Workspace ONE UEM Device Management, Enrollment Requirements, and Supported Windows 10 Versions

Workspace ONE UEM powered by AirWatch provides you with a set of mobility management solutions for enrolling, securing, configuring, and managing your Windows 10 device deployment. To use Workspace ONE UEM's management solutions, meet the requirements to enroll supported Windows 10 devices. Management solution availability depends on the Windows 10 OS version of your devices.

Workspace ONE UEM Device Management for Windows Desktop Devices

Through the Workspace ONE UEM console, you have several tools and features for managing the entire lifecycle of corporate and employee-owned devices. You can also enable end users to perform tasks themselves, for example, through the Self-Service Portal and user self-enrollment, which saves you vital time and resources.

Workspace ONE UEM allows you to enroll both corporate and employee-owned devices to configure and secure your enterprise data and content. By using of our device profiles, you can properly configure and secure your Windows devices. Detect compromised devices and remove their access to corporate resources using the compliance engine.

Enrolling your devices into Workspace ONE UEM allows you to secure and configure devices to meet your needs.

Enrollment Requirements for Windows Desktop Devices

Before enrolling your Windows Desktop (Windows 10) devices with Workspace ONE UEM, your end users must meet the listed requirements and configurations or enrollment does not work.

Active Environment – Your active Workspace ONE UEM environment and your access to the Workspace ONE UEM console.
App Center API URLs – Trust these URLs in your firewall policies to allow Workspace ONE Intelligent Hub for Windows to provide crash information to the Microsoft Store.
- api.appcenter.ms
- api.mobile.azure.com
Appropriate Admin Permissions – A type of permission that allows you to create profiles, determine policies, and manage devices within the Workspace ONE UEM console.
Device Root Certificate - You must configure the Device Root Certificate in the System settings before enrolling devices. To configure the certificate, navigate to Groups & Settings > All Settings > System > Advanced > Device Root Certificate.
Enrollment URL – This URL is unique to your enrollment environment and takes you directly to the enrollment screen. For example, mdm.example.com.
Important: If your enrollment server is behind a proxy, you must configure the Windows service WINHTTP to be proxy-aware when configuring your network settings.
Group ID – This Group ID associates your device with your corporate role and is defined in the Workspace ONE UEM console.
Microsoft Store API URL - Trust this URL, http://licensing.mp.microsoft.com/v7.0/licenses/contentHTTPSUsed, in your firewall policies to ensure that the Workspace ONE Intelligent Hub for Windows launches on your Windows 10 devices no matter what Microsoft Store market your devices are used in.
If you are interested in information on the Microsoft Store and app support by market, see the article Define Market Selection.
PowerShell Execution - Workspace ONE UEM management of Windows Desktops devices uses PowerShell for installation and operational changes through the Workspace ONE Intelligent Hub.

What Windows 10 Versions Are Supported?

Workspace ONE UEM powered by AirWatch supports enrolling and managing Windows 10 devices. The level of support depends on the OS version and device architecture.

Workspace ONE UEM supports devices running the following operating systems:

Windows 10 Pro
Windows 10 Enterprise
Windows 10 Education
Windows 10 Home
Windows 10 S

Workspace ONE Intelligent Hub does not support Windows ARM Snapdragon or Hololens devices. These devices must use native MDM functionality.

Important: To see the OS version each update branch supports, see Microsoft's documentation on Windows 10 release information: https://technet.microsoft.com/en-us/windows/release-info.aspx.

Windows 10 Version Matrix

Compare the MDM functionality available in each version of the Windows 10 OS. Workspace ONE UEM supports all versions of Windows 10 OS and the functions they support.

The different editions of Windows 10 (Home, Professional, Enterprise, and Education) have different functionality. Windows 10 Home edition does not support the advanced functionality available to the Windows 10 OS. Consider using Enterprise or Education editions for the most functionality.

Feature	Windows 10 OS Home	Windows 10 OS Professional	Windows 10 OS Enterprise	Windows 10 OS Education
Native Client Enrollment	✓	✓	✓	✓
Agent Based Enrollment	✓	✓	✓	✓
Requires a Windows Account ID
Force EULA/Terms of Use Acceptance	✓	✓	✓	✓
Support for Option Prompts during Enrollment	✓	✓	✓	✓
Active Directory/ LDAP	✓	✓	✓	✓
Cloud Domain Join Enrollment		✓	✓	✓
Out of Box Experience Enrollment		✓	✓	✓
Bulk Provisioning Enrollment		✓	✓	✓
Device Staging	✓	✓	✓	✓
SMS
Email Messages		✓	✓	✓
Password Policy	✓	✓	✓	✓
Enterprise Wipe	✓	✓	✓	✓
Full Device Wipe	✓	✓	✓	✓
Email & Exchange ActiveSync	✓	✓	✓	✓
Wi-Fi	✓	✓	✓	✓
VPN	✓	✓	✓	✓
Certificate Management	✓	✓	✓	✓
Device Restrictions and Settings	✓	✓	✓	✓
Windows Hello	✓	✓	✓	✓
Personalization			✓	✓
Encryption	✓^	✓	✓	✓
Application Control (AppLocker)			✓	✓
Health Attestation	✓	✓	✓	✓
Windows Update for Business		✓	✓	✓
Assigned Access			✓	✓
Application Management		✓	✓	✓
Workspace ONE Content	✓	✓	✓	✓
Asset Tracking		✓	✓	✓
Device Status		✓	✓	✓
IP Address
Location	✓	✓	✓	✓
Network		✓	✓	✓
Send Support Message (Email and SMS only)		✓	✓	✓

^Device encryption for Windows 10 OS Home does not include BitLocker encryption.