The Path to Modern Windows Software Distribution: Q&A with Adaptiva Founder & CTO Deepak Kumar

 Allgemein, Knowledge Base, Updates, VMware, VMware Partner, VMware Virtual Infrastructure, vSphere  Kommentare deaktiviert für The Path to Modern Windows Software Distribution: Q&A with Adaptiva Founder & CTO Deepak Kumar
Aug 232017
 

This blog was updated on May 22,2017, with the latest information about the Device Enrollment Program from Apple. Join the conversation on Twitter using #iOSinBusiness.

What is the Device Enrollment Program from Apple?

The Device Enrollment Program provides a fast, streamlined way to deploy your corporate-owned Mac, iOS or tvOS devices. With a mobile device management (MDM) and unified endpoint management solution like VMware AirWatch, IT can:

  • Customize device settings;
  • Activate and supervise devices over the air; and
  • Enable users to setup their own devices out of the box.

[Related: 27 Questions Answered about AirWatch & the Device Enrollment Program from Apple]

What IT challenges does the Device Enrollment Program help address?

The Device Enrollment Program solves several critical requirements for corporate-owned devices. First, organizations save time and money by eliminating high-touch processes for IT. DEP takes configuration time to zero. Deployment of corporate-owned devices with DEP means zero-touch configuration for IT, eliminates staging and automates device configuration.

Second, onboarding iOS or macOS devices is streamlined for users. Based on the settings IT configured, users are prompted through Setup Assistant (skipping through any unnecessary screens). Users only need to authenticate and don&#rsquo;t need to be tech savvy to get the content, apps and email they need on their smartphones.

Finally, supervising iOS devices over the air is possible with the DEP. With supervision, administrators have more control over the device and can disable features like AirDrop, the App Store and account modification. They can also enable features like password protection. Also, the MDM profile cannot be removed, which eliminates the possibility of un-enrollment to protect data and investments in devices and provides the best user experience possible.

What role does AirWatch play in Apple&#rsquo;s Device Enrollment Program?

To utilize the Device Enrollment Program, MDM capabilities like those part of VMware AirWatch are required. AirWatch integrates with the Device Enrollment Program, enabling organizations to automatically import devices in the console based on order history. Then, administrators can easily configure settings, apply profiles, assign applications and set restrictions that will apply automatically when users unbox devices.

[Related: iOS 10.3, tvOS 10.2 & macOS 10.12.4 Are Live! VMware AirWatch Has Your Mobile Business Covered]

How can I join the Device Enrollment Program from Apple?

First, enroll with Apple and register your organization&#rsquo;s information to create an account and designate your administrators. Next, configure your device settings and Setup Assistant steps in the AirWatch console. You then can ship devices directly to your users.

For more information, check out Apple&#rsquo;s Device Enrollment Program Guide.

What are the device requirements for the Apple Device Enrollment Program?

The devices must be corporate-owned and purchased directly from Apple or through participating Apple Authorized Resellers.*

*The Device Enrollment Program may not be supported by all Apple Authorized Resellers and carriers.

Where is the Device Enrollment Program available?

The Device Enrollment Program is available in 34 countries: Australia,Austria,Belgium,Brazil,Canada,Czech Republic,Denmark,Finland,France,Germany, Greece,Hong Kong,Hungary,India,Ireland,Italy,Japan,Luxembourg,Mexico,Netherlands, NewZealand,Norway,Poland,Portugal,Singapore,South Africa,Spain,Sweden,Switzerland, Taiwan,Turkey,United Arab Emirates,United Kingdom andUnitedStates.

What’s available for education with the Device Enrollment Program from Apple?

Both Apple and AirWatch give special consideration to unique education use cases. With Apple School Manager (ASM), Apple has delivered a central place for account creation, role definitions and content purchases. To support ASM, AirWatch designed a console section for education to setup mobile deployments and streamline management of teachers, students, classes, apps and more—whether you have a 1:1 or shared device deployment. After importing data from Apple School Manager, use AirWatch to:

  • Match devices with students or classes;
  • Assign applications (to users or devices); and
  • Configure the new Classroom application, allowing teachers to guide learning on iPads.

Students quickly choose the device with their photo displayed once their teacher has started the class.

Visit apple.com/business/dep/ and apple.com/education/it/ to learn more about the Device Enrollment Program.

 

The PCLM Revolution Will Not Be Televised. See It Live at VMworld

 Allgemein, Knowledge Base, Updates, VMware, VMware Partner, VMware Virtual Infrastructure, vSphere  Kommentare deaktiviert für The PCLM Revolution Will Not Be Televised. See It Live at VMworld
Aug 142017
 

This blog was updated on May 22,2017, with the latest information about the Device Enrollment Program from Apple. Join the conversation on Twitter using #iOSinBusiness.

What is the Device Enrollment Program from Apple?

The Device Enrollment Program provides a fast, streamlined way to deploy your corporate-owned Mac, iOS or tvOS devices. With a mobile device management (MDM) and unified endpoint management solution like VMware AirWatch, IT can:

  • Customize device settings;
  • Activate and supervise devices over the air; and
  • Enable users to setup their own devices out of the box.

[Related: 27 Questions Answered about AirWatch & the Device Enrollment Program from Apple]

What IT challenges does the Device Enrollment Program help address?

The Device Enrollment Program solves several critical requirements for corporate-owned devices. First, organizations save time and money by eliminating high-touch processes for IT. DEP takes configuration time to zero. Deployment of corporate-owned devices with DEP means zero-touch configuration for IT, eliminates staging and automates device configuration.

Second, onboarding iOS or macOS devices is streamlined for users. Based on the settings IT configured, users are prompted through Setup Assistant (skipping through any unnecessary screens). Users only need to authenticate and don&#rsquo;t need to be tech savvy to get the content, apps and email they need on their smartphones.

Finally, supervising iOS devices over the air is possible with the DEP. With supervision, administrators have more control over the device and can disable features like AirDrop, the App Store and account modification. They can also enable features like password protection. Also, the MDM profile cannot be removed, which eliminates the possibility of un-enrollment to protect data and investments in devices and provides the best user experience possible.

What role does AirWatch play in Apple&#rsquo;s Device Enrollment Program?

To utilize the Device Enrollment Program, MDM capabilities like those part of VMware AirWatch are required. AirWatch integrates with the Device Enrollment Program, enabling organizations to automatically import devices in the console based on order history. Then, administrators can easily configure settings, apply profiles, assign applications and set restrictions that will apply automatically when users unbox devices.

[Related: iOS 10.3, tvOS 10.2 & macOS 10.12.4 Are Live! VMware AirWatch Has Your Mobile Business Covered]

How can I join the Device Enrollment Program from Apple?

First, enroll with Apple and register your organization&#rsquo;s information to create an account and designate your administrators. Next, configure your device settings and Setup Assistant steps in the AirWatch console. You then can ship devices directly to your users.

For more information, check out Apple&#rsquo;s Device Enrollment Program Guide.

What are the device requirements for the Apple Device Enrollment Program?

The devices must be corporate-owned and purchased directly from Apple or through participating Apple Authorized Resellers.*

*The Device Enrollment Program may not be supported by all Apple Authorized Resellers and carriers.

Where is the Device Enrollment Program available?

The Device Enrollment Program is available in 34 countries: Australia,Austria,Belgium,Brazil,Canada,Czech Republic,Denmark,Finland,France,Germany, Greece,Hong Kong,Hungary,India,Ireland,Italy,Japan,Luxembourg,Mexico,Netherlands, NewZealand,Norway,Poland,Portugal,Singapore,South Africa,Spain,Sweden,Switzerland, Taiwan,Turkey,United Arab Emirates,United Kingdom andUnitedStates.

What’s available for education with the Device Enrollment Program from Apple?

Both Apple and AirWatch give special consideration to unique education use cases. With Apple School Manager (ASM), Apple has delivered a central place for account creation, role definitions and content purchases. To support ASM, AirWatch designed a console section for education to setup mobile deployments and streamline management of teachers, students, classes, apps and more—whether you have a 1:1 or shared device deployment. After importing data from Apple School Manager, use AirWatch to:

  • Match devices with students or classes;
  • Assign applications (to users or devices); and
  • Configure the new Classroom application, allowing teachers to guide learning on iPads.

Students quickly choose the device with their photo displayed once their teacher has started the class.

Visit apple.com/business/dep/ and apple.com/education/it/ to learn more about the Device Enrollment Program.

 

The Complete Itinerary for Windows 10 Enthusiasts at VMworld 2017

 Allgemein, Knowledge Base, Updates, VMware, VMware Partner, VMware Virtual Infrastructure, vSphere  Kommentare deaktiviert für The Complete Itinerary for Windows 10 Enthusiasts at VMworld 2017
Aug 092017
 

This blog was updated on May 22,2017, with the latest information about the Device Enrollment Program from Apple. Join the conversation on Twitter using #iOSinBusiness.

What is the Device Enrollment Program from Apple?

The Device Enrollment Program provides a fast, streamlined way to deploy your corporate-owned Mac, iOS or tvOS devices. With a mobile device management (MDM) and unified endpoint management solution like VMware AirWatch, IT can:

  • Customize device settings;
  • Activate and supervise devices over the air; and
  • Enable users to setup their own devices out of the box.

[Related: 27 Questions Answered about AirWatch & the Device Enrollment Program from Apple]

What IT challenges does the Device Enrollment Program help address?

The Device Enrollment Program solves several critical requirements for corporate-owned devices. First, organizations save time and money by eliminating high-touch processes for IT. DEP takes configuration time to zero. Deployment of corporate-owned devices with DEP means zero-touch configuration for IT, eliminates staging and automates device configuration.

Second, onboarding iOS or macOS devices is streamlined for users. Based on the settings IT configured, users are prompted through Setup Assistant (skipping through any unnecessary screens). Users only need to authenticate and don&#rsquo;t need to be tech savvy to get the content, apps and email they need on their smartphones.

Finally, supervising iOS devices over the air is possible with the DEP. With supervision, administrators have more control over the device and can disable features like AirDrop, the App Store and account modification. They can also enable features like password protection. Also, the MDM profile cannot be removed, which eliminates the possibility of un-enrollment to protect data and investments in devices and provides the best user experience possible.

What role does AirWatch play in Apple&#rsquo;s Device Enrollment Program?

To utilize the Device Enrollment Program, MDM capabilities like those part of VMware AirWatch are required. AirWatch integrates with the Device Enrollment Program, enabling organizations to automatically import devices in the console based on order history. Then, administrators can easily configure settings, apply profiles, assign applications and set restrictions that will apply automatically when users unbox devices.

[Related: iOS 10.3, tvOS 10.2 & macOS 10.12.4 Are Live! VMware AirWatch Has Your Mobile Business Covered]

How can I join the Device Enrollment Program from Apple?

First, enroll with Apple and register your organization&#rsquo;s information to create an account and designate your administrators. Next, configure your device settings and Setup Assistant steps in the AirWatch console. You then can ship devices directly to your users.

For more information, check out Apple&#rsquo;s Device Enrollment Program Guide.

What are the device requirements for the Apple Device Enrollment Program?

The devices must be corporate-owned and purchased directly from Apple or through participating Apple Authorized Resellers.*

*The Device Enrollment Program may not be supported by all Apple Authorized Resellers and carriers.

Where is the Device Enrollment Program available?

The Device Enrollment Program is available in 34 countries: Australia,Austria,Belgium,Brazil,Canada,Czech Republic,Denmark,Finland,France,Germany, Greece,Hong Kong,Hungary,India,Ireland,Italy,Japan,Luxembourg,Mexico,Netherlands, NewZealand,Norway,Poland,Portugal,Singapore,South Africa,Spain,Sweden,Switzerland, Taiwan,Turkey,United Arab Emirates,United Kingdom andUnitedStates.

What’s available for education with the Device Enrollment Program from Apple?

Both Apple and AirWatch give special consideration to unique education use cases. With Apple School Manager (ASM), Apple has delivered a central place for account creation, role definitions and content purchases. To support ASM, AirWatch designed a console section for education to setup mobile deployments and streamline management of teachers, students, classes, apps and more—whether you have a 1:1 or shared device deployment. After importing data from Apple School Manager, use AirWatch to:

  • Match devices with students or classes;
  • Assign applications (to users or devices); and
  • Configure the new Classroom application, allowing teachers to guide learning on iPads.

Students quickly choose the device with their photo displayed once their teacher has started the class.

Visit apple.com/business/dep/ and apple.com/education/it/ to learn more about the Device Enrollment Program.

 

VMware Horizon Cloud comes to Microsoft Azure

 Allgemein, Cloud, Knowledge Base, Updates, VMware, VMware Partner, VMware Virtual Infrastructure, vSphere  Kommentare deaktiviert für VMware Horizon Cloud comes to Microsoft Azure
Aug 072017
 

At VMware, we&#rsquo;ve always been intent on giving our customers as many options and as much flexibility as possible when it comes to their IT environment.

Our latest commitment to that cause, is delivering VMware Horizon Cloud on Microsoft Azure, helping our customers to bring VMware virtual desktops and applications to the increasing global presence of Microsoft Azure in the enterprise, which is now available in 38 regions globally.

Bringing together one of the fastest growing Infrastructure-as-a-Service (IaaS) providers with the industry&#rsquo;s leading app and desktop cloud services offering gives our customers several infrastructure options with the flexibility to move between different platforms – all part of our cross-cloud strategy.

But what does this all mean?
Well, customers can now connect Azure IaaS to Horizon Cloud to deliver and manage Horizon virtual desktops and applications. This is ideal for organisations with an Azure subscription, but also for customers that want the flexibility to switch their deployment options from other public cloud services if use cases change, employees move or economics shift – thanks to Horizon Cloud&#rsquo;s ability to use a single cloud control plane. The VMware and Microsoft integration can also help our customers accelerate their move to Windows 10.

As ever, our solutions provide customers with options. In fact, only Horizon Cloud offers this flexible scale-out of virtual desktops and applications. For example, it can offer fully managed public cloud infrastructure for those companies looking to outsource management of infrastructure to the cloud for a desktop-as-a-service experience, or it can offer bring your own on-premises infrastructure with Hyper-converged Infrastructure appliances for those organisations that want greater control over their virtual desktop infrastructure – particularly those with tight security or performance requirements.

VMware continues to innovate and cater for all of our customers&#rsquo; needs.

We expect VMware Horizon Cloud on Microsoft Azure to be available in the second half of 2017.

9 New VMware AirWatch Code Samples for Windows 10 Management

 Allgemein, Knowledge Base, Updates, VMware, VMware Partner, VMware Virtual Infrastructure, vSphere  Kommentare deaktiviert für 9 New VMware AirWatch Code Samples for Windows 10 Management
Jul 192017
 

This blog was updated on May 22,2017, with the latest information about the Device Enrollment Program from Apple. Join the conversation on Twitter using #iOSinBusiness.

What is the Device Enrollment Program from Apple?

The Device Enrollment Program provides a fast, streamlined way to deploy your corporate-owned Mac, iOS or tvOS devices. With a mobile device management (MDM) and unified endpoint management solution like VMware AirWatch, IT can:

  • Customize device settings;
  • Activate and supervise devices over the air; and
  • Enable users to setup their own devices out of the box.

[Related: 27 Questions Answered about AirWatch & the Device Enrollment Program from Apple]

What IT challenges does the Device Enrollment Program help address?

The Device Enrollment Program solves several critical requirements for corporate-owned devices. First, organizations save time and money by eliminating high-touch processes for IT. DEP takes configuration time to zero. Deployment of corporate-owned devices with DEP means zero-touch configuration for IT, eliminates staging and automates device configuration.

Second, onboarding iOS or macOS devices is streamlined for users. Based on the settings IT configured, users are prompted through Setup Assistant (skipping through any unnecessary screens). Users only need to authenticate and don&#rsquo;t need to be tech savvy to get the content, apps and email they need on their smartphones.

Finally, supervising iOS devices over the air is possible with the DEP. With supervision, administrators have more control over the device and can disable features like AirDrop, the App Store and account modification. They can also enable features like password protection. Also, the MDM profile cannot be removed, which eliminates the possibility of un-enrollment to protect data and investments in devices and provides the best user experience possible.

What role does AirWatch play in Apple&#rsquo;s Device Enrollment Program?

To utilize the Device Enrollment Program, MDM capabilities like those part of VMware AirWatch are required. AirWatch integrates with the Device Enrollment Program, enabling organizations to automatically import devices in the console based on order history. Then, administrators can easily configure settings, apply profiles, assign applications and set restrictions that will apply automatically when users unbox devices.

[Related: iOS 10.3, tvOS 10.2 & macOS 10.12.4 Are Live! VMware AirWatch Has Your Mobile Business Covered]

How can I join the Device Enrollment Program from Apple?

First, enroll with Apple and register your organization&#rsquo;s information to create an account and designate your administrators. Next, configure your device settings and Setup Assistant steps in the AirWatch console. You then can ship devices directly to your users.

For more information, check out Apple&#rsquo;s Device Enrollment Program Guide.

What are the device requirements for the Apple Device Enrollment Program?

The devices must be corporate-owned and purchased directly from Apple or through participating Apple Authorized Resellers.*

*The Device Enrollment Program may not be supported by all Apple Authorized Resellers and carriers.

Where is the Device Enrollment Program available?

The Device Enrollment Program is available in 34 countries: Australia,Austria,Belgium,Brazil,Canada,Czech Republic,Denmark,Finland,France,Germany, Greece,Hong Kong,Hungary,India,Ireland,Italy,Japan,Luxembourg,Mexico,Netherlands, NewZealand,Norway,Poland,Portugal,Singapore,South Africa,Spain,Sweden,Switzerland, Taiwan,Turkey,United Arab Emirates,United Kingdom andUnitedStates.

What’s available for education with the Device Enrollment Program from Apple?

Both Apple and AirWatch give special consideration to unique education use cases. With Apple School Manager (ASM), Apple has delivered a central place for account creation, role definitions and content purchases. To support ASM, AirWatch designed a console section for education to setup mobile deployments and streamline management of teachers, students, classes, apps and more—whether you have a 1:1 or shared device deployment. After importing data from Apple School Manager, use AirWatch to:

  • Match devices with students or classes;
  • Assign applications (to users or devices); and
  • Configure the new Classroom application, allowing teachers to guide learning on iPads.

Students quickly choose the device with their photo displayed once their teacher has started the class.

Visit apple.com/business/dep/ and apple.com/education/it/ to learn more about the Device Enrollment Program.

 

5 New EMM How-To Guides for AirWatch Admins

 Allgemein, Knowledge Base, Updates, VMware, VMware Partner, VMware Virtual Infrastructure, vSphere  Kommentare deaktiviert für 5 New EMM How-To Guides for AirWatch Admins
Jun 202017
 

This blog was updated on May 22,2017, with the latest information about the Device Enrollment Program from Apple. Join the conversation on Twitter using #iOSinBusiness.

What is the Device Enrollment Program from Apple?

The Device Enrollment Program provides a fast, streamlined way to deploy your corporate-owned Mac, iOS or tvOS devices. With a mobile device management (MDM) and unified endpoint management solution like VMware AirWatch, IT can:

  • Customize device settings;
  • Activate and supervise devices over the air; and
  • Enable users to setup their own devices out of the box.

[Related: 27 Questions Answered about AirWatch & the Device Enrollment Program from Apple]

What IT challenges does the Device Enrollment Program help address?

The Device Enrollment Program solves several critical requirements for corporate-owned devices. First, organizations save time and money by eliminating high-touch processes for IT. DEP takes configuration time to zero. Deployment of corporate-owned devices with DEP means zero-touch configuration for IT, eliminates staging and automates device configuration.

Second, onboarding iOS or macOS devices is streamlined for users. Based on the settings IT configured, users are prompted through Setup Assistant (skipping through any unnecessary screens). Users only need to authenticate and don&#rsquo;t need to be tech savvy to get the content, apps and email they need on their smartphones.

Finally, supervising iOS devices over the air is possible with the DEP. With supervision, administrators have more control over the device and can disable features like AirDrop, the App Store and account modification. They can also enable features like password protection. Also, the MDM profile cannot be removed, which eliminates the possibility of un-enrollment to protect data and investments in devices and provides the best user experience possible.

What role does AirWatch play in Apple&#rsquo;s Device Enrollment Program?

To utilize the Device Enrollment Program, MDM capabilities like those part of VMware AirWatch are required. AirWatch integrates with the Device Enrollment Program, enabling organizations to automatically import devices in the console based on order history. Then, administrators can easily configure settings, apply profiles, assign applications and set restrictions that will apply automatically when users unbox devices.

[Related: iOS 10.3, tvOS 10.2 & macOS 10.12.4 Are Live! VMware AirWatch Has Your Mobile Business Covered]

How can I join the Device Enrollment Program from Apple?

First, enroll with Apple and register your organization&#rsquo;s information to create an account and designate your administrators. Next, configure your device settings and Setup Assistant steps in the AirWatch console. You then can ship devices directly to your users.

For more information, check out Apple&#rsquo;s Device Enrollment Program Guide.

What are the device requirements for the Apple Device Enrollment Program?

The devices must be corporate-owned and purchased directly from Apple or through participating Apple Authorized Resellers.*

*The Device Enrollment Program may not be supported by all Apple Authorized Resellers and carriers.

Where is the Device Enrollment Program available?

The Device Enrollment Program is available in 34 countries: Australia,Austria,Belgium,Brazil,Canada,Czech Republic,Denmark,Finland,France,Germany, Greece,Hong Kong,Hungary,India,Ireland,Italy,Japan,Luxembourg,Mexico,Netherlands, NewZealand,Norway,Poland,Portugal,Singapore,South Africa,Spain,Sweden,Switzerland, Taiwan,Turkey,United Arab Emirates,United Kingdom andUnitedStates.

What’s available for education with the Device Enrollment Program from Apple?

Both Apple and AirWatch give special consideration to unique education use cases. With Apple School Manager (ASM), Apple has delivered a central place for account creation, role definitions and content purchases. To support ASM, AirWatch designed a console section for education to setup mobile deployments and streamline management of teachers, students, classes, apps and more—whether you have a 1:1 or shared device deployment. After importing data from Apple School Manager, use AirWatch to:

  • Match devices with students or classes;
  • Assign applications (to users or devices); and
  • Configure the new Classroom application, allowing teachers to guide learning on iPads.

Students quickly choose the device with their photo displayed once their teacher has started the class.

Visit apple.com/business/dep/ and apple.com/education/it/ to learn more about the Device Enrollment Program.

 

WannaCry Fallout: Implement ‘Least Privilege’ Now

 Allgemein, Knowledge Base, Updates, VMware, VMware Partner, VMware Virtual Infrastructure, vSphere  Kommentare deaktiviert für WannaCry Fallout: Implement ‘Least Privilege’ Now
Jun 082017
 
Co-Author: Sisimon Soman is a senior member of the technical staff for VMware EUC, responsible for VMware User Environment Manager R&D. Having worked at Bromium, Citrix, EMC and others, he is well versed in end-user security and threat remediation.

It&#rsquo;s been a few weeks since WannaCry ransomware captured headlines and computers the world over. We now know how it spread, and how it captured so many Windows 7 machines.

The WannaCry (also known as WannaCryptor) attack was first reported on May 12 and spread to more than 230,000 computers in over 150 nations. Attackers used strong encryption to render captured computers useless without the correct unlock keys. Additionally, there are reports that victims could not decrypt their files even after paying the ransom.

WannaCry&#rsquo;s ransomware component of the payload works just like other ransomware; it searches for files with specified extensions and encrypts them. But its worm component is different, and it uses an Server Message Block (SMB) v1 vulnerability (CVE-2017-0144) to spread.

Microsoft released a security update (MS17-010) to fix this vulnerability on March 14, 2017. This March-to-May windowdemonstrates that even if OEM manufacturers respond in a timely manner to exploits, often, the weak link is the end user failing to apply the required patch.

At VMware, we believe there&#rsquo;s another way. If computers and networks are intelligently locked down, then end-user tardiness may be temporarily mitigated.

Technical Details

After the infection, the malware dropper code attempts to connect to the below URL using InternetOpenA() WinInet API and exits if the connection is successful. We therefore recommend that you allow this traffic through your filters in order to stop the malware activity.

www [dot] iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea [dot] com

Next, the dropper installs and starts a service named mssecsvc2.0, which in turn, drops the payload &#lsquo;C:\WINDOWS\tasksche.exe&#rsquo; and executes it. Prior to copying the payload, dropper renames the existing tasksche.exe.

The worm component scans all internal and external endpoints, and exploits the SMB v1 vulnerability to spread. The ransomware component searches files with specified extensions (Microsoft research shows 178 file types) and encrypts them.

Attack Vectors

According to Microsoft there are two highly likely scenarios used by WannaCry:

  1. SMB vulnerability
  2. Social engineering

It is not easy to exploit the SMB vulnerability from outside an organization because of the multiple layers of protection (firewalls, multi-tiered DMZ, etc.) commonlydeployed. It&#rsquo;s often easier to trick a user into clicking and launching malware using social engineering and phishing techniques.

After this initial infection within the organization, it can then use the SMB vulnerability to spread inside. Our analysis shows that this initial attack vector, using social engineering, can be prevented by enforcing the principle of “least privilege.”

As part of infecting an endpoint, WannaCry performs the following actions:

  1. Drops a payload to the C:\WINDOWS directory
  2. Creates / updates several HKLM keys including ‘Run’ key
  3. Creates a service

When a user inadvertently clicks on a malware attachment in an environment where they do not have local admin privileges or elevated permissions to system folders and the HKLM registry hive, the process does not have the ability to drop and execute its payload.

In other words, if computers and networks are intelligently locked down, then malware struggles to propagate. Although the SMB vulnerability vector does not require any user action, the social engineering vector does, and the principle of least privilege could potentially prevent infection. The United States Computer Emergency Readiness Team(US-CERT) mentions the principle of least privilege as one of their recommended steps for preventing attacks like this.

Removing Users’ Admin Rights

Part of the answer to attacks like WannaCry is to simply remove admin rights from end users. However, that&#rsquo;s not as straightforward as it may sound. There are a couple of reasons why enterprises continue to provide local admin access to user accounts:

  1. Legacy applications (vendor and in-house written) update files and sub-folders in system and program files directories instead of writing to user data folders. Some of them also update HKLM locations instead of HKCU.
  2. Users need to install applications.

Balancing Least Privilege & User Empowerment

Very few users are happy with a totally locked down PC. There&#rsquo;s often a case for a user patching software, or installing something that is outside of a corporation&#rsquo;s standard image in order to be more productive at their job.

What is needed is a smart management system, that allows for the flexible application of admin rights in a policy-controlled way. Many vendors offer such a system. VMware&#rsquo;s answer is VMware User Environment Manager. (Clearly, we believe our technology is better than that of our competitors, but for the sake of computers everywhere, please investigate deploying such a solution.)

It is precisely for handling the use cases mentioned above—whilst maintaining the principle of least privilege—that we recently announced the ability to configure privilege elevation for applications in our newest release of User Environment Manager 9.2. You can remove the administrator privilege from domain users and still allow users to start certain applications as administrators.

[Read more: Introducing VMware User Environment Manager 9.2 with Privilege Elevation]

Additionally, if your internal network is completely open, we strongly encourage you to consider micro-segmentation to help arrest the spread of infections should your perimeter defenses prove insufficient.

[Read more: Use a Zero Trust Approach to Protect Against WannaCry]

VMware is committed to help IT secure interactions between users, applications and data, in an environment that is changing and becoming increasingly dynamic—from public and private multi-cloud environments to the proliferation of mobile devices. Read more about our approach to transforming security, or download a free trial of User Environment Manager and experience policy-controlled least privilege yourself.

References:

  1. https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/
  2. https://www.us-cert.gov/ncas/alerts/TA17-132A

The post WannaCry Fallout: Implement &#lsquo;Least Privilege&#rsquo; Now appeared first on VMware End-User Computing Blog.

The Latest Mobile News on Apple, Android & Windows 10

 Allgemein, Knowledge Base, Updates, VMware, VMware Partner, VMware Virtual Infrastructure, vSphere  Kommentare deaktiviert für The Latest Mobile News on Apple, Android & Windows 10
Mai 262017
 

This blog was updated on May 22,2017, with the latest information about the Device Enrollment Program from Apple. Join the conversation on Twitter using #iOSinBusiness.

What is the Device Enrollment Program from Apple?

The Device Enrollment Program provides a fast, streamlined way to deploy your corporate-owned Mac, iOS or tvOS devices. With a mobile device management (MDM) and unified endpoint management solution like VMware AirWatch, IT can:

  • Customize device settings;
  • Activate and supervise devices over the air; and
  • Enable users to setup their own devices out of the box.

[Related: 27 Questions Answered about AirWatch & the Device Enrollment Program from Apple]

What IT challenges does the Device Enrollment Program help address?

The Device Enrollment Program solves several critical requirements for corporate-owned devices. First, organizations save time and money by eliminating high-touch processes for IT. DEP takes configuration time to zero. Deployment of corporate-owned devices with DEP means zero-touch configuration for IT, eliminates staging and automates device configuration.

Second, onboarding iOS or macOS devices is streamlined for users. Based on the settings IT configured, users are prompted through Setup Assistant (skipping through any unnecessary screens). Users only need to authenticate and don&#rsquo;t need to be tech savvy to get the content, apps and email they need on their smartphones.

Finally, supervising iOS devices over the air is possible with the DEP. With supervision, administrators have more control over the device and can disable features like AirDrop, the App Store and account modification. They can also enable features like password protection. Also, the MDM profile cannot be removed, which eliminates the possibility of un-enrollment to protect data and investments in devices and provides the best user experience possible.

What role does AirWatch play in Apple&#rsquo;s Device Enrollment Program?

To utilize the Device Enrollment Program, MDM capabilities like those part of VMware AirWatch are required. AirWatch integrates with the Device Enrollment Program, enabling organizations to automatically import devices in the console based on order history. Then, administrators can easily configure settings, apply profiles, assign applications and set restrictions that will apply automatically when users unbox devices.

[Related: iOS 10.3, tvOS 10.2 & macOS 10.12.4 Are Live! VMware AirWatch Has Your Mobile Business Covered]

How can I join the Device Enrollment Program from Apple?

First, enroll with Apple and register your organization&#rsquo;s information to create an account and designate your administrators. Next, configure your device settings and Setup Assistant steps in the AirWatch console. You then can ship devices directly to your users.

For more information, check out Apple&#rsquo;s Device Enrollment Program Guide.

What are the device requirements for the Apple Device Enrollment Program?

The devices must be corporate-owned and purchased directly from Apple or through participating Apple Authorized Resellers.*

*The Device Enrollment Program may not be supported by all Apple Authorized Resellers and carriers.

Where is the Device Enrollment Program available?

The Device Enrollment Program is available in 34 countries: Australia,Austria,Belgium,Brazil,Canada,Czech Republic,Denmark,Finland,France,Germany, Greece,Hong Kong,Hungary,India,Ireland,Italy,Japan,Luxembourg,Mexico,Netherlands, NewZealand,Norway,Poland,Portugal,Singapore,South Africa,Spain,Sweden,Switzerland, Taiwan,Turkey,United Arab Emirates,United Kingdom andUnitedStates.

What’s available for education with the Device Enrollment Program from Apple?

Both Apple and AirWatch give special consideration to unique education use cases. With Apple School Manager (ASM), Apple has delivered a central place for account creation, role definitions and content purchases. To support ASM, AirWatch designed a console section for education to setup mobile deployments and streamline management of teachers, students, classes, apps and more—whether you have a 1:1 or shared device deployment. After importing data from Apple School Manager, use AirWatch to:

  • Match devices with students or classes;
  • Assign applications (to users or devices); and
  • Configure the new Classroom application, allowing teachers to guide learning on iPads.

Students quickly choose the device with their photo displayed once their teacher has started the class.

Visit apple.com/business/dep/ and apple.com/education/it/ to learn more about the Device Enrollment Program.

 

What Happens at Dell EMC World—Gets Shared in Top Mobile News!

 Allgemein, Knowledge Base, Updates, VMware, VMware Partner, VMware Virtual Infrastructure, vSphere  Kommentare deaktiviert für What Happens at Dell EMC World—Gets Shared in Top Mobile News!
Mai 122017
 
VMware, Dell and you. Minimize user downtime. Reduce admin overhead. Align with compliance and IT security policies. That&#rsquo;s how you win with our big Dell EMC World announcement: The integration of VMware AirWatch and Dell Client Command systems management tools. Get all the details here on the evolution of our unified endpoint management (UEM) solution. […]]> VMware, Dell and you.

Minimize user downtime. Reduce admin overhead. Align with compliance and IT security policies.

That&#rsquo;s how you win with our big Dell EMC World announcement: The integration of VMware AirWatch and Dell Client Command systems management tools. Get all the details here on the evolution of our unified endpoint management (UEM) solution.

Windows 10 expert Aditya Kunduri talks about complete Dell PC management with AirWatch at Dell EMC World.

Use Oracle? Read this!

Through one platform, with access to advanced security features, you can now manage and secure hundreds of Oracle enterprise apps—and custom apps built on Oracle Mobile Cloud Service (OMCS). Our partnership with Oracle lends the simplicity and security of AirWatch and VMware Workspace ONE to one of the most common enterprise app names in the Apple App Store.

Enterprise IoT becomes reality.

We also announced a new way to get Internet of Things (IoT) projects off the ground. VMware Pulse IoT Center is designed to be the &#rsquo;nervous system for enterprise IoT,&#rdquo; said PCWorld, with AirWatch to manage devices and VMware vRealize Operations to monitor infrastructure.

IoT devices must be connected, secured and managed, said VMware CEO Pat Gelsinger on stage at Dell EMC World.

Quote of the Week

&#rsquo;In a couple years, you&#rsquo;re going to be talking to your refrigerator. You&#rsquo;re going to look crazy talking to it, but you are going to be talking to your refrigerator, your Alexa, your TV and so on … Enterprises have to be consumer-like … You and I are going to come and talk to things at work and expect it to talk back.&#rdquo;
—Bask Iyer, CIO of VMware and Dell, with theCUBE at Dell EMC World 2017

We&#rsquo;re putting Google to work.

Deploying and managing Android devices? See how much faster you can do it all with VMware AirWatch 9.1 in these five Android management GIFS.

Plus, with AirWatch 9.1, you can choose from new enrollment workflows for Android enterprise devices. Here&#rsquo;s your guide to Android enterprise enrollment.

Can Android do that?

Can you set up Android work managed devices without ever touching them? What about Windows 10—can you remotely wipe Windows 10 laptops?

These are some of the top questions IT pros asked during our AirWatch 9.1 webinar. Find out the answers here.

2 more reasons to update Windows 10:

1) Microsoft ended support this week for the very first version of Windows 10 (1507).

2) The next major update enables you to seamlessly switch from PC to smartphone. With the Windows 10 Fall Creators Update, announced this week at Microsoft Build 2017, you&#rsquo;ll be able to pick up where you left off on Windows, iOS and Android devices and copy from a PC and paste to a mobile device.

Get schooled:

  • Midwest Management Summit (MMS), May 15–18at Mall of America
  • VMware SociaLabs, Introduction to Mobile Device Management (MDM) with AirWatch May 23 (San Diego), June 6 (Reston) & June 20 (Halifax)
  • Boston Summer VMUG UserCon, June 1
  • Unlocking Mobility with Derived Credentials & AirWatch, June 23 online
  • VMworld 2017, Aug. 27–31 in Vegas

VMware AirWatch 9.1: Your Top 12 Questions Answered

 Allgemein, Knowledge Base, Updates, VMware, VMware Partner, VMware Virtual Infrastructure, vSphere  Kommentare deaktiviert für VMware AirWatch 9.1: Your Top 12 Questions Answered
Mai 102017
 
Our recent VMware AirWatch 9.1 webinar explored new capabilities introduced in our most recent release. Thank you to everyone who was able to join us for the live event. If you were not able to join live, check out the replay here. Due to time constraints, we did not get to all of your questions […]]> Our recent VMware AirWatch 9.1 webinar explored new capabilities introduced in our most recent release. Thank you to everyone who was able to join us for the live event. If you were not able to join live, check out the replay here.

Due to time constraints, we did not get to all of your questions during the live event. We compiled answers to the top 12 questions on the 9.1 release that we missed during the webinar on topics like:

  • Android Enterprise
  • Apple
  • Windows 10
  • VMware Boxer Productivity App

Did we missing the answer to your question? Add it to the comments below, and one of our amazing experts will provide the answer.

AirWatch 9.1 & Android

1. When opening a work app, can we set the Android passcode requirement to only exist if no device passcode is present? It would be nice to avoid a user having to enter an app passcode if they also have a passcode to unlock their device.

The Android operating system (OS) looks at the complexity of the passcode already on the device. If the device passcode set by the end user is of equal or greater complexity than the work security challenge, the end user is not asked to type in a work security challenge. If the device passcode does not meet the required complexity, Android prompts the end user for a passcode to access managed work apps. In other words, the user will have separate passcodes for the device and managed work apps.

2. What is the benefit of using Android work managed rather than the work profile? Do you have to touch each device to set up work managed?

Deploying a work-managed Android device creates a truly corporate device by removing any personal apps or data on the device. This gives the administrator the ability to manage the entire device. A device with a work profile will still have personal apps and data on the device. The admin can only manage the business apps and data.

With the latest enhancements, admins do not need to touch each device to make them work managed. End users can enter afw#airwatch when prompted for a Google account or scan a QR code to begin the onboarding process.

[Related: Bring Android to Work with the Latest Enhancements]

AirWatch 9.1 & Apple

3. Can AirWatch auto-update applications deployed via integration with Apple’s Volume Purchase Program (VPP)?

Yes. We enable automatic updates of VPP applications with device-based license assignments in the device-based method of the managed distribution process. Admins enable AirWatch to automatically query the Apple App Store for updates or manually push updates through the console.

4. Do you need an application to manage Apple TVs?

There is no AirWatch Agent or management application required to manage Apple TVs, but you can enroll tvOS 10.2 via the Apple Device Enrollment Program (DEP).

5. For DEP-enabled iOS devices, is there a way to silently publish the AirWatch Agent to be transparent to users’ devices? I would like to avoid users having to download the AirWatch Agent themselves.

Yes, the standard way to publish the AirWatch Agent to DEP devices is by purchasing the application through Apple VPP. Admins then enable the app in the AirWatch console for Device-Based Licensing. Finally, admins auto-assign the app to devices via an assignment group. This will deliver the AirWatch Agent to the device without the need for the user to have an Apple ID.

[Related: iOS 10.3, tvOS 10.2 & macOS 10.12.4 Are Live! VMware AirWatch Has Your Mobile Business Covered]

AirWatch 9.1 & Windows 10

6. Can I use AirWatch to remote wipe laptops running Windows 10?

Yes, you can use AirWatch to remote wipe a laptop device running Windows 10—on or off the corporate network.

7. Do the Windows patching features require VMware Workspace ONE?

Patch management is available in Workspace ONE standard, advanced and enterprise editions. Patching is also available for organizations with traditional AirWatch blue, green and orange suites.

8. Can you manage apps or have a custom store on Windows 10?

Yes, AirWatch provides application management capability across both Windows Store and native Win32 apps. With the Workspace ONE app catalog, admins provision users with a custom enterprise store for self-service and single sign-on (SSO) access to all work apps, including Windows Store, Win32, remote, SaaS and internal web apps.

[Related: What&#rsquo;s New for Windows 10 Management with AirWatch 9.1]

Boxer Productivity App

9. Can you deploy SMIME certificates to Boxer on Android and iOS?

You can deploy SMIME certificates by pushing APIs in AirWatch Console 9.0+. You can also push through the self-service portal, as well as on an as-needed basis through certificate distribution via email attachments.

10. For the Boxer email app, what is the total size limit for emails, including body, headers and attachments?

Boxer does not enforce any size limitations. Exchange configures this on the backend.

11. What systems does the Boxer Classifications Markings approach support?

Our Classification Markings approach integrates with the built-in Exchange transport rules. We can also integrate with Titus, Boldon James and JanusNET.

12. Does Boxer support plain text, signed, encrypted and signed-and-encrypted messages?

Yes, Boxer supports all of these types of messages.

[Related: Productivity Apps Spotlight: Updates for VMware Boxer, Content Locker, Browser & Socialcast]

Additional Information

Want to learn more about AirWatch 9.1? Many more details are available in myAirWatch or through your account manager.

For more information about the AirWatch solutions mentioned in this blog:

  • Read our AirWatch 9.1 announcement blog.
  • Watch the webinar replay.
  • Contact us via email, chat or phone.
  • Try AirWatch free for 30 days.

Dell & VMware Extend PC Management to the Firmware

 Allgemein, Knowledge Base, Updates, VMware, VMware Partner, VMware Virtual Infrastructure, vSphere  Kommentare deaktiviert für Dell & VMware Extend PC Management to the Firmware
Mai 092017
 
Greetings from #DellEMCWorld in Las Vegas, where all of the Dell Technologies brands have come together on one stage. These are not only exciting times for us, but also for our mutual customers embarking on their digital transformation journey. Customers are now seeing the collective strength of the Dell Technologies portfolio come to market—and see […]]> Greetings from #DellEMCWorld in Las Vegas, where all of the Dell Technologies brands have come together on one stage. These are not only exciting times for us, but also for our mutual customers embarking on their digital transformation journey. Customers are now seeing the collective strength of the Dell Technologies portfolio come to market—and see how possibilities are turned to reality.

In today&#rsquo;s keynote, VMware CEO Pat Gelsinger spoke about the constantly expanding partnership between VMware and Dell. One such example is the integration of our industry-leading solutions VMware AirWatch and Dell Client Command systems management tools. AirWatch is a key component of VMware Workspace ONE, an industry leading platform that enables our IT customers to empower their workforce to securely bring the technology of their choice (devices and apps) at the pace and cost the business needs.

The integration extends AirWatch management and remediation capabilities to the system firmware or BIOS. This is another significant proof point of AirWatch&#rsquo;s evolution from enterprise mobility management (EMM) to a unified endpoint management (UEM) solution that goes beyond managing mobile devices to comprehensive Windows 10 and desktop management. At VMware, we see this as just the beginning of a long-term strategy to integrate our digital workspace solutions with Dell devices.

Extending PC Management to the BIOS

Windows devices have many system attributes that IT admins may want to monitor and manage. Typical client management tools allow admins to take actions in the operating system (OS), but fail to extend management capabilities to a lower firmware level. AirWatch integration with Dell Client Command creates an extensible platform that now allows IT admins to:

  • Query and retrieve key system attributes;
  • Configure critical BIOS settings; and
  • Take remediation actions.

All this from the same AirWatch admin console used for managing all the Windows OS policies, apps and other endpoints in your organization. Customers can take advantage of this unique integration as part of the AirWatch 9.1 console release and enable several IT use cases and benefits that improve user uptime, reduce costs and improve security. Let&#rsquo;s examine some of these use cases and benefits:

Proactive Device Management: Minimize User Downtime & Ensure Business Continuity

IT admins can now query and report key system attributes—including device service tag information, current BIOS version and battery health status—for their Dell hardware. This enables admins to create policies that proactively manage Dell devices, minimizing user downtown and ensuring business continuity. Here are two examples:

1. Admins can create custom notifications based on BIOS reporting of the battery health and the recommended threshold for replacement. This allows them to proactively ship replacement batteries to the users before a failure happens and thus avoid any downtime.

2. Admins can quickly report on the BIOS versions across their deployment and immediately locate devices that need attention based on the associated service tag. Implementing the most current BIOS version is critical not just from a usability and security standpoint, but this may also influence the overall life of the device.

BIOS Security & Remediation: Improve Alignment with Compliance & IT Security Policies

The BIOS security features in the AirWatch console enable IT admins to remotely configure BIOS passwords, enable use of Trusted Platform Module (TPM) and take remediation actions on non-compliant devices. This ensures a stronger alignment with the recommended IT security and compliance policies within the organization. Here are two examples:

1. For many organizations, the BIOS passwords are typically difficult to change with the requirement to physically touch the device to make any updates. With the integration, admins can now remotely manage BIOS passwords. You can set different passwords based on custom smartgroup assignments, instantly change passwords in case they are leaked or compromised and even revoke passwords when the device is un-enrolled or an employee leaves the organization.

2. Most enterprise-grade Dell PCs now carry a TPM, which is a tamper-resistant physical chip that ensures overall system integrity. TPM helps encrypt passwords by generating and storing digital certificates and authentication and encryption keys. Thus, the TPM forms a critical element for Windows 10 security and is recommended for a variety of OS security features. These include Windows Hello, BitLocker encryption, Health Attestation and the virtualization-based security features new to the OS (e.g. Secure Boot, Device Guard, Credential Guard and others). With the integration, IT admins can now remotely enable and configure the use of TPM for the organization.

Zero-Touch System Configuration Over-the-Air: Simplify IT Tasks & Reduces Admin Overhead

Traditional BIOS management approaches were high touch, requiring IT admins to access physical machines to change configuration settings. AirWatch, however, adopts a cloud-first management model that enables instant push-based endpoint and app configuration. With Dell Client Command integration, the same over-the-air management approach is now extended for BIOS security and CPU virtualization settings, without admins needing to physically touch the machines. For example, admins can now remotely enable and provide automated support for CPU virtualization features that are required for deployment of VMware desktop products or Hyper-V.

Don&#rsquo;t Forget…

At Dell EMC World this year, we are only beginning to see solutions come to market as a direct result of the VMware and Dell partnership. As we continue this journey for the benefit of our mutual customers, expect to see new solutions that are a true testament of this &#rsquo;better together&#rdquo; partnership. Make sure to tag along as we head into VMworld 2017 for even more exciting innovations.

Will you be atMMS 2017?

We would love to see you. Stop by the VMware booth, and joinJason Roszak, director of product management at VMware, for a demo! Learn how to efficiently deploy, manage and secure Windows 10 endpoints across all networks and use cases Tuesday, May 16, 8–9:45 a.m. in Nokomis, BC.Register here.

Because you liked this post:

  • Decoding Windows 10 S & How to Make It a Success in Your Organization
  • What&#rsquo;s New for Windows 10 Management with VMware AirWatch 9.1
  • Windows 10 Enrollment Made Simple

Decoding Windows 10 S & How to Make It a Success in Your Organization

 Allgemein, Knowledge Base, Updates, VMware, VMware Partner, VMware Virtual Infrastructure, vSphere  Kommentare deaktiviert für Decoding Windows 10 S & How to Make It a Success in Your Organization
Mai 032017
 
There&#rsquo;s little doubt that Windows 10 adoption is on a roll—400+ million devices and 54% of global organizations are running Microsoft&#rsquo;s latest operating system (OS). It&#rsquo;s only about a month since the third major upgrade (Creators Update/v1703) was launched, and Microsoft is continuing to ride the wave by introducing the newest variant of its operating […]]> There&#rsquo;s little doubt that Windows 10 adoption is on a roll—400+ million devices and 54% of global organizations are running Microsoft&#rsquo;s latest operating system (OS). It&#rsquo;s only about a month since the third major upgrade (Creators Update/v1703) was launched, and Microsoft is continuing to ride the wave by introducing the newest variant of its operating system: Windows 10 S. At its core, the &#rsquo;S&#rdquo; stands for simplicity and security, and fully embraces the modern, mobile-cloud architecture and management model.

This cloud-first approach for deploying, managing and securing Windows 10—and for that matter any endpoint—is also something VMware has perfected and consistently pushes forward. The launch of Windows 10 S is particularly exciting and a great testament to our endpoint management strategy. If you are planning to embrace Windows 10 S, you will be excited to know that we support this new OS today.

Decoding Windows 10 S

To quickly recap Microsoft&#rsquo;s announcement, the new OS is a variant or a subset of Windows 10 Pro and will:

  • Not support on-premises directory, and can only be cloud-domain joined with Microsoft Azure Active Directory (AAD).
  • Also support a local user account or a Microsoft Account (MSA).
  • Be managed exclusively leveraging the modern, Mobile Device Management (MDM) APIs.
  • Be updated exclusively over-the-air using the new Windows Update service.
  • Run only trusted Windows Store apps within a secure container.
  • Run only secure web browsers that are installed from Windows Store.
  • Unlike the Office modern apps, feature a full suite of native Microsoft Office 365 productivity apps that are converted for installation from Windows Store.
  • Support a broad range of modern Windows devices such as touch-enabled tablets, two-in-one devices, ultrabooks and even the sub-$200 education-focused PCs.

VMware Supports Your Windows 10 S Deployments

VMware is uniquely positioned to make your journey to Windows 10 as seamless as possible. As you consider rolling out Windows 10 S, our end-user computing solution,VMware Workspace ONE, helps address several scenarios, such as:

  • Accelerating the move to Windows 10;
  • Reducing the costs of PC lifecycle management;
  • Extending the life of endpoints;
  • Delivering apps more reliably, while also extending incompatible or graphic-intensive apps;
  • And improving endpoint, app and data security.

Accelerate Business: Get your workforce ready—faster!

Workspace ONE supports your end users with intuitive and self-service onboarding of Windows 10 devices. With Workspace ONE, out-of-box enrollment (OOBE) can be enabled. End users simply power on the device and enter their corporate credentials on first boot. This auto joins the device to the cloud domain (AAD), and enrolls the device into mobile device management (MDM).

Alternatively, for bring-your-own (BYO) use cases, end users can also manually navigate to “Settings” and join AAD by entering their corporate credentials. When using just a local or MSA account, users can follow a simple Workplace Enrollment (native MDM) workflow, similar in experience to smartphone enrollments.

For education, you can provision student devices in bulk by taking advantage of the Set up School PCs app or the Windows Imaging and Configuration Designer (WICD) tool. Quickly create baseline settings for school PCs and enroll into VMware AirWatch endpoint management.

Modernize Management: Manage your digital workspace—not things!

Once onboarded, Workspace ONE manages the Windows devices leveraging the modern, mobile-cloud framework. Powered by AirWatch unified endpoint management, Workspace ONE enables instant push-based policy configuration of Windows 10 endpoints over the air. It also supports and provides a much more granular management for the recommended Windows Updates service.

Workspace ONE integration with Microsoft&#rsquo;s Business Store Portal (BSP) makes it easier for organizations to buy, assign, revoke and manage licenses for any Windows Store apps. IT can manage and distribute these Universal Windows Platform (UWP) apps directly from a custom company app catalog (Workspace ONE UWP app) or silently upon device onboarding.

Control Risks: Defend modern security threats—in real-time!

Today&#rsquo;s new age of cybersecurity challenges also requires an end-to-end security consideration, which establishes user trust; hardens the OS defense against new threats and provides work and personal data separation to protect company data at rest, in use and in transit.

Workspace ONE integration with AAD enables secure and simple single sign-on access controls to work apps and resources. You can create application whitelist and blacklist rules and prevent users from downloading and installing unapproved apps from the Windows Store. You can set security policies and restrictions for the default Microsoft Edge browser (e.g. enable SmartScreen phishing filters, disable Password Manager, etc.). Further, native Data Loss Prevention (DLP) and app-level VPN features ensure that work info / IP is constantly protected whether in use, at rest or in transit.

Redefine User Experience: Maximize Productivity on any device—anywhere!

Over the years, VMware has invested a lot of thought and resources into enhancing both IT and end-user experiences. Consider, for example, the features I just laid out around out-of-the-box deployment—one-touch, self-service access to all work apps and services.

With Workspace ONE, you’re also no longer constrained by the lack of support for traditional Win32 apps on Windows 10 S. Using the VMware Horizon UWP client, you can now extend access to any virtual desktop or your apps to your Windows device. The client includes support for Horizon&#rsquo;s Blast Extreme protocol for a superior user experience, even on non-ideal networks that have higher latencies and lost packets. This means that with the Horizon UWP client, any device running Windows 10 S can be transformed into a workstation-class desktop that takes full advantage of shared data center resources, with on-the-go access from any location.

Benefits of the Cloud-First Windows 10 Management & Security Approach

Organizations increasingly find that the legacy, on-premises approach for managing PCs is not suited for a large portion of their evolving workforce. With consumerization at the workplace, organizations also need to respect employee choice, privacy and mobility. Taking a one-size-fits-all approach of controlling the endpoint state (e.g. with standardized OS image and heavy-handed management policies) instead of managing the outcomes (e.g. simple, secure workspace for your employees) fails to meet this objective and turns out to be a burden on IT, insecure for business and counterproductive for employees.

On the other hand, VMware&#rsquo;s cloud-first approach empowers your digital workspace. It allows you to:

  • Unchain your employees from the domain and consistently manage users anywhere.
  • Deliver instant user value by onboarding devices in minutes, right out of the box.
  • Adopt real-time security, compliance and remediation from the cloud.
  • Establish contextual access policies for any app in one place.
  • Deliver anytime, anywhere app and desktop access for the user.
  • Enable employee self-service functionality to reduce the burden on IT.
  • Harness consumerization and collaboration in the enterprise—any app, any device.

The changes in Windows 10 S are only the first step towards realizing these goals. Taking the cloud-first management and security approach for your endpoints completes the journey—lowering IT costs, increasing security and delivering a peak user experience.

Will you be at MMS 2017?

We would love to see you. Stop by the VMware booth, and join Jason Roszak, director of product management at VMware, for a demo! Learn how to efficiently deploy, manage and secure Windows 10 endpoints across all networks and use cases Tuesday, May 16, 8–9:45 a.m. in Nokomis, BC. Register here.

Because you liked this post:

  • Azure AD Join with VMware Workspace ONE
  • What’s New for Windows 10 Management with VMware AirWatch 9.1
  • Windows 10 Enrollment Made Simple

Featured Image Source: Microsoft

In Top Mobile News: Windows 10 Smartwatches & Android-Supported Laptops

 Allgemein, Knowledge Base, Updates, VMware, VMware Partner, VMware Virtual Infrastructure, vSphere  Kommentare deaktiviert für In Top Mobile News: Windows 10 Smartwatches & Android-Supported Laptops
Apr 282017
 
Windows 10 smartwatches come to the enterprise. It&#rsquo;s 1.54 inches, runs Universal Windows Applications, secure and built to &#rsquo;survive a hard day at work,&#rdquo; saidMicrosoft. The TrekStor IoT Wearable runs on Windows 10 IoT Core, a version of Windows 10 for the Internet of Things. Microsoft will reveal more soon on the smartwatch for healthcare, […]]> Windows 10 smartwatches come to the enterprise.

It&#rsquo;s 1.54 inches, runs Universal Windows Applications, secure and built to &#rsquo;survive a hard day at work,&#rdquo; saidMicrosoft. The TrekStor IoT Wearable runs on Windows 10 IoT Core, a version of Windows 10 for the Internet of Things. Microsoft will reveal more soon on the smartwatch for healthcare, manufacturing, retail and other industries.

Migrating to Windows 10—everyone&#rsquo;s doing it.

By the end of this year, 85% of enterprises will have started deploying Windows 10, according to a newGartnersurvey. The top reason to migrate? Nearly half of respondents said it’s improved security.

You may be putting Office 365 apps at risk.

Mobile application management (MAM) helps you control Microsoft Office 365 apps—but there are limitations to an application-onlysecurity framework. Worried?Find out the risks and more comprehensive solutions here.

Are you thinking what I&#rsquo;m thinking?

Chrome could soon predict what you&#rsquo;re searching for in other Android apps based on the last website you visited in the mobile browser. The &#rsquo;Copyless Paste&#rdquo; feature spotted in development would use machine learning to guess what text you&#rsquo;ll enter next.

Google also updated thelistof Chromebook laptops planned to support Android apps, bumping the total from six to more than 80 devices, reportsThe Verge.

Personal privacy matters to enterprise security, too.

Mobile surveillance is a growing threat to individual privacyandto enterprise data. Bring-your-own (BYO) devices that allow apps to collect personal data, &#rsquo;open the door to corporate hacks, stolen business data and crippling cyber attacks.&#rdquo; Read more fromAppthority President Domingo Guerraon what you can do.

Wonder why workers won&#rsquo;t use the apps you deploy?

Blame it on shorter attention spans. About 7% of users won&#rsquo;t use a new work app for each extra step it takes to get started. So if it takes six extra steps, about 42% of workers won&#rsquo;t use a new app. Read more on theVMware EUC Blog.

Tweet of the Week

Renu Upadhyay, director of product marketing at VMware, on this week&#rsquo;s CMSWire Tweet Jam, &#rsquo;Optimizing the Employee Experience:&#rdquo;

 

 

It&#rsquo;s time for a change of scenery.

This year&#rsquo;s largest VMware event, VMworld, will be a once-in-a-lifetime experience for enterprise mobility experts. You’ll hear from Sumit Dhawan, Blake Brannon, Noah Wasmer and other end-user computing (EUC) leaders. Register now for early-bird rates, and get all the details at theAirWatch Blog.

Up next:

  • Join our SociaLab—Introduction to Mobile Device Management (MDM) with AirWatch—May 2 in Houston.
  • &#rsquo;Realize Your Digital Future&#rdquo; May 8–11 atDell EMC Worldin Vegas.
  • Unlock mobility withderived credentials and AirWatchJune 23 online.
  • Don&#rsquo;t miss anexclusive AirWatch experience atVMworld 2017, Aug. 27–31 in Vegas.

Announcing the New VMware User Environment Manager Deployment Considerations White Paper

 Allgemein, Knowledge Base, Updates, VDI, VMware, VMware Partner, VMware Virtual Infrastructure, vSphere  Kommentare deaktiviert für Announcing the New VMware User Environment Manager Deployment Considerations White Paper
Apr 012017
 

With significant contributions from Pim van de Vis, Product Engineer, End-User Computing, VMware

We are excited to announce the release of the VMware User Environment Manager Deployment Considerations white paper. This guide covers VMware User Environment Manager 9.1 and is intended for architects, consultants, IT professionals, and anyone involved in creating high-level, functional, and technical designs.

User Environment Manager is a key component of JMP—the next generation of desktop and application delivery—and provides end users with a personalized and dynamic Windows desktop, which adapts to their specific situation based on aspects such as role, device, and location.

This paper contains a functional overview of User Environment Manager and its features including:

  • Application configuration management
  • Personalization
  • User environment settings
  • Dynamic configuration

We have developed a diagram that highlights the components of a Windows system that can be centrally managed through the JMP application delivery platform.

This paper delves into topics such as planning your deployment and designing your infrastructure to support User Environment Manager high-availability, scalability, and disaster recovery. Did you know that User Environment Manager leverages the existing infrastructure, so you do not need to take extra measures to make a highly available solution? You can use Windows failover clustering for high availability of the User Environment Manager file shares. If your current file server infrastructure does not already support high availability, you can create a highly available infrastructure by leveraging Microsoft DFS.

In relation to disaster recovery, it is recommended to integrate the User Environment Manager Management Console into an already existing disaster recovery plan. Did you know that you can install the Management Console on as many computers as required? If a system failure occurs and you cannot access the Management Console, install it on another computer to continue managing user profiles, settings, and policies.

User Environment Manager is not a solution only for VMware Horizon 7. Did you know that it can be integrated with many products for published applications and virtual desktops, such as VMware Horizon 7, Microsoft RDSH desktops and applications, and Citrix XenApp and Citrix XenDesktop? It can also be used to manage physical desktops.

Other topics of interest in the white paper include:

  • Integrating with Microsoft RDSH and VDI
  • Integrating with application virtualization technologies
  • Access control – managing multiple environments

In addition, we have collated a list of helpful best practices based on enterprise-user experience. These best practices include initial setup and installation, management, troubleshooting, and folder redirection.

For details, download the VMware User Environment Manager Deployment Considerations paper.

The post Announcing the New VMware User Environment Manager Deployment Considerations White Paper appeared first on VMware End-User Computing Blog.

VMware Horizon Client for Windows 4.4 Updates

 Allgemein, Knowledge Base, Updates, VMware, VMware Partner, VMware Virtual Infrastructure, vSphere  Kommentare deaktiviert für VMware Horizon Client for Windows 4.4 Updates
Mrz 302017
 

HGTV&#rsquo;s Chip Gaines has demolition day; I have launch day. Let&#rsquo;s walk through the VMware Horizon Client for Windows 4.4 updates:

  • Blast Extreme Support: All Horizon Clients now support our faster, more robust update to the Blast Extreme protocol. To take full advantage of it, your administrator will have to be running the latest Horizon agent in the virtual machine. Read more about Blast Extreme Adaptive Transport (or BEAT) here.
  • Aero Peek: We&#rsquo;ve also made remote applications behave more like native applications in Windows 10. We take advantage of Aero Peek to show the full application window when you hover over a running application in the taskbar.

  • Aero Peek: We&#rsquo;ve also made remote applications behave more like native applications in Windows 10. We take advantage of Aero Peek to show the full application window when you hover over a running application in the taskbar.

  • Remote Desktop Resolution: One last little present for you, we&#rsquo;ve added a resolution tip to show the resolution of remote desktop as you resize a virtual desktop window.

That was as satisfying as hitting a wall with a hammer, if I so say so myself. We&#rsquo;re racing to our next release; see you then!

Because you liked thtis blog:

  • Innovation in User Experience: A Closer Look at New Blast Extreme Protocol
  • Announcing VMware Horizon FLEX 1.10
  • VMware Horizon 7.1 Is GA! What&#rsquo;s New – Part 1

The post VMware Horizon Client for Windows 4.4 Updates appeared first on VMware End-User Computing Blog.