After your devices are enrolled and configured, manage the devices using the Workspace ONE UEM. The management tools and functions enable you to keep an eye on your devices and remotely perform administrative functions.
You can manage all your devices from the UEM console. The Dashboard is a searchable, customizable view that you can use to filter and find specific devices. This feature makes it easier to perform administrative functions on a particular set of devices. The Device List View displays all the devices currently enrolled in your Workspace ONE UEM environment and their status. The Device Details page provides device-specific information such as profiles, apps, Workspace ONE Intelligent Hub version and which version of any applicable OEM service currently installed on the device. You can also perform remote actions on the device from the Device Details page that are platform-specific.
The Device Dashboard provides a high-level view of your entire fleet and allows you to act on individual devices quickly.
You can view graphical representations of relevant device information for your fleet, such as device ownership type, compliance statistics, and platform and OS breakdowns. You can access each set of devices in the presented categories by selecting any of the available data views from the Device Dashboard.
From the List View, you can take administrative action: send messages, lock devices, delete devices, and change groups associated with the device.
- Security – View the top causes of security issues in your device fleet. Selecting any of the doughnut charts displays a filtered Device List view comprised of devices affected by the selected security issue. If supported by the platform, you can configure a compliance policy to act on these devices.
- Compromised – The number and percentage of compromised devices (jailbroken or rooted) in your deployment.
- No Passcode – The number and percentage of devices without a passcode configured for security.
- Not Encrypted – The number and percentage of devices that are not encrypted for security. This reported figure excludes Android SD Card encryption. Only those Android devices lacking disc encryption are reported in the donut graph.
- Ownership – View the total number of devices in each ownership category. Selecting any of the bar graph segments displays a filtered Device List view comprised of devices affected by the selected ownership type.
- Last Seen Overview/Breakdown – View the number and percentage of devices that have recently communicated with the Workspace ONE UEM MDM server. For example, if several devices have not been seen in over 30 days, select the corresponding bar graph to display only those devices. You can then select all these filtered devices and send out a query command so that the devices can check in.
- Platforms – View the total number of devices in each device platform category. Selecting any of the graphs displays a filtered Device List view comprised of devices under the selected platform.
- Enrollment – View the total number of devices in each enrollment category. Selecting any of the graphs displays a filtered Device List view comprised of devices with the selected enrollment status.
- Operating System Breakdown – View devices in your fleet based on operating system. There are separate charts for each supported OS. Selecting any of the graphs displays a filtered Device List view comprised of devices running the selected OS version.
Workspace ONE Assist
Workspace ONE Assist, previously named Advanced Remote Management (ARM), allows you to connect remotely to end-user devices so you can help with troubleshooting and maintenance. The Assist Server facilitates communication between the Workspace ONE UEM and the "host" device.
For more information, see VMware Workspace ONE Assist Documentation.
Device Details Page
Use the Device Details page in Workspace ONE UEM to track detailed Windows Rugged device information and quickly access user and device management actions. You can access Device Details by selecting a Friendly Name from the Device List View, using one of the Dashboards, or with any of the search tools.
From the Device Details page, you can access specific device information broken into different menu tabs. Each menu tab contains related device information depending on your Workspace ONE UEM deployment.
The More drop-down on the Device Details page enables you to perform remote actions over the air to the selected device.
The actions vary depending on factors such as the device platform, UEM console settings, and enrollment status:
- Add Tag – Assign a customizable tag to a device, which can be used to identify a special device in your fleet.
- Apps (Query) – Send an MDM query command to the device to return a list of installed applications.
- Certificates (Query) – Send an MDM query command to the device to return a list of installed certificates.
- Change Organization Group – Change the device's home organization group to another existing OG. Includes an option to select a static or dynamic OG.
- If you want to change the organization group for multiple devices at a time, you must select devices for the bulk action using the Block selection method (using the shift-key) instead of the Global check box (next to the Last Seen column heading in the device list view).
- Clear Passcode (Device) – Clear the device passcode. To be used in situations where the user has forgotten their device's passcode.
- Delete Device – Delete and unenroll a device from the console. Sends the enterprise wipe command to the device that gets wiped on the next check-in and marks the device as Delete In Progress on the console. If the wipe protection is turned off on the device, the issued command immediately performs an enterprise wipe and removes the device representation in the console.
- Device Information (Query) – Send an MDM query command to the device to return information on the device such as friendly name, platform, model, organization group, operating system version, and ownership status.
- Device Wipe – Send an MDM command to wipe a device clear of all data and operating system. This action cannot be undone.
- Edit Device – Edit device information such as Friendly Name, Asset Number, Device Ownership, Device Group Device Category.
- Enterprise Reset – Enterprise Reset a device to factory settings, keeping only the Workspace ONE UEM enrollment.
- Windows Desktop Only: Enterprise Reset restores a device to a Ready to Work state when a device is corrupted or has malfunctioning applications. It reinstalls the Windows OS while preserving user data, user accounts, and managed applications. The device will resync auto-deployed enterprise settings, policies, and applications after resync while remaining managed by Workspace ONE.
- Enterprise Wipe – Enterprise Wipe a device to unenroll and remove all managed enterprise resources including applications and profiles. This action cannot be undone and re-enrollment is required before Workspace ONE UEM can manage this device again. This device action includes options to prevent future re-enrollment and a Note Description text box for you to add information about the action.
- Enterprise Wipe is not supported for cloud domain-joined devices.
- File Manager – Start a File Manager within the UEM console that enables you to view remotely a device's content, add folders, conduct searches, and upload files.
- Provision Now – Provision products to a device. Provisioning is the ability to create an ordered installation of files, actions, profiles, and applications into a single product that can be pushed to devices.
- Query All – Send a query command to the device to return a list of installed applications (including Workspace ONE Intelligent Hub, where applicable), books, certificates, device information, profiles, and security measures.
- Registry Manager – Start a Registry Manager within the UEM console that enables you to view remotely a device's OS registry, add keys, conduct searches and add properties.
- Remote Assist – Take control of a supported device remotely using this action, which offers platform-specific tools that allow you to perform support and troubleshooting on the device. Android devices require Remote Control Service to be installed on the device.
- Remote Management – Take control of a supported device remotely using this action, which starts a console application that enables you to perform support and troubleshoot on the device. Android devices require Remote Control Service to be installed on the device.
- Request Device Check-In – Request that the selected device check itself in to the UEM console. This action updates the Last Seen column status.
- Restart Workspace ONE Intelligent Hub – Restart the Workspace ONE Intelligent Hub. This option is used during troubleshooting for when the enrollment process or submodule installation process is interrupted.
- Send Message – Send a message to the user of the selected device. Select between Email, Push Notification (through AirWatch Cloud Messaging), and SMS. Push notification requires Airwatch applications like Hub, Boxer etc which must have been launched at least once.
- Start/Stop AWCM – Start/Stop the Cloud Messaging service for the selected device. VMware AirWatch Cloud Messaging (AWCM) streamlines the delivery of messages and commands from the Admin Console. The AWCM eliminates the need for end users to access the public Internet or use consumer accounts such as Google IDs.
- Task Manager – Run a Task Manager within the UEM console that enables you to view remotely a device's currently running tasks, including task Name, Process ID, and applicable Actions you can take.
- View Manifest – View the device's Package Manifest in XML format from the UEM console. The manifest on Windows Rugged devices lists metadata for widgets and applications.
- Warm Boot – Initiate a restart of the operating system without performing a power-on self-test (POST).
- Workspace ONE Intelligent Hub Query – Send a query command to the Workspace ONE Intelligent Hub on the device to ensure it has been installed and is functioning normally.