IntroductionPascal van de BorEUC Consultant @ITQ
Twitter: @PheldoornInstagram: paikkeBlog: https://pascalswereld.nl
3
Workspace realiteit
6
MOBILETEAM(IT) DESKTOPTEAM(IT) BusinessSpecific(Several)
Deviceenrollment
OTAmanagement
Cloudupdates
Mobileapps
Mixedownership(company,BYO)
OSdeployment,imaging
On-premisesmanagement
Patchdistribution
Apppackaging
Mostlycompanyowned
SaaSapplications
PurposeBuiltdevices
EmbeddedOS
Singlepurposeapps
Companyownedalways
Traditionele Device Management
7
Compromised SecuritySlowtoidentifynon-compliance
Unreliable Software DistributionResource-intensivepackaginganddeployment
Poor User ExperienceLockeddownexperienceandnoself-service
Limited VisibilityPoliciesandupdatespending
Trad
ition
al D
evic
e M
anag
emen
t
OS UpdateServers (WSUS)
Software Distribution
Servers
GPO PolicyServers
(AD)
Ook….voor de business
9
Platform
SecurityPasscode
DLP+Aggregation
Tunneling
Compliance
IdentityAuthentication
SingleSign-on
Multiuser
CertificateManagement
AnalyticsAppAdoption
CrashAnalytics
UserFlows
NetworkPerformance
PrivacyUserConsent
OptionalAnalytics
DataDisclosure
UserEducation
ContentAccessRepositories
PublishedContent
PrebuiltWorkflows
IntegratedSecurity
MDM meets modern management
11
Peer-to-Peer Distribution
Ready-to-work
Experience
Always-up-to-date OS updates
Device HealthAttestation
Win32 AppManagement
Standard Baselines& GPOs
Data Protection
Patch Analytics& Automation
Granular Controls
5. Security3. OS Updates 4. Software2. Configuration1. Onboarding
Asset Tracking
Device and OS Lifecycle Management App Management Zero-Trust Security
App Inventory
BitLocker Management
Company App Store & SSO
Imageless Provisioning
Out-of-the-BoxDeployment
MDM Configuration
Intelligent Insights and Rules Engine
BIOS / FirmwareManagement
DeliveryOptimization
AutomatedCompliance
Co-exist withPCLM
Out of the Box Experience
12
Ready-to-Work Experience
On-premises or AD Cloud Domain Join
Less IT Touch
Trusted Software Authority
Factory Distributor Integrator IT End User
Less-touch onboarding for day one user productivity
TRADITIONAL PC DEPLOYMENT
MODERN PC DEPLOYMENT
Onboarding
13
Co-managed
Provisioning
FactoryService
WithorwithoutADdomainjoin
Imagebased,stagedoratruntime
Pre-configureddevicefromfactorytouser
AgentOne-click,self-serviceonboarding
Out-of-the-boxClouddomainjoinincludingAutopilot
ITDriven
UserDriven
And cue… Workspace ONE UEM
14
Consumer Simple
Enterprise Secure
VMware Workspace ONE™
Intelligence-Driven Platform
Employee Experience Modern Management
AutomationInsightsVirtualization
Intelligence
16
WorkspaceONEIntelligence
Aggregate Correlate Insights Automate
INGESTION DECISIONS
APTELIGENT
IDM
HORIZON
REPORTS
DASHBOARDS
NOTIFICATIONS
ACTIONS
UEM
Detecteren en automatische patch regels
17
Workspace ONE Intelligence – Patch Analytics and Automation
3
4
5
6
1
2AdminDetectsSecurityVulnerability
IdentifiesVulnerableDevices
DeploysPatches
TriggersAutomatedRemediation
BacktoSafeState
ContinuousMonitoring
Secure
18
Allowaccessbydefault
Singleclearinghouseforentitlementandauthentication
Verifydevicepostureforcompliance
Removefrictionfromuserexperience
Contextualrules-enginewithcontinuoussecurity
Users(Identity)
Federateidentityforon-premisesandcloud
servicesEndpointprotection
In de Blender….
19
vSphereServer Virtualization
VSANHCI Storage
NSX Networking & Security
Physical Infrastructure
HorizonVirtual Desktops
Horizon Published Applications
Workspace ONE Portal & Access MGMT
App Volumes
Dynamic Environment Manager
Workspace ONE UEM & Device Compliance
Horizon Cloud Pod Architecture
vRea
lize
Op
erat
ions
fo
r H
oriz
on
Pub
lic C
loud
Wo
rksp
ace
ON
E In
telli
gen
ceSaaS
Consistentautomated,scalableInfrastructure
SDWAN velocloud
IOTATMDisp
layTV
Promotionsoffe
rsother
Win10
MacOSIO
SAn
droid
Integration VMware products with other vendors
Windows 10 Stack
23
PowerShell
WindowsOSWiFi VPN Passcode
Firewall Updates
BitLocker
ZIP,EXE,MSI,P2P
MSI
BIOS
Scripting
MicrosoftCSPs
WindowsCapabilities
Firmware
VMwareCSP DirectWin32 WMI Management
API
PolicyEngine
CSP/GPO
OMA-DMClient ProtectionAgent(Win32)ManagementClients
WorkspaceONEUEMConsole ManagementServer
WNS AWCM
OEMUpdates
Drivers
ProvisioningEnrollment (auto/silent) -> bijvoorbeeld Azure AD
naar Workspace ONE UEMCustom Profiles (CSP)PackagesProvisioning scripts (bijvoorbeeld PoSH) –
Task Sequence-likeUserAdminSystem
ApplicatiesURL of uploadsSaaS in unified catalog
24
Afkortingen en concepten Windows10
25
CSP – Configuration Service ProviderDDF - Device Description FrameworkOMA-CP – Open Mobile Alliance - Client
ProvisioningOMA-DM - Open Mobile Alliance – Device
ManagementWAP – Wireless Application ProtocolSyncML – Synchronization Markup Language
Reactie naar verschillende devices
28
AppsCOPE
EnterpriseWipe FactoryDeviceWipe RemoveEntitlements
BYOD
WipeEnterpriseDataOnly
FullDeviceWipe FromIdentityDirectories
Driver of the business value
29
ModernizeYourDataCenter
TransformYourCustomerEngagement
EmpowerYourWorkforce
AccelerateTimetoMarket
EmbedITOperationalExcellence
HybridStrategyDeliverexceptionalCustomerExperience
DriverforInnovation ReduceTTMInnovationdriveCompetition
EmpowerwithDigitalWorkspace
ContinuousSecurity