Overview

You can think of profiles as the settings and rules that, when combined with compliance policies, help you enforce corporate rules and procedures. They contain the settings, configurations, and restrictions that you want to enforce on devices.

The individual settings you configure, such as the settings for Wi-Fi, VPN, and passcodes, are called payloads. Consider associating only one payload per profile. Create multiple profiles for the different settings you want to establish.

Create a Passcode Profile

Deploy a Passcode payload to require users to protect their devices with passcodes each time they return from an idle state in Workspace ONE UEM. This action ensures that all sensitive corporate information on managed devices remains protected.

1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
2. Select Windows Rugged.
3. Configure the General settings.
4. From the left panel, select the Passcode payload and click the Configure button.
5. Configure the Passcode settings.

   Setting	Description
   Maximum Passcode Age	Requires users to renew passcodes at selected intervals.
   Passcode	Sets a specific passcode for the device.
   Maximum Passcode Length	Sets the maximum number of characters for your passcode.
   Minimum Passcode Length	Sets the minimum number of characters for your passcode.
   Minimum Number of Upper Case Letter	Sets the minimum number of upper case letters a passcode must contain.
   Minimum Number of Lower Case Letter	Sets the minimum number of lower case letters a passcode must contain.
   Minimum Number of Numerical Digits	Sets the minimum number of numerical digits a passcode must contain.
   Grace period for device lock	Specifies a period of inactivity before locking a device.
   Maximum Number of Failed Attempts	Sets a limit on failed passcode attempts before wiping a device.

6. Select Save & Publish to push the profile to devices.

Create a Restrictions Profile

Deploy a Restrictions payload to restrict the options end users have on devices in Workspace ONE UEM. Restrictions allow you to ensure that your device is secure by controlling what an end user can use to save and store data.

1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
2. Select Windows Rugged.
3. Configure the General settings.
4. From the left panel, select the Restrictions payload and click the Configure button.
5. Configure the Restrictions settings.

   Setting	Description
   Allow Camera.	Allow access to the camera application.
   Allow External Storage.	Allow use of external storage memory.
   Remove Encryption on External Storage.	Allow the removal of encryption on external storage.
   Enable On-Device Encryption.	Allow encryption on the device.
   Allow Bluetooth.	Allow the use of Bluetooth.

6. Select Save & Publish when you are finished to push the profile to devices.

Dynamic Wi-Fi Profiles

Using custom attributes, you can create dynamic Wi-Fi profiles in Workspace ONE UEM that allow you to configure device Wi-Fi settings across smart groups and OGs without creating multiple profiles. The custom attributes can use device-side values or override device values with a specific value.

This feature works best when managing many different Wi-Fi networks across your mobile fleet. When updating the access credentials for all your Wi-Fi networks, import a batch of custom attributes (using the .csv batch import process). Using the Device Custom Attribute Values template, you can upload specific values to individual devices. This process allows you to update the credentials across your mobile fleet quickly without having to create hundreds of different Wi-Fi profiles.

Dynamic Wi-Fi profiles allow you to specify certain text boxes in the profile as a dynamic value. For example, the Service Set Identifier can be set to a dynamic value so devices can use their own value as opposed to one service set identifier per profile. If you have devices in one OG that use different Wi-Fi credentials, use dynamic Wi-Fi profiles to create one profile that configures the different settings required.

To use a custom attribute in your Wi-Fi Profile, enable the check box next to a text box. Enabling the text box allows you to select the custom attribute, enter a default value, and set the default value to override device values for the attribute.

For more information on custom attributes and instructions for creating them, see Custom Attributes for Windows Rugged.

Configure a Wi-Fi Profile

Create a Wi-Fi profile in Workspace ONE UEM to connect devices to hidden, encrypted, or password-protected corporate networks. Wi-Fi profiles are useful for end users who need access to multiple networks or for configuring devices to connect automatically to the appropriate wireless network.

1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
2. Select Windows Rugged.
3. Configure the General settings.
4. From the left panel, select the Wi-Fi payload and click the Configure button.
5. Configure the Wi-Fi settings.

   Setting	Description
   Network Adapter Type	Select the adapter type. Standard Microsoft (Zero Wireless Config). Motorola Fusion – For more information, see the section below entitled, Configure a Motorola Fusion Wi-Fi Profile. Honeywell DeviceScope – Network Adapter Type for Honeywell devices.
   Service Set Identifier	Enter an identifier that is associated with the name (SSID) of the desired Wi-Fi network.
   Wi-Fi Meta Network	Select whether you are connecting through a proxy with Work or connecting directly to the Internet.
   RFBand	Honeywell Network Adapter Type only.
   IP Addressing Mode	Select the type of IP Addressing mode used.
   Operating Mode	Select the type of operating mode used.
   Security Type	Select your Wi-Fi security type. The type selected determines which additional text boxes display.
   Authentication Type	Select the Authentication type to be used with enterprise applications.
   Encryption	Select the encryption type for traffic over the Wi-Fi connection.
   Pre Shared Key	Enter the Pre Shared Key for your Wi-Fi. Displays when Security type sets to WPA Personal or WPA2 Personal.
   Domain Name	Enter the Domain name for your certificates. Displays when Security type sets to WPA Enterprise or WPA2 Enterprise.
   Username	Enter the user name for the domain. Displays when Security type sets to WPA Enterprise or WPA2 Enterprise.
   Password	Enter the password used for the domain. Displays when Security type sets to WPA Enterprise or WPA2 Enterprise.
   Identity Certificate	Select the certificate used to identify the end user to the server.
   Server Certificate	Select the certificate used to identify the server to the end user.

6. Select Save & Publish to push the profile to devices.

Configure a Motorola Fusion Wi-Fi Profile

The Windows Rugged Wi-Fi profile in Workspace ONE UEM allows you to specify the network adapter to support the Motorola Fusion type of network adapter. These settings allow you to control when and how often the device connects to Wi-Fi.

The settings differ based on the Motorola adapter type selected.

1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
2. Select Windows Rugged.
3. Configure the General settings.
4. From the left panel, select the Wi-Fi payload and click the Configure button.
5. Configure the Wi-Fi settings.

   Setting	Description
   Network Adapter Type	Set to Motorola Fusion. For other adapter types, see the section above entitled, Configure a Wi-Fi Profile.
   Motorola Adapter Type	These options change the text boxes available. Text boxes that are tied to a specific Motorola adapter type are noted. Scroll down to view the settings specific to the WLAN of your choice, WLANFusionPublic, WLANFusion3xPublic, and WLANFusionX2Public.
   Set Fusion Options.	Set to Yes to list extra network options.
   Enable 80211d.	Set to Change to enable 802.11d wireless specification for operation in extra regulatory domains.
   Change Regulatory Country Code	Set to Change to select the Country Code for the device.
   Set RFBand	Set to Change to specify the RF Band for the device.
   Enable Auto Time Config.	Set to Change to enable automatic time configuration.
   Set FAPI Access Password	Set to Change to select a FAPI access code.
   Set FAPI Access Code	Enter the FAPI Access Code you want for the device.
   Set Profile Configuration	Set to Yes to set the profile settings.
   Service Set Identifier	Identifies the wireless network to be connected. This text box includes an option to set its value dynamically with custom attributes. You can also use lookup values. For more information, see Lookup Values.
   Profile Country Code	Enter the country code to use with the profile.
   Wi-Fi Meta Network	Select whether you are connecting through a proxy with Work or connecting directly to the Internet.
   IP Addressing Mode	Select to use DHCP or Static IP Addressing. If you select Static, enter the settings for your static IP address.
   Deactivate all other Profiles.	Set to Yes to deactivate all other Wi-Fi profiles on the device.
   Operating Mode	Select the operating mode.
   Transmit Power Level.	Select the transmit power level.
   Power Level	Select the balance of power use.
   Security Type	Select the encryption type for the network connection.
   Authentication Type	Select an authentication type to be used with enterprise applications. Additional text boxes display depending on the type selected. The FAST authentication types (EAP-FAST-MSCHAPV2, EAP-FAST-TLS, and EAP-FAST-GTC) add the following additional text boxes: Auto PAC Refreshing Auto PAC Provisioning PACFile Name PACFile Password Use GTC Token
   Encryption	Select the encryption type used for the Wi-Fi connection.
   Pre Shared Key	Enter the Pre Shared Key used for the Wi-Fi Connection.
   Change CCKM Setting.	Enable to change the CCKM Mode.
   Domain Name	Enter the domain name used in authentication.
   User name	Enter the user name used for authentication.
   Password	Enter the password used for authentication.
   Identity Certificate	Set to Other and enter the certificate name used for authentication.
   Server Certificate	Set to Other and enter the certificate name used for authentication.
   Set Fusion Options.	Set to Yes to list extra network options.
   Enable 80211d.	Set to Change to enable 802.11d wireless specification for operation in additional regulatory domains.
   Change Regulatory Country Code	Set to Change to select the Country Code for the device.
   Set RFBand	Set to Change to specify the RF Band for the device.
   Enable Auto Time Config.	Set to Change to enable automatic time configuration.
   Set FAPI Access Password	Set to Change to select an FAPI access code.
   Set FAPI Access Code	Enter the FAPI Access Code for the device.
   Set WLAN Management Mode	Set to Change to configure the WLAN Management Mode settings.
   WLAN Management Mode	Select either the Wireless Zero Config or Fusion Management State modes.
   Set Profile Configuration	Set to Yes to set the profile settings.
   Handle Error By.	Select to Ignore Error or Stop On Error.
   Set Current Management Mode Option	Set to Change to configure the management mode.
   Apply Profile Regardless of Device's Current Management Mode Configuration.	Enable to apply the Wi-Fi profile regardless of current management mode.
   Service Set Identifier	Enter the identification of the wireless network the device connects with.
   Profile Country Code	Enter the country code to use with the profile.
   Wi-Fi Meta Network	Select whether you are connecting through a proxy with Work or connecting directly to the Internet.
   IP Addressing Mode	Select to use DHCP or Static IP Addressing. If you select Static, enter the settings for your static IP address.
   Deactivate all other Profiles.	Set to Yes to deactivate all other Wi-Fi profiles on the device.
   Operating Mode	Select the operating mode. Transmit Power Level: Select the transmit power level. Adhoc Channel: Select the Ad Hoc channel the devices use. Encryption: Select the encryption type for the Wi-Fi network. Pre Share Key: Enter the Pre Shared Key used for the network.
   Transmit Power Level.	Select the transmit power level.
   Power Level	Select the balance of power use.
   Security Type	Select the encryption type for the network connection.
   Pre Shared Key	Enter the Pre Shared Key used for the Wi-Fi Connection.
   Change CCKM Setting.	Enable to change the CCKM Mode.
   Domain Name	Enter the domain name used in authentication.
   User name	Enter the user name used for authentication.
   Password	Enter the password used for authentication.
   Identity Certificate	Set to Other and enter the certificate name used for authentication.
   Server Certificate	Set to Other and enter the certificate name used for authentication.
   Enable 80211d.	Set to Change to enable 802.11d wireless specification for operation in additional regulatory domains.
   Set RFBand	Set to Change to specify the RF Band for the device.
   Enable Auto Time Config.	Set to Change to enable automatic time configuration.
   Set FAPI Access Password	Set to Change to select an FAPI access code.
   Enable IPv6.	Set to Change to enable IPv6 settings.
   Set WLAN Management Mode	Set to Change to configure the WLAN Management Mode settings.
   WLAN Management Mode	Select either the Wireless Zero Config or Fusion Management State modes.
   Enable FIPS Mode.	Set to Change to enable FIPS mode.
   Change PreAuth	Enable PreAuth to allow access points to authorize devices before they officially switchover to the new access point.
   Reset Fusion Options.	Set to Reset to reset the device's Fusion options when pushing this profile to the device.
   Reset Fusion Data Store	Set to Reset to reset the Fusion data store on a device.
   Set Profile Configuration	Set to Yes to set the profile settings.
   Handle Error By.	Select to Ignore Error or Stop On Error.
   Service Set Identifier	Enter the identification of the wireless network the device connects with.
   Profile Country Code	Enter the country code to use with the profile.
   Wi-Fi Meta Network	Select whether you are connecting through a proxy with Work or connecting directly to the Internet.
   IP Addressing Mode	Select to use DHCP or Static IP Addressing. If you select Static, enter the settings for your static IP address.
   Deactivate all other Profiles.	Set to Yes to deactivate all other Wi-Fi profiles on the device.
   Operating Mode	Select the operating mode. Transmit Power Level: Select the transmit power level. Adhoc Channel: Select the Ad Hoc channel the devices use. Encryption: Select the encryption type for the Wi-Fi network. Pre Share Key: Enter the Pre Shared Key used for the network.
   Transmit Power Level.	Select the transmit power level.
   Power Level	Select the balance of power use.
   Security Type	Select the encryption type for the network connection.
   Pre Shared Key	Enter the Pre Shared Key used for the Wi-Fi Connection.
   Change CCKM Setting.	Enable to change the CCKM Mode.
   Domain Name	Enter the domain name used in authentication.
   User name	Enter the user name used for authentication.
   Password	Enter the password used for authentication.

6. After setting the Motorola adapter type specific settings, select Save & Publish to push the profiles to devices.

Exchange ActiveSync Profiles

The Exchange ActiveSync profiles enable you to configure your Windows Rugged devices in Workspace ONE UEM to access your Exchange ActiveSync server.

Consider only using certificates signed by a trusted third-party certificate authority (CA). Mistakes in your certificates expose your otherwise secure connections to potential man-in-the-middle attacks. Such attacks degrade the confidentiality and integrity of data transmitted between product components, and might allow attackers to intercept or alter data in transit.

The Exchange ActiveSync profile supports the native mail client for Windows Desktop. The configuration changes based on which mail client you use.

1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
2. Select Windows Rugged.
3. Configure the General settings.
4. From the left panel, select the Exchange ActiveSync payload and click the Configure button.
5. Configure the Exchange ActiveSync settings.

   Settings	Descriptions
   Domain	Enter the domain for the Exchange account. You can use lookup values to create dynamic profiles. For more information, see Lookup Values.
   Exchange ActiveSync Host	Enter the hostname or IP address for the Exchange ActiveSync server.
   User	Enter the user name for the Exchange account. You can use lookup values to create dynamic profiles.
   Use SSL.	Enable to send all communications through the Secure Socket Layer.
   Max Body Truncation	Select the maximum amount an email body truncates in bytes.
   Past Days of Calendar to Sync	Enter the number of days of Calendar events to download when the account syncs for the first time on the device.
   Past Days of Mail to Sync	Enter the number of days of emails to download when the account syncs for the first time on the device.
   Max HTML Truncation	Select the level of truncation for HTML emails.
   Max Email Truncation	Select the maximum amount an email truncates in bytes.
   Max Email File Attachment Size (MB)	Select the max size (in MB) that a file can be when attached.
   Allow Sync When Roaming.	Enable to allow the email client to sync when the device is roaming.
   Allow Calendar Sync.	Enable to allow the syncing of calendars.
   Allow Contacts Sync.	Enable to allow the syncing of contacts.
   Allow Tasks.	Enable to allow the syncing of tasks.
   Allows Text Messages	Enable to allow the syncing of text messages.
   Allow Email Sync.	Allow the syncing of email. Disabling this setting removes access to email through Exchange Active Sync.
   Sunday	Enable to allow schedule of syncing on Sundays.
   Monday	Enable to allow schedule of syncing on Mondays.
   Tuesday	Enable to allow schedule of syncing on Tuesdays.
   Wednesday	Enable to allow schedule of syncing on Wednesdays.
   Thursday	Enable to allow schedule of syncing on Thursdays.
   Friday	Enable to allow schedule of syncing on Fridays.
   Saturday	Enable to allow schedule of syncing on Saturdays.
   Peak Start Time	Select the start time of the peak time period.
   Peak End Time	Select the end time of the peak time period.
   Sync Schedule Peak	Select what level of syncing happens during the peak time period.
   Sync Schedule Off Peak	Select what level of syncing happens outside the peak time period.

6. Select Save & Publish to push the profile to devices.

Credentials Profiles

A Credentials profile allows you to push Root, Intermediate, and Client certificates to support any Public Key Infrastructure (PKI) and certificate authentication use case. The profile pushes configured credentials to the proper credentials store on the Windows Rugged device in Workspace ONE UEM.

Even with strong passcodes and other restrictions, your infrastructure remains vulnerable to brute force, dictionary attacks, and employee error. For greater security, you can implement digital certificates to protect corporate assets. To use certificates in this way, you must first configure a Credentials payload with a certificate authority, and then configure your Wi-Fi and VPN payloads. Each of these payloads has settings for associating the certificate authority defined in the Credentials payload.

A Credentials profile pushes certificates to devices for use in authentication. With Workspace ONE UEM, you can configure credentials for intermediate, trusted root, trusted publisher, and trusted people certificate stores.

1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
2. Select Windows Rugged.
3. Configure the General settings.
4. From the left panel, select the Credentials payload and click the Configure button.
5. Configure the Credentials settings.

   Settings	Description
   Credential Source	Use the drop-down menu to select either Upload or Defined Certificate Authority.
   Credential Name	Enter a name for the credentials certificate. Displays if the Credential Source is Upload.
   Certificate	Select Upload, navigate to the desired credential certificate file, and select Save. Displays if the Credential Source is Upload.
   Certificate Authority	Use the drop-down menu to select a predefined certificate authority. Displays if the Credential Source is Define Certificate Authority.
   Certificate Template	Use the drop-down menu to select a predefined certificate template specific to the selected certificate authority. Displays if the Credential Source is Define Certificate Authority.
   Store Location	Use the drop-down menu to select to save the certificate on the specific user account level or on the Computer Store for all users of a computer.
   Certificate Store	Select the certificate store folder location from the drop-down menu. Trusted Root Certification Authorities Trusted Publishers Untrusted Certificates Trusted People

6. Select Save & Publish to push the profile to devices.

Launcher Profiles

The Workspace ONE UEM App Launcher restricts user access to a list of allowed applications and native features on the device. Use the App Launcher to control the apps available to end users and the layout of the device home screen.

The Launcher profile enables you to customize the look and layout of the Windows Rugged device home screen. You can configure the launcher profile to start when the device starts to limit end-user access to the entire device. To limit end-user access to the correct apps on a shared device, you can set the launcher profile to display based on the user group of the end user. This functionality allows you to tailor the launcher to the role of the end user using a shared device.

Customize the launcher to display different settings and apps based on the layout you want. To manage the device, the launcher profile includes different tools for admins to troubleshoot the device.

Create a Launcher Profile

Configure the Workspace ONE UEM App Launcher profile to customize the layout and apps of a Windows Rugged device using the App Launcher. This customization allows you to control end-user access to the device settings and applications based on the roles of the user.

1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
2. Select Windows Rugged.
3. Configure the General settings.
4. From the left panel, select the Workspace ONE Launcher payload and click the Configure button.
5. Enter a Title for the Workspace ONE Launcher profile. You can use the supported Workspace ONE UEM Lookup Values. Select the plus sign (+) for a list of all Workspace ONE UEM supported Lookup Values. For more information, see Lookup Values.
6. Define an Administrative Passcode for setting configurations on the device.
7. Define the User Category of the end user if Shared Devices are enabled in the Windows Rugged Hub Settings page. The user category ties end users to specific Launcher profiles allowing you to tailor Launcher layout and configuration to individual end users. Consider creating user groups based on the end user's role.
8. Configure the remaining options:

   Settings	Descriptions
   Application Name	Specifies the application name that displays in the Workspace ONE UEM App Launcher.
   File Path to Exe	Defines the file path of the application and includes the executable file.
   Arguments	Enter any command-line arguments to run the application.
   Hide	Masks the application on the device.
   Launch On Start	Starts the application when the Workspace ONE UEM App Launcher starts. For best results, enable this option for a single application.
   Start Up Options	Select the condition that triggers the launcher starting.
   Delayed Launch	Select the time (in seconds) that the launcher delays from starting following device boot. This setting requires Start Up Options to be set to Delayed Start.
   Console Application	Defines the application as not having a user interface or as a background process.
   Tools Menu	Lists applications on the Tools menu for the App Launcher.
   Background Application	Select if the application requires no user interaction and you want it to run in the background.
   Deactivate App Close	Removes the close button from the application preventing the user from closing the app. Select this option only for dedicated use applications.
   Enable Home Button.	Allows you to minimize an allowlisted application and return to the main App Launcher page while keeping the current session active for that app. If you want to return to the minimized app, select the icon on the App Launcher screen.
   Application Icon Path	Defines the path to the location of the application icon that resides on the device. If the desired icon does not reside on the device, then you can upload an image.
   Upload Icon	Allows you to upload an image (icon) that ties to an application by entering the path in the Application Icon Path text box.
   View Time	Displays the time for application processes.
   Deactivate Active Sync.	Deactivates the use of the Exchange ActiveSync protocol for application transactions.
   Deactivate Keyboard.	Deactivates the use of the device keyboard to perform application processes.
   View IP Address	Displays the device IP address within application processes.
   Enable Native Taskbar.	Uses the default taskbar for that device instead of the custom launcher taskbar. *When selected, these settings deactivate except for View Time, Deactivate Active Sync, Deactivate Keyboard, and View IP Address. These exceptions exist because the native taskbar only displays the icons/settings that are available to that device.
   View Connection Status	Displays the connection status of the device.
   Show Message Notification	Displays a message indicator for unviewed messages from a third-party application.
   Display Organization Group	Displays the Organization Group of the signed-in user.
   View Wi-Fi Signal	Displays the strength of the Wi-Fi signal.
   View Cell Signal	Displays the strength of the cell signal.
   View Battery Icon	Displays the amount of power remaining in the battery.
   View Volume	Displays the level the volume sets to on the device.
   Display Missed Call Notification	Displays a notification when an incoming call is not answered/missed.
   Display SMS/Text Notification	Displays a notification when the device received a text message.
   Tools	The following settings allow the user to customize and manage the contents of the Tools Menu on the Launcher. You can select any combination of the following options to make those options available to the user on the Tools Menu. A second option is to allowlist the application under the Allowed Application section by selecting the Tools Menu option next to that application. A third option is to configure apps directly on a device, provided the configure option is enabled.
   Restart AW Hub.	Allows the user to restart the AirWatch Service on the device.
   Restart AWCM.	Allows the user to restart the AWCM Service on the device.
   Start AW Diagnostics.	Allows the user to open and access the AirWatch Diagnostics utility.
   Start App Manager.	Allows the user to open and access the Application Manager utility. The Launcher is capable of multiple profile support. Profiles that are active and meet the assignment criteria for that device. Multiple profile support requires Workspace ONE Intelligent Hub version 4.0.0.13 or later.
   Configure	Allows the user to configure all areas of the Launcher directly on the device, including Allowed Applications, Settings, and Tools Menu.
   Select Launcher View/Layout Style.	Select the format for the view/layout. Grid – Traditional grid layout of applications. List – List of applications with a small thumbnail of the app icon. Plain List – List of applications with no thumbnail of app icon. None – No preset view/layout. End users can select the view/layout they want. If you select a view/layout other than None, end users cannot change the view/layout.
   Enable Wallpaper.	Enable to set a wallpaper for the Launcher. You must select a Landscape and Portrait mode image. Important: Wallpapers cannot exceed 640x480 or be more than 20 KB. Images larger than 20 KB cannot display.

9. Select Save & Publish.

Update the Launcher Profile from the Windows Rugged Device

You must change the applications included in the Workspace ONE UEM App Launcher. This action requires admin credentials to perform.

1. Open the Workspace ONE UEM App Launcher application on the device.
2. Enter the Admin passcode in the Password text box and select Accept.
3. Select the option to Import, Export, or Add applications from and to the list.
4. Select Add to add an application and complete the following options on the Add Application screen:
   1. Application Location – Defines the file path of the application or select the Browse option.
   2. Application Name – Defines the name of the application to display in the Workspace ONE UEM App Launcher.
   3. Arguments – Defines command-line arguments to run the application.
   4. Launch On Start – Starts the application when the Workspace ONE UEM App Launcher starts.
   5. Hide from User – Masks the application in the user interface.
   6. Console Application – Defines the application as not having a user interface or as a background process.
5. Select Save.

Configure Shared Device Launcher Profiles

Workspace ONE UEM allows you to configure Launcher profiles to support multiple end users sharing a single device. Use this feature to customize the Launcher for individual users and their different applications to meet their individual roles.

1. Navigate to Groups & Settings > All Settings > Devices & Users > Windows > Windows Rugged > Hub Settings.
2. Navigate to Accounts > Users > User Settings > Categories > Add and enter the Name and Description.

   Consider creating the User Categories based on the various roles end users have that require different applications on the device. For example, basic users require different applications than a shift supervisor or manager. To accommodate this requirement, create different User Categories for the basic user, shift supervisor, and manager.

3. Select Enable Shared Device Mode.
4. Navigate to Accounts > Users > List View and Add new user or Edit an existing one.
5. Enable Show Advanced User Details and select the applicable Category based on the role of the user.
6. Create and configure a Launcher Profile. Select the applicable User Category based on the role of the user for this specific Launcher profile.
7. Configure a Launcher profiles for each end-user role.
8. End users must enter their credentials and their group ID. To deactivate the group ID requirement, navigate to Settings > All Settings > Devices & Users > General > Shared Device and set the Group Assignment Mode to Fixed Organization Group.

Create a VPN Profile

Create a VPN Profile to deploy corporate VPN settings directly to managed devices in Workspace ONE UEM. This profile enables end users to access corporate infrastructure remotely and securely.

1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
2. Select Windows Rugged.
3. Configure the General settings.
4. From the left panel, select the VPN profile and click the Configure button.
5. Configure the VPN settings.

   Setting	Description
   Connection Type	Defines the connection for the VPN. Both of these types rely on the encryption protocol to be passed within the tunnel because they do not inherently have their own encryption methods. PPTP – Point-to-Point Tunneling Protocol. IPSec/L2TP – Layer 2 Tunneling Protocol.
   Connection Name	Enter the connection name.
   Server	Enter the hostname of IP address of the VPN server.
   Username	Enter the user name for the VPN. You can use lookup values to use the device-specific value.
   Domain	Enter the domain for the VPN. You can use lookup values to use the device-specific value.
   Authentication	Defines the authentication for the VPN. Certificate – Use this option to deploy certificate-based authentication for your VPN connections. You must select this option if you select the Connection TypeIPSec/L2TP Pre Shared Key – Use the PSK option when you have a shared secret that device users use to access the VPN. This authentication type often uses symmetric key algorithms for security.
   Shared Secret	Enter the shared secret for the connection. Displays when Authentication sets to Pre Shared Key.

6. Select Save & Publish to push the profile to devices.

Create a Time Sync Profile

Deploy Time Sync payloads to synchronize the system time on Windows Rugged devices with time servers to ensure that the device fleet runs on the same clock. This profile within Workspace ONE UEM is useful for global networks with devices in numerous time zones.

1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
2. Select Windows Rugged.
3. Configure the General settings.
4. From the left panel, select the Time Sync payload and click the Configure button.
5. Configure the Time Sync settings.

   Setting	Description
   Time Sync Method	Select the preferred method of time sync. Time Server – Select to use a Network Time Protocol server which you can use to sync devices such as pool.ntp.org. HTTP – Select to enter a URL. This URL can be any URL. For example, you can use www.google.com. SNTP – Select to enter a Simple Network Time Protocol such as time.nist.gov. Console – Select to sync the device with the UEM console.
   Primary Time Server	Enter the URL of the time server with which the device syncs.
   Port	Enter the port the device uses to sync with the secondary server.
   Secondary Server	Enter an optional secondary server the device can use if the primary is unavailable. Displays when Time Server is selected as the Time Sync Method.
   Port	Enter the port the device uses to sync. Displays when Time Server is selected as the Time Sync Method.
   Sync Time Every	Enter the number of minutes, hours, or days.

6. Select Save & Publish.

Create a Shortcut Profile

Create a Shortcut profile in Workspace ONE UEM to push custom icons associated with URLS. These icons provide your end users with the shortcuts to websites they need.

You can add as many icons as needed to a shortcut payload. Upload the icon image file into the Workspace ONE UEM console.

1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
2. Select Windows Rugged.
3. Configure the General settings.
4. From the left panel, select the Shortcut payload and click the Configure button.
5. Configure the Shortcut settings.

   Setting	Description
   Label	Enter the name associated to the icon that displays on the user's device.
   URL	Enter the URL for the website in which the user advances to when the user taps on the icon.
   Icon	Upload the image file that displays on the user's device that is associated to the URL.

6. Select Save & Publish to push the profile to devices.

Create a Time Zone Profile

Create a Time Zone profile to configure your Windows Rugged device time zone settings in Workspace ONE UEM. This profile eliminates having to remote control into the end user's device to set the time zone manually.

After pushing the profile, the device displays the time zone, and all device activity is time stamped based on that time zone regardless of the actual device location.

1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
2. Select Windows Rugged.
3. Configure the General settings.
4. From the left panel, select the Time Zone payload and select the Configure button.
5. Select the Time Zone Setup drop-down, and select Set Time Zone Manually.
6. Select the Time Zone drop-down and select the appropriate time zone from the list.

Create a Custom Attribute Payload

Workspace ONE UEM allows you to create and deploy custom attributes that collect and compare custom-made values from device. Custom attributes are used to manage devices using attributes assigned to or gathered from the devices.

Third-party applications collect or create these attributes for use with the Workspace ONE UEM console. By using custom attributes, you can ensure that only the devices whose attribute values match the ones you set are selected.

Custom attributes are used by the rules generator of product provisioning to provision products to specific devices. Ensure that your devices have the correct values to prevent incorrect products from being provisioned to them.

For more information on custom attributes and instructions for creating them, see Custom Attributes for Windows Rugged.

1. Navigate to Devices > Products > Profiles > List View and select Add and then select the device platform.
2. Configure the General settings. These settings determine how the profile deploys and who receives it.
3. Select the Custom Attribute profile.
4. Select Add to configure the custom attributes you want to use.

   Setting	Description
   Application	Select the application (grouping of custom attributes) that contain the attributes you want to configure.
   Custom Attributes	Select the specific custom attributes for the profile to configure.
   Value	Enter the custom attribute value to assign to the device.
   Is Dynamic	Enable to allow the custom attribute's value to change and be changed based on permissions. If selected, this looks up the custom attribute value for an individual device when the command is queued instead of using the default value specified in the payload. If no value is found, the device default value is used.
   Permission	Set the permission of the custom attribute. Read/Write allows the applications to change the attribute value. Read Only restricts applications from changing the value.
   Sync	Enable to push the attribute value back to the UEM console to be displayed in the Device Details page.

   You can add additional attributes as necessary.

5. Select Save & Publish to push the profile to devices.

Create a GPRS Profile

The General Packet Radio Service (GPRS) allows mobile data on 2G and 3G cellular communication system for GSM devices. The GPRS payload allows you to configure and control how the device uses GPRS in Workspace ONE UEM.

1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
2. Select Windows Rugged.
3. Configure the General settings.
4. From the left panel, select the GPRS payload and click the Configure button.
5. Configure the GPRS settings.

   Setting	Description
   Enabled	Select to enable GPRS management.
   Connection Name	Enter the GPRS connection name.
   Destination	Select whether the GPRS connection is to the Internet or a Work intranet.
   GPRS Info Access Point Name	Enter the APN the device must connect to. The APN must follow the correct format: <network identifier>.mnc<MNC>.mcc<MCC>.gprs
   User name	Enter the user name for connecting to the network.
   Password	Enter the password for connecting to the network.
   Domain	Enter the network domain.
   Advanced	Enable to configure advanced options.
   Specific Name Servers	Enable to enter specific name servers to use.
   Country Code	Enter the network country code.
   Area Code	Enter the device area code.
   Use Country and Area Codes.	Enable to use Country and Area codes.
   Phone	Enter the device phone number.
   Device Name	Enter the device name for use in phone books.
   Device Type	Select the RAS device type.
   Use Software Compression.	Allows for faster connection speeds on low-bandwidth networks by compressing the phone book entries.
   Use IP Header Compression.	Allows for faster connection speeds on low-bandwidth networks by compressing the IP Header.
   Specific IP Address	Enable to connect to a specific IP Address.
   Read Only.	Enable to restrict the device to reading data only.
   Authentication Type	Select the type of authentication the network uses.

6. Select Save & Publish.