VMware Workspace ONE AirLift is a server-side connector that simplifies and speeds your journey to modern management. Workspace ONE AirLift bridges administrative frameworks between Microsoft System Center Configuration Manager (ConfigMgr), Active Directory, and Workspace ONE UEM powered by AirWatch. Before you can use Workspace ONE AirLift to bridge ConfigMgr to Workspace ONE UEM, you must meet the prerequisites and requirements.
This bridge allows you to focus on moving workloads and applications to Workspace ONE UEM without redefining device and group memberships. Workspace ONE AirLift lets you export collections, apps, and policies to Workspace ONE UEM on a case-by-case basis.
The dashboard provides a visualization of the transition and shows the progress for devices and applications. The dashboard also displays top modern management workloads to show you what functionality you use on your devices. You can also see an enrollment history and percentage complete within ConfigMgr collections.
Admin Credentials in ConfigMgr
Workspace ONE AirLift communicates with ConfigMgr for collection mapping, app exporting, and enrollment. Workspace ONE AirLift requires an admin account with a minimum level of permissions in ConfigMgr.
Workspace ONE AirLift allows you to map your existing ConfigMgr device collections to Workspace ONE UEM smart groups. Workspace ONE AirLift dynamically monitors the device collections and keeps both platforms consistent. Workspace ONE AirLift uses Workspace ONE UEM tags to add devices to smart groups after enrollment. These tags use a naming scheme with the prefix co-mgt to clarify the source of the membership. This process is called ‘collection mapping’ and is accomplished in the Workspace ONE AirLift console. You can remove mappings once the transition to modern management is complete.
Workspace ONE AirLift allows you to enroll devices Workspace ONE UEM with a ConfigMgr enrollment application. Configure and create the enrollment application with a blueprint and the required software. Simplify and speed up the transition to modern management for proof of concepts, pilots, and production implementations using collection mapping and streamlined enrollment with Workspace ONE AirLift.
Workspace ONE AirLift also provides the means to export applications from ConfigMgr to Workspace ONE UEM. You can then deploy and manage applications from the Workspace ONE platform. Workspace ONE AirLift provides validations so you aware of any additional configuration applications might need. You can also create an app validation report for project plans that involve app rationalization or portfolio management. The CSV-format report allows you to target a specific list of apps and view and validations issues that need to be addresses before you export.
You can have a burdensome number of group policies in your current environment and want to transition some of these policies to modern management. Workspace ONE AirLift lets you map and export your existing GPO policies to the Workspace ONE UEM console. Workspace ONE UEM converts these exported policies into MDM policies with custom profiles based on Windows Configuration Service Providers.
You must meet these requirements if you are a SaaS or on-premises customer.
- If you plan to use collection mapping, app export, and enrollment, you must configure Workspace ONE AirLift to communicate with ConfigMgr.
- If you plan to use policy mapping, you must configure Workspace ONE AirLift to communicate with your active directory.
Ensure that your server meets the necessary hardware requirements before installing.
|VM or Physical Server||2 CPU Core (2.0+ GHz)
4 GB RAM or more
1 GB disk space for the Workspace ONE AirLift application, operating system, and .NET Core runtime. Consider having 5 GB of disk space.
|Browser|| Workspace ONE AirLift supports the most recent versions of Chrome, Firefox, and Edge. Internet Explorer is not supported.
To maximize automation, the Workspace ONE AirLift server must be online and able to retrieve software from Microsoft and Mongo.
|Operating System||Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, or Windows 10
Note: Workspace ONE AirLift does not support Windows Server 2012 R2 configured as domain controllers.
|Remote Server Administration Tools||This requirement only applies if you plan on using policy mapping.
You must install Remote Server Administration Tools (RSAT) on the Workspace ONE AirLift server.
Ensure that your server meets the network requirements before installing.
|Domains||Microsoft System Center Configuration Manager (ConfigMgr) and Workspace ONE AirLift must be on the same domain.|
|Workspace ONE AirLift to SCCM communication||You must allow Workspace ONE AirLift the following access to the ConfigMgr server:
|Workspace ONE AirLift to Workspace ONE UEM console||You must allow Workspace ONE AirLift the following access to the UEM console:
|Workspace ONE AirLift to Active Directory||This requirement only applies if you plan on using policy mapping.
You must allow Workspace ONE AirLift access to the SYSVOL directory. The directory must contain the PolicyDefinitions folder. To map third-party ADMX settings, you must include those ADMX files in the PolicyDefinitions folder.
If there is no PolicyDefinitions folder in the SYSVOL location:
Workspace ONE UEM Requirements
Ensure your Workspace ONE UEM deployment meets the requirements before installing.
|Workspace ONE UEM Requirements||Details|
|Version||Workspace ONE UEM 1903 or later|
|Admin account||Admin account with API-level permissions. For on-premises customers, the admin account cannot be a Global-level admin. Only use a child customer organization group admin account.|
Ensure your ConfigMgr deployment meets the requirements before installing Workspace ONE AirLift.
|Version||Microsoft Systems Center Configuration Manager 2012 R2 or later|
|Admin Account||Workspace ONE AirLift requires an admin account with a minimum level of permissions. You must create an admin account with the listed permissions in ConfigMgr.
|Content Location||Workspace ONE AirLift requires an admin account with read access to the ConfigMgr content location. If you plan to create a Workspace ONE enrollment application, Workspace ONE AirLift needs write access to the content location.|
Active Directory Requirements
Ensure that Active Directory deployment meets the requirements before installing Workspace ONE AirLift.
|Active Directory Requirements||Details|
|Read permissions for group policy processing and policy definitions location.||This requirement only applies if you plan on using policy mapping.Workspace ONE AirLift requires a domain account with read permissions for any GPO you want to export.|
You can access the MongoDB MSI file at https://fastdl.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-3.6.5-signed.msi.
You can access the SQL Server EXE file at https://download.microsoft.com/download/E/F/2/EF23C21D-7860-4F05-88CE-39AA114B014B/SQLEXPR_x64_ENU.exe.