After your devices are enrolled and configured, manage the devices using the Workspace ONE ™ UEM console. The management tools and functions enable you to keep an eye on your devices and remotely perform administrative functions.
You can manage all your devices from the UEM console. The Dashboard is a searchable, customizable view that you can use to filter and find specific devices. This feature makes it easier to perform administrative functions on a particular set of devices. The Device List View displays all the devices currently enrolled in your Workspace ONE UEM environment and their status. The Device Details page provides device-specific information such as profiles, apps, Workspace ONE Intelligent Hub version and which version of any applicable OEM service currently installed on the device. You can also perform remote actions on the device from the Device Details page that are platform-specific.
As devices are enrolled, you can manage them from the Device Dashboard in Workspace ONE UEM powered by AirWatch.
The Device Dashboard provides a high-level view of your entire fleet and allows you to act on individual devices quickly.
You can view graphical representations of relevant device information for your fleet, such as device ownership type, compliance statistics, and platform and OS breakdowns. You can access each set of devices in the presented categories by selecting any of the available data views from the Device Dashboard.
From the List View, you can take administrative action: send messages, lock devices, delete devices, and change groups associated with the device.
Security – View the top causes of security issues in your device fleet. Selecting any of the doughnut charts displays a filtered Device List view comprised of devices affected by the selected security issue. If supported by the platform, you can configure a compliance policy to act on these devices.
Last Seen Overview/Breakdown – View the number and percentage of devices that have recently communicated with the Workspace ONE UEM MDM server. For example, if several devices have not been seen in over 30 days, select the corresponding bar graph to display only those devices. You can then select all these filtered devices and send out a query command so that the devices can check in.
Platforms – View the total number of devices in each device platform category. Selecting any of the graphs displays a filtered Device List view comprised of devices under the selected platform.
Enrollment – View the total number of devices in each enrollment category. Selecting any of the graphs displays a filtered Device List view comprised of devices with the selected enrollment status.
Operating System Breakdown – View devices in your fleet based on operating system. There are separate charts for each supported OS. Selecting any of the graphs displays a filtered Device List view comprised of devices running the selected OS version.
Use the Device List View in Workspace ONE UEM powered by AirWatch to see a full listing of devices in the currently selected organization group.
Device List View,UEM,Workspace ONE,device list,friendly name,device status
The Last Seen column displays an indicator showing the number of minutes elapsed since the device has checked-in. The indicator is red or green, depending on how long the device is inactive. The default value is 480 minutes (8 hours) but you can customize this by navigating to Groups & Settings > All Settings > Devices & Users > General > Advanced and change the Device Inactivity Timeout (min) value.
Select a device-friendly name in the General Info column at any time to open the details page for that device. A Friendly Name is the label you assign to a device to help you differentiate devices of the same make and model.
Sort by columns and configure information filters to review activity based on specific information. For example, sort by the Compliance Status column to view only devices that are currently out-of-compliance and target only those devices. Search all devices for a friendly name or user name to isolate one device or user.
Display the full listing of visible columns in the Device List view by selecting the Layout button and select the Custom option. This view enables you to display or hide Device List columns per your preferences.
There is also an option to apply your customized column view to all administrators at or below the current organization group (OG). For instance, you can hide 'Asset Number' from the Device List views of the current OG and of all the OGs underneath.
Once all your customizations are complete, select the Accept button to save your column preferences and apply this new column view. You can return to the Layout button settings at any time to tweak your column display preferences.
Some notable device list view custom layout columns include the following.
Select the Export button to save an XLSX or CSV(comma-separated values) file of the entire Device List View that can be viewed and analyzed with MS Excel. If you have a filter applied to the Device List View, the exported listing reflects the filtered results.
You can search for a single device for quick access to its information and take remote action on the device.
To run a search, navigate to Devices > List View, select the Search List bar and enter a user name, device-friendly name, or other device-identifying element. This action initiates a search across all devices, using your search parameter, within the current organization group and all child groups.
With one or more devices selected in the Device List View, you can perform common actions with the action button cluster including Query, Send [Message], Lock, and other actions accessed through the More Actions button.
Available Device Actions vary by platform, device manufacturer, model, enrollment status, and the specific configuration of your Workspace ONE UEM console.
You can start a Remote Assist session on a single qualifying device allowing you to remotely view the screen and control the device. This feature is ideal for troubleshooting and performing advanced configurations on devices in your fleet.
To use this feature, you must satisfy the following requirements.
Select the check box to the left of a qualifying device in the Device List View and the Remote Assist button displays. Select this button to initiate a Remote Assist session.
For more information, see the Workspace ONE Assist guide, available on docs.vmware.com.
Use the Device Details page to track detailed device information and quickly access user and device management actions.
You can access the Device Details page by either selecting a device's Friendly Name from the List View page, from one of the available Dashboards or by using any of the available search tools within the UEM console.
View Device Information Use the Device Details menu tabs to access specific device information, including:
If Apple's Global Service Exchange information is accessible, select the warranty link to see when the status was last updated. Then, use the Refresh button to get the latest information
An enterprise or factory wipe queries an Activation Lock bypass code and then go into wipe pending mode on supervised devices.
If the Find my iPhone Activation Lock option is enabled for iOS 7+ devices, then a warning will appear when performing a device wipe command on an unsupervised device, notifying you that a device with Activation Lock enabled cannot be reactivated without the original Apple ID and password. This is true even if you perform a full device wipe. For more information, see Activation Lock Overview.
Compliance – Display the status, policy name, date of the previous and forthcoming compliance check and the actions already taken on the device.
Profiles – View all MDM profiles currently installed on a device.
Apps – View the app status, app name, type of the app (whether public or internal), app version and identifier, and the size of the app. For iOS 11.+ devices, the UEM console displays available app updates (whether the installed version is the latest version or if an update is available) and app source (whether the app is installed through the App Store, distributed as a Beta app, signed adhoc by an enterprise account, or managed using a device based VPP license).
Note: Due to the way application status is reported on iOS devices, an application achieves Installed status only after the installation process is fully completed. Which means when the Workspace ONE UEM console queries the device for its application list sample, and if the application is still downloading, then the application returns a status of Installing. On a successful application installation, the device returns the application status as Installed which is marked the same in the Workspace ONE UEM console.
The menu tabs below are accessed by selecting More from the main Device Details page:
Network – View the current network (Cellular, Wi-Fi, Bluetooth) status of a device. For iOS 12.1 and later devices such as iPhone XS, XR, or XS Max that supports multiple SIMs and eSIM, you can view and track the network status of the SIMs on the UEM console.
Security – View the current security status of a device based on security settings.
Restrictions – View the types of restrictions that currently apply to the device.
Telecom – View all amounts of calls, data and messages sent and received involving the device.Item
Notes – View and add notes regarding the device. For example, note the shipping status or if the device is in repair and out of commission.
Certificates – Identify device certificates by name and issuant. This tab also provides information about certificate expiration.
Terms of Use – View a list of End User License Agreements (EULAs) which have been accepted during device enrollment.
Alerts – View all alerts associated with the device.
Books – View all internal books on the device.
Shared Device Log – View the history of the shared device including past check-ins and check-outs and status.
Restrictions – View all restrictions currently applied to a device. This tab also shows specific restrictions by Device, Apps, Ratings, and Passcode.
Status History – View history of device in relation to enrollment status.
Targeted Logging – View the logs for the Console, Catalog, Device Services, Device Management, and Self Service Portal. You must enable Targeted Logging in settings and a link is provided for this purpose. You must then select the Create New Log button and select a length of time the log is collected.
Troubleshooting – View Event Log and Commands logging information. This page features export and search functions, enabling you to perform targets searches and analysis
In the Event Log listing, the Event Data column may display hypertext links that open a separate screen with even more detail surrounding the specific event. This information enables you to perform advanced troubleshooting such as determining why a profile fails to install.
Attachments – Use this storage space on the server for screenshots, documents, display Hub logs sent from the Intelligent Hub, and links for troubleshooting and other purposes without taking up space on the device its
Perform Remote Actions The More Actions drop-down on the Device Details page enables you to perform remote actions over-the-air to the selected device. See below for detailed information about each remote action. The actions listed below will vary depending on factors such as device platform, UEM console settings, and enrollment status.
For more information about troubleshooting device wipes, related permissions, and when device wipe actions appear in the UEM console, refer to the following Workspace ONE UEM Knowledge Base article https://support.workspaceone.com/articles/115012396488.
Schedule iOS Updates – Push an iOS update to a device that is not enrolled through DEP. For more information, see Configure iOS Updates.
Refresh eSIM – Send a query to a carrier eSIM server URL to refresh the active eSIM cellular plan profiles on the device.
Send Message – Send a message to the user of the selected device. Select between Email, Push Notification (through AirWatch Cloud Messaging), and SMS. Push notification requires Airwatch applications like Hub, Boxer etc which must have been launched at least once.
Find Device – Send a text message to the applicable Workspace ONE UEM application together with an audible sound designed to help the user locate a misplaced device. The audible sound options include playing the sound a configurable number of times and the length of the gap, in seconds, between sounds.
Request Device Check-In – Request the selected device to check-in itself in to the UEM console and updates the Last column status. This action also resets the device enrollment to the staging user.
Sync Device – Synchronize the selected device with the UEM console, aligning its Last Seen status.
Remote View – Enable an active stream of the device's output to a destination of your choice, allowing you to see what the user sees as they operate the device. The destination parameters include IP address, port, audio port, password, and scan time.
Change Organization Group – Change the device's home organization group to another existing OG. Includes an option to select a static or dynamic OG.
Add Tag – Assign a customizable tag to a device, which can be used to identify a special device in your fleet.
Edit Device – Edit device information such as Friendly Name, Asset Number, Device Ownership, Device Group Device Category.
Delete Device – Delete and unenroll a device from the console. Sends the enterprise wipe command to the device that gets wiped on the next check-in and marks the device as Delete In Progress on the console. If the wipe protection is turned off on the device, the issued command immediately performs an enterprise wipe and removes the device representation in the console.
Clear Activation Lock – Clear the Activation Lock on an iOS device. With the Activation Lock enabled, the user requires an Apple ID and password before taking the following actions: disabling Find My iPhone, factory wipe, and reactivate to use the device.
Device Configured - Send this command if a device is stuck in an Awaiting Configuration state.
Enable/Disable Lost Mode – Use this device action to lock a device and send a message, phone number, or text to the lock screen. The device end user cannot deactivate Lost Mode. When an admin deactivates Lost Mode, the device returns to normal functionality. Users receive a message that tells them that the location of the device was shared. (iOS 9.3 + Supervised)
Log out user - Log out the current user of the device if needed.
Workspace ONE UEM enables administrators to deploy a custom XML command to managed Apple devices. Custom commands allow more granular control over your devices.
Use custom commands to support device actions that the UEM console does not currently support. Do not use custom commands to send commands that exist in the UEM console as Device Actions. Samples of XML code you can deploy as custom commands are available in the Workspace ONE UEM Knowledge Base at https://kb.vmware.com/s/article/2960669.
Important: Improperly formed or unsupported commands can impact the usability and performance of managed devices. Test the command on a single device before issuing custom commands in bulk
Procedure
If the Custom Command does not run successfully, delete the command by navigating to Devices > List View. Select the device to which you assigned the custom command. In the Device Details View, select More > Troubleshooting > Commands. Select the Command you want to remove, and then select Delete. The Delete option is only available for Custom Commands with a Pending status.
