Workspace ONE UEMVeilig en flexibel omgaan

met de digitale werkplek in de Enterprise

IntroductionPascal van de BorEUC Consultant @ITQ

Twitter: @PheldoornInstagram: paikkeBlog: https://pascalswereld.nl

3

Digitale (r)evolutie

4

Digitale (r)evolutie

5

Workspace realiteit

6

MOBILETEAM(IT) DESKTOPTEAM(IT) BusinessSpecific(Several)

Deviceenrollment

OTAmanagement

Cloudupdates

Mobileapps

Mixedownership(company,BYO)

OSdeployment,imaging

On-premisesmanagement

Patchdistribution

Apppackaging

Mostlycompanyowned

SaaSapplications

PurposeBuiltdevices

EmbeddedOS

Singlepurposeapps

Companyownedalways

Traditionele Device Management

7

Compromised SecuritySlowtoidentifynon-compliance

Unreliable Software DistributionResource-intensivepackaginganddeployment

Poor User ExperienceLockeddownexperienceandnoself-service

Limited VisibilityPoliciesandupdatespending

Trad

ition

al D

evic

e M

anag

emen

t

OS UpdateServers (WSUS)

Software Distribution

Servers

GPO PolicyServers

(AD)

Belang voor de gebruikers

8

ConsistentExperiences

EngagingExperiences BeingProductive

Ook….voor de business

9

Platform

SecurityPasscode

DLP+Aggregation

Tunneling

Compliance

IdentityAuthentication

SingleSign-on

Multiuser

CertificateManagement

AnalyticsAppAdoption

CrashAnalytics

UserFlows

NetworkPerformance

PrivacyUserConsent

OptionalAnalytics

DataDisclosure

UserEducation

ContentAccessRepositories

PublishedContent

PrebuiltWorkflows

IntegratedSecurity

Multi-Layered Security

10 10

DEVICEAPP DATA NETWORKIDENTITY

MDM meets modern management

11

Peer-to-Peer Distribution

Ready-to-work

Experience

Always-up-to-date OS updates

Device HealthAttestation

Win32 AppManagement

Standard Baselines& GPOs

Data Protection

Patch Analytics& Automation

Granular Controls

5. Security3. OS Updates 4. Software2. Configuration1. Onboarding

Asset Tracking

Device and OS Lifecycle Management App Management Zero-Trust Security

App Inventory

BitLocker Management

Company App Store & SSO

Imageless Provisioning

Out-of-the-BoxDeployment

MDM Configuration

Intelligent Insights and Rules Engine

BIOS / FirmwareManagement

DeliveryOptimization

AutomatedCompliance

Co-exist withPCLM

Out of the Box Experience

12

Ready-to-Work Experience

On-premises or AD Cloud Domain Join

Less IT Touch

Trusted Software Authority

Factory Distributor Integrator IT End User

Less-touch onboarding for day one user productivity

TRADITIONAL PC DEPLOYMENT

MODERN PC DEPLOYMENT

Onboarding

13

Co-managed

Provisioning

FactoryService

WithorwithoutADdomainjoin

Imagebased,stagedoratruntime

Pre-configureddevicefromfactorytouser

AgentOne-click,self-serviceonboarding

Out-of-the-boxClouddomainjoinincludingAutopilot

ITDriven

UserDriven

And cue… Workspace ONE UEM

14

Consumer Simple

Enterprise Secure

VMware Workspace ONE™

Intelligence-Driven Platform

Employee Experience Modern Management

AutomationInsightsVirtualization

Beleid

15

Intelligence

16

WorkspaceONEIntelligence

Aggregate Correlate Insights Automate

INGESTION DECISIONS

APTELIGENT

IDM

HORIZON

REPORTS

DASHBOARDS

NOTIFICATIONS

ACTIONS

UEM

Detecteren en automatische patch regels

17

Workspace ONE Intelligence – Patch Analytics and Automation

3

4

5

6

1

2AdminDetectsSecurityVulnerability

IdentifiesVulnerableDevices

DeploysPatches

TriggersAutomatedRemediation

BacktoSafeState

ContinuousMonitoring

Secure

18

Allowaccessbydefault

Singleclearinghouseforentitlementandauthentication

Verifydevicepostureforcompliance

Removefrictionfromuserexperience

Contextualrules-enginewithcontinuoussecurity

Users(Identity)

Federateidentityforon-premisesandcloud

servicesEndpointprotection

In de Blender….

19

vSphereServer Virtualization

VSANHCI Storage

NSX Networking & Security

Physical Infrastructure

HorizonVirtual Desktops

Horizon Published Applications

Workspace ONE Portal & Access MGMT

App Volumes

Dynamic Environment Manager

Workspace ONE UEM & Device Compliance

Horizon Cloud Pod Architecture

vRea

lize

Op

erat

ions

fo

r H

oriz

on

Pub

lic C

loud

Wo

rksp

ace

ON

E In

telli

gen

ceSaaS

Consistentautomated,scalableInfrastructure

SDWAN velocloud

IOTATMDisp

layTV

Promotionsoffe

rsother

Win10

MacOSIO

SAn

droid

Integration VMware products with other vendors

Cloud

20

On-Premises

21

En met een beetjeschaal ziet dat er….

(en dan staat IDM hier niet ;)

22

Windows 10 Stack

23

PowerShell

WindowsOSWiFi VPN Passcode

Firewall Updates

BitLocker

ZIP,EXE,MSI,P2P

MSI

BIOS

Scripting

MicrosoftCSPs

WindowsCapabilities

Firmware

VMwareCSP DirectWin32 WMI Management

API

PolicyEngine

CSP/GPO

OMA-DMClient ProtectionAgent(Win32)ManagementClients

WorkspaceONEUEMConsole ManagementServer

WNS AWCM

OEMUpdates

Drivers

ProvisioningEnrollment (auto/silent) -> bijvoorbeeld Azure AD

naar Workspace ONE UEMCustom Profiles (CSP)PackagesProvisioning scripts (bijvoorbeeld PoSH) –

Task Sequence-likeUserAdminSystem

ApplicatiesURL of uploadsSaaS in unified catalog

24

Afkortingen en concepten Windows10

25

CSP – Configuration Service ProviderDDF - Device Description FrameworkOMA-CP – Open Mobile Alliance - Client

ProvisioningOMA-DM - Open Mobile Alliance – Device

ManagementWAP – Wireless Application ProtocolSyncML – Synchronization Markup Language

Anatomie van SyncML

26

UDID

Mgmt Server

CommandID

LocationURI

Multi-Tenant Day-2 Ops

27

Reactie naar verschillende devices

28

AppsCOPE

EnterpriseWipe FactoryDeviceWipe RemoveEntitlements

BYOD

WipeEnterpriseDataOnly

FullDeviceWipe FromIdentityDirectories

Driver of the business value

29

ModernizeYourDataCenter

TransformYourCustomerEngagement

EmpowerYourWorkforce

AccelerateTimetoMarket

EmbedITOperationalExcellence

HybridStrategyDeliverexceptionalCustomerExperience

DriverforInnovation ReduceTTMInnovationdriveCompetition

EmpowerwithDigitalWorkspace

ContinuousSecurity

Thank You!

Let’s talk it over!pvandebor@itq.nl

A BIG THANK YOU TO OUR SPONSORS!