Profiles are the primary means to manage devices in Workspace ONE UEM. Configure profiles so your Windows Rugged devices remain secure and configured to your settings.

Overview

You can think of profiles as the settings and rules that, when combined with compliance policies, help you enforce corporate rules and procedures. They contain the settings, configurations, and restrictions that you want to enforce on devices.

The individual settings you configure, such as the settings for Wi-Fi, VPN, and passcodes, are called payloads. Consider associating only one payload per profile. Create multiple profiles for the different settings you want to establish.

Create a Passcode Profile

Deploy a Passcode payload to require users to protect their devices with passcodes each time they return from an idle state in Workspace ONE UEM. This action ensures that all sensitive corporate information on managed devices remains protected.

Important: Passcode payloads apply only to Windows Rugged devices and not Windows CE devices.
  1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
  2. Select Windows Rugged.
  3. Configure the General settings.
  4. From the left panel, select the Passcode payload and click the Configure button.
  5. Configure the Passcode settings.
    Setting Description
    Maximum Passcode Age Requires users to renew passcodes at selected intervals.
    Passcode Sets a specific passcode for the device.
    Maximum Passcode Length Sets the maximum number of characters for your passcode.
    Minimum Passcode Length Sets the minimum number of characters for your passcode.
    Minimum Number of Upper Case Letter Sets the minimum number of upper case letters a passcode must contain.
    Minimum Number of Lower Case Letter Sets the minimum number of lower case letters a passcode must contain.
    Minimum Number of Numerical Digits Sets the minimum number of numerical digits a passcode must contain.
    Grace period for device lock Specifies a period of inactivity before locking a device.
    Maximum Number of Failed Attempts Sets a limit on failed passcode attempts before wiping a device.
  6. Select Save & Publish to push the profile to devices.

Create a Restrictions Profile

Deploy a Restrictions payload to restrict the options end users have on devices in Workspace ONE UEM. Restrictions allow you to ensure that your device is secure by controlling what an end user can use to save and store data.

Important: You can use a Restriction payload only on Windows Rugged devices and not on Windows CE devices.
  1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
  2. Select Windows Rugged.
  3. Configure the General settings.
  4. From the left panel, select the Restrictions payload and click the Configure button.
  5. Configure the Restrictions settings.
    Setting Description
    Allow Camera. Allow access to the camera application.
    Allow External Storage. Allow use of external storage memory.
    Remove Encryption on External Storage. Allow the removal of encryption on external storage.
    Enable On-Device Encryption. Allow encryption on the device.
    Allow Bluetooth. Allow the use of Bluetooth.
  6. Select Save & Publish when you are finished to push the profile to devices.

Dynamic Wi-Fi Profiles

Using custom attributes, you can create dynamic Wi-Fi profiles in Workspace ONE UEM that allow you to configure device Wi-Fi settings across smart groups and OGs without creating multiple profiles. The custom attributes can use device-side values or override device values with a specific value.

This feature works best when managing many different Wi-Fi networks across your mobile fleet. When updating the access credentials for all your Wi-Fi networks, import a batch of custom attributes (using the .csv batch import process). Using the Device Custom Attribute Values template, you can upload specific values to individual devices. This process allows you to update the credentials across your mobile fleet quickly without having to create hundreds of different Wi-Fi profiles.

Dynamic Wi-Fi profiles allow you to specify certain text boxes in the profile as a dynamic value. For example, the Service Set Identifier can be set to a dynamic value so devices can use their own value as opposed to one service set identifier per profile. If you have devices in one OG that use different Wi-Fi credentials, use dynamic Wi-Fi profiles to create one profile that configures the different settings required.

To use a custom attribute in your Wi-Fi Profile, enable the check box next to a text box. Enabling the text box allows you to select the custom attribute, enter a default value, and set the default value to override device values for the attribute.

For more information on custom attributes and instructions for creating them, see Custom Attributes for Windows Rugged.

Configure a Wi-Fi Profile

Create a Wi-Fi profile in Workspace ONE UEM to connect devices to hidden, encrypted, or password-protected corporate networks. Wi-Fi profiles are useful for end users who need access to multiple networks or for configuring devices to connect automatically to the appropriate wireless network.

Important: Zero Wireless Config is not available for Windows CE devices except Psion CE devices. You can provision Wi-Fi profiles using Zero Wireless Config to Psion CE devices only but not any other Windows CE devices.
  1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
  2. Select Windows Rugged.
  3. Configure the General settings.
  4. From the left panel, select the Wi-Fi payload and click the Configure button.
  5. Configure the Wi-Fi settings.
    Setting Description
    Network Adapter Type

    Select the adapter type.

    • Standard Microsoft (Zero Wireless Config).
    • Motorola Fusion – For more information, see the section below entitled, Configure a Motorola Fusion Wi-Fi Profile.
    • Honeywell DeviceScope – Network Adapter Type for Honeywell devices.
    Service Set Identifier Enter an identifier that is associated with the name (SSID) of the desired Wi-Fi network.
    Wi-Fi Meta Network Select whether you are connecting through a proxy with Work or connecting directly to the Internet.
    RFBand Honeywell Network Adapter Type only.
    IP Addressing Mode Select the type of IP Addressing mode used.
    Operating Mode Select the type of operating mode used.
    Security Type

    Select your Wi-Fi security type.

    The type selected determines which additional text boxes display.

    Authentication Type Select the Authentication type to be used with enterprise applications.
    Encryption Select the encryption type for traffic over the Wi-Fi connection.
    Pre Shared Key

    Enter the Pre Shared Key for your Wi-Fi.

    Displays when Security type sets to WPA Personal or WPA2 Personal.

    Domain Name

    Enter the Domain name for your certificates.

    Displays when Security type sets to WPA Enterprise or WPA2 Enterprise.

    Username

    Enter the user name for the domain.

    Displays when Security type sets to WPA Enterprise or WPA2 Enterprise.

    Password

    Enter the password used for the domain.

    Displays when Security type sets to WPA Enterprise or WPA2 Enterprise.

    Identity Certificate Select the certificate used to identify the end user to the server.
    Server Certificate Select the certificate used to identify the server to the end user.
  6. Select Save & Publish to push the profile to devices.

Configure a Motorola Fusion Wi-Fi Profile

The Windows Rugged Wi-Fi profile in Workspace ONE UEM allows you to specify the network adapter to support the Motorola Fusion type of network adapter. These settings allow you to control when and how often the device connects to Wi-Fi.

The settings differ based on the Motorola adapter type selected.

Note: The settings that follow are based on the specific Motorola adapter type selected.
  1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
  2. Select Windows Rugged.
  3. Configure the General settings.
  4. From the left panel, select the Wi-Fi payload and click the Configure button.
  5. Configure the Wi-Fi settings.
    Setting Description
    Network Adapter Type Set to Motorola Fusion. For other adapter types, see the section above entitled, Configure a Wi-Fi Profile.
    Motorola Adapter Type

    These options change the text boxes available. Text boxes that are tied to a specific Motorola adapter type are noted.

    Scroll down to view the settings specific to the WLAN of your choice, WLANFusionPublic, WLANFusion3xPublic, and WLANFusionX2Public.

    Set Fusion Options. Set to Yes to list extra network options.
    Enable 80211d. Set to Change to enable 802.11d wireless specification for operation in extra regulatory domains.
    Change Regulatory Country Code Set to Change to select the Country Code for the device.
    Set RFBand Set to Change to specify the RF Band for the device.
    Enable Auto Time Config. Set to Change to enable automatic time configuration.
    Set FAPI Access Password Set to Change to select a FAPI access code.
    Set FAPI Access Code Enter the FAPI Access Code you want for the device.
    Set Profile Configuration Set to Yes to set the profile settings.
    Service Set Identifier

    Identifies the wireless network to be connected. This text box includes an option to set its value dynamically with custom attributes. You can also use lookup values.

    For more information, see Lookup Values.

    Profile Country Code Enter the country code to use with the profile.
    Wi-Fi Meta Network Select whether you are connecting through a proxy with Work or connecting directly to the Internet.
    IP Addressing Mode Select to use DHCP or Static IP Addressing. If you select Static, enter the settings for your static IP address.
    Deactivate all other Profiles. Set to Yes to deactivate all other Wi-Fi profiles on the device.
    Operating Mode Select the operating mode.
    Transmit Power Level. Select the transmit power level.
    Power Level Select the balance of power use.
    Security Type Select the encryption type for the network connection.
    Authentication Type

    Select an authentication type to be used with enterprise applications. Additional text boxes display depending on the type selected.

    The FAST authentication types (EAP-FAST-MSCHAPV2, EAP-FAST-TLS, and EAP-FAST-GTC) add the following additional text boxes:

    • Auto PAC Refreshing
    • Auto PAC Provisioning
    • PACFile Name
    • PACFile Password
    • Use GTC Token
    Encryption Select the encryption type used for the Wi-Fi connection.
    Pre Shared Key Enter the Pre Shared Key used for the Wi-Fi Connection.
    Change CCKM Setting. Enable to change the CCKM Mode.
    Domain Name Enter the domain name used in authentication.
    User name Enter the user name used for authentication.
    Password Enter the password used for authentication.
    Identity Certificate Set to Other and enter the certificate name used for authentication.
    Server Certificate Set to Other and enter the certificate name used for authentication.
    Set Fusion Options. Set to Yes to list extra network options.
    Enable 80211d. Set to Change to enable 802.11d wireless specification for operation in additional regulatory domains.
    Change Regulatory Country Code Set to Change to select the Country Code for the device.
    Set RFBand Set to Change to specify the RF Band for the device.
    Enable Auto Time Config. Set to Change to enable automatic time configuration.
    Set FAPI Access Password Set to Change to select an FAPI access code.
    Set FAPI Access Code Enter the FAPI Access Code for the device.
    Set WLAN Management Mode Set to Change to configure the WLAN Management Mode settings.
    WLAN Management Mode Select either the Wireless Zero Config or Fusion Management State modes.
    Set Profile Configuration Set to Yes to set the profile settings.
    Handle Error By. Select to Ignore Error or Stop On Error.
    Set Current Management Mode Option Set to Change to configure the management mode.
    Apply Profile Regardless of Device's Current Management Mode Configuration. Enable to apply the Wi-Fi profile regardless of current management mode.
    Service Set Identifier Enter the identification of the wireless network the device connects with.
    Profile Country Code Enter the country code to use with the profile.
    Wi-Fi Meta Network Select whether you are connecting through a proxy with Work or connecting directly to the Internet.
    IP Addressing Mode Select to use DHCP or Static IP Addressing. If you select Static, enter the settings for your static IP address.
    Deactivate all other Profiles. Set to Yes to deactivate all other Wi-Fi profiles on the device.
    Operating Mode

    Select the operating mode.

    Transmit Power Level: Select the transmit power level.

    Adhoc Channel: Select the Ad Hoc channel the devices use.

    Encryption: Select the encryption type for the Wi-Fi network.

    Pre Share Key: Enter the Pre Shared Key used for the network.

    Transmit Power Level. Select the transmit power level.
    Power Level Select the balance of power use.
    Security Type Select the encryption type for the network connection.
    Pre Shared Key Enter the Pre Shared Key used for the Wi-Fi Connection.
    Change CCKM Setting. Enable to change the CCKM Mode.
    Domain Name Enter the domain name used in authentication.
    User name Enter the user name used for authentication.
    Password Enter the password used for authentication.
    Identity Certificate Set to Other and enter the certificate name used for authentication.
    Server Certificate Set to Other and enter the certificate name used for authentication.
    Enable 80211d. Set to Change to enable 802.11d wireless specification for operation in additional regulatory domains.
    Set RFBand Set to Change to specify the RF Band for the device.
    Enable Auto Time Config. Set to Change to enable automatic time configuration.
    Set FAPI Access Password Set to Change to select an FAPI access code.
    Enable IPv6. Set to Change to enable IPv6 settings.
    Set WLAN Management Mode Set to Change to configure the WLAN Management Mode settings.
    WLAN Management Mode Select either the Wireless Zero Config or Fusion Management State modes.
    Enable FIPS Mode. Set to Change to enable FIPS mode.
    Change PreAuth Enable PreAuth to allow access points to authorize devices before they officially switchover to the new access point.
    Reset Fusion Options. Set to Reset to reset the device's Fusion options when pushing this profile to the device.
    Reset Fusion Data Store Set to Reset to reset the Fusion data store on a device.
    Set Profile Configuration Set to Yes to set the profile settings.
    Handle Error By. Select to Ignore Error or Stop On Error.
    Service Set Identifier Enter the identification of the wireless network the device connects with.
    Profile Country Code Enter the country code to use with the profile.
    Wi-Fi Meta Network Select whether you are connecting through a proxy with Work or connecting directly to the Internet.
    IP Addressing Mode Select to use DHCP or Static IP Addressing. If you select Static, enter the settings for your static IP address.
    Deactivate all other Profiles. Set to Yes to deactivate all other Wi-Fi profiles on the device.
    Operating Mode

    Select the operating mode.

    • Transmit Power Level: Select the transmit power level.
    • Adhoc Channel: Select the Ad Hoc channel the devices use.
    • Encryption: Select the encryption type for the Wi-Fi network.
    • Pre Share Key: Enter the Pre Shared Key used for the network.
    Transmit Power Level. Select the transmit power level.
    Power Level Select the balance of power use.
    Security Type Select the encryption type for the network connection.
    Pre Shared Key Enter the Pre Shared Key used for the Wi-Fi Connection.
    Change CCKM Setting. Enable to change the CCKM Mode.
    Domain Name Enter the domain name used in authentication.
    User name Enter the user name used for authentication.
    Password Enter the password used for authentication.
  6. After setting the Motorola adapter type specific settings, select Save & Publish to push the profiles to devices.

Exchange ActiveSync Profiles

The Exchange ActiveSync profiles enable you to configure your Windows Rugged devices in Workspace ONE UEM to access your Exchange ActiveSync server.

Consider only using certificates signed by a trusted third-party certificate authority (CA). Mistakes in your certificates expose your otherwise secure connections to potential man-in-the-middle attacks. Such attacks degrade the confidentiality and integrity of data transmitted between product components, and might allow attackers to intercept or alter data in transit.

The Exchange ActiveSync profile supports the native mail client for Windows Desktop. The configuration changes based on which mail client you use.

Important: You can use an EAS payload only on Windows Mobile devices and not on Windows CE devices.
  1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
  2. Select Windows Rugged.
  3. Configure the General settings.
  4. From the left panel, select the Exchange ActiveSync payload and click the Configure button.
  5. Configure the Exchange ActiveSync settings.
    Settings Descriptions
    Domain

    Enter the domain for the Exchange account.

    You can use lookup values to create dynamic profiles.

    For more information, see Lookup Values.

    Exchange ActiveSync Host Enter the hostname or IP address for the Exchange ActiveSync server.
    User

    Enter the user name for the Exchange account.

    You can use lookup values to create dynamic profiles.

    Use SSL. Enable to send all communications through the Secure Socket Layer.
    Max Body Truncation Select the maximum amount an email body truncates in bytes.
    Past Days of Calendar to Sync Enter the number of days of Calendar events to download when the account syncs for the first time on the device.
    Past Days of Mail to Sync Enter the number of days of emails to download when the account syncs for the first time on the device.
    Max HTML Truncation Select the level of truncation for HTML emails.
    Max Email Truncation Select the maximum amount an email truncates in bytes.
    Max Email File Attachment Size (MB) Select the max size (in MB) that a file can be when attached.
    Allow Sync When Roaming. Enable to allow the email client to sync when the device is roaming.
    Allow Calendar Sync. Enable to allow the syncing of calendars.
    Allow Contacts Sync. Enable to allow the syncing of contacts.
    Allow Tasks. Enable to allow the syncing of tasks.
    Allows Text Messages Enable to allow the syncing of text messages.
    Allow Email Sync. Allow the syncing of email. Disabling this setting removes access to email through Exchange Active Sync.
    Sunday Enable to allow schedule of syncing on Sundays.
    Monday Enable to allow schedule of syncing on Mondays.
    Tuesday Enable to allow schedule of syncing on Tuesdays.
    Wednesday Enable to allow schedule of syncing on Wednesdays.
    Thursday Enable to allow schedule of syncing on Thursdays.
    Friday Enable to allow schedule of syncing on Fridays.
    Saturday Enable to allow schedule of syncing on Saturdays.
    Peak Start Time Select the start time of the peak time period.
    Peak End Time Select the end time of the peak time period.
    Sync Schedule Peak Select what level of syncing happens during the peak time period.
    Sync Schedule Off Peak Select what level of syncing happens outside the peak time period.
  6. Select Save & Publish to push the profile to devices.

Credentials Profiles

A Credentials profile allows you to push Root, Intermediate, and Client certificates to support any Public Key Infrastructure (PKI) and certificate authentication use case. The profile pushes configured credentials to the proper credentials store on the Windows Rugged device in Workspace ONE UEM.

Even with strong passcodes and other restrictions, your infrastructure remains vulnerable to brute force, dictionary attacks, and employee error. For greater security, you can implement digital certificates to protect corporate assets. To use certificates in this way, you must first configure a Credentials payload with a certificate authority, and then configure your Wi-Fi and VPN payloads. Each of these payloads has settings for associating the certificate authority defined in the Credentials payload.

A Credentials profile pushes certificates to devices for use in authentication. With Workspace ONE UEM, you can configure credentials for intermediate, trusted root, trusted publisher, and trusted people certificate stores.

  1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
  2. Select Windows Rugged.
  3. Configure the General settings.
  4. From the left panel, select the Credentials payload and click the Configure button.
  5. Configure the Credentials settings.
    Settings Description
    Credential Source

    Use the drop-down menu to select either Upload or Defined Certificate Authority.

    Credential Name Enter a name for the credentials certificate. Displays if the Credential Source is Upload.
    Certificate

    Select Upload, navigate to the desired credential certificate file, and select Save.

    Displays if the Credential Source is Upload.

    Certificate Authority

    Use the drop-down menu to select a predefined certificate authority.

    Displays if the Credential Source is Define Certificate Authority.

    Certificate Template

    Use the drop-down menu to select a predefined certificate template specific to the selected certificate authority.

    Displays if the Credential Source is Define Certificate Authority.

    Store Location Use the drop-down menu to select to save the certificate on the specific user account level or on the Computer Store for all users of a computer.
    Certificate Store

    Select the certificate store folder location from the drop-down menu.

    • Trusted Root Certification Authorities
    • Trusted Publishers
    • Untrusted Certificates
    • Trusted People
  6. Select Save & Publish to push the profile to devices.

Launcher Profiles

The Workspace ONE UEM App Launcher restricts user access to a list of allowed applications and native features on the device. Use the App Launcher to control the apps available to end users and the layout of the device home screen.

The Launcher profile enables you to customize the look and layout of the Windows Rugged device home screen. You can configure the launcher profile to start when the device starts to limit end-user access to the entire device. To limit end-user access to the correct apps on a shared device, you can set the launcher profile to display based on the user group of the end user. This functionality allows you to tailor the launcher to the role of the end user using a shared device.

Customize the launcher to display different settings and apps based on the layout you want. To manage the device, the launcher profile includes different tools for admins to troubleshoot the device.

Create a Launcher Profile

Configure the Workspace ONE UEM App Launcher profile to customize the layout and apps of a Windows Rugged device using the App Launcher. This customization allows you to control end-user access to the device settings and applications based on the roles of the user.

  1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
  2. Select Windows Rugged.
  3. Configure the General settings.
  4. From the left panel, select the Workspace ONE Launcher payload and click the Configure button.
  5. Enter a Title for the Workspace ONE Launcher profile. You can use the supported Workspace ONE UEM Lookup Values. Select the plus sign (+) for a list of all Workspace ONE UEM supported Lookup Values. For more information, see Lookup Values.
  6. Define an Administrative Passcode for setting configurations on the device.
  7. Define the User Category of the end user if Shared Devices are enabled in the Windows Rugged Hub Settings page. The user category ties end users to specific Launcher profiles allowing you to tailor Launcher layout and configuration to individual end users. Consider creating user groups based on the end user's role.
  8. Configure the remaining options:
    Settings Descriptions
    Application Name Specifies the application name that displays in the Workspace ONE UEM App Launcher.
    File Path to Exe Defines the file path of the application and includes the executable file.
    Arguments Enter any command-line arguments to run the application.
    Hide Masks the application on the device.
    Launch On Start Starts the application when the Workspace ONE UEM App Launcher starts. For best results, enable this option for a single application.
    Start Up Options Select the condition that triggers the launcher starting.
    Delayed Launch

    Select the time (in seconds) that the launcher delays from starting following device boot.

    This setting requires Start Up Options to be set to Delayed Start.

    Console Application Defines the application as not having a user interface or as a background process.
    Tools Menu Lists applications on the Tools menu for the App Launcher.
    Background Application Select if the application requires no user interaction and you want it to run in the background.
    Deactivate App Close Removes the close button from the application preventing the user from closing the app. Select this option only for dedicated use applications.
    Enable Home Button.

    Allows you to minimize an allowlisted application and return to the main App Launcher page while keeping the current session active for that app.

    If you want to return to the minimized app, select the icon on the App Launcher screen.

    Application Icon Path Defines the path to the location of the application icon that resides on the device. If the desired icon does not reside on the device, then you can upload an image.
    Upload Icon Allows you to upload an image (icon) that ties to an application by entering the path in the Application Icon Path text box.
    View Time Displays the time for application processes.
    Deactivate Active Sync. Deactivates the use of the Exchange ActiveSync protocol for application transactions.
    Deactivate Keyboard. Deactivates the use of the device keyboard to perform application processes.
    View IP Address Displays the device IP address within application processes.
    Enable Native Taskbar. Uses the default taskbar for that device instead of the custom launcher taskbar.

    *When selected, these settings deactivate except for View Time, Deactivate Active Sync, Deactivate Keyboard, and View IP Address. These exceptions exist because the native taskbar only displays the icons/settings that are available to that device.

    View Connection Status Displays the connection status of the device.
    Show Message Notification Displays a message indicator for unviewed messages from a third-party application.
    Display Organization Group Displays the Organization Group of the signed-in user.
    View Wi-Fi Signal Displays the strength of the Wi-Fi signal.
    View Cell Signal Displays the strength of the cell signal.
    View Battery Icon Displays the amount of power remaining in the battery.
    View Volume Displays the level the volume sets to on the device.
    Display Missed Call Notification Displays a notification when an incoming call is not answered/missed.
    Display SMS/Text Notification Displays a notification when the device received a text message.
    Tools The following settings allow the user to customize and manage the contents of the Tools Menu on the Launcher. You can select any combination of the following options to make those options available to the user on the Tools Menu. A second option is to allowlist the application under the Allowed Application section by selecting the Tools Menu option next to that application. A third option is to configure apps directly on a device, provided the configure option is enabled.
    Restart AW Hub. Allows the user to restart the AirWatch Service on the device.
    Restart AWCM. Allows the user to restart the AWCM Service on the device.
    Start AW Diagnostics. Allows the user to open and access the AirWatch Diagnostics utility.
    Start App Manager.

    Allows the user to open and access the Application Manager utility.

    The Launcher is capable of multiple profile support. Profiles that are active and meet the assignment criteria for that device.

    Multiple profile support requires Workspace ONE Intelligent Hub version 4.0.0.13 or later.

    Configure Allows the user to configure all areas of the Launcher directly on the device, including Allowed Applications, Settings, and Tools Menu.
    Select Launcher View/Layout Style.

    Select the format for the view/layout.

    • Grid – Traditional grid layout of applications.
    • List – List of applications with a small thumbnail of the app icon.
    • Plain List – List of applications with no thumbnail of app icon.
    • None – No preset view/layout. End users can select the view/layout they want. If you select a view/layout other than None, end users cannot change the view/layout.
    Enable Wallpaper.

    Enable to set a wallpaper for the Launcher. You must select a Landscape and Portrait mode image.

    Important: Wallpapers cannot exceed 640x480 or be more than 20 KB. Images larger than 20 KB cannot display.
  9. Select Save & Publish.

Update the Launcher Profile from the Windows Rugged Device

You must change the applications included in the Workspace ONE UEM App Launcher. This action requires admin credentials to perform.

  1. Open the Workspace ONE UEM App Launcher application on the device.
  2. Enter the Admin passcode in the Password text box and select Accept.
  3. Select the option to Import, Export, or Add applications from and to the list.
  4. Select Add to add an application and complete the following options on the Add Application screen:
    1. Application Location – Defines the file path of the application or select the Browse option.
    2. Application Name – Defines the name of the application to display in the Workspace ONE UEM App Launcher.
    3. Arguments – Defines command-line arguments to run the application.
    4. Launch On Start – Starts the application when the Workspace ONE UEM App Launcher starts.
    5. Hide from User – Masks the application in the user interface.
    6. Console Application – Defines the application as not having a user interface or as a background process.
  5. Select Save.

This is a screenshot of a Windows Rugged device displaying how you can update the Launcher Profile from the device.

Configure Shared Device Launcher Profiles

Workspace ONE UEM allows you to configure Launcher profiles to support multiple end users sharing a single device. Use this feature to customize the Launcher for individual users and their different applications to meet their individual roles.

Important: You must enroll the device into the Parent organization group for the Launcher profiles for various User Categories to push to the device.
  1. Navigate to Groups & Settings > All Settings > Devices & Users > Windows > Windows Rugged > Hub Settings.
  2. Navigate to Accounts > Users > User Settings > Categories > Add and enter the Name and Description.

    Consider creating the User Categories based on the various roles end users have that require different applications on the device. For example, basic users require different applications than a shift supervisor or manager. To accommodate this requirement, create different User Categories for the basic user, shift supervisor, and manager.

  3. Select Enable Shared Device Mode.
  4. Navigate to Accounts > Users > List View and Add new user or Edit an existing one.
  5. Enable Show Advanced User Details and select the applicable Category based on the role of the user.
  6. Create and configure a Launcher Profile. Select the applicable User Category based on the role of the user for this specific Launcher profile.
  7. Configure a Launcher profiles for each end-user role.
  8. End users must enter their credentials and their group ID. To deactivate the group ID requirement, navigate to Settings > All Settings > Devices & Users > General > Shared Device and set the Group Assignment Mode to Fixed Organization Group.

Create a VPN Profile

Create a VPN Profile to deploy corporate VPN settings directly to managed devices in Workspace ONE UEM. This profile enables end users to access corporate infrastructure remotely and securely.

Important: You can use a VPN profile only on Windows Rugged devices, but not on Windows CE devices.
  1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
  2. Select Windows Rugged.
  3. Configure the General settings.
  4. From the left panel, select the VPN profile and click the Configure button.
  5. Configure the VPN settings.
    Setting Description
    Connection Type

    Defines the connection for the VPN.

    Both of these types rely on the encryption protocol to be passed within the tunnel because they do not inherently have their own encryption methods.

    • PPTP – Point-to-Point Tunneling Protocol.
    • IPSec/L2TP – Layer 2 Tunneling Protocol.
    Connection Name Enter the connection name.
    Server Enter the hostname of IP address of the VPN server.
    Username

    Enter the user name for the VPN.

    You can use lookup values to use the device-specific value.

    Domain

    Enter the domain for the VPN.

    You can use lookup values to use the device-specific value.

    Authentication

    Defines the authentication for the VPN.

    • Certificate – Use this option to deploy certificate-based authentication for your VPN connections.

      You must select this option if you select the Connection TypeIPSec/L2TP

    • Pre Shared Key – Use the PSK option when you have a shared secret that device users use to access the VPN.

      This authentication type often uses symmetric key algorithms for security.

    Shared Secret

    Enter the shared secret for the connection.

    Displays when Authentication sets to Pre Shared Key.

  6. Select Save & Publish to push the profile to devices.

Create a Time Sync Profile

Deploy Time Sync payloads to synchronize the system time on Windows Rugged devices with time servers to ensure that the device fleet runs on the same clock. This profile within Workspace ONE UEM is useful for global networks with devices in numerous time zones.

  1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
  2. Select Windows Rugged.
  3. Configure the General settings.
  4. From the left panel, select the Time Sync payload and click the Configure button.
  5. Configure the Time Sync settings.
    Setting Description
    Time Sync Method

    Select the preferred method of time sync.

    • Time Server – Select to use a Network Time Protocol server which you can use to sync devices such as pool.ntp.org.
    • HTTP – Select to enter a URL. This URL can be any URL. For example, you can use www.google.com.
    • SNTP – Select to enter a Simple Network Time Protocol such as time.nist.gov.
    • Console – Select to sync the device with the UEM console.
    Primary Time Server Enter the URL of the time server with which the device syncs.
    Port Enter the port the device uses to sync with the secondary server.
    Secondary Server

    Enter an optional secondary server the device can use if the primary is unavailable.

    Displays when Time Server is selected as the Time Sync Method.

    Port

    Enter the port the device uses to sync.

    Displays when Time Server is selected as the Time Sync Method.

    Sync Time Every Enter the number of minutes, hours, or days.
  6. Select Save & Publish.

Create a Shortcut Profile

Create a Shortcut profile in Workspace ONE UEM to push custom icons associated with URLS. These icons provide your end users with the shortcuts to websites they need.

You can add as many icons as needed to a shortcut payload. Upload the icon image file into the Workspace ONE UEM console.

  1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
  2. Select Windows Rugged.
  3. Configure the General settings.
  4. From the left panel, select the Shortcut payload and click the Configure button.
  5. Configure the Shortcut settings.
    Setting Description
    Label Enter the name associated to the icon that displays on the user's device.
    URL Enter the URL for the website in which the user advances to when the user taps on the icon.
    Icon Upload the image file that displays on the user's device that is associated to the URL.
  6. Select Save & Publish to push the profile to devices.

Create a Time Zone Profile

Create a Time Zone profile to configure your Windows Rugged device time zone settings in Workspace ONE UEM. This profile eliminates having to remote control into the end user's device to set the time zone manually.

After pushing the profile, the device displays the time zone, and all device activity is time stamped based on that time zone regardless of the actual device location.

  1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
  2. Select Windows Rugged.
  3. Configure the General settings.
  4. From the left panel, select the Time Zone payload and select the Configure button.
  5. Select the Time Zone Setup drop-down, and select Set Time Zone Manually.
  6. Select the Time Zone drop-down and select the appropriate time zone from the list.

Create a Custom Attribute Payload

Workspace ONE UEM allows you to create and deploy custom attributes that collect and compare custom-made values from device. Custom attributes are used to manage devices using attributes assigned to or gathered from the devices.

Third-party applications collect or create these attributes for use with the Workspace ONE UEM console. By using custom attributes, you can ensure that only the devices whose attribute values match the ones you set are selected.

Custom attributes are used by the rules generator of product provisioning to provision products to specific devices. Ensure that your devices have the correct values to prevent incorrect products from being provisioned to them.

For more information on custom attributes and instructions for creating them, see Custom Attributes for Windows Rugged.

  1. Navigate to Devices > Products > Profiles > List View and select Add and then select the device platform.
  2. Configure the General settings. These settings determine how the profile deploys and who receives it.
  3. Select the Custom Attribute profile.
  4. Select Add to configure the custom attributes you want to use.
    Setting Description
    Application Select the application (grouping of custom attributes) that contain the attributes you want to configure.
    Custom Attributes Select the specific custom attributes for the profile to configure.
    Value Enter the custom attribute value to assign to the device.
    Is Dynamic

    Enable to allow the custom attribute's value to change and be changed based on permissions.

    If selected, this looks up the custom attribute value for an individual device when the command is queued instead of using the default value specified in the payload. If no value is found, the device default value is used.

    Permission

    Set the permission of the custom attribute.

    • Read/Write allows the applications to change the attribute value.
    • Read Only restricts applications from changing the value.
    Sync Enable to push the attribute value back to the UEM console to be displayed in the Device Details page.

    You can add additional attributes as necessary.

  5. Select Save & Publish to push the profile to devices.

Create a GPRS Profile

The General Packet Radio Service (GPRS) allows mobile data on 2G and 3G cellular communication system for GSM devices. The GPRS payload allows you to configure and control how the device uses GPRS in Workspace ONE UEM.

  1. Navigate to Resources > Profiles & Baselines > Profiles > Add and select Add Profile.
  2. Select Windows Rugged.
  3. Configure the General settings.
  4. From the left panel, select the GPRS payload and click the Configure button.
  5. Configure the GPRS settings.
    Setting Description
    Enabled Select to enable GPRS management.
    Connection Name Enter the GPRS connection name.
    Destination Select whether the GPRS connection is to the Internet or a Work intranet.
    GPRS Info Access Point Name

    Enter the APN the device must connect to. The APN must follow the correct format:

    <network identifier>.mnc<MNC>.mcc<MCC>.gprs

    User name Enter the user name for connecting to the network.
    Password Enter the password for connecting to the network.
    Domain Enter the network domain.
    Advanced Enable to configure advanced options.
    Specific Name Servers Enable to enter specific name servers to use.
    Country Code Enter the network country code.
    Area Code Enter the device area code.
    Use Country and Area Codes. Enable to use Country and Area codes.
    Phone Enter the device phone number.
    Device Name Enter the device name for use in phone books.
    Device Type Select the RAS device type.
    Use Software Compression. Allows for faster connection speeds on low-bandwidth networks by compressing the phone book entries.
    Use IP Header Compression. Allows for faster connection speeds on low-bandwidth networks by compressing the IP Header.
    Specific IP Address

    Enable to connect to a specific IP Address.

    Read Only. Enable to restrict the device to reading data only.
    Authentication Type Select the type of authentication the network uses.
  6. Select Save & Publish.