Integrating Workspace ONE and Azure AD Conditional Access

From late 2020, Workspace ONE has been able to provide device posture information to Azure Active Directory (AD) so it can be used as part Azure AD’s powerful Conditional Access capabilities. The purpose of this article was revalidate this integration for one of my customers (since this capability has been available for over a year … More

Getting Started with Okta

Okta provides cloud software that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, website web services and devices (see wiki). See this great introductory video too. The purpose of this article is to detail my experience in getting started with the Okta (Identity Engine or … More

Integrating Workspace ONE Access with Azure AD

Workspace ONE can integrate with Microsoft Azure AD to provide a seamless Anywhere Workspace. The following article provides you step by step instructions to integrate both solutions. The following architecture diagram in Miro details the various components of how Workspace ONE Access and Workspace ONE UEM is integrated with Azure AD. For the purposes of … More

Enabling OAuth 2.0 authentication with Workspace ONE Intelligence

Automations in Workspace ONE Intelligence let you automate actions across your Workspace ONE deployment. The automation capabilities in Workspace ONE Intelligence use numerous parameters that trigger a workflow. You can customise the workflow to act on unique scenarios in your Workspace ONE environment. To enable this capability with Workspace ONE UEM, you need to select … More

Setting up Windows Autopilot using Workspace ONE UEM

Workspace ONE UEM offers a range of methods to enroll your Windows 10 and 11 devices. The complete list of enrolment types are listed here. In addition, my colleague Bryan Garmon has also created a great diagram illustrating the various enrollment types. A very popular method to easily enroll your Windows 10 devices is to … More

Applying flexible DLP controls for BYOD when accessing VMware Horizon resources

As I’ve talked about previously, VMware Horizon is a modern platform for secure delivery of virtual desktops and apps across the hybrid cloud. Horizon provides a range of flexible Data Loss Prevention (DLP) capabilities, to ensure corporate data is secured within your Windows delivered applications. Some of the DLP capabilities available are: Restrict Client Drive … More

Integrating Workspace ONE Access with Horizon 8 using the new 21.08 Access Connector

If you wish to have a single portal where you offer your staff virtual desktops, web applications, remote desktop applications, you may wish to leverage Workspace ONE Access. Workspace ONE Access offers a friendly application portal as shown below: This example Workspace ONE application catalog is available from VMware TestDrive which clients and partners can try out … More

Setting up Single Sign-On (SSO) to Workspace ONE UEM Self Service Portal (SSP) and Admin Console

Workspace ONE Access is an integral part of the Workspace ONE platform and supports Workspace ONE Intelligent Hub, Workspace ONE Unified Endpoint Management (UEM) and VMware Horizon. Many administrators like the ability to then provide a Single Sign-On (SSO) capability into the Workspace ONE UEM console for both admin (console) access and the user self … More

Setting up iPad’s for Field Workers using Workspace ONE

Many organisations need to deploy iPhone or iPad devices to their field workers, so they can perform their job whilst on the move. Apple devices allow them to access corporate information quickly and easily, using the easy to use iOS operating system. iPad devices can also be configured as kiosk terminals, so only selected mobile … More

Getting Started with Horizon Cloud on Azure

The VMware Horizon Cloud Service delivers feature-rich virtual desktops and applications using a purpose-built cloud platform that is scalable across multiple deployment options, including fully managed infrastructure from VMware and public cloud infrastructure from Microsoft Azure. The following article highlights a number of existing resources and tips and tricks, so you can quickly trial the … More

Getting Started with Horizon 8

VMware Horizon is a modern platform for secure delivery of virtual desktops and apps across the hybrid cloud. You can deploy Windows and Linux desktops using Horizon from either on-premises and from other cloud services such as VMware Cloud on AWS, Azure VMware Solution (AVS) and Google Cloud VMware Solution (GCVE). The purpose of this … More

Disable Windows Hello with Autopilot using Workspace ONE UEM

Workspace ONE UEM fully supports Microsoft Autopilot. For those who are not aware, Windows Autopilot provides setup and preconfiguration services for new devices so they’re ready to use right out of the box. My colleague Pete Lindley (VMware EUC) has written an excellent article on how to setup and test Autopilot with Workspace ONE UEM. … More

Getting Started with Workspace ONE UEM

VMware® Workspace ONE™ is an intelligence-driven digital workspace platform that simply and securely delivers and manages any app on any device by integrating access control, application management and multi-platform endpoint management. Workspace ONE has a range of capabilities, but how do you quickly get up and running and try out it’s many capabilities ? Well … More

AuthN/AuthZ nuances when integrating Workspace ONE and Azure AD

Workspace ONE provides a great way to provide a seamless experience when accessing Office 365.  I’d previously written how you can integrate Workspace ONE Access with Azure AD in this blog post. Matt Williams (End User Computing Product Manager at VMware) published three detailed articles on how you can integrate Workspace ONE Access with Azure … More

Integrating Workspace ONE UEM and Access with Okta

At Oktane in May 2018, VMware and Okta announced a strategic partnership to deliver advanced identity capabilities for the Digital Workspace. By integrating VMware Workspace ONE and the Okta Identity Cloud, our customers can easily and securely move to the cloud, adopt best-of-breed technologies and simplify IT management. Since this announcement, VMware and Okta have … More

Deploying the Workspace ONE Intelligent Hub via Active Directory GPO

The Workspace ONE Intelligent Hub (previously the Airwatch Agent) provides a range of flexible options to get deployed to your Windows 10 PCs. The VMware Techzone article Onboarding Windows 10 Using Command-Line Enrollment details this for various deployment options. I then came across two excellent videos created by Rob Kelley (VMware).  Rob created two videos … More

Federating Microsoft Azure with Workspace ONE Access and Office 365

Workspace ONE provides a great way to provide a seamless experience when accessing Office 365.  I found configuring this wasn’t too complex, however there were a number of settings you needed to get exactly right for this to work. The purpose of this article is to provide you further details on how to enable this … More

Setting up Workspace ONE Single Sign-on (SSO) and Conditional Access

Workspace ONE Access as part of Workspace ONE, provides Single Sign-On (SSO) capabilities for iOS, Android, Windows 10 and macOS. The following guide details how to set this up for all four operating systems.  Mobile SSO is also required for leveraging Workspace ONE UEM (aka Airwatch) device compliance.  This allows the administrator to ensure that … More

Setting up VMware Horizon on VMware Cloud on AWS

Organisations of all sizes are increasingly relying on desktop and application virtualization to deliver their business-critical applications to any device. Since the announcement of Horizon on VMC in May 2018, there has been a large interest in clients looking to extend their existing on-premises Horizon platforms to the cloud, or build a new Horizon 7 … More

An exciting new role at VMware

It’s been a privilege to work with wonderful people and the various organisations of IBM. Initially I worked for many years in IBM Services (ITS projects team on VMware, Microsoft and Citrix solutions), then Systems (Systems Management) and more recently in Security Software. My last six years working in IBM Security allowed me to work … More

Don’t Drown in a Sea of Cyberthreats

Security teams can be overwhelmed by a sea of vulnerabilities–without the contextual data to help them focus their efforts on the weaknesses that are most likely to be exploited. Cyberthreats need to be stopped before they cause significant financial and reputational damages to an organization. You need a security system that can detect an attack, … More

Setting up IBM BigFix Compliance for PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is a well know IT security standard for organisations that handle credit card data.  The PCI standard is actually mandated by the Payment Card Industry Security Standards Council, and the potential fines for non compliance and ramifications for a business if they hacked can be significant. For example in 2013 Target … More

Setting up BigFix Inventory 9.2

IBM BigFix (Endpoint Manager) has released a new Software Usage Analysis (SUA) module. This release includes a number of new capabilities, specifically SQL support.  BigFix Inventory (or SUA) also provides IBM sub-capacity measurement capability. IBM has provided a number of installation and administration guides here.   In the following article, I’ll step you through the key … More

IBM BigFix (Endpoint Manager) Windows 7 Migration Cookbook

IBM BigFix can not only provide software distribution but also Operating System Deployment (or OSD).  OSD includes the ability to upgrade operating systems (such as Windows XP to Windows 10) but also perform bare metal installations.  I’ve recorded two edited video’s of OSD in action for an upgrade and bare-metal installation. OSD is a feature of IEM’s … More

IBM BigFix for Managed Service Providers (MSPs)

IBM BigFix is popular with Managed Service Providers (MSPs) for it’s ability to manage hundreds of thousands of endpoints via a single multi-tennant architecture.  BigFix provides MSP’s the flexibility for either centralised or delegated administration models. Overall Architecture Bigfix is typically installed in a centralised architecture as show below.  A single Bigfix server is installed at the … More

Keep calm with IBM BigFix

It was recently reported that a Microsoft Windows and Office vulnerability was already being targeted by criminals.  If you search on Google for keywords such a Windows and zero day exploit, it’s interesting to summarise the respective web pages mentions: Windows – Approximately 7 Million web pages Mac – Approximately 500K web pages Linux – Approximately … More

Manage Amazon (AWS), Azure or IBM Cloud instances with IBM BigFix

IBM BigFix provides clients with the ability to manage hundreds of thousands of endpoints from a single console.  These can be a range of operating system types such as Windows, Linux, Apple Mac OSX and Unix.  Oh, don’t forget mobile devices too! You can install your BigFix environment with an relay running in your DMZ, … More

Using Trusted Certificates with IBM Endpoint Manager for Mobile Devices

IBM Endpoint Manager for Mobile Devices requires a certificate to manage iOS devices – through Apple’s Push Notification Service (APNS).  This APNS certificate allows the Management Extender to establish a secure, trusted channel of communication with the iOS devices.  This setup is straightforward and is detailed here.  Our MDM evaluators guide provides step by step instructions with screen … More

Setting up IBM Endpoint Manager, Software Usage Analysis (SUA) 2.0

I’d previously detailed how you can get up and running with IBM Endpoint Manager, Software Usage Analysis 1.3.   SUA 2.0 is a new release that extends IEM’s software analysis capabilities to Linux/Unix systems and more IBM software products.   The following article details the differences between 1.3 and 2.0 in more detail. In the following … More

Setting up IBM Endpoint Manager, Software Usage Analysis (SUA) 1.3

IBM Endpoint Manager Software Usage Analysis (otherwise known as IEM SUA) allows you to easily determine what software is deployed across your organisation and how actively it is being used on each computer.  With SUA you can easily determine whether you’re effectively using more expensive software such as Microsoft Project or Visio on all of … More