UEM2205BE Get Up to Speed on Innovations in the Mobile Ecosystem: ios, macos, Android, and Chrome OS VMworld 2017 Content: Not for publication Sascha Warno #Vmworld #UEM2205BE
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. #UEM2205BE CONFIDENTIAL 2
Android in the Enterprise Provides Simple and Secure Options Across Use Cases
Android provides multiple layers of security to keep your device and data protected VMworld 2017 Management APIs EMM enforced policy controls Google Play Protect Always-on app analysis scanning and removal OS platform Complete platform security ensures device and data integrity Content: Not for publication Hardware Dedicated secure hardware elements carry out the most critical tasks #UEM2205BE CONFIDENTIAL 4
Setup in a Few Easy Steps #UEM2205BE CONFIDENTIAL 5
Streamlined App Management with Google Play Integration Direct integration with Google Play Store to search, approve and configure work apps in a single location Work app distribution through Google Play Store for single app catalog #UEM2205BE CONFIDENTIAL 6
Flexible Device Management Offers Choice for IT Deployment Management Personally-owned Bring your own device Work profile VMworld 2017 Business only use Work managed Company-owned Purpose built solutions Work managed Content: Not for publication #UEM2205BE CONFIDENTIAL 7
Deploy a Work Profile for Personal Devices Built-in to the Android operating system Visual separation of work and personal with badged icons VMworld 2017 Prevent sharing between work and personal apps and data User can see separate configurations for: Credentials Accounts Apps Security Content: Not for publication #UEM2205BE CONFIDENTIAL 8
Protect Data on Corporate Devices Deploy a work managed device for complete management of the entire device and advanced policy controls Flexible onboarding options: NFC QR Code Enter code for Google account #UEM2205BE CONFIDENTIAL 9
#VMworld #UEM2217BU
VMworld 2017 Android Enterprise for Purpose Built Deployments Create consistent experiences and centralize IT management to improve workflows and better serve users. Simple and consistent user experience Out-of-the-box enrollment Managed Google Play for internally developed or public apps Built-in mode to lock device to one apps Content: Not for publication Flexible Android enterprise deployment options AirWatch Launcher Remote management Advanced product provisioning Integration with OEM APIs (i.e., Zebra) #UEM2205BE CONFIDENTIAL 12
Android Native Single App Mode Locks device down into mode running one or a set of specific apps Admins can remotely control settings and app install/uninstall OTA Provisioning device is as simple as an NFC bump VMworld 2017 ROADMAP Content: Not for publication #UEM2205BE CONFIDENTIAL 13
Remotely Support and Troubleshoot with Advanced Remote Management VMworld 2017 Content: Not for Remotely connect to any device in seconds from the AirWatch Console View any device s screen in real-time, in it s skin, and control as if it were in your hand publication Access real-time device info Notify users when their screen is visible and enable them to pause a session #UEM2205BE CONFIDENTIAL 16
Innovations from Samsung Enable Productivity and Security from Anywhere VMworld 2017 Content: Not for publication
Samsung Galaxy S8 and Samsung DeX or New Samsung Galaxy class flagship device distribution Samsung DeX or Desktop Experience enables peripheral and full screen support DeX Station docks to peripherals: mouse, keyboard, monitor #UEM2205BE CONFIDENTIAL 20
VMware Workspace ONE Enables Access to All Apps on DeX VMworld 2017 Content: Not for Universal app catalog for cloud, mobile, web, and virtual Identity-based single sign-on for streamlined user experience publication Usage reporting and analytics #UEM2205BE CONFIDENTIAL 21
Firmware Challenges in the Enterprise Vulnerable to security breaches by staying on old OS for compatibility with mission-critical business apps Organizations need to test compatibility with new firmware to ensure apps are secure and functional ROADMAP Hard to manage various OS versions in IT environment by permitting denial of firmware updates by end users #UEM2205BE CONFIDENTIAL 22
Samsung E-FOTA Key Features Selective FOTA Time Control Forced Update Allows IT administrators to specify a specific OS firmware version to be deployed to their users Set time to update considering work time and business schedules Manage single mobile OS within enterprise ROADMAP #UEM2205BE CONFIDENTIAL 23
Chrome OS & VMware Enabling a Simple, Flexible and Secure Platform for the Enterprise
Together, VMware and Chrome Enable a Cloud First Organization Chrome Devices Chrome OS Speed Simplicity Shareability Chrome Enterprise Enterprise functionality and management APIs AirWatch UEM platform: manage every device Workspace ONE Digital workspace platform: deliver every app Horizon Virtual desktop & app platform: deliver every desktop Security 25
Deploy Device Policies to Chrome Devices VMworld 2017 Content: Not for Disable guest mode Restrict sign in to only your organization publication Enable ephemeral mode to remove all user data from the device when the user logs out 28
Deploy Policies Based on User VMworld 2017 Content: Not for Push Chrome extensions and Chrome and Android apps Configure settings for network and power URL access controls to blacklist and whitelist publication Allow the use of incognito mode Configure bookmarks and group them into relevant folders Setup single sign-on (SSO) #UEM2205BE CONFIDENTIAL 29
Turn Chrome Devices into a Kiosk or Digital Sign VMworld 2017 Lock devices into a secure environment for testing or use a Chromebit and extensions such as the Chrome sign builder to set up digital signage Content: Not for publication #UEM2205BE CONFIDENTIAL 30
End-to-End Security Protect your business with enterprise-grade security and data protection at the user, application, device and network level VMworld 2017 Security at every level, from bootup to shutdown, with full-disk encryption Conditional application access Secure one-click SSO with optional MFA Content: Not for publication Security certifications, including NIAP/CC, DISA STIG, FIPS, FedRamp
Enterprise Secure and Powerful Contextual Policy Management USER Policy Framework DATA DEVICE APP Integrates identity to create and enforce granular policies Mobile application management for ANY app without requiring wrapping for SDKs Access controls and DLP for comprehensive security protect apps and data in the cloud and on the device APP LOCATION #UEM2205BE CONFIDENTIAL 33
Workspace ONE: Improve Productivity for Employees with Simple App Access Access all applications including cloud, web, native Android, Chrome Apps and Windows apps and desktops from a unified location Consistent end user experience across platforms One place to go for all your business apps, optimized by device type One-touch mobile single sign-on using device trust Easy multi-factor authentication using any mobile device Privacy by design assures users that their personal apps and data remain invisible to IT #UEM2205BE CONFIDENTIAL 35
Horizon Makes Desktop and App Management Easy The ability to efficiently and cost-effectively deliver, manage and monitor virtual desktops and published applications to end users who may not need access to a full desktop. or Deliver Applications Manage Applications distribution Support for Windows and Linux DESKTOPS APPLICATIONS #UEM2205BE CONFIDENTIAL 36
VMware Provides Security and Flexible Options for Android and Chrome OS Deployments or distribution Android for BYOD, corporateliable and purpose-built solutions Samsung enabling business mobility to securely work from anywhere Management of fast, simple and secure Chrome OS devices 37
Apple MDM for the enterprise and the new Mac Management
Apple in the Enterprise Simple for IT Deployment program Supervision option Easy Onboarding Intuitive for end users Accessibility by design Privacy & Security Secure boot Privacy protection Apps ecosystem Layered approach #UEM2205BE CONFIDENTIAL 39
Updates from WWDC 2017 Simple for IT Add any ios 11, tvos 11 to DEP Apple School Manager Restrict system apps, VPN creation, Wi-Fi Software update delay Easy Onboarding Drag and Drop Customizable control center Files Multitasking Many more! Privacy & Security Enforcing ATS from 2018 Certificate pinning on macos Deprecating insecure ciphers RC4 and 3DES #UEM2205BE CONFIDENTIAL 40
VMware AirWatch Apple mobility partner #UEM2205BE CONFIDENTIAL 41
MDM DEP VPP ios tvos macos #UEM2205BE CONFIDENTIAL 42
MDM #UEM2205BE CONFIDENTIAL 43
Custom MDM Processor Custom Profiles Custom Commands Test new profiles/commands ZERO day in Beta Direct Communication on MDM channel API support for automation #UEM2205BE CONFIDENTIAL 44
DEP #UEM2205BE CONFIDENTIAL 45
I would like to use SAML authentication with DEP enrollment We use smart cards for authentication. How can we use DEP? VMworld 2017 Content: Not for My users do not have username or password to authenticate.. publication #UEM2205BE CONFIDENTIAL 46
Token Enrollment for DEP Username : Password : One-Time Token DEP Device #UEM2205BE CONFIDENTIAL 47
Token Enrollment for DEP Device Specific User Token General User Token #UEM2205BE CONFIDENTIAL 48
VPP #UEM2205BE CONFIDENTIAL 51
Volume Purchase Program Update Management Auto Update Per-app control Approved manual update and notification #UEM2205BE CONFIDENTIAL 52
Volume Purchase Program Flexible Deployment Deployment modes Flexible app config Flexible parameters Roadmap #UEM2205BE CONFIDENTIAL 53
ios #UEM2205BE CONFIDENTIAL 54
ios in Education Manage classes in Apple School Manager & Classroom 2.0 app VMworld 2017 Content: Not for publication Strong commitment to education Airwatch School Manager for employee trainings #UEM2205BE CONFIDENTIAL 55
tvos #UEM2205BE CONFIDENTIAL 56
tvos Management Device Enrollment Program Configuration management Application management #UEM2205BE CONFIDENTIAL 58
tvos Management Auto Advance Setup Device Enrollment Screens to Skip Program Ability to Supervise OTA Single App Mode Configuration Conference management Room Display Restrict AirPlay, Remote app usage Restart device, Set Device Name Manage Enterprise Applications Application management #UEM2205BE CONFIDENTIAL 59
Digital Signage #UEM2205BE CONFIDENTIAL 60
tvos Management Enroll and deploy Configure policies Manage application #UEM2205BE CONFIDENTIAL 61
Key Features Plays video on launch Loops infinitely Allows for airplay mirroring on top of the video Caches video for replay conserving network bandwidth #UEM2205BE CONFIDENTIAL 63
Available Open Source Replay-app-for-tvos https://github.com/vmware/replay-app-for-tvos #UEM2205BE CONFIDENTIAL 64
macos #UEM2205BE CONFIDENTIAL 65
Mac in the Enterprise 98% of current Mac owners said they planned for their next computer to be a Mac 17% QoQ growth in Mac shipments in 2Q17
2017 APFS Apple File System Modern file system Strong encryption Optimized file handling #UEM2205BE CONFIDENTIAL 67
2017 VMworld 2017 Content: Not for publication Imaging will be Challenging #UEM2205BE CONFIDENTIAL 68
Modern Management with DEP Streamlined Enrollment Out of the Box Management with customized setup assistant Policies & Account Creation Apply configuration policies and control the admin account creation Bootstrap Package Bootstrap enrollment process to deliver necessary tools needed for onboarding. #UEM2205BE CONFIDENTIAL 69
Bootstrap Package Baseline configuration Out-Of-The-Box making imaging obsolete VMworld 2017 Content: Not for Global scale deployment with CDN integration publication Expedited delivery for streamlined user experience #UEM2205BE CONFIDENTIAL 70
Bootstrap Package VMworld 2017 Content: Not for Sample packages and examples Available now publication https://code.vmware.com/samples Search for Bootstrap Package #UEM2205BE CONFIDENTIAL 71
Bootstrap Package Designed by Erik Gomez Pinterest
It s all about the apps Web Apps Virtual Apps App Store Apps Native Apps #UEM2205BE CONFIDENTIAL 73
macos Software Management Admin console Product provisioning Agent Hard to setup Update management is challenging No desired state management #UEM2205BE CONFIDENTIAL 74
macos Software Management ROADMAP Simplified Admin console Admin UI New Product Management provisioning Stack Robust AgentClient with Munki Hard to setup Update management is challenging No desired state management #UEM2205BE CONFIDENTIAL 75
ROADMAP
It s all about the apps Web Apps Virtual Apps App Store Apps Native Apps Workspace ONE #UEM2205BE CONFIDENTIAL 77
ROADMAP #UEM2205BE CONFIDENTIAL 78
Cloud-First, Modern macos Management and Security Transform the way you manage Macs simpler, secure, cost-effective! 1. MDM Modern Management Device and OS Lifecycle Management 2. Configuration Management APNs and AWCM Instant Push Configuration for Policies 3. OS Patch Management Force Patch Updates App Management and Delivery App Lifecycle Management 4. Software Management Native, Web and Virtual apps End-to-end Security Management 5. Client Health & Security Device Health Compliance Firewall and Firmware password Imageless Provisioning Asset Tracking & Inventory Configure Corporate SUS Self-Service Access & SSO FileVault Encryption
VMware AirWatch UEM for Mac Management Single tool for all endpoints with AirWatch Modern macos management without imaging! Workspace ONE experience for users App Gap - Solved #UEM2205BE CONFIDENTIAL 80