The Android Hub Settings page lets you configure various options that affect the Android Hub mobile app. Adjusting these intervals can impact battery life, with smaller values equating to more frequent pings and greater power consumption.
What can you do with Workspace ONE Intelligent Hub for Android Settings
To access the Workspace ONE Intelligent Hub Settings navigate to .
- Configure application list
- Set the Samsung Knox settings
- Set the Locations
- Monitor suspicious activity
- Enable Telecom settings
Determine your Organization group hierarchy
- Current Setting – Select whether to Inherit or Override the displayed settings. Inherit means use the settings of the current organization group's parent OG, while Override enables the settings for editing so you can modify the current OG's settings directly.
- Child Permission – Select the available behavior of child organization groups that exist below the currently selected organization group. Inherit only means child OGs are only allowed to inherit these settings. Override only means they override the settings, and Inherit or Override means you can choose to inherit or override settings in child OGs that exist below the currently selected OG.
General
| Setting | Descriptions |
|---|---|
| Heartbeat Interval (min) | Enter the heartbeat time interval, which is how frequently the Workspace ONE Intelligent Hub checks in with the Workspace ONE UEM server. Reports beacon data to the Workspace ONE UEM console. The primary purpose of this report is to show compromised device status. However, beacon data also includes IP address and other data, such as model and OS version. |
| Data Sample Interval (min) | Enter the data sample time interval, which is how frequently the Workspace ONE Intelligent Hub collects data from the device. Collects interrogator data and reports all data collected by the Workspace ONE Intelligent Hub, including Telecom and Network data, as well as the battery, power and memory status. |
| Data Transmit Interval (min) | Enter the data transmit time interval, which is how frequently the Workspace ONE Intelligent Hub sends data to the Workspace ONE UEM server. Reports interrogator data to the Workspace ONE UEM console. This value should always be greater than the Data Sample Interval value. |
| Profile Refresh Interval (min) | Enter the profile refresh time interval, which is how frequently the device profile list for the device is refreshed on the Workspace ONE UEM server. Checks in with the Workspace ONE UEM console for profile updates or new profiles. |
| Require Google Account | Require a Google Account to leverage Google Cloud Messaging (GCM) to send remote commands to devices. Only deselect this option if you are utilizing AWCM. |
| Require Phone Number | Enable an additional prompt during enrollment. This phone number is recorded in Workspace ONE UEM to serve as a backup contact number in case devices are lost, turned off or do not have access to Internet. |
| Block User Unenrollment | Select this option to ensure end users cannot unenroll their devices by disabling the 'Unenroll' option in the Workspace ONE Intelligent Hub menu. On Samsung devices using Android Legacy, this will also prevent Device Administrator deactivation for the Workspace ONE Intelligent Hub. |
| Device Services Version | Displays OEM service version. |
Application List
The Application List detects specific, unapproved apps that are installed on a device, or detect all apps that are not on the allow list. You can either specifically prohibit certain apps, such as social media or entertainment apps, or specifically permit only the apps you specify, such as internal applications for business use.
| Setting | Description |
|---|---|
| Application List Interval (min) | Enter the frequency at which the Workspace ONE Intelligent Hub checks the application list. |
Applications
| Setting | Description |
|---|---|
| Install Options | Select how end users will be prompted to install new internal applications. You can provide a Direct Prompt, a Status Bar Notification, or opt to have No Notification. |
| SafetyNet App Verification | Enable to allow app verification which scans apps installed on the device before they are downloaded to detect potentially harmful apps.
When enabled:
This setting also works in conjuction with the restriction setting in the Android Restrictions profile in the UEM console. |
Samsung Knox
For more information about these settings or Samsung Knox in general, refer to the VMware AirWatch Containerization with Samsung Knox Guide.
| Setting | Description |
|---|---|
| Enable Containers | This field enables Knox containers for Android(Legacy) enrolled devices. When Android EMM registration is configured, enabling containers enrolls devices into Android(Legacy) management and activates Knox Play for Work configuration on Samsung devices. |
| Knox License Key | Enter your Samsung Knox License Key. This field is independent of the Enable Containers field. You can enter a Knox License Key without enabling Knox containers to activate licenses for Android Enterprise enrolled devices. If your users have a custom Knox license key and a custom URL that points to an activation server, use the following format to properly configure the device to activate the Knox License Key: Format: KLM#customurl.com,ELM Example: KLM09-aaaaa-bbbbb-ccccc-ddddd#myactivationserver.com,ELM03-11111-22222-33333-44444 If you no longer need the access to Samsung Knox licenses, you can clear the Knox License Key in the Android Hub Settings page by adding a placeholder value, such as 1111. Clearing the key prevents error messages resulting from invalid or inactive keys being accessed by Hub.
Note: Clearing the key for existing devices may cause devices to lock indefinitely which then requires a factory reset of the device. Use caution when clearing the Knox License Key field.
For using Samsung devices on a closed network, you will need to use a Backward Compatible Key in addition to the Knox License Key to bypass the ELM license activation. Here is the needed information and format for this setting: Format: KLM#url,BCK During enrollment, the Workspace ONE Intelligent Hub for Android activates both keys to unlock the premium Knox Platform for Enterprise capabilities and will proceed with enrollment. You can read up on How to Deploy Corporate Owned Android Devices on a Closed Network on VMware docs. |
| Enable Audit Logging | Select Enabled to turn on audit logging and the related settings below. The Workspace ONE UEM console has the ability to monitor errors that might prevent successful creation of the Knox container. The log provides the cause of the error and what needs to be resolved for successful Knox deployment. The audit logs are sent to the UEM console from the Knox enabled devices and stored in the Device Details page. The Transmits Logs Automatically setting determines the threshold at which the log file is reported to the device details. |
| Logging Level | Determines how severe an error has to be in order for it to be sent to the log file. The logging levels are listed in order or severity where notice is the least severe and alert is the highest.
|
| Critical Log Size | Enter a percentage (up to 70 percent) to define the critical log size. When the log file passes this percentage, a critical log size alert is sent to the admin. |
| Maximum Log Size | Enter a percentage (up to 90 percent) to define the maximum log size. When the log file passes this percentage, a maximum log size alert is sent to the admin. |
| Full Log size | Set to 97 percent by default. When the log file reaches this percentage, a full log size alert is sent to the admin and immediate action is required. |
| Transmits Logs Automatically | Determines when the audit logs are to be transmitted to the console to notify the admins of errors.
|
| Setting | Description |
|---|---|
| Collect Location Data | Enable to allow the to determine the device location based on a device's Wi-Fi network. When available, the Workspace ONE Intelligent Hub will report the location to the Workspace ONE UEM console using the Data Transmit Interval. |
| Force GPS On | Prevent the user from turning off GPS for certain devices. |
| GPS Time Poll Interval (min) | Enter the interval, in minutes, for which a time sample gets signaled. The minimum time is five minutes. |
| Location Data Accuracy | This settings allows you to configure how location data is collected from the Workspace ONE Intelligent Hub while deciding how to use the battery power. Balanced: Provides the best balance of power and accuracy with about 100 meters of accuracy. High Accuracy: Provides the best possible accuracy, but requires the most power. Low Power: Requires a lower amount of power with about 10 kilometers of accuracy. No Power: Provides the least amount of accuracy and requires no power. |
For Location services: If your device is in power saving mode, the location data might not be updated during Doze Mode. You will need to use the Restrictions profile in the UEM console and add **Allow Location Service Configuration** to the allow list or use OEM Config to turn off Doze mode entirely.
Telecom
Enable specific Telecom settings like Call Logs, SMS Logs and Cellular Data Usage to allow logging and tracking of device use.
| Setting | Description |
|---|---|
| Enable Call Logs | Collects information from incoming and outgoing phone calls made devices registered with Workspace ONE UEM. |
| Enable SMS Logs | Reports that log any incoming and outgoing SMS messages to devices. |
| Enable Cellular Data Usage | Allows the Workspace ONE UEM console to create reports which details data usage. |
Suspicious Activity Logs
When Suspicious Activity Log settings are enabled, devices will log every Bluetooth and USB connection that occurs except Bluetooth headsets and USB charging. To access Suspicious Activity Logs, Syslog settings must be correctly configured. For more information on Syslog configuration, see System / Enterprise Integration / Syslog
| Setting | Description |
|---|---|
| Bluetooth Connections | Logs all bluetooth connections made except for Bluetooth headsets. |
| USB Connections | Logs all USB connections made except for USB charging ad USB headsets. |
You must also enable Privacy and Location settings under under the GPS section.
AirWatch Cloud Messaging
Workspace ONE UEM may use one of two push notification technologies when communicating with the Android Intelligent Hub application.
| Name | Developer | Network Requirements | Differentiated Functionality | |
|---|---|---|---|---|
| AirWatch Cloud Messaging (AWCM) | VMware | Devices and Workspace ONE UEM must be able to communicate with the AWCM instance for this environment. For On-Premise environments, this is installed alongside Device Services or as a separate component. For cloud-based environments, VMware hosts AWCM. Administrators can check device connectivity status with AirWatch Cloud Messaging through the Workspace ONE UEM Console. For a given device, connectivity status is seen under [Device Details > Summary]. | Administrators can check device connectivity status with AirWatch Cloud Messaging through the Workspace ONE UEM Console. For a given device, connectivity status is seen under [Device Details > Summary]. | |
| Firebase Cloud Messaging (FCM) | Devices and Workspace ONE UEM must be able to communicate with Firebase Cloud Messaging. Please see Network Requirements for Android for more details. | Workspace ONE UEM can push commands to devices in real time even when devices are in Doze Mode. Additionally, if Intelligent Hub is running in Direct Boot mode, it will only be able process commands if FCM is used. For a list of commands that Intelligent Hub can run in Direct Boot mode, please see Supported Android Device Commands By Enrollment Mode |
Remote Management
Remote Management allows you to directly control a device for troubleshooting or to ensure a device is properly provisioned.
| Setting | Description |
|---|---|
| Download Remote Control Cab | Select this link to download the cabinet (CAB) installer file for Workspace ONE UEM Remote Management. |
| Seek Permission | Enable Seek Permission if you want to prompt the end user to accept or decline the remote management request from the admin.
|
Product Provisioning
- Job Log Level – A job occurs whenever files/actions are performed as part of product provisioning. With this setting, you can set the level of the job log level to meet your organization's logging level needs.
SDK Profile
Enterprises can integrate any existing company specific apps with the use of an AirWatch Software Development Kit (SDK). Select which SDK profile to deploy to your devices by using the SDK Profile V2 option in the Workspace ONE Intelligent Hub settings.
- SDK Profile V2 – Select the profile that will provide the Workspace ONE Intelligent Hub with the SDK settings configured for that organization group.
- Child Permission – Select the available behavior of child organization groups that exist below the currently selected organization group. Inherit only means child OGs are only allowed to inherit these settings. Override only means they override the settings, and Inherit or Override means you can choose to inherit or override settings in child OGs that exist below the currently selected OG.
