Archives

Laptop Management

VMware AirWatch Is First UEM to Manage Chromebooks, Extending Cross-Platform Management Leadership

This blog was updated on May 22,2017, with the latest information about the Device Enrollment Program from Apple. Join the conversation on Twitter using #iOSinBusiness.

What is the Device Enrollment Program from Apple?

The Device Enrollment Program provides a fast, streamlined way to deploy your corporate-owned Mac, iOS or tvOS devices. With a mobile device management (MDM) and unified endpoint management solution like VMware AirWatch, IT can:

  • Customize device settings;
  • Activate and supervise devices over the air; and
  • Enable users to setup their own devices out of the box.

[Related: 27 Questions Answered about AirWatch & the Device Enrollment Program from Apple]

What IT challenges does the Device Enrollment Program help address?

The Device Enrollment Program solves several critical requirements for corporate-owned devices. First, organizations save time and money by eliminating high-touch processes for IT. DEP takes configuration time to zero. Deployment of corporate-owned devices with DEP means zero-touch configuration for IT, eliminates staging and automates device configuration.

Second, onboarding iOS or macOS devices is streamlined for users. Based on the settings IT configured, users are prompted through Setup Assistant (skipping through any unnecessary screens). Users only need to authenticate and don&#rsquo;t need to be tech savvy to get the content, apps and email they need on their smartphones.

Finally, supervising iOS devices over the air is possible with the DEP. With supervision, administrators have more control over the device and can disable features like AirDrop, the App Store and account modification. They can also enable features like password protection. Also, the MDM profile cannot be removed, which eliminates the possibility of un-enrollment to protect data and investments in devices and provides the best user experience possible.

What role does AirWatch play in Apple&#rsquo;s Device Enrollment Program?

To utilize the Device Enrollment Program, MDM capabilities like those part of VMware AirWatch are required. AirWatch integrates with the Device Enrollment Program, enabling organizations to automatically import devices in the console based on order history. Then, administrators can easily configure settings, apply profiles, assign applications and set restrictions that will apply automatically when users unbox devices.

[Related: iOS 10.3, tvOS 10.2 & macOS 10.12.4 Are Live! VMware AirWatch Has Your Mobile Business Covered]

How can I join the Device Enrollment Program from Apple?

First, enroll with Apple and register your organization&#rsquo;s information to create an account and designate your administrators. Next, configure your device settings and Setup Assistant steps in the AirWatch console. You then can ship devices directly to your users.

For more information, check out Apple&#rsquo;s Device Enrollment Program Guide.

What are the device requirements for the Apple Device Enrollment Program?

The devices must be corporate-owned and purchased directly from Apple or through participating Apple Authorized Resellers.*

*The Device Enrollment Program may not be supported by all Apple Authorized Resellers and carriers.

Where is the Device Enrollment Program available?

The Device Enrollment Program is available in 34 countries: Australia,Austria,Belgium,Brazil,Canada,Czech Republic,Denmark,Finland,France,Germany, Greece,Hong Kong,Hungary,India,Ireland,Italy,Japan,Luxembourg,Mexico,Netherlands, NewZealand,Norway,Poland,Portugal,Singapore,South Africa,Spain,Sweden,Switzerland, Taiwan,Turkey,United Arab Emirates,United Kingdom andUnitedStates.

What’s available for education with the Device Enrollment Program from Apple?

Both Apple and AirWatch give special consideration to unique education use cases. With Apple School Manager (ASM), Apple has delivered a central place for account creation, role definitions and content purchases. To support ASM, AirWatch designed a console section for education to setup mobile deployments and streamline management of teachers, students, classes, apps and more—whether you have a 1:1 or shared device deployment. After importing data from Apple School Manager, use AirWatch to:

  • Match devices with students or classes;
  • Assign applications (to users or devices); and
  • Configure the new Classroom application, allowing teachers to guide learning on iPads.

Students quickly choose the device with their photo displayed once their teacher has started the class.

Visit apple.com/business/dep/ and apple.com/education/it/ to learn more about the Device Enrollment Program.

 

Read more..

The PCLM Revolution Will Not Be Televised. See It Live at VMworld

This blog was updated on May 22,2017, with the latest information about the Device Enrollment Program from Apple. Join the conversation on Twitter using #iOSinBusiness.

What is the Device Enrollment Program from Apple?

The Device Enrollment Program provides a fast, streamlined way to deploy your corporate-owned Mac, iOS or tvOS devices. With a mobile device management (MDM) and unified endpoint management solution like VMware AirWatch, IT can:

  • Customize device settings;
  • Activate and supervise devices over the air; and
  • Enable users to setup their own devices out of the box.

[Related: 27 Questions Answered about AirWatch & the Device Enrollment Program from Apple]

What IT challenges does the Device Enrollment Program help address?

The Device Enrollment Program solves several critical requirements for corporate-owned devices. First, organizations save time and money by eliminating high-touch processes for IT. DEP takes configuration time to zero. Deployment of corporate-owned devices with DEP means zero-touch configuration for IT, eliminates staging and automates device configuration.

Second, onboarding iOS or macOS devices is streamlined for users. Based on the settings IT configured, users are prompted through Setup Assistant (skipping through any unnecessary screens). Users only need to authenticate and don&#rsquo;t need to be tech savvy to get the content, apps and email they need on their smartphones.

Finally, supervising iOS devices over the air is possible with the DEP. With supervision, administrators have more control over the device and can disable features like AirDrop, the App Store and account modification. They can also enable features like password protection. Also, the MDM profile cannot be removed, which eliminates the possibility of un-enrollment to protect data and investments in devices and provides the best user experience possible.

What role does AirWatch play in Apple&#rsquo;s Device Enrollment Program?

To utilize the Device Enrollment Program, MDM capabilities like those part of VMware AirWatch are required. AirWatch integrates with the Device Enrollment Program, enabling organizations to automatically import devices in the console based on order history. Then, administrators can easily configure settings, apply profiles, assign applications and set restrictions that will apply automatically when users unbox devices.

[Related: iOS 10.3, tvOS 10.2 & macOS 10.12.4 Are Live! VMware AirWatch Has Your Mobile Business Covered]

How can I join the Device Enrollment Program from Apple?

First, enroll with Apple and register your organization&#rsquo;s information to create an account and designate your administrators. Next, configure your device settings and Setup Assistant steps in the AirWatch console. You then can ship devices directly to your users.

For more information, check out Apple&#rsquo;s Device Enrollment Program Guide.

What are the device requirements for the Apple Device Enrollment Program?

The devices must be corporate-owned and purchased directly from Apple or through participating Apple Authorized Resellers.*

*The Device Enrollment Program may not be supported by all Apple Authorized Resellers and carriers.

Where is the Device Enrollment Program available?

The Device Enrollment Program is available in 34 countries: Australia,Austria,Belgium,Brazil,Canada,Czech Republic,Denmark,Finland,France,Germany, Greece,Hong Kong,Hungary,India,Ireland,Italy,Japan,Luxembourg,Mexico,Netherlands, NewZealand,Norway,Poland,Portugal,Singapore,South Africa,Spain,Sweden,Switzerland, Taiwan,Turkey,United Arab Emirates,United Kingdom andUnitedStates.

What’s available for education with the Device Enrollment Program from Apple?

Both Apple and AirWatch give special consideration to unique education use cases. With Apple School Manager (ASM), Apple has delivered a central place for account creation, role definitions and content purchases. To support ASM, AirWatch designed a console section for education to setup mobile deployments and streamline management of teachers, students, classes, apps and more—whether you have a 1:1 or shared device deployment. After importing data from Apple School Manager, use AirWatch to:

  • Match devices with students or classes;
  • Assign applications (to users or devices); and
  • Configure the new Classroom application, allowing teachers to guide learning on iPads.

Students quickly choose the device with their photo displayed once their teacher has started the class.

Visit apple.com/business/dep/ and apple.com/education/it/ to learn more about the Device Enrollment Program.

 

Read more..

Dell & VMware Extend PC Management to the Firmware

Greetings from #DellEMCWorld in Las Vegas, where all of the Dell Technologies brands have come together on one stage. These are not only exciting times for us, but also for our mutual customers embarking on their digital transformation journey. Customers are now seeing the collective strength of the Dell Technologies portfolio come to market—and see […]]> Greetings from #DellEMCWorld in Las Vegas, where all of the Dell Technologies brands have come together on one stage. These are not only exciting times for us, but also for our mutual customers embarking on their digital transformation journey. Customers are now seeing the collective strength of the Dell Technologies portfolio come to market—and see how possibilities are turned to reality.

In today&#rsquo;s keynote, VMware CEO Pat Gelsinger spoke about the constantly expanding partnership between VMware and Dell. One such example is the integration of our industry-leading solutions VMware AirWatch and Dell Client Command systems management tools. AirWatch is a key component of VMware Workspace ONE, an industry leading platform that enables our IT customers to empower their workforce to securely bring the technology of their choice (devices and apps) at the pace and cost the business needs.

The integration extends AirWatch management and remediation capabilities to the system firmware or BIOS. This is another significant proof point of AirWatch&#rsquo;s evolution from enterprise mobility management (EMM) to a unified endpoint management (UEM) solution that goes beyond managing mobile devices to comprehensive Windows 10 and desktop management. At VMware, we see this as just the beginning of a long-term strategy to integrate our digital workspace solutions with Dell devices.

Extending PC Management to the BIOS

Windows devices have many system attributes that IT admins may want to monitor and manage. Typical client management tools allow admins to take actions in the operating system (OS), but fail to extend management capabilities to a lower firmware level. AirWatch integration with Dell Client Command creates an extensible platform that now allows IT admins to:

  • Query and retrieve key system attributes;
  • Configure critical BIOS settings; and
  • Take remediation actions.

All this from the same AirWatch admin console used for managing all the Windows OS policies, apps and other endpoints in your organization. Customers can take advantage of this unique integration as part of the AirWatch 9.1 console release and enable several IT use cases and benefits that improve user uptime, reduce costs and improve security. Let&#rsquo;s examine some of these use cases and benefits:

Proactive Device Management: Minimize User Downtime & Ensure Business Continuity

IT admins can now query and report key system attributes—including device service tag information, current BIOS version and battery health status—for their Dell hardware. This enables admins to create policies that proactively manage Dell devices, minimizing user downtown and ensuring business continuity. Here are two examples:

1. Admins can create custom notifications based on BIOS reporting of the battery health and the recommended threshold for replacement. This allows them to proactively ship replacement batteries to the users before a failure happens and thus avoid any downtime.

2. Admins can quickly report on the BIOS versions across their deployment and immediately locate devices that need attention based on the associated service tag. Implementing the most current BIOS version is critical not just from a usability and security standpoint, but this may also influence the overall life of the device.

BIOS Security & Remediation: Improve Alignment with Compliance & IT Security Policies

The BIOS security features in the AirWatch console enable IT admins to remotely configure BIOS passwords, enable use of Trusted Platform Module (TPM) and take remediation actions on non-compliant devices. This ensures a stronger alignment with the recommended IT security and compliance policies within the organization. Here are two examples:

1. For many organizations, the BIOS passwords are typically difficult to change with the requirement to physically touch the device to make any updates. With the integration, admins can now remotely manage BIOS passwords. You can set different passwords based on custom smartgroup assignments, instantly change passwords in case they are leaked or compromised and even revoke passwords when the device is un-enrolled or an employee leaves the organization.

2. Most enterprise-grade Dell PCs now carry a TPM, which is a tamper-resistant physical chip that ensures overall system integrity. TPM helps encrypt passwords by generating and storing digital certificates and authentication and encryption keys. Thus, the TPM forms a critical element for Windows 10 security and is recommended for a variety of OS security features. These include Windows Hello, BitLocker encryption, Health Attestation and the virtualization-based security features new to the OS (e.g. Secure Boot, Device Guard, Credential Guard and others). With the integration, IT admins can now remotely enable and configure the use of TPM for the organization.

Zero-Touch System Configuration Over-the-Air: Simplify IT Tasks & Reduces Admin Overhead

Traditional BIOS management approaches were high touch, requiring IT admins to access physical machines to change configuration settings. AirWatch, however, adopts a cloud-first management model that enables instant push-based endpoint and app configuration. With Dell Client Command integration, the same over-the-air management approach is now extended for BIOS security and CPU virtualization settings, without admins needing to physically touch the machines. For example, admins can now remotely enable and provide automated support for CPU virtualization features that are required for deployment of VMware desktop products or Hyper-V.

Don&#rsquo;t Forget…

At Dell EMC World this year, we are only beginning to see solutions come to market as a direct result of the VMware and Dell partnership. As we continue this journey for the benefit of our mutual customers, expect to see new solutions that are a true testament of this &#rsquo;better together&#rdquo; partnership. Make sure to tag along as we head into VMworld 2017 for even more exciting innovations.

Will you be atMMS 2017?

We would love to see you. Stop by the VMware booth, and joinJason Roszak, director of product management at VMware, for a demo! Learn how to efficiently deploy, manage and secure Windows 10 endpoints across all networks and use cases Tuesday, May 16, 8–9:45 a.m. in Nokomis, BC.Register here.

Because you liked this post:

  • Decoding Windows 10 S & How to Make It a Success in Your Organization
  • What&#rsquo;s New for Windows 10 Management with VMware AirWatch 9.1
  • Windows 10 Enrollment Made Simple

Read more..

[Video] Windows 10 Enrollment Made Simple | The Redmond Series

Last year, I upgraded to a new Apple iPhone. The transition from my previous model was seamless. I took the phone out of the box, entered my Apple iCloud credentials and all my previous contacts, apps and data synced in minutes. Every time I upgrade my personal smartphone, I think about how painful this process […]]> Last year, I upgraded to a new Apple iPhone. The transition from my previous model was seamless. I took the phone out of the box, entered my Apple iCloud credentials and all my previous contacts, apps and data synced in minutes. Every time I upgrade my personal smartphone, I think about how painful this process is for company-issued devices. With Windows 10, however, Microsoft changed the game for enterprise IT.

Now, organizations can deliver that same consumer-like experience in the enterprise across Windows 10 laptops, desktops, tablets and other devices. In the second video in our Redmond Series, we explore newly available Windows 10 deployment options and the impact of a modern approach on IT:

  • Challenges with Traditional Tools
  • Opportunities with a Modern Management Approach
  • Rethinking Deployment Options in the Enterprise
  • Post Deployment Configuration Considerations
  • Test Out the Modern Enrollment Options Today

Watch our new Windows 10 enrollment video below to dive in:

Miss the first video in VMware&#rsquo;s new Redmond Series? Click here to watch Episode 1: Exploring How Windows 10 Affects Your Business.

Challenges with Traditional Tools

When PC lifecycle management was in its prime 10 years ago, the management of corporate desktops centered on the company network. IT delivered a standard operating environment with limited hardware and software options. Back then:

  • You came into a physical corporate office.
  • You sat at an assigned desk.
  • You worked on a PC tethered to the corporate network.

As we shift from the client server to the mobile-cloud era, we realize that traditional PC management is complex. IT must:

  • Build a golden image for each device type and use case;
  • Deal with a complicated OS and application deployment and patching process; and
  • Maintain a massive management and distribution point infrastructure.

All these complexities correlate to cost. According to industry analysts, the average cost to deploy a new operating system (OS) can cost nearly $2,000 per machine. Likely, a company with 10,000 employees spends more than $200,000 a year to maintain existing servers, storage and network infrastructure. IT builds deployment costs around a server-client relationship. By taking a modern approach to Windows 10, organizations deliver a consumer-like experience. Users take a device out of the box, power it on for the first time and automatically transform the machine to a company device. They do all this without the need to either re-image or IT touching the device, regardless of whether the user is on the corporate network, working from home or working out of a Starbucks on the road.

[Related Study: Total Impact of Modern Windows 10 & Content Management with VMware]

Opportunity with a Modern Management Approach

Enterprise mobility management (EMM) for iOS and Android devices changed the management paradigm for endpoints. By taking a cloud-first approach, organizations no longer need a vast server infrastructure. IT now gets:

  • Real-time visibility and policy distribution;
  • Automated compliance and monitoring; and
  • Simplified management.

Now, organizations can extend the same framework to devices running Windows 10.

When we talk to customers leveraging EMM for their mobile device fleet, it is not uncommon for them to dedicate one admin for every 10,000 devices. When you compare that to traditional PCLM tools, we typically see one admin for every 250 devices. By extending EMM capabilities to Windows 10, organizations have an opportunity to realize dramatic cost avoidances.

Even with some of the additional complexities with Windows 10, such as application file sizes and app contingencies/dependences, I believe a highly conservative estimate of one admin for every 1,000 desktops is easily achievable. The reduced overhead and infrastructure costs free admins and IT to drive business value within their organization—instead of being a cost center.

Rethinking Deployment Options in the Enterprise

As customers begin migrating to Windows 10, enrollment best practices cause confusion in the market, based on:

  • Whether the devices are domain or non-domain joined;
  • The required management depth (e.g. GPOs vs. MDM);
  • The type of a device; and
  • The specific use case.

With unified endpoint management (UEM), organizations support all use cases within a single pane of glass. From there, they implement enrollment options that best meet their deployment requirements, whether that is an out of box experience, physical provisioning by IT or virtual desktop delivery to either corporate-owned or employee-owned devices.

[Related Whitepaper: Unified Endpoint Management—You&#rsquo;re Already Behind]

Out of Box Experience

We previously discussed how IT could now drop ship a device, and a user can be up and running in minutes. Here is a demo video of the experience from an end user&#rsquo;s perspective:

Watch this quick demo of the out-of-box experience:

With this approach, we make enrollment incredibly simple and consumer-like for the user with no direct support from IT:

1. User receives a new device shipped to them at work, home or on the road.

2. They take it out of the box and follow a few simple steps to set-up the device.

3. On entering their corporate credentials, the device automatically joins to Azure Active Directory, and EMM enrollment happens automatically.

4. Once enrolled, device management continues the onboarding process to fully secure and configure the device for work.

5. The user starts working in minutes on a fully transformed corporate device.

Provisioning Experience

While the out-of-box experience is fantastic for end users and IT, many organizations still prefer to provision devices themselves or through a third party. Historically, IT managed dedicated images across every piece of OEM hardware, OS versions and use cases. This limited the number of device types IT issued to users.

With Windows 10 and VMware AirWatch UEM, provisioning is dramatically faster and easier to perform. The new provisioning process replaces traditional imaging and creates device choice and freedom. IT can now:

  • Generate a provisioning package (PPKG) with the Windows Imaging and Configuration Designer tool (WICD).
  • Distribute the PPKG file to any device over-the-air with a thumb drive or even as an email attachment.
  • Execute the PPKG to complete the automated onboarding based on the device type and a user&#rsquo;s role in the organization.

Virtual Desktop and Application Delivery

As organizations migrate to Windows 10, virtual desktop and application delivery addresses several use cases. Existing hardware might not support Windows 10 migration. Some mission-critical applications might be too graphics intensive or incompatible with Windows 10. Some users may have personal devices on a different OS. All of these scenarios may be better suited for virtual desktops and applications.

VMware Horizon extends virtual desktops and applications on premises or from the cloud wherever a user has an internet connection. Users easily access their virtual desktop or applications from the VMware Workspace ONE app catalog from any device with single sign-on.

[Related: The Digital Workspace Journey: VMware Workspace ONE]

Post Deployment Configuration Considerations

Regardless of the deployment option you choose, you also benefit from the ability to configure the device consistently from the same AirWatch console and across any use case. Now, you can easily configure or change Wi-Fi, VPN, certificates, email, passcodes, compliance and restriction settings, encryption, firewall and antivirus. You can even modify the OS license as needed instantly and over the air.

For example, by configuring per-app VPN on a device, users do not have to manually launch a VPN client and enter their corporate credentials when off the domain. AirWatch recognizes that an approved application on a managed device is off the company network and automatically establish a per-app VPN connection without user interaction.

While these new configuration policies in the AirWatch console are robust and easy to use, we recognize that many admins have advanced requirements. Some admins may have leftover scripts from their legacy PCLM tool that they need to apply within a modern management framework. With AirWatch UEM, you simply take those scripts and create advanced task automation sequences to apply policies, settings and apps to end users on or off the domain.

Test Out the Modern Enrollment Options Today

Compared with traditional imaging approaches, modern Windows 10 management tools enable IT with new options for enrolling users at a fraction of the time and cost. Windows 10 and AirWatch UEM gives you an opportunity to re-imagine how you do deployment today.

I encourage you to experience these enrollment options yourself, so you can see how simple the process can be for your organization. We created a sandboxed environment we call Test Drive, where you can try out the enrollment and other Windows 10 management capabilities.

Click here sign up and test drive Windows 10 enrollment and more.

Are you currently in the midst of mapping out your Windows 10 enrollment options?

Leave us a question or comment below. Our experts will respond directly and maybe even cover your question in upcoming episodes.

Read more..

Go Que Newsroom Categories

Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 36 bytes) in /home/content/36/8658336/html/goquecom/wp-includes/taxonomy.php on line 3363