General Availability Intel vPro Endpoint Management Assistant (EMA) Integration for Windows on SaaS
Use the new Integrations area of Workspace ONE UEM to integrate your Intel vPro Endpoint Management Assistant (EMA) deployment with Workspace ONE UEM. Intel EMA manages those Windows devices that are equipped with Intel vPro chipset. Intel EMA utilizes the Intel Active Management Technology (AMT) to access and act even on those Windows devices that are unresponsive or have a corrupt OS. Integrate the systems so that you can enroll new devices with Intel EMA, view your Intel EMA and your Workspace ONE UEM managed devices and manage those devices from a single console.
- This feature is only a SaaS offering and is not supported for on-premise at this time.
- Deploy an Intel EMA server with client credentials configured for the tenant.
- Get the listed values from your Intel EMA environment. Workspace ONE UEM uses these values to connect and communicate with Intel EMA.
- Server URL
- Client ID
- Client Secret
- Configure your Endpoint Groups in Intel EMA before starting this integration.
- Download the Intel Endpoint configuration Tool and configure it to deploy on all co-managed devices
The Client ID and Client secret need to be set up in Intel EMA using the process to Generate Client Credentials for System-to-System Authentication. Please follow the official Intel documentation at https://www.intel.com/content/www/us/en/support/articles/000090097/software/manageability-products.html Download the official Intel ECT: https://intel.com/content/www/us/en/download/19805/intel-endpoint-management-assistant-configuration-tool-intel-ema-configuration-tool.html
Configure the Intel EMA Integration
Enter your Intel EMA server and credential information in Workspace ONE UEM so that the systems can communicate. Workspace ONE UEM discovers your Intel EMA enrolled devices and lists them in the Workspace ONE UEM Device List View. The co-managed devices get system generated tags - Intel EMA and Endpoint Group Name for easy grouping and action. Workspace One UEM also create application packages for Intel EMA Endpoint groups. These application packages contain the Intel EMA agent and configuration and can be deployed to new endpoints using app deployment flow.
Deploy Intel EMA Endpoint Groups Configuration and Agent Using UEM App Deployments
This topic includes general information on how to use an app assignment to deploy your Intel EMA, Endpoint Groups packages in Workspace ONE UEM. The Intel EMA endpoint groups are made available as Native apps. For details about app assignments, access Add Assignments and Exclusions to your Applications.
- In Workspace ONE UEM, select the applicable organization group.
- Go to Groups & Settings > Integrations.
- Select Setup on the Intel card to configure the integration.
- Select the Network Partner Credentials tab and view or edit the Current Setting.
- Inherit sets the system to use the settings of the current organization group’s (OG’s) parent OG.
- Override enables the settings for editing so you can modify the current OG’s settings directly.
- Add your Intel EMA values into the Server, Client ID, and Client Secret menu items.
- Select the Test Connection button to check that the systems are communicating.
- Select to Save Credentials and Connect. This action starts several processes.
- Workspace ONE UEM launches a device discovery process.
- The device discovery process finds those devices that were already managed in both Workspace ONE UEM and in Intel EMA before the integration.
- You can relaunch this process on the Device Discovery tab of the Intel Integrations card.
- Workspace ONE UEM communicates with the Intel EMA server.
- Workspace ONE UEM retrieves the details on all the Endpoint Groups configured on the server.
- You can resync Endpoint Groups on the Configuration tab of the Intel Integrations card.
- On the Configuration tab, you can see a list view of the discovered Intel EMA Endpoint Groups.
- View the Intel EMA and Intel AMT details for the Endpoint Group package.
- View when the Endpoint Group was last successfully created.
- Download Endpoint Groups if you need them.
- On the Configuration tab, select to Assign Packages to Devices. This action takes you to the app assignment flow in Workspace ONE UEM.
- The system navigates to the apps list view page, where you see your Endpoint Group packages. The apps list view is in the console at Resources > Apps > Native > Internal.
- Select the radio button by one of the EMA Endpoint Group packages, and then select Assign. You can use the Search List text box to find a specific group.
- Select Add Assignment.
You can also edit an existing app assignment.
- On the Distribution tab, configure the required fields and select smart groups of devices in the Assignment Groups menu item to deploy these Endpoint Group packages to devices.
- Select Create or Save to save the app assignment for the Endpoint Group package.
Find Your Endpoint Group Package Details in the Console
Workspace ONE UEM lists Endpoint Group package details in the Device List View.
- In the Workspace ONE UEM console, go to Devices > List View to see your Intel EMA enrolled devices.
- Look at the Tags column for the listed tags. These tags identify your Intel EMA enrolled devices discovered by Workspace ONE UEM.
- Intel EMA
- Intel EMA endpoint Group
Execute Intel EMA Powered Operations on the Managed Devices From the Console
All the devices that need to be co-managed by Workspace ONE UEM and Intel EMA/AMT must meet the listed conditions.
- The devices must have the Intel vPro chipset.
- The devices must have the Intel AMT firmware, version 11 or later.
- For devices already enrolled, they must have properly configured Intel AMT firmware and Intel EMA agent.
- All the devices need the Intel Endpoint Configuration Tool (ECT) deployed. You can deploy it using the Workspace ONE UEM application deployment flow. This enables device sample collection and execution of the Intel EMA/AMT powered operations on devices.
From the Device List View, select one or more Intel EMA enrolled devices to view and use the operations listed in the More Actions menu. The device selection drives the availability of the Intel EMA operations. The console lists available operations depending on the device’s Endpoint Group definition and its capabilities. Also, device capabilities may be affected by BIOS/Firmware settings.
From the More Actions menu, find the listed operations.
- OOB Power On
- OOB Power Off
- OOB Hard Power Cycle
- OOB Sleep - Light
- OOB Sleep - Deep
- OOB Remote SSD Wipe
- Remote KVM
Intel EMA Operation Behaviors
- The Intel EMA operations behave the same way as other Workspace ONE UEM device actions.
- You can deploy most of these operations on multiple devices except for the OOB Remote SSD Wipe and the Remove KVM operations. You can only deploy these operations on single devices.
- OOB Remote SSD Wipe is available on limited number of supported devices/SSDs (Intel, Lenovo). It is also dependent on OEM settings.
- When you select the Remote KVM operation, this action takes you to the Intel EMA portal. From this portal you can remote into the device.
Official Intel Download Links
As stated above, the Intel software is a prerequisite for the Intel vPro Integration. If you still need to download the software, please see the following sites: - To download the official Intel EMA: https://intel.com/content/www/us/en/download/19449/intel-endpoint-management-assistant-intel-ema.html - To download the official Intel ECT: https://intel.com/content/www/us/en/download/19805/intel-endpoint-management-assistant-configuration-tool-intel-ema-configuration-tool.html