Ben Siler

VMware Workspace ONE Makes Constellation ShortList for Cloud Identity Management

For the second year in a row, VMware Workspace ONE has been included in theConstellation ShortList for Cloud Identity Management.We&#rsquo;re proud to accept the award!Ithighlights our ability to deliver theadvancedidentity and mobility featuresearly-adopter organizationsneed to delight end users and securevital apps and data.

Because&#rsquo;identity management and authentication are rapidly evolving fields and deliver mission-critical functionality,&#rdquo;Constellation Research evaluates&#rsquo;the strength of the provider&#rsquo;s R&D program and looks for vendors committed to innovation and technological excellence&#rdquo;to determine shortlist members.Our product team is committed to delivering the customer-centric features you need, as well as information on the identity and access best practices you should follow for security and ease of use.

Market-Leading Capabilitieswiththe Knowledge to Use Them

Whether you&#rsquo;re an early adopter who&#rsquo;s already improving security at your organization by eliminating passwords orsomeone who&#rsquo;s learning the basics of identity and access management, thecentralityof identity and access to the daily work of your users can make change intimidating.Most organizations needmore than just advanced features; they needbest practicesasrecommended by security researchers andimplementedby best-in-class IT teams.

The upcoming end-user computing (EUC) sessionsatVMworld 2017 give attendees the perfect chance to consider the identity and access approaches pursued by other organizations and to learn about Workspace ONE directly from the people who build it.

VMware attendees interested in identity and access management should make sure to attend the EUC spotlight session and showcase keynote:

Delivering New User Experiences with Digital Workspaces

Add #EDW7002KU via VMworld U.S. schedule builder.

The Transformation of Identity and Access Management in the Age of the Digital Workspace

Add #SAAM3157SU via VMworld U.S. schedule builder.

Attendees interested in identity and access management will also likely want to attend breakout sessions spotlighting powerful identity features:

Introduction to Access Management in Workspace ONE

Add #SAAM2288BU via VMworld U.S. schedule builder.

Introduction to Password-Less Single Sign-On for Mobile Devices with Workspace ONE

Add #SAAM1084QU via VMworld U.S. schedule builder.

Secure and Seamless Access to All Your Applications with Workspace ONE Conditional Access and Mobile Single Sign-On

Add #SAAM2204BU via VMworld U.S. schedule builder.

More Information on Identity, Access and Workspace ONE

Even if you&#rsquo;re not visitingVMworld, you can contact VMware to learn more aboutthe ways organizations are improving end-user experiences and tightening security.Visit contact your VMware account representative for more details.

Source: Constellation Research, Inc., ” ConstellationShortList™ Cloud Identity Management”, Steve Wilson, Vice President and Principal Analyst, August 9, 2017

The post VMware Workspace ONE Makes Constellation ShortList for Cloud Identity Management appeared first on VMware End-User Computing Blog.

Read more..

Don’t Leave Holes in Your Office 365 Security Strategy

Secure every access point to Microsoft Office 365 emails and data with VMware Workspace ONE.

If your organization is like most, you&#rsquo;re either using Microsoft Office 365 or thinking about an Office 365 implementation. Since the data and email in Office 365 are vital to your business, you&#rsquo;ve probably thought through how to protect Office 365 with application access control policies. You need to ensure, however, that your policies protect all apps with access to Office 365.

Imagine that one of your end users goes to visit family for the holidays. While at her parent&#rsquo;s house, she borrows her father&#rsquo;s laptop to check work emails. Although you require multi-factor authentication (MFA) for access to Office 365, she logs into Outlook 2010 using nothing more than a username and password. Outlook downloads her mailbox, she checks her email, and after a few days, she returns home.

All her emails, however, stay on the laptop. That data is out of her control and out of IT&#rsquo;s control, creating data loss risks if the laptop is sold, lost or compromised with malware. How did your user (unwittingly) bypass your conditional access rules, and what can you do to protect your data and email?

In this blog post, we&#rsquo;ll cover how this data leak occurred, and how VMware Workspace ONE allows you to avoid similar Office 365 data losses and security holes.

Applying Access Policies to Office 365 Authentication Methods

To understand how your user bypassed your MFA requirement, you have to understand that Office 365 supports two ways to log users in: Modern authentication and legacy username/password authentication. In the example above, your user logged in with a legacy username/password client, accidentally bypassing the policies you created to protect Office 365.

To control access to Office 365 emails and data no matter what client your user chooses, you need a solution such as Workspace ONE that protects both authentication methods. Although many Office 365 client apps use newer modern authentication, older Office 365 apps, Android and iOS native mail (using ActiveSync), and third-party Office 365 apps (such as Thunderbird) use legacy username/password authentication.

Protecting both authentication types is vital for most organizations. Workspace ONE controls access to Office 365 no matter which client app a user chooses with policies based on group, network range, device type or OS and more.

Modern vs. Legacy Authentication

Here&#rsquo;s how to tell the difference Office 365 modern authentication and legacy username/password authentication:

Modern Authentication

If the end user is redirected to an IDP in a browser, it&#rsquo;s modern authentication.

Microsoft modern authentication redirects the end user in a browser from the Office 365 app to an identity provider (IdP), such as Workspace ONE, to authenticate. Modern authentication takes advantage of Microsoft&#rsquo;s Azure Active Directory Authentication Libraries (ADAL). For more details on modern authentication, see Microsoft&#rsquo;s summary here.

This is modern authentication. The user is redirected to Workspace ONE in a browser.

Legacy Authentication

If the end user enters credentials into the client&#rsquo;s UI (and there&#rsquo;s no redirection to an IDP), it&#rsquo;s legacy username/password authentication.

In username/password authentication, the Office 365 client collects a username and password in its own UI (rather than sending the user to an IDP in a browser). Because the user enters their credentials into the client rather than using standard browser single sign-on (SSO), legacy username/password authentication doesn&#rsquo;t support advanced features such as MFA or VMware mobile SSO. Microsoft sometimes calls legacy username/password authentication by a more specific name such as basic authentication or the Microsoft Online Services Sign-In Assistant.

This is legacy username/password authentication. The user enters credentials directly into the client UI—there&#rsquo;s no browser redirect to Workspace ONE or another IDP.

Many identity solutions can only protect access to Office 365 for clients using modern authentication. Workspace ONE protects access to Office 365 without requiring additional products or servers, no matter what client a user chooses.

Use Cases for Controlling Access to Office 365

Because modern authentication supports MFA, certificate authentication, VMware mobile SSO and all other standard authentication features of Workspace ONE, organizations have fine-grained control over how they allow access for Office 365 clients using modern authentication.

Controlling legacy username/password clients, on the other hand, is tricky. Because legacy username/password clients only support one authentication method (username and password), organizations can&#rsquo;t rely on the enhanced security of MFA, VMware mobile SSO or other authentication features. Instead, many organizations take the following approaches:

  • Allow legacy username/password access to Office 365 for mobile email only. In this approach, an organization could block legacy username/password access to Office 365 apps and data for all apps and add an exception for native mobile email clients that use Exchange ActiveSync. This approach works well with the mobile email management features in Workspace ONE. Many organizations choose this path because Exchange ActiveSync clients don&#rsquo;t download the user&#rsquo;s entire mailbox, reducing the risk of data loss. Your organization can also choose to limit mobile email access to the extra-secure VMware Boxer app.


  • Allow legacy username/password access to Office 365 only under more secure conditions. Because legacy username/password clients such as Thunderbird or older versions of Office don&#rsquo;t support MFA, some organizations want to limit these clients to only connect to Office 365 under more secure circumstances. For example, you might only allow Thunderbird on your corporate network to ensure users are not downloading their mailboxes on multiple computers. This approach can reduce the risk of data loss.
  • Allow legacy username/password access only for specific users or groups. Organizations may want to limit which users can connect to Office 365. For example, IT could block retail employees from accessing mobile email while they are offsite.
  • Block all access to Office 365 for username/password clients. Some organizations want to ensure all users access Office 365 with MFA, mobile SSO or other secure methods. Because modern authentication supports these methods but legacy username/password authentication does not, these organizations should block username/password client apps. Users will still be able to access Office 365 through Office 2016 apps (or Office 2013 apps, if they are configured correctly).

Workspace ONE & Office 365

Workspace ONE makes securing and deploying Office 365 easier, with industry-leading enterprise mobility management (EMM) to keep your devices and users safe. Learn more about how Workspace ONE protects Office 365, while providing end users with consumer-level ease of use. Visit, or contact your VMware account representative for more details.

Because you liked this post:

  • Better Together: VMware Workspace ONE & Office 365
  • Enable Consumer Simple, Secure Access to Office 365 with New VMware Workspace ONE Enhancements
  • VMware Named a Leader in Gartner Magic Quadrant for Enterprise Mobility Management (EMM)

The post Don&#rsquo;t Leave Holes in Your Office 365 Security Strategy appeared first on VMware End-User Computing Blog.

Read more..

Azure AD Join with VMware Workspace ONE

Secure, timely support for remote Windows users can be tricky.

Imagine your top remote sales rep breaks her laptop before an onsite meeting with a vital client. Does she have time to wait for IT to grab a new laptop, Domain Join it for secure access to corporate resources and then ship it out? Even if there is time, she&#rsquo;ll worry about her meeting, and you&#rsquo;ll get plenty of requests for updates.

Instead, imagine that your rep simply stops by a nearby store for a new laptop. She self-enrolls into your Azure Active Directory (AD) domain using the Windows 10 Getting Started wizard. Her device is automatically protected with VMware Workspace ONE enterprise mobility management (EMM) policies.

When you combine Azure AD Domain Join with the best-in-class Windows 10 management of Workspace ONE, you can ensure security and control over end-user access to resources—even from devices that never touch your internal corporate network.

Azure AD Join automatically protects Windows 10 with Workspace ONE EMM policies.

Secure Azure AD Join with Workspace ONE

Workspace ONE integrates with Azure AD Join to protect remote Windows 10 machines with enterprise mobility policies powered by VMware AirWatch. When an end user follows the Windows 10 setup wizard to join his or her device to your Azure AD instance, Azure AD can automatically enroll the device into Workspace ONE for management.

If you have devices that won&#rsquo;t consistently contact your corporate network, or if you have temporary users such as students or contractors, offering Azure AD Join to your users gives them the following benefits:

  • Easy access to their corporate resources through device enrollment into Workspace ONE;
  • Enterprise-class device security through Workspace ONE EMM;
  • User settings that follow them as they log into different domain-joined devices;
  • Strong but simple authentication with support for biometrics, such as face recognition using Windows Hello for Business and
  • Access to the Windows Store for Business using work or school accounts.

You can find full details on the benefits and prerequisites of Azure AD Join on Microsoft&#rsquo;s site.

Users can choose to Azure AD Join their device from the Windows 10 Getting Started Wizard.

Use Cases for Azure AD Join

Azure AD Join makes Windows 10 management easier than traditional AD Domain Join when you&#rsquo;re working with devices that may not connect to your corporate network or with temporary users (for more information, see this article outlining the pros and cons of Azure AD Join). Common use cases include the following:

  • Remote device registration: Some organizations ship Windows 10 devices to remote employees. If you set up Azure AD domain join, your users can easily join their devices to your domain as part of the Windows 10 setup wizard.
  • Temporary domain membership: If your organization employs temporary workers, such as contractors, or temporary users, such as students, you may choose to domain join them through Azure AD to take advantage of the self-service domain join as part of Windows 10 setup.

Workspace ONE, Azure AD and Office 365

Workspace ONE provides the industry-leading EMM you need to keep your devices and users safe. Learn more about how Workspace ONE protects valuable resources such as Microsoft Office 365, while providing end users with consumer-level ease of use., or contact your VMware account representative for more details.

The post Azure AD Join with VMware Workspace ONE appeared first on VMware End-User Computing Blog.

Read more..

[Video] Make Legacy Application Access Simple with VMware & F5

Your end users leverage consumer apps every day that deliver just what they want, just when they need it. These consumer apps and app delivery platforms—the App Store, Google Play—have raised expectations for users: all important apps should be available anywhere.

For your IT organization, this presents an opportunity to delight end users with apps and digital workspaces that are exactly that—simple and accessible wherever users need them. For conceptual simplicity, the ideal digital workspace should centralize all the apps users need. It should also make it easy for users to add applications to their workspace without extra IT involvement. For accessibility anywhere, your workspace needs to give users access to mobile, cloud, desktop and on-premises applications they need.

Unfortunately, legacy applications can stand in the way of your digital workspace vision. These applications usually run on-premises. They are often protected by old authentication methods, and they usually cannot be exposed safely to the internet. End users find these limitations frustrating, especially when they have to use a VPN or cannot access the legacy apps on their mobile devices.

To solve this problem, VMware and F5 Networks partner to help your IT org provide convenient single sign-on (SSO) to your legacy Kerberos Constrained Delegation (KCD) applications. As described in this video by Peter Silva, senior solution developer for F5, you can set up SSO to your legacy KCD app for happier, more productive end users. At the same time, you can rest easy knowing that F5 BIG-IP Access Policy Manager (APM) is providing a secure gateway and app protection for your app.

See this blog postfor more details on providing SSO to legacy apps with our digital workspace solution, VMware Workspace ONE, and BIG-IP AMP.

Read More:

  • Single Sign-On (SSO) to Legacy Apps Using BIG-IP & VMware Workspace ONE
  • Load Balancing VMware Identity Manager with F5 BIG-IP Local Traffic Manager
  • VMware Horizon and F5 BIG-IP Win Big

The post [Video] Make Legacy Application Access Simple with VMware & F5 appeared first on VMware End-User Computing Blog.

Read more..

Go Que Newsroom Categories

Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 46 bytes)
in /home/content/36/8658336/html/goquecom/wp-includes/wp-db.php on line 2022

Query Monitor