[Deep Dive] Workspace ONE UEM 9.4 Features

Author: Hannah Jernigan

Hannah is a technical writer for the VMware End-User Computing technical marketing team.

Share This Post On

The latest updates and features for Workspace ONE are now available!

This deep dive covers the following topics: branding updates, Android management enhancements, new Apple settings, new DLP settings, and mobile flows.

Product Rebranding and User Interface Enhancements

To align with the Workspace ONE family of solutions, VMware AirWatch will be known as Workspace ONE Unified Endpoint Management (UEM). Customers will see this rebranding in the Workspace ONE UEM Console and installer files for v.9.4.

Workspace ONE UEM 9.4

In addition to this name change, the 9.4 console also features a new look and feel. This new look aligns more closely with the VMware family of solutions, providing a more consistent experience.

(New!) Workspace ONE UEM 9.4

UEM-9.4

(Legacy) AirWatch Console 9.3

Android Management Updates

In the classic Android enterprise mobility management (EMM) model, the Android OS required the Workspace ONE (AirWatch) Agent to become a Device Administrator. In Android L, Google introduced a new  model with Android Enterprise, previously known as Android for Work.

The new model offers a standard set of management API’s across all Android OEM’s. Some key features include:

  • Silent installation of public applications
  • Streamlined application management through the managed Google Play
  • Separation of personal and work data in BYOD scenarios

Requirements

Workspace ONE UEM Console 9.4 requires Android Enterprise setup to be completed prior to profile configuration.

To meet this requirement, migrating to the Android Enterprise model is the recommended practice. However, Android devices meeting certain criteria should not follow this recommendation.

Android devices meeting either of the following criteria should opt out of Android Enterprise migration:

  • Non-GMS (Google Mobile Service)
  • Running 5.1 or below

New Skip Screens for Apple DEP

Three new skip options in the DEP enrollment profile simplify out-of-box device setup and enrollment for end users:

  • Where is this Apple TV [tvOS] – User won’t be prompted to select a room
  • iCloud Documents and Desktop [macOS] – User will not be prompted to set up iCloud Documents and Desktop Sync
  • Privacy [All] – User not shown Apple’s privacy explanation screen

By default, these new settings are set to Don’t Skip. To enable, navigate to Settings > Devices & Users > Apple > Device Enrollment Program. Select Skip for the appropriate behavior. Then, Save to apply the updated settings to new and existing DEP devices.

New macOS Profile Settings

New macOS profile functionality supports Apple Spring Release (macOS 10.13.4) features.

The VPN On-Demand profile for macOS now supports the F5 Access VPN Client. This setting is available as a tunnel network connection.

F5 Access is the newer macOS native app, available on the Mac App Store

  • Lightweight App with macOS GUI Integration
  • Distribute with Device-Based VPP

The Restrictions profile for macOS devices now supports the following functionality:

  • [Preferences Tab] Flash Preferences – Prevent users from modifying Adobe Flash Player preferences.
  • [Functionality Tab] Content Caching – Disable caching services on macOS to prevent users from inadvertently enabling caching services.
  • [Functionality Tab] iCloud Desktop & Documents Services – Prevent users from syncing documents to iCloud.

The Security & Privacy profile for macOS added settings that prevent users from enabling unlock via TouchID or Apple Watch.

When a profile payload is already in place, update the existing payload instead of configuring a new profile. Per Apple, pushing two profiles with identical payloads will cause “undefined” behavior.

Office 365 DLP Updates

New iOS and Android specific restrictions in App Policies enforce Microsoft Office 365 Data Loss Prevention (DLP).

To access these settings, navigate to Settings > Apps > Office 365 Setting. Click Authentication, and configure the platform-specific settings.

Once configured, the new settings populate in Intune App Protection policies, which require a decimal point in all version values.

Requirements

  • Intune License
  • Azure AD Integration

Introducing Workspace ONE Mobile Flows

Workspace ONE Mobile Flows allows device users to view additional information and perform related tasks from within VMware applications. Mobile Flows detects references to tasks or business data within an email and displays them as cards. Cards allow users to perform essential actions like assigning tickets or creating action item lists without transferring to another app. Mobile Flows provides support across multiple business back-end systems using VMware Connectors. You can develop custom connectors to support your specific business requirements.

Requirements

  • UEM Console v9.3 or later
  • VMware Boxer v4.12 or later
  • VMware Identity Manager v3.1 or later
  • Workspace ONE Enterprise bundle or Workspace ONE Mobile Flows add-on
  • Hardware & Network Requirements

Contributors

Karim Chelouati, senior technical marketing manager for VMware EUC mobile marketing, contributed Chrome OS and Android content.
Robert Terakedis, senior technical marketing manager for VMware EUC mobile marketing, contributed Apple DEP and macOS content.
Josue Negron, senior technical marketing manager for VMware EUC mobile marketing, contributed Windows 10 content.
Shardul Navare, Senior Technical Marketing Manager for VMware EUC, contributed the mobile flows content.