This guide discusses the most common tasks and tools you can use to manage your Workspace ONE MDM environment. For a complete administrator guide discussing all features of AirWatch MDM please the Additional Help section at the bottom of this document.
Open your web browser and navigate to https://cn700.awmdm.com. Your username and password will be provided by Evolve IP.
The Main Menu contains all options and features to govern your environment. The following options in the main menu relate to MDM and are relevant to your environment.
|
|
|
|
Supported DevicesMDM supports the following devices and operating systems.
Please see an updated list right here on the VMware Knowledge Base → https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/1908/WS1_Assist/GUID-AWT-RMV4-SUPPORTEDPLATFORMS.html |
Creating Administrative UsersIf you wish to add additional administrative users to your organization, you can do so easily by following these instructions.
|
Email enrollment setupDuring enrollment your users will be asked to authenticate using their email account or with a Server ID. The more user-friendly option is by using their email account. You can add your company’s email domain to MDM to allow this.
After this is completed your users will be able to enroll their devices using their email address. |
Adding Users and DevicesThe first thing you will want to do is get your users’ devices enrolled into your MDM environment. The simplest way to add devices is to add the actual user of that device. The user will then receive an email invitation to enroll their device. After the user has followed the steps for enrollment, their device will show in the AirWatch Console. |
Apple Push Notification Service (APNs) for MDMIf you plan on managing iOS devices, then you will need an Apple Push Notification service (APNs) certificate so that iOS device users can enroll their devices. You will need an Apple ID to obtain this certificate. Please follow these instructions to obtain and install it.
|
Manually Adding Users
|
Batch Import
|
EnrollmentAfter adding users in the AirWatch Console, users will receive an email that invites them to enroll their device. The link will direct them to download and install steps specific to their devices. For example, if the user has an Android or Chromebook device, the link will direct users to the Google Play store. If the user has an iOS device, it will direct them to the Apple App Store. After following the steps for enrolling, an AirWatch agent application will be installed on their device as well as a Profile.
|
The Device List ViewOnce enrolled, your users’ devices will show in the Device List View. To see this list, go to Devices > List View. From this list you can view your entire device fleet, drill down on device names to see their details, launch Remote Management sessions for supported devices, add Tags, and more. You can also filter this list by various criteria. |
GPS trackingGPS settings need to be set up in multiple areas of the MDM console in order for GPS tracking to work properly.
You will also need to enable “Collect Location Data” on both iOS and Android devices. |
iOSGo to Apple/Apple iOS/Agent Settings and you will see Collect Location Data checkbox. Checkmark the box to enable the feature. |
AndroidGo to Android > Agent Settings and you will see Collect Location Data. Choose “Enabled.” After enabling these GPS features the user will get a request for authorization to collect location information. If the user authorizes this, GPS tracking for that device will begin working and will show under the device’s Location tab. |
Managing devices with Profiles: Restricting the camera on iOS devicesAfter enrollment, your users’ devices will be managed by a default device profile. This initial profile imposes no restrictions on devices. If you wish to apply restrictions to your device fleet, you can do so with Profiles. Here is a brief list of features and applications you can restrict or govern:
|
Profile example: Restricting the camera on iOS devicesThe below example shows how to restrict the use of the camera on iOS devices using a custom Profile.
This new Profile should push almost immediately to iOS devices in your fleet that are enrolled and active with an internet connection. They will push to inactive, enrolled iOS devices the next time they are on the internet. |
Updating Profiles: The Add Version featureThis section discusses how to make changes to your custom Profiles. AirWatch uses versioning to track changes to profiles, so updating profiles uses a feature called Add Version.
Your changes should push almost immediately to iOS devices in your fleet that are enrolled and active with an internet connection. They will push to inactive, enrolled iOS devices the next time they are on the internet. |
Enterprise Wipe and Device WipeThis section discusses the differences between Device and Enterprise Wipe as well as preventative measures you can take to protect against accidental wipes initiated by employees and admins. Enterprise Wipe: This will wipe a device of all company-related information and the AirWatch agent. The types of data that is removed are configured within the AirWatch Console. Device Wipe: A Device Wipe completely wipes a device and sets it back to default as if you pulled the device new out of its box. Both options are available under More Actions > Management in the Device Profile page. |
How to prevent user-initiated Device WipesYou can adjust the following restrictions when setting up profiles for iOS and Android. This will prevent users from completely erasing their devices back to factory default. iOSAndroid |
Disable admin-initiated Device Wipe for BYOD DevicesPlease follow these instructions If you wish to prevent other MDM Administrators from performing device wipes on BYOD Devices. This will remove the “Device Wipe” option from the More Actions menu located in devices’ profile screens.
The Device Wipe command will be removed from the More Actions menu as per this screenshot. |
Reports & AnalyticsAirWatch has extensive reporting and event logging capabilities that provide administrators with actionable, result-driven statistics about device fleets. You can use these pre-defined reports or create custom reports based on specific devices, user groups, date ranges, or file preferences. Reports can be viewed by navigating to the Reports page at Hub > Reports & Analytics > Reports > List View. Added reports are accessible from the My Reports tab at the top of the Reports page for quick access. Some examples of reports are:
|
More featuresHow to whitelist and blacklist appsApps & Books > Applications > Application Settings > App Groups > Add Group Additional helpFor a comprehensive guide to all MDM features please see the VMware AirWatch Mobile Device Management Guide: https://resources.air-watch.com/view/4mrhbs2b7kygc2b5fkph/en |