Assuming you are allowing employees to enroll their personal devices in your Workspace ONE ™ UEM environment, there are many considerations you must make before you proceed.
Consideration #1: Will BYOD Users Enroll with VMware Workspace ONE or the AirWatch Agent?
VMware Workspace ONE is a secure enterprise platform that delivers and manages any app on any device. It begins with self-service, single-sign on access to cloud, mobile, and Windows apps and includes powerfully integrated email, calendar, file, and collaboration tools.
With Workspace ONE, users do not need to enroll their personal devices to get access to services. The Workspace ONE app itself can be downloaded from the Apple App Store, Google Play, or Microsoft Store and installed. A user then logs in and gains access to applications based on the established policies. The Workspace ONE app configures an MDM management profile during its installation that enrolls the device automatically.
AirWatch Agent represents the legacy enrollment option for mobile devices. For details, see Enroll a Device With AirWatch Agent.
Consideration #2: How Will You Specify Ownership Type?
Every device enrolled into Workspace ONE UEM has an assigned device ownership type: Corporate Dedicated, Corporate Shared, or Employee Owned. Employees' personal devices are categorized as an Employee Owned type and subject to the specific privacy settings and restrictions you configure for that type.
In answering the question of specifying an ownership type, consider the following.
- Do you have access to a master list of corporate devices that you can bulk upload into the UEM console? If so, you might consider uploading this list and setting the default ownership type to Employee Owned.
- Have you considered the legal implications of allowing users to select an ownership type from a list? For example, if a user enrolls a personal device but incorrectly selects corporate owned as the ownership type. What are the ramifications when that user violates a policy and has their personal device fully wiped?
For your BYOD program, you can configure Workspace ONE UEM to apply a default ownership type during enrollment or allow users to select the appropriate ownership type themselves.
Consideration #3: Will You Apply Additional Enrollment Restrictions for Employee-Owned Devices?
When answering this question, consider the following.
- Does your MDM deployment only support certain device platforms? If so, you can specify these platforms and only allow devices running on them to enroll.
- Are you limiting the number of personal devices an employee is allowed to enroll? If so, you can specify the maximum number of devices a user is allowed to enroll.
You can set up additional enrollment restrictions to further control who can enroll and which device types are allowed. For example, you can opt to support only those Android devices that feature built-in enterprise management functionality. After your organization evaluates and determines which kinds of employee-owned devices they want to use in your work environment, you can configure these settings.
For more information, see Additional Enrollment Restrictions.