Embracing Workforce Transformation: Modern Endpoint Management with VMware Workspace ONE

So far in the first and second posts of my Digital Workspace blog series we’ve discussed the industry game changers that are driving organizations to adopt more modern endpoint management strategies. Now it’s time to dig into some of the technical challenges of supporting different operating systems and device ownership models and how we address that entire matrix with VMware Workspace ONE. Let’s start with Windows 10, one of the largest footprints in the device operating system space.

Windows 10 is Microsoft’s first truly mobile operating system designed to work across different form factor devices seamlessly. A new device management strategy is needed since these more mobile friendly form factors will roam inside and outside the corporate perimeter regularly. The mobile first, cloud first Windows 10 platform was re-engineered by Microsoft with new Enterprise Mobility Management (EMM) APIs that allow for management outside the traditional Active Directory, GPO style tools. To put it simply, Windows 10 enables IT departments to manage desktops like mobile devices.

Enterprise Mobility Management APIs allow IT departments to manage desktops like mobile devices

Traditional Endpoint Management Tasks

Let’s break down the top two traditional endpoint management tasks first to get a true appreciation of what these new APIs, in conjunction with tools like Workspace ONE, offer in terms of cost and time savings.

  • Imaging – Organizations develop specific OS images for different form factors and job roles, and these images must be maintained and updated regularly to stay current. As devices are deployed, IT is required to image the endpoint first. The provisioning process is time consuming and is  a “rip and replace” process.
  • Device Management – Once devices are deployed, they must be administered in some way by IT to stay within organization compliance policies and allow for future changes like software installation, etc. Nowadays, this is largely driven by Active Directory and group policy and requires devices check-in on a consistent basis with domain controllers on the organization’s local network. The enrollment of a device into Active Directory is an all-or-nothing management approach, which rules out end-users enrolling any personally owned devices. The need for regular check-in of devices to Active Directory creates headaches for IT as many devices may go “on the road” for weeks or months at a time.

Contrast just those two endpoint management tasks with modern management of Windows 10.

Benefits of Windows 10 Modern Management

  • Device enrollment and provisioning APIs in Windows 10 allows for devices to enroll from any network (corporate LAN or Internet-based) and receive provisioning packages, settings, applications, etc. and eliminates the need for a custom corporate image. Devices can be shipped directly to users and once opened, a simple and familiar out-of-box experience wizard is completed by the user, where the device is configured with the necessary customizations from IT. Time and cost spent creating, maintaining and deploying images and shipping the device between IT and the end user are reduced or eliminated.
  • Since Windows 10 is now truly a mobile operating system, devices can be enrolled with an organization not unlike traditional mobile device management solutions. These devices are in regular communication with the device management platform regardless of location (corporate LAN or Internet-based). This constant connection allows for near real-time management of device policies, profiles and application entitlements, eliminating the need for the device to check-in with domain controllers on the corporate LAN. Mobile OS platforms also recognize and respect the different levels of privacy needed for different models of device ownership and provide the end-user with peace of mind that corporate IT will not be able to access personal data on the device. Conversely, IT has full control over the organizational data that may live on the device, satisfying their requirements.
Devices can be shipped directly to the user, where they are taken through a simple out-of-the-box experience wizard

In Summary

These are just two examples of how Windows 10 has revolutionized end user computing, allowing for bring your own device models to become more of a reality for organizations and allowing employees the mobility and freedom they require. In addition to the operating system new APIs, a management framework is necessary to plug into these new modern management capabilities. This is where VMware Workspace ONE shines. Not only can Workspace ONE handle Windows 10 modern management, but it also can manage macOS, iOS, Android and Chromebook devices- meaning a single platform for all endpoint management. No more siloed tools for managing each use case, device ownership, form factor or operating system!

VMware Workspace ONE handles any operating system

WEBINAR – Deep Dive into VMware Workspace ONE:

About the author

End-User Compute Architect

Mike assists Candoris customers with strategy and solution implementations related to end-user computing. His experience with productivity solutions such as Microsoft 365, and device lifecycle management software like System Center Configuration Manager, enables him to help customers overcome the challenges of workforce transformation. Mike’s main areas of expertise are Microsoft Technologies, VMWare Workspace One, and Proofpoint Email Security. He has MCSA & MCSE certifications and holds a Computer Systems Specialist degree from YTI Career Institute.