Before you can use Workspace ONE AirLift to bridge ConfigMgr to Workspace ONE UEM, you must meet the prerequisites and requirements.

You must meet these requirements if you are a SaaS or on-premises customer.

Workspace ONE AirLift must communicate with different services depending on the features you plan to use.
  • If you plan to use collection mapping, app export, and enrollment, you must configure Workspace ONE AirLift to communicate with ConfigMgr.
  • If you plan to use policy mapping, you must configure Workspace ONE AirLift to communicate with your active directory.

Hardware Requirements

Ensure that your server meets the necessary hardware requirements before installing.

Hardware Requirements Details
VM or Physical Server 2 CPU Core (2.0+ GHz)

4 GB RAM or more

1 GB disk space for the Workspace ONE AirLift application, operating system, and .NET Core runtime. Consider having 5 GB of disk space.

Software Requirements

Ensure that your server meets the software requirements before installing.
Software Requirement Details
Browser Workspace ONE AirLift supports the most recent versions of Chrome, Firefox, and Edge. Internet Explorer is not supported.

To maximize automation, the Workspace ONE AirLift server must be online and able to retrieve software from Microsoft and Mongo.

Operating System Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, or Windows 10
Note: Workspace ONE AirLift does not support Windows Server 2012 R2 configured as domain controllers.
Remote Server Administration Tools This requirement only applies if you plan on using policy mapping.

You must install Remote Server Administration Tools (RSAT) on the Workspace ONE AirLift server.

  • Installing RSAT for Windows Server through Server Manager:
    • Add Features and Roles > Features > Group Policy Management
    • Add Features and Roles > Features > Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools
  • Installing RSAT on Windows 10:

Network Requirements

Ensure that your server meets the network requirements before installing.

Network Requirement Details
Domains Microsoft System Center Configuration Manager (ConfigMgr) and Workspace ONE AirLift must be on the same domain.
Workspace ONE AirLift to SCCM communication You must allow Workspace ONE AirLift the following access to the ConfigMgr server:
  • WinRM port (typically 5985)
  • Port 443 or the specified TLS port if Secure Connection is configured.
  • Interactive Log in Permissions - Ensure that AD user account settings or security policy settings do not deny local log in.
Workspace ONE AirLift to Workspace ONE UEM console You must allow Workspace ONE AirLift the following access to the UEM console:
  • Access to the Console/API server using Port 443.
Workspace ONE AirLift to Active Directory This requirement only applies if you plan on using policy mapping.

You must allow Workspace ONE AirLift access to the SYSVOL directory. The directory must contain the PolicyDefinitions folder. To map third-party ADMX settings, you must include those ADMX files in the PolicyDefinitions folder.

If there is no PolicyDefinitions folder in the SYSVOL location:

  1. Log in to your AD server
  2. Copy the local PolicyDefinitions folder located in C:\Windows in the AD server.
  3. Paste the folder to the Active Directory SYSVOL location. For example: \\[company].com\SYSVOL\[company].com\Policies\PolicyDefinitions

Workspace ONE UEM Requirements

Ensure your Workspace ONE UEM deployment meets the requirements before installing.

Workspace ONE UEM Requirements Details
Version Workspace ONE UEM 1903 or later
Admin account Admin account with API-level permissions. For on-premises customers, the admin account cannot be a Global-level admin. Only use a child customer organization group admin account.

ConfigMgr Requirements

Ensure your ConfigMgr deployment meets the requirements before installing Workspace ONE AirLift.

ConfigMrg Requirements Details
Version Microsoft Systems Center Configuration Manager 2012 R2 or later
Admin Account Workspace ONE AirLiftrequires an admin account with a minimum level of permissions. You must create an admin account with the following permissions in ConfigMgr:
  •  Basic permissions - Cannot create an enrollment app or enroll devices.
    • Application - Read
    • Collection - Read, Read Resource
    • Distribution Point - Read
    • Distribution Point Group - Read
    • Package - Read
  • To enroll devices:
    • Collection - Distribute Applications
  • To create an enrollment app:
    • Application - Create, Modify
  • To manage distribution:
    • Distribution - Copy to Distribution Point
Content Location Workspace ONE AirLift requires an admin account with read access to the ConfigMgr content location. If you plan to create a Workspace ONE enrollment application, Workspace ONE AirLift needs write access to the content location.

Active Directory Requirements

Ensure that Active Directory deployment meets the requirements before installing Workspace ONE AirLift.

Active Directory Requirements Details
Read permissions for group policy processing and policy definitions location. This requirement only applies if you plan on using policy mapping.Workspace ONE AirLift requires a domain account with read permissions for any GPO you want to export.

Access Files

You can access the MongoDB MSI file at https://fastdl.mongodb.org/win32/mongodb-win32-x86_64-2008plus-ssl-3.6.5-signed.msi.

You can access the SQL Server EXE file at https://download.microsoft.com/download/E/F/2/EF23C21D-7860-4F05-88CE-39AA114B014B/SQLEXPR_x64_ENU.exe.