Tag: Workspace ONE
Notes from the field: Omnissa Workspace ONE UEM e-mail based enrollment OG
When configuring Omnissa UEM you seem to be able only to select the top OG in a SaaS environment when selecting e-mail based enrollment, this is called auto discovery, see https://docs.omnissa.com/bundle/WorkspaceONE-UEM-Managing-DevicesV2306/page/ConfigureEnrollmentOptions.html when completing the FTU for e-mail based enrollment afterwards you can go in and select the OG again an then drill down in the…
Notes from the field: Workspace ONE UEM custom attribute assignment rule limitations
When bulk enrolling pre-existing devices or auto-pilot devices you can use a custom rule / attribute assignment on e.g. a serial number to move the corresponding devices to a deeper OG which is preferred. Only in a situation with 1200+ devices you might encounter DB maximum issues in SaaS and need to contact support. This…
Notes from the field: Apple DEP devices not correctly installing Workspace ONE Intelligent HUB
When encountering a failed Apple MacOS device enrolment from the DEP program and using Workspace ONE UEM, it might be that there is an bug related to the intelligent hub from a deployment perspective. This was the case for my customer after a bulk enrolment of new devices out of the blue would be having…
Notes from the field: Workspace ONE UEM, Apple Federation and the APNS account
Most companies I encounter don’t have a clear understanding of apple accounts… Well an apple account is personal and it’s not of the company even if the domain in question is being used for personal apple accounts. How can you change this? Well the company domain is from the company and then you can claim…
Notes from the field: Workspace ONE Access SAML Signing with 3rd party certificate
On a recent customer deployment we got the requirement of that all certificate signing would be signed from a 3rd party trusted certificate provider. This is all no problem and you can follow this: https://docs.omnissa.com/bundle/workspace-one-access-administration-guide/page/GenerateandUseanExternalSigningCertificateforSAMLAuthenticationinWorkspaceONEAccess.html but keep the following in mind: * Existing signing certificates and an import is not possible * The request and…
Notes from the field: Workspace ONE UEM iOS/iPhone model smart groups
Just a quick blog regarding Apple device classification for iPhone/iPad, you might be a bit hesitant in using this regarding the “legacy” filter being stamped upon it. This is for now as it is and everything will be supported when this will be fully moved to the new OEM & Model filte options that now…
Notes from the field: Workspace ONE UEM, Invites, OG and language
When configuring an OG structure and customising templates for e.g. device enrolment invites you might encounter an issue that the expected language is not updating. The solution for this is changing it on the top OG in question: groups and setting >> all settings >> organisation group>> details >> Locale or achieve this with an…
Notes from the field: Just one of those days that nothing goes as expected
Just a quick blog that these day’s it can be very difficult or very simple in regards of troubleshooting and resolving issues in a deployment. Let me take you on a journey 😉 Journey 1: UAG deployment fresh as fresh and no working logon page after a valid deployment, at first troubleshooting, troubleshooting, redeployed with…
Notes from the field: The Kerberos chronicles, the one with certificate-based authentication
If you’ve read my previous Kerberos chronicles blogs you see a trend with the Microsoft patches, hardening updates and with this one the upcoming strong mapping / full enforcement mode of certificate-based authentication. See the following article for explanation: KB5014754—Certificate-based authentication changes on Windows domain controllers – Microsoft Support This one is going to have…
Notes from the lab: VMware Workspace ONE and the home-lab setup for one external IP
Just a quick blog for setting up your home-lab and use all the VMware Workspace ONE services on the UAG’s with one external IP. Our starting point is based on the following articles: Unified Access Gateway Appliances Deployed in a Double DMZ (vmware.com) – follow the steps for double DMZ deployment, Minimum/Optional Horizon Protocols and…