Android

You can configure your Android registration as Enterprise or Legacy but not both. To begin managing Android Enterprise devices, you must register Workspace ONE Express as your Enterprise Mobility Management (EMM) provider with Google. The Express Setup provides a step by step solution to help configure the enterprise management tools required to secure and manage your Android devices.

If you configure the Android devices in your fleet as Enterprise devices, you must select between two modes.

• Work Profile enrollment mode creates a dedicated space on the device for only work applications and data. This deployment is ideal for Bring Your Own Device (BYOD) applications.

  Applications in the Work Profile are differentiated by a red briefcase icon, called badged applications, and are shown in a unified launcher with the user's personal applications. For example, your device shows both a personal icon for Google Chrome and a separate icon for Work Chrome denoted by the badge. From an end-user perspective, it looks like two different applications, but the application is installed only once but with business data stored separately from personal data.

  The Workspace ONE Intelligent Hub agent facilitates the Work Profile mode. You can download the Hub from the Google Play Store. Proceed to Enroll a Device With Workspace ONE Intelligent Hub.

• Work Managed enrollment mode gives Workspace ONE Express full control of the entire device. There is no separation of work and personal data. The ownership type known as COPE (Corporate-Owned, Personally Enabled) is not supported.

  The Work Managed mode is user-based, not device-based, which means the same Google account is used across all devices registered to an individual user.

  Consider registering Work-Managed Android devices from a factory reset state and ensure that these devices are not configured for personal use.

  The Work Managed mode is facilitated by using a special identifier with the Workspace ONE Intelligent Hub. For more information, see Enroll Android Devices Using VMware Workspace ONE Intelligent Hub Identifier.

Apple DEP Integration

To maximize the benefits of Apple devices enrolled in Mobile Device Management (MDM), Apple has introduced the Device Enrollment Program (DEP). With DEP, you can perform the following.

• Install a non-removable MDM profile on a device, preventing end users from deleting it.
• Provision devices in Supervised mode (iOS only). Devices in Supervised mode can access additional security and configuration settings.
• Enforce an enrollment for all end users.
• Meet your organization's needs by customizing and streamline the enrollment process.
• Prevent iCloud back up by disabling users from signing in with their Apple ID when generating a DEP profile.
• Force OS updates for all end users.

Windows Devices (Express+ Only)

Workspace ONE Express+ supports multiple Windows enrollment flows that meet specific use cases.

• Intelligent Hub Enrollment – The simplest enrollment workflow uses the Workspace ONE Intelligent Hub for Windows to enroll devices. End users simply direct the native browser on the Windows device to https://getwsone.com and select the Download Hub for Windows button.
• Azure Active Directory Integration Enrollment – Through integration with Microsoft Azure Active Directory, Windows devices automatically enroll into Workspace ONE Express+ with minimal end-user interaction. Azure AD integration enrollment simplifies enrollment for both end users and admins.
  Azure AD integration enrollment supports three different enrollment flows.

  • Join Azure AD.
  • Out of Box Experience enrollment.
  • Office 365 enrollment.

  Enrollment through an Azure AD integration requires Windows and an Azure Active Directory Premium License. The configuration requires entering information into your Azure AD and Workspace ONE Express+ deployments to facilitate communication. For more information, see Set Up Directory Services with a Wizard or Set Up Directory Services Manually.