Workspace ONE UEM Device Management, Enrollment Requirements, and Supported Windows Operating Systems

Workspace ONE UEM powered by AirWatch provides you with a set of mobility management solutions for enrolling, securing, configuring, and managing your Windows device deployment. To use Workspace ONE UEM's management solutions, meet the requirements to enroll supported Windows devices. Management solution availability depends on the Windows OS version of your devices.

Workspace ONE UEM Supports Windows 11

Workspace ONE UEM supports Windows 11 devices. When configuring the console, use the Windows Desktop option because this option works for Windows 10 and Windows 11 devices. Windows 11 is built on the same foundation as Windows 10 so features in Workspace ONE UEM that are available for Windows 10 are also available for Windows 11. If you find a Workspace ONE UEM feature that works on Windows 10 but not on Windows 11, let us know by contacting VMware Global Services.

For details on Windows 11, see Microsoft's documentation on What's new in Windows.

Workspace ONE UEM Device Management for Windows Devices

Through the Workspace ONE UEM console, you have several tools and features for managing the entire lifecycle of corporate and employee-owned devices. You can also enable end users to perform tasks themselves, for example, through the Self-Service Portal and user self-enrollment, which saves you vital time and resources.

Workspace ONE UEM allows you to enroll both corporate and employee-owned devices to configure and secure your enterprise data and content. By using of our device profiles, you can properly configure and secure your Windows devices. Detect compromised devices and remove their access to corporate resources using the compliance engine.

Enrolling your devices into Workspace ONE UEM allows you to secure and configure devices to meet your needs.

Enrollment Requirements for Windows Devices

Before enrolling your Windows devices with Workspace ONE UEM, your devices and users must meet the listed requirements and configurations or enrollment does not work.

User-Side Requirements

Your Windows users must meet this list of requirements to enroll their devices with Workspace ONE UEM.

• Admin Permissions – The logged in user enrolling the device must be an Administrator.
• Group ID – If your Workspace ONE UEM environment prompts users for their Group ID, the logged in user needs this value.
• Device Root Certificate - All users need the Device Root Certificate configured in the System Settings before enrolling their devices. To configure the certificate, navigate to Groups & Settings > All Settings > System > Advanced > Device Root Certificate.
• Enrollment URL – All users can enter a unique URL that takes them directly to the enrollment screen to enroll in a Workspace ONE UEM environment. For example, mdm.example.com.
  Important: If your enrollment server is behind a proxy, you must configure the Windows service WINHTTP to be proxy-aware when configuring your network settings.

Device-Side Requirements

Your Windows devices must access the listed sites, have the listed settings enabled, and have the listed services running to enroll with Workspace ONE UEM.

• Access URLs - Trust these URLs in your firewall policies so your enrolled devices can access them.
  • App Center API URLs - Allows Workspace ONE Intelligent Hub for Windows to provide crash information to the Microsoft Store.
    • api.appcenter.ms
    • api.mobile.azure.com
  • Microsoft Store API URL - Ensures that the Workspace ONE Intelligent Hub for Windows launches on your Windows devices no matter what Microsoft Store market your devices are used in.
    If you are interested in information on the Microsoft Store and app support by market, see the article Define Market Selection.
    • http://licensing.mp.microsoft.com/v7.0/licenses/contentHTTPSUsed
• PowerShell Execution - Enable PowerShell Execution on your Windows devices because Workspace ONE UEM uses PowerShell for installation and operational changes through the Workspace ONE Intelligent Hub.
• Windows Services - Your Windows devices must have the listed services in a Service State: Running to enroll and work in your Workspace ONE UEM deployment.
  • DmEnrollmentSvc (Device Management Enrollment Service)
  • DiagTrack (Connected User Experiences and Telemetry)
  • Schedule (Task Scheduler)
  • BITS (Background Intelligent Transfer Service)
  • dmwappushservice (Device Management Wireless Application Protocol (WAP) Push message Routing Service)

What Windows OS Versions Are Supported?

Workspace ONE UEM supports enrolling and managing Windows devices. The level of support depends on the OS version and device architecture.

Workspace ONE UEM supports devices running the following operating systems:

• Windows Pro
• Windows Enterprise
• Windows Education
• Windows Home
• Windows S

Workspace ONE Intelligent Hub does not support Windows ARM Snapdragon or Hololens devices. These devices must use native MDM functionality.

Important: To see the OS version each update branch supports, see Microsoft's documentation on Windows release information: Windows release health.

Windows Version Matrix

Compare the MDM functionality available in each version of the Windows OS. Workspace ONE UEM supports all versions of Windows OS and the functions they support.

The different editions of Windows (Home, Professional, Enterprise, and Education) have different functionality. Windows Home edition does not support the advanced functionality available to the Windows OS. Consider using Enterprise or Education editions for the most functionality.