Workspace One UEM Tips And Tricks

Hussam Rabaya

This blog contains a few Workspace One UEM Tips and Tricks to make your IT-project to a great success!

  1. Workspace ONE UEM Configuration  :
    1. avoid Global OG and don’t configure any setting that can be configured in customer OG as possible
    2.  Make always a child organization group and configure company settings within this organization. While facing problems, you can always change the above setting (parent)
    3. Before configure any restriction settings be sure you have collected all the regulation compliance from the customer after explaining the defiance between Corporate and BYhttps://OD concept
    4. BYOD and Corporate concept Windows endpoints  is different than the mobile devices , in iOS and android  its defined by the vendor google and Apple here in windows  the administrator need to define the configuration and compliance  and polices for each use cases and
    5. Use the same password policies within your profile and the default domain policy
    6. Make sure that the “When to call install complete” condition has been set correctly. While not set, the install of the application will be failed.
    7. Restrict user enrollment to configured-AD group , and use the same Group with workspace ONE access , this will give you better control and  minimize the number of alerts and errors in workspace ONE access
  1. UAG  (Tunnel, Secure Mail Gateway, Content Gateway  ):
    1. Create a separate role for API and be sure not have access to console , just API
    2. Use AD normal or service account and grant it API role permission created in previous point , in customer OG not global  (be sure account password never expire)
    3. use a domain user or domain service account to establish to connection between the UAG Service and the Workspace One console UEM . (using local system account, which has been created within the UEM console. Basic UEM account password expires after 90 days. After rebooting the Unified access gateway, connections will be dropped.)
    4. avoid enable Debug logging as it have bad impact in performance , and just enable when you are in troubleshooting or support ask you to do so
    5. for UAG if it configured behind load balancer be sure to keep persistent timeout value to “Non” with source IP persistence  
  1. Application and apps
    1. Applications created in the child organization cannot be shared with other organizations.
    2. Applications created from the highest level (parent) can be enrolled or assigned to child organizations or groups
  2. Servers and back end Infrastructure :
    1. Be sureto have full windows update before installation
    2. Be sure .Net framework installed before workspace ONE UEM  , if you forget it , its included in DB installer only
    3. When your workspace ONE environment in production , you need to plan windows update , don’t make update auto-install, plan the process , take down time  have a backup à install update  à restart sever  if require
  3. Enrollment , adoption and end user experience :
    1. Before going live and have the announcement ,test the system heavily and be sure you have the right user experience and you don’t have any problems or technical issues , otherwise you will loose your users trust and solution will not be used later
    2. Don’t use managers and VIPs as test users , this will put you under presser and will loose concentration
    3. Utilize VMware adoption kit to prepare enrollment guide (https://kb.vmware.com/s/article/2960852)
  4. Workspace ONE access deployment and configuration:
    1. Start with single node deployment    
    2. Always use host name to connect to server not the IP address , if it not working you need to create static DNS record
    3. Take snapshot before configuring the DB
    4. Use small letters of database name and DB account user name
    5. Keep an eye on the database when you restart the nodes (you may get DB lock and service stop working , check saas.DATABASECHANGELOGLOCK table  )
    6. be sure you configure load balancer right, check my post ( Workspace ONE access load balancer )

In Closing

Don’t be afraid of being dynamic and moving toward a workspace ONE solution . Remember, we miss 100% of the shots we don’t take. Many companies are littered with people that are conservative and not willing to take risks to take yourself to the next level. You can do some really great things if you are willing to go outside of your comfort zone and modernize your IT strategy.

If you need help, just ask because we’re here for each other. Companies develop new technology and innovate as our companies modernize. We can be a truly united front and motivate tech companies like VMWare or Microsoft to keep up with our pace of innovation.

Leave a Reply

Your email address will not be published. Required fields are marked *