CA for third-party libraries |
Symantec Class 3 Registration Authority TEST CA.cer | Intermediate Certification Authorities | Test integration with Symantec |
VeriSign Class 3 TEST Public Primary Certification Authority.cer | Trusted Root Certification Authorities | Test integration with VeriSign |
*Generated by Installer* Device Services Child Certificate | Personal, Trusted Root Certification Authorities | Secure channel server certificate. Used for application-level encryption of data sent from the device to the server. |
List of Admin Scheduler Tasks
You can configure scheduler tasks by editing the frequency of individual tasks or by deactivating tasks. The following list explains each task.
Scheduler Task | Description |
---|---|
Hub Package Process Repository | Watches the package repository directory for WinMo Hub packages and pulls them in to the database. |
Android Work Google Device Id Validation Job | Upon enrollment into Android, the server waits for a Google generated deviceID, so that it can initiate the application assignment and push. There are a few minutes delay in getting this ID and this scheduler checks whether any new enrolled device has the ID updated and if yes, start the application sync process. |
App EULA Update Notification | Accounts for all devices for which App EULA acceptance is pending and sends notifications. After sending the final notification, the app is removed from the device. |
Auto Renew Expiring Profile | Checks for certificates that expired within a renewal grace period configured on certificate authority and renews them. |
Auto-rotate Google Password | Handles password provisioning and purging for integration with Google Sync. |
BitLocker Recovery Key Rotation Job | Rotates the BitLocker admin recovery key based on the values configured in the profile. |
Command Publish Batch Job | Rotates commands from held status to pending installation for application and certificate deployment. |
Console Notifications | Checks to see if any new notifications must be added to an admin's notification list (Example: APNs expiration notification). These notifications appear in the admin console and are emailed to the admins. |
Device Based VPP Apps to Track Update | Checks which VPP applications at an organization group have the device-based licensing and the auto update enabled. Apps are added or removed from the list used by the VPP auto update scheduler job. |
Device Enrollment Program Update | Initiates sync command from Apple to send the added and removed devices for a DEP token at a given OG to update our records. |
Email Password Removal | Removes Google password generated for email from Workspace ONE UEM database. |
File Encryption Migration | Encrypts or decrypts the content stored in the file storage based on the settings in | .
Install Application On Demand | Triggers install of Apple VPP applications upon VPP invite acceptance and triggers install of failed-eligible Apple VPP applications. |
List View Export | Checks when an admin requests an export for the device or the user list view. If it has, it schedules a background job to run asynchronously. Once that background job completes, the list view export is available for download. |
MDM Application List Sample | Collects the status of applications that are marked as 'MDM apps' from all the devices. Applicable only for iOS apps and devices. Scheduler is turned off by default and enabled only for customers who request the functionality. |
MDM License Count Update | Checks device enrollment counts and updates the customer's license counts. Used to track product usage. |
P2P license true-up with vendor | Identifies all the peer distribution server licenses that are about to expire, renews the licenses by communicating with the Adaptiva cloud licensing service, and distributes the renewed license key to the peer distribution server. |
Peer Distribution Software Notification Job | Identifies all the Peer Distribution servers that do not have the latest version installed and notifies the administrator to update. |
Profile Publish Batch Job | Profile publishes for the CA and the Tunnel profile queues the install profile command in held status is by Profile Publish Batch Job in batches. Selects a batch and batch size, based on the settings configured in the Workspace ONE UEM Console (under for on-premise environments). |
Purge Marked For Delete | This job deletes repos/folders/files under a repository that is marked for deletion. |
Query Feedback Service | Checks Apple's Feedback Service for statuses and causes of failed APNs commands. |
Re-queue Device Commands | Applicable only for Windows devices. Identifies devices with failed application installs and re-tries installation. The number of re-try attempts and the interval for the next attempt are identified from the performance tuning settings 'Max re-try attempts for failed app install' and 'Failed Application Install Retry Interval' respectively. |
Run Compliance Engine | The scheduler job evaluates compliance in scenarios where:
|
S/MIME Certificate Cleanup | Checks for all S/MIME certificates that have completed their retention period and purges them. |
Scheduled Application Batch Release | Used to release internal application install commands created and held by 'Scheduled Application Publish' job. Selects queued application batch (roundrobin). Calculates device list using configured 'Batch Size' text box of performance tuning section. Releases install commands for batch. |
Scheduled Application Publish | Used to trigger the installation and removal of internal applications based on newly effective assignments. Creates held batch of install commands. Creates remove commands for the immediate release. |
Send Apps to App Scan Vendor | Send a unique list of applications installed across entire device fleet to the configured app scan vendor. |
Send VPP Invites and Apps | Checks for users assigned user-based VPP apps and either sends email or device notifications inviting users or devices to participate in user-based licenses of the Volume Purchase Program. |
Server Action Task | Handles Time Schedule profiles. The job runs at configured intervals and takes action of install or remove profile as per the time span configured for Time schedule profiles. |
Staged Command Data Processing Job | Used to schedule the processing of bulk commands from the Device List View page. |
Sync Chrome OS Devices | Retrieves new Chrome OS enrollments from Google and creates a corresponding device record in Workspace ONE UEM. |
Sync Directory Groups | Queries the directory to grab all members of synchronized directory groups. Stores users who are part of the group in the UserGroupEnrollmentUserMapSync table. Compares those users by Distinguished Name (DN) or other unique attribute in the UserGroupEnrollmentUserMapSync table to the Mobilemanagement.EnrollmentUser table. If the group is configured with add missing users enabled and User does not exist with that DN, then user details are pulled from the AD using user ExternalID and stored in the Mobilemanagement.EnrollmentUser table. |
Sync Directory User and Admin Attributes | Queries the directory to sync user attributes based on eternalID. |
Sync External Content | Syncs admin repo metadata for all the repositories where admin user credentials are set in the MCM console. |
Sync MEM Device Resource ID Job | Syncs Google device records with Workspace ONE UEM for approving new enrollments / mobile mail configurations |
Telecom Assign Plans/Roll-up Usage | Calculate usage limits for devices whose admin has enabled telecom tracking. Necessary to run reports, populate dashboard, and have the accurate list view for Telecom. |
Temporary Session Key Clean Up | Clears temporary encryption keys used to encrypt the admin provided passphrase in a downloaded configuration file. The key is removed from the database so that it is impossible to retrieve the passphrase from the configuration file after the 48-hour key rotation window has passed. |
VPP Auto Update | Checks iTunes for latest version of VPP applications from the list created by Device Based VPP Apps to Track Update job. Each app is checked once every 24 hours. If an update is available, the job kicks off the update command to assigned devices. |
VPP Revoke Licenses | Checks for users with associated licenses but no corresponding assigned application. It then issues a revoke command of the license from the user to disassociate it from the license so it can be reused. |
Workflow Service | Used with the App store restriction, if the restriction is enabled then only one app workflow is active at a time. If there is any issue with the application installation, it deletes in 15 minutes and next one starts. |
Purge Job | Removes orphan application blobs from the file storage, and CDN origin server if CDN is configured. Removes expired SDK application log files from the database. By default, the application log files expire every 14 days. Moves any application binary blobs to the file storage from the database if the file storage is configured. Moves non-expired SDK application log files from the database to file storage, if the file storage is configured. Global OG data does not get impacted with respect to the changes made to the blob purge. By default, the scheduler triggers every 24 hours and can either handle 2 GB of data from the database or actively perform tasks for two hours. |