After your devices are enrolled and configured, manage the devices using the Workspace ONE ™ UEM console. The management tools and functions enable you to keep an eye on your devices and remotely perform administrative functions.

You can manage all your devices from the Workspace ONE UEM console. The Dashboard is a searchable, customizable view that you can use to filter and find specific devices. This feature makes it easier to perform administrative functions on a particular set of devices. The Device List View displays all the devices currently enrolled in your Workspace ONE UEM environment and their status. The Device Details page provides device-specific information such as profiles, apps, Workspace ONE Intelligent Hub version and which version of any applicable OEM service currently installed on the device. You can also perform remote actions on the device from the Device Details page that are platform-specific.

Device Dashboard

As devices are enrolled, you can manage them from the Device Dashboard in Workspace ONE UEM powered by AirWatch.

The Device Dashboard provides a high-level view of your entire fleet and allows you to act on individual devices quickly.

You can view graphical representations of relevant device information for your fleet, such as device ownership type, compliance statistics, and platform and OS breakdowns. You can access each set of devices in the presented categories by selecting any of the available data views from the Device Dashboard.

From the List View, you can take administrative action: send messages, lock devices, delete devices, and change groups associated with the device.

  • Security – View the top causes of security issues in your device fleet. Selecting any of the doughnut charts displays a filtered Device List view comprised of devices affected by the selected security issue. If supported by the platform, you can configure a compliance policy to act on these devices.

    • Compromised – The number and percentage of compromised devices (jailbroken or rooted) in your deployment.
    • No Passcode – The number and percentage of devices without a passcode configured for security.
    • Not Encrypted – The number and percentage of devices that are not encrypted for security. This reported figure excludes Android SD Card encryption. Only those Android devices lacking disc encryption are reported in the donut graph. Ownership – View the total number of devices in each ownership category. Selecting any of the bar graph segments displays a filtered Device List view comprised of devices affected by the selected ownership type.
  • Last Seen Overview/Breakdown – View the number and percentage of devices that have recently communicated with the Workspace ONE UEM MDM server. For example, if several devices have not been seen in over 30 days, select the corresponding bar graph to display only those devices. You can then select all these filtered devices and send out a query command so that the devices can check in.

  • Platforms – View the total number of devices in each device platform category. Selecting any of the graphs displays a filtered Device List view comprised of devices under the selected platform.
  • Enrollment – View the total number of devices in each enrollment category. Selecting any of the graphs displays a filtered Device List view comprised of devices with the selected enrollment status.
  • Operating System Breakdown – View devices in your fleet based on operating system. There are separate charts for each supported OS. Selecting any of the graphs displays a filtered Device List view comprised of devices running the selected OS version.

Device List View

Use the Device List View in Workspace ONE UEM powered by AirWatch to see a full listing of devices in the currently selected organization group.

Device List View,UEM,Workspace ONE,device list,friendly name,device status

The Last Seen column displays an indicator showing the number of minutes elapsed since the device has checked-in. The indicator is red or green, depending on how long the device is inactive. The default value is 480 minutes (8 hours) but you can customize this value by navigating to Groups & Settings > All Settings > Devices & Users > General > Advanced and change the Device Inactivity Timeout (min) value.

Select a device-friendly name in the General Info column at any time to open the details page for that device. A Friendly Name is the label you assign to a device to help you differentiate devices of the same make and model.

Sort by columns and configure information filters to review activity based on specific information. For example, sort by the Compliance Status column to view only devices that are currently out-of-compliance and target only those devices. Search all devices for a friendly name or user name to isolate one device or user.

Customize Device List View Layout

Display the full listing of visible columns in the Device List view by selecting the Layout button and select the Custom option. This view enables you to display or hide Device List columns per your preferences.

There is also an option to apply your customized column view to all administrators at or below the current organization group (OG). For instance, you can hide 'Asset Number' from the Device List views of the current OG and of all the OGs underneath.

Once all your customizations are complete, select the Accept button to save your column preferences and apply this new column view. You can return to the Layout button settings at any time to tweak your column display preferences.

Some notable device list view custom layout columns include the following.

  • Android Management
  • SSID (Service Set Identifier or Wi-Fi network name)
  • Wi-Fi MAC Address
  • Wi-Fi IP Address
  • Public IP Address

Exporting List View

Select the Export button to save an XLSX or CSV (comma-separated values) file of the entire Device List View that can be viewed and analyzed with MS Excel. If you have a filter applied to the Device List View, the exported listing reflects the filtered results.

Search in Device List View

You can search for a single device for quick access to its information and take remote action on the device.

To run a search, navigate to Devices > List View, select the Search List bar and enter a user name, device-friendly name, or other device-identifying element. This action initiates a search across all devices, using your search parameter, within the current organization group and all child groups.

Device List View Action Button Cluster

Action Button Cluster

With one or more devices selected in the Device List View, you can perform common actions with the action button cluster including Query, Send [Message], Lock, and other actions accessed through the More Actions button.

Available Device Actions vary by platform, device manufacturer, model, enrollment status, and the specific configuration of your Workspace ONE UEM console.

Remote Assist

You can start a Remote Assist session on a single qualifying device allowing you to view the screen and control the device. This feature is ideal for troubleshooting and performing advanced configurations on devices in your fleet.

To use this feature, you must satisfy the following requirements.

  • You must own a valid license for Workspace ONE Assist.
  • You must be an administrator with a role assigned that includes the appropriate Assist permissions.
  • The Assist app must be installed on the device.
  • Supported device platforms:
    • Android
    • iOS
    • macOS
    • Windows 10
    • Windows Mobile

Select the check box to the left of a qualifying device in the Device List View and the Remote Assist button displays. Select this button to initiate a Remote Assist session.

Windows Desktop Device Details Page

Use the Device Details page in Workspace ONE UEM powered by AirWatch to track detailed device information for Windows Desktop devices and quickly access user and device management actions.

You can access Device Details by selecting a Friendly Name from the Device List View, using one of the Dashboards, or with any of the search tools.

From the Device Details page, you can access specific device information broken into different menu tabs. Each menu tab contains related device information depending on your Workspace ONE UEM deployment.

Windows Notification Service Details

You can see the status of device communication with the Windows Notification Service(WNS) from the Network tab of the Device Details page. The WNS supports sending your devices notifications. If a device is not currently online, the service caches the notifications until the device connects again.

The WNS statuses include the following:

  • WNS Server Status - displays the state of your WNS server.
  • Last WNS Renewal Request - The date and time of last attempt made to renew the Windows Notification Services (WNS) connection with the device. This connection allows Workspace ONE UEM to query and push policies to the device (Networking, Battery Sense, and Data Sense conditions permitting). For more information on WNS, refer to https://docs.microsoft.com/en-us/windows/client-management/mdm/push-notification-windows-mdm.
  • Next WNS Get Request: - The date and time of the next scheduled attempt to renew the connection between WNS and the device.
  • WNS Channel URI- The WNS communication endpoint that devices and Workspace ONE UEM use. This endpoint uses the following format: https://*.notify.windows.com/?token=_{TOKEN}

More Actions

The More Actions drop-down on the Device Details page enables you to perform remote actions over the air to the selected device.

The actions vary depending on factors, such as Workspace ONE UEM console settings or enrollment status.

  • Apps (Query) – Send an MDM query command to the device to return a list of installed applications.

    The Apps (Query) action requires an active enrolled user login.

  • Certificates (Query) – Send an MDM query command to the device to return a list of installed certificates.

    The Certificates (Query) requires an active enrolled user login.

  • Change Organization Group – Change the device's home organization group to another existing OG. Includes an option to select a static or dynamic OG.

    If you want to change the organization group for multiple devices at a time, you must select devices for the bulk action. Use the Block selection method (using the shift-key) instead of the Global check box (next to the Last Seen column heading in the device list view).

  • Change Passcode - Change the device password on a Windows Desktop device enrolled with a basic user. This menu item does not support directory services. When you select to use this option, Workspace ONE UEM generates a new password and displays it in the Workspace ONE UEM console. Use the new password to unlock the device.

  • Delete Device – Delete and unenroll a device from the console. Sends the enterprise wipe command to the device that gets wiped on the next check-in and marks the device as Delete In Progress on the console. If the wipe protection is turned off on the device, the issued command immediately performs an enterprise wipe and removes the device representation in the console.
  • Device Information (Query) – Send an MDM query command to the device to return information on the device such as friendly name, platform, model, organization group, operating system version, and ownership status.
  • Device Wipe – Send an MDM command to wipe a device clear of all data and operating system. This action cannot be undone.
  • Edit Device – Edit device information such as Friendly Name, Asset Number, Device Ownership, Device Group Device Category.
  • Enterprise Reset – Enterprise Reset a device to factory settings, keeping only the Workspace ONE UEM enrollment.

    Enterprise Reset restores a device to a Ready to Work state when a device is corrupted or has malfunctioning applications. It reinstalls the Windows OS while preserving user data, user accounts, and managed applications. The device will resync auto-deployed enterprise settings, policies, and applications after resync while remaining managed by Workspace ONE.

  • Enterprise Wipe – Enterprise Wipe a device to unenroll and remove all managed enterprise resources including applications and profiles. This action cannot be undone and re-enrollment is required before Workspace ONE UEM can manage this device again. This device action includes options to prevent future re-enrollment and a Note Description text box for you to add information about the action.

    Enterprise Wipe is not supported for cloud domain-joined devices.

  • Force BIOS Password Reset – Force the device to reset the BIOS password to a new auto-generated password.

  • Lock Device – Send an MDM command to lock a selected device, rendering it unusable until it is unlocked.

    Important: When locking a device, an enrolled user must be signed into the device for the command to process. The lock command locks the device and any user signed in must reauthenticate with Windows. If an enrolled user is signed-in to the device, a lock device command locks the device. If an enrolled user is not signed in, the lock device command is not processed.

  • Query All – Send a query command to the device to return a list of installed applications (including Workspace ONE Intelligent Hub, where applicable), books, certificates, device information, profiles, and security measures.

  • Reboot Device – Reboot a device remotely, reproducing the effect of powering it off and on again.
  • Remote Management – Take control of a supported device remotely using this action, which starts a console application that enables you to perform support and troubleshoot on the device.
  • Repair Hub - Repair the Workspace ONE Intelligent Hub on Windows 10 devices to re-establish communication between the console and the device.

    Certain events might impact the communication between the device and the console. Some examples are stopping key Workspace ONE UEM services, removing or the corruption of Workspace ONE Intelligent Hub related files, and the failing of upgrades of Workspace ONE Intelligent Hub components due to network interruptions.

    The Repair Hub command takes steps to remediate these issues. After the Hub is successfully repaired, it checks for commands to recover HMAC. If there were HMAC errors, it automatically recovers HMAC. The Repair Hub also checks for a version upgrade. If an update is detected and is automatic, the updates to the Hub are enabled, and the Hub is upgraded.

  • Request Device Log – Request the debug log for the selected device, after which you can view the log by selecting the More tab and selecting Attachments > Documents. You cannot view the log within the Workspace ONE UEM console. The log is delivered as a ZIP file that can be used to troubleshoot and provide support.

    When you request a log, you can select to receive the logs from the System or the Hub. System provides system-level logs. Hub provides logs from the multiple agents running on the device.

  • Security (Query) – Send an MDM query command to the device to return the list of active security measures (device manager, encryption, passcode, certificates, and so on).

  • Send Message – Send a message to the user of the selected device. Select between Email, Push Notification (through AirWatch Cloud Messaging), and SMS.
  • View BIOS Password – View the BIOS password for the device that the Workspace ONE UEM console auto-generated. You see the Last Password Appliedand the Last Password Submitted.

Manage Your Microsoft HoloLens Devices

Workspace ONE UEM supports enrolling and managing Microsoft HoloLens devices. You must use the native enrollment and management functionality to manage your Windows HoloLens devices.

Before you can manage your HoloLens devices using Workspace ONE UEM, you must apply the Licensing XML file to the devices. If you are using HoloLens 1 devices, you must apply the file before enrolling. For more information on applying licensing, see https://docs.microsoft.com/en-us/hololens/hololens1-upgrade-enterprise. This step is not required for HoloLens 2 devices.

Enroll Your HoloLens Devices

You can enroll your Microsoft HoloLens devices into Workspace ONE UEM using native management functionality. You must use native Windows 10 enrollment methods as HoloLens devices do not support Workspace ONE Intelligent Hub functionality. Enroll with one of the native MDM enrollment procedures, with or without Windows Auto Discovery.

Manage Your HoloLens Devices

After enrolling, you can apply supported profiles to your HoloLens devices using Workspace ONE UEM. For a list of the supported CSP, see https://docs.microsoft.com/en-us/windows/client-management/mdm/configuration-service-provider-reference#hololens.

Product Provisioning

Product provisioning enables you to create, through Workspace ONE ™ UEM, products containing profiles, applications, files/actions, and event actions (depending on the platform you use). These products follow a set of rules, schedules, and dependencies as guidelines for ensuring your devices remain up to date with the content they need.

Product provisioning also encompasses the use of relay servers. These servers are FTP(S) servers designed to work as a go-between for devices and the Workspace ONE UEM console. Create these servers for each store or warehouse to store product content for distribution to your devices.

check-circle-line exclamation-circle-line close-line
Scroll to top icon