The Community
Stay up to date…
VMware End-User Computing Blog Bringing you the latest VMware EUC news, trends and product innovations.
- Introducing Omnissa, the former VMware End-User Computing businessby Renu Upadhyay on April 25, 2024 at 6:23 pm
As a marketing leader, one of the most exhilarating and rewarding undertakings is to define and activate a new brand. And it’s a rare opportunity to define a brand for an established business with industry-leading solutions. I’m privileged to have the opportunity to do both as the End-User […]
- Conditional access with Workspace ONE integrates seamlessly with Microsoft Entra ID and Google’s Context-Aware Access for macOSby Chris Morelock and Paul Mounkes on April 16, 2024 at 3:37 pm
As cyber threats become more complex, it’s crucial for organizations to implement robust security measures. In today’s treacherous digital landscape, securing users’ access to organizational resources is critical. Workspace ONE Unified Endpoint Management (UEM) includes conditional access […]
- Preparing for the digital evolution: Insights from the 2024 Gartner Digital Workplace Summitby Bryan Vest on April 5, 2024 at 4:55 pm
Representatives from the Broadcom End-User Computing (EUC) Division had the privilege of attending the Gartner Digital Workplace Summit March 18–19, 2024, in Grapevine, Texas. More than 900 attendees comprising digital workplace leaders, architects, and IT execs came from around the globe to […]
- Creating custom macOS security baselines with the macOS Security Compliance Project and Workspace ONEby Chris Morelock and Paul Mounkes on April 2, 2024 at 6:57 pm
Specific types of organizations are required to configure their endpoint security protocols in accordance with designated standards and benchmarks, such as those established by the National Institute of Standards and Technology (NIST) or the Center for Internet Security (CIS). Some organizations […]
- Introducing enhanced integration between Cisco ISE and Workspace ONE Unified Endpoint Managementby Sivapratap Reddy Chintam on March 28, 2024 at 2:19 am
We’re thrilled to announce the limited availability of Cisco Identity Services Engine (ISE) v3.1+ and Workspace ONE Unified Endpoint Management (UEM) integration with the Workspace ONE UEM 2402 release. This integration ensures that your end user’s devices can safely and securely connect and […]
- New management capabilities now available for macOS Activation Lock in Workspace ONEby Paul Mounkes on March 27, 2024 at 7:12 pm
Anyone who has had a laptop stolen knows the great frustration that comes with losing not only an expensive piece of tech but also the precious work and personal information, photos, and everything else that’s stored on it. Apple understands this, and long ago introduced a feature designed to […]
- Beware of CryptoChameleon, the new phishing threat that uses social engineering to trick victimsby Wendy Leung on March 26, 2024 at 3:01 pm
In the ever-evolving landscape of cyber threats, the CryptoChameleon phishing attack has emerged as a new example of how cybercriminals use advanced social engineering to gain access to victim’s accounts. Like a chameleon, the hackers camouflage themselves, but as trusted authorities, to blend in […]
- ViVE 2024: Why healthcare interoperability is key, and how we’re championing itby Amy Young on March 19, 2024 at 10:54 pm
Unmanaged devices. A mix of traditional and cloud-based applications. Data scattered across different cloud environments. This complexity in the healthcare environment can create a nightmare for data security, compliance, and efficient care delivery. Each separate tool adds another layer of chaos. […]
- Apple iOS 17.4 introduces updates, including alternative app stores and payment methodsby Adam Henry and Paul Mounkes on March 12, 2024 at 8:58 pm
In 2022, European Union (EU) watchdogs, the European Commission (EC), launched an ambitious project aimed at “ensuring fair and open digital markets.” Essentially, the goal of the Digital Markets Act (DMA) is to limit the power of designated technology “gatekeepers” and ensure they behave […]
- Workspace ONE continues to lead the charts in unified endpoint managementby Aditya Kunduri on March 8, 2024 at 2:55 am
In a rapidly evolving digital landscape, managing endpoints effectively has become paramount for enterprises worldwide. With the proliferation of diverse devices and the need for seamless connectivity, organizations are seeking robust solutions to streamline their endpoint management processes. […]
Adam Matthews Technology // IAM // EUC // Random Rubbish
- I asked ChatGPT to write me a bash script, and it worked (mostly), why do I need to know how to...by adam on December 18, 2022 at 11:12 pm
By now, ChatGPT has become pretty well known ( as of 18th Dec 2022). I’ve messed around with basic questions, but today I wanted to start to write a script that I could use with “OverSight” on Mac (https://objective-see.org/products/oversight.html). When you turn on your camera/mic, it can fire off a script with arguments. In this … Continue reading "I asked ChatGPT to write me a bash script, and it worked (mostly), why do I need to know how to code?"
- VMware ESXi – How to Remove an NFS Share that’s ‘In Use’by adam on December 14, 2022 at 11:35 am
I recently moved house, and as part of that a few things on my network changed. My NAS (A Synolofy DS8J) changed it’s IP Address. This caused an issue when ESXi was trying to get hold of the datastore. So, now this needs to be removed and replaced – I came across this error: After … Continue reading "VMware ESXi – How to Remove an NFS Share that’s ‘In Use’"
- Easily Automate your Lab with the vCenter APIby adam on February 14, 2022 at 6:00 pm
Learn how to use Python to call the VMware vCenter API to Start and Suspend Virtual Machines easily, and use Crontab to define the times it runs.
- Quickly Compress Video Files on macOSby adam on January 26, 2022 at 11:29 am
When you record your videos with Quicktime and you end up with 1.7 GB of a file, how do you shrink that?! I’ve been using this process for a couple of years now to optimise the output size of my demo videos, to make it easier to share them in presentations, and to keep my … Continue reading "Quickly Compress Video Files on macOS"
- WordPress – How to fix Jetpack connection errors, Fonts and Icons showing as squares with NGINXby adam on March 5, 2021 at 5:24 pm
I recently migrated https://blog.eucse.com/blog from running on Apache to Nginx. I found it helped a lot with utilization and speed (combined with a few more tweaks), but one thing I noticed after was Jetpack wouldn’t load correctly, and some fonts and icons were showing as squares. See examples of what I was seeing below: Resolution … Continue reading "WordPress – How to fix Jetpack connection errors, Fonts and Icons showing as squares with NGINX"
Arsen Bandurian: Technical Blog Digital Workspace, End User Computing, Enterprise Mobility, AutoID, WLANs, OSes and other technical stuff I happen to work with
- Check if a Microsoft Form comes from a trusted sourceby apcsb on November 6, 2023 at 10:14 am
When you open a Microsoft Form asking you for some sensitive data, do you know where will your data land? Could it be phishing? Read on to find out… Recently, I have received an email at work asking me to fill out a form with some of sensitive personal details (voluntary disclosure). I don’t mind... Continue Reading →
- Enhancing Windows Update Catalog metadata Accessibilityby apcsb on September 11, 2023 at 7:30 am
Microsoft has recently released a major update to the Windows Update catalog back-end, adding crucial information such as CVEs (Common Vulnerabilities and Exposures) addressed by the update and the CVE Score directly info API. This information is essential for Threat and Vulnerability Management decisions as well as Patch management and many organizations pay $$ for... Continue Reading →
- Quickly validate and enable manual application uninstall via Intune Company Portal using Graph APIby apcsb on August 3, 2023 at 7:04 am
I am back and the titles are getting longer! If you are an Intune admin, you will probably be happy to know that one of the most required features has landed: Uninstall Win32 and Microsoft store apps using the Windows Company Portal. One thing you need to be aware of, is that this feature is... Continue Reading →
- Building a custom Windows Update Report p1: Parsing HTML via PowerShell on modern systems (no IE)by apcsb on July 28, 2022 at 7:30 am
Wow, it’s been a while! A customer of mine recently wanted a detailed report that should include info such as how many weeks is the Windows on the machine behind the latest available Security Update. We’ve found to a way to combine Intune Data Warehouse and PowerBI to pull data that allows to identify the... Continue Reading →
- A case of OneDrive Personal Vault not coming up (0x8031000a, MDM, GPO and BitLocker)by apcsb on March 18, 2022 at 6:23 pm
Today I wanted to enable the Personal Vault feature on my Home PC. While following the wizard I got an error 0x8031000a “Your organization requires your device to join the domain before you can use the Personal Vault”. What does this have to do with MDM. GPO and BitLocker troubleshooting? Here’s some quick Friday entertainment!... Continue Reading →
- Mobile Pros is moving to Discordby Jason Bayton on July 22, 2024 at 12:00 am
Mobile Pros has been a slack group since inception, way back in the late 2010s. One of the biggest bug-bears for that platform is Slack's hostile approach to non-paying communities, withholding message history and denying access to attachments; it's meant a lot of valuable information over the years has vanished into the ether and put the community on the back-foot compared to other platforms in the ecosystem, which retain a wealth of available wisdom from their collective members. While it's arguable the ecosystem moves quickly and information soon becomes dated, I say yes and no. Specific questions about Intune or a version of iOS more than a couple of years old? Sure, it has an expiry due to the pace of development and change (perhaps Intune wasn't a great example for pace... heh), but a lot of information - the basics of management, approaches to security, best practices, etc. - change far less over time (just look at the docs here to see things from 2019 still relevant today), and means rewriting the same answers over and over with the Slack we have. Well, as of August, Slack will start deleting old history entirely. I've always wanted to find a way to make access to past messages, solutions, and discussions viable on Slack, even to the point of asking around for sponsorship opportunities, but it's simply not feasible, and so after months of thought and discussion between our core members, the Mobile Pros community is moving from Slack to Discord. Why Discord? Predominantly the popularity of the platform, but equally the reasonable parity of function between that and Slack to avoid it being too-jarring an experience to migrate. It goes without saying Discord has some great community features we can leverage as well, and I'm looking forward to putting these into use. On polling the existing community, Discord won out, with Rocket.Chat, Mattermost, Discourse, and others also considered, though with any community it's immeasurably important to ensure ease of access and simplicity of engagement; my concern with rolling a hosted instance of an (arguably easier to manage) FOSS community platform would be yet another account on yet another platform which I know can put people off. The Mobile Pros community has been going strong over the years and has nearly 1,900 members. While I expect to lose a few of you during the migration, I'm hopeful that most of you will join us on Discord. I know moving platforms can be a farce, but Discord is a very popular platform (far more so than when we looked at it back in 2021!) and I'm hopeful the move won't be too off-putting. The Slack Mobile Pros group will be officially shutting down come August, but engagement there is actively discouraged already as content will not be migrated over to Discord automatically (and I spent a week doing it all manually!). If you want to continue engaging with Mobile Pros or if you’ve been thinking about joining, now’s the perfect time to get involved. You can start joining our new Discord community today. Just follow this link to get started. I look forward to seeing you all there! (Oh, and for good measure, I've also pushed a static copy of Mobile Pros' Slack history to archive.mobilepros.org through the exceptionally simple tool from hfran. I was doing the work to migrate, I figured I might as well!) ^ Not any more 🙂
- Mobile Pros is moving to Discordby Jason Bayton on July 22, 2024 at 12:00 am
Mobile Pros has been a slack group since inception, way back in the late 2010s. One of the biggest bug-bears for that platform is Slack's hostile approach to non-paying communities, withholding message history and denying access to attachments; it's meant a lot of valuable information over the years has vanished into the ether and put the community on the back-foot compared to other platforms in the ecosystem, which retain a wealth of available wisdom from their collective members. While it's arguable the ecosystem moves quickly and information soon becomes dated, I say yes and no. Specific questions about Intune or a version of iOS more than a couple of years old? Sure, it has an expiry due to the pace of development and change (perhaps Intune wasn't a great example for pace... heh), but a lot of information - the basics of management, approaches to security, best practices, etc. - change far less over time (just look at the docs here to see things from 2019 still relevant today), and means rewriting the same answers over and over with the Slack we have. Well, as of August, Slack will start deleting old history entirely. I've always wanted to find a way to make access to past messages, solutions, and discussions viable on Slack, even to the point of asking around for sponsorship opportunities, but it's simply not feasible, and so after months of thought and discussion between our core members, the Mobile Pros community is moving from Slack to Discord. Why Discord? Predominantly the popularity of the platform, but equally the reasonable parity of function between that and Slack to avoid it being too-jarring an experience to migrate. It goes without saying Discord has some great community features we can leverage as well, and I'm looking forward to putting these into use. On polling the existing community, Discord won out, with Rocket.Chat, Mattermost, Discourse, and others also considered, though with any community it's immeasurably important to ensure ease of access and simplicity of engagement; my concern with rolling a hosted instance of an (arguably easier to manage) FOSS community platform would be yet another account on yet another platform which I know can put people off. The Mobile Pros community has been going strong over the years and has nearly 1,900 members. While I expect to lose a few of you during the migration, I'm hopeful that most of you will join us on Discord. I know moving platforms can be a farce, but Discord is a very popular platform (far more so than when we looked at it back in 2021!) and I'm hopeful the move won't be too off-putting. The Slack Mobile Pros group will be officially shutting down come August, but engagement there is actively discouraged already as content will not be migrated over to Discord automatically (and I spent a week doing it all manually!). If you want to continue engaging with Mobile Pros or if you’ve been thinking about joining, now’s the perfect time to get involved. You can start joining our new Discord community today. Just follow this link to get started. I look forward to seeing you all there! (Oh, and for good measure, I've also pushed a static copy of Mobile Pros' Slack history to archive.mobilepros.org through the exceptionally simple tool from hfran. I was doing the work to migrate, I figured I might as well!) ^ Not any more 🙂
- Avoid another CrowdStrike takedown: Two approaches to replacing Windowsby Jason Bayton on July 21, 2024 at 12:00 am
In recent days, the tech community has been grappling with the aftermath of a major outage caused by CrowdStrike. This incident resulted in significant disruptions across various enterprise Windows environments, leading to downtime and operational challenges for numerous organisations, public bodies, critical infrastructure, and more. The outage has highlighted the almost impenetrable hold Microsoft has on organisations the world over, and critically flawed Windows can be. It also highlights the importance of secure system installations, change control, and maintenance practices.. but human behaviour is harder to fix. As organisations recover and reassess their IT strategies, it's absolutely worth taking some time to consider reducing the Windows stronghold - particularly for critical services - and explore alternatives to add a little redundancy to your organisation. The below guide offers a quick and simple run-through for installing alternative operating systems on existing endpoints, be they desktop/laptop or server. Obvious heads-up This guide doesn't go into the nuances of enterprise security beyond some basic best practices. Rather, it's to offer a taste of alternatives for non-production devices for intrigued administrators, or those told by their bosses to take a few eggs out of their basket. Proceed with understanding. First up, Ubuntu # Ubuntu is widely used for both desktops and servers, and considered one of a few leading enterprise Linux distributions (others include RedHat, Suse..). Ubuntu is generally known for good compatibility with a range of devices on the market, and so makes for a nice introduction to Linux. This guide will walk you through the best practices for installing Ubuntu securely, whether setting up a workstation for knowledge workers or deploying a server for backend infrastructure. Ubuntu Desktop for knowledge workers and end users # 1. Preparing for Installation Download Ubuntu from Official Sources: Always download the latest Ubuntu ISO image from the official Ubuntu website. Verify the SHA256 checksum to ensure the integrity of the downloaded file. Create a Bootable USB: Use reliable tools like Rufus (for Windows, while you still have it eh?) or Etcher (cross-platform) to create a bootable USB drive. This ensures a clean and secure installation medium. 2. Boot from USB Drive Insert the bootable USB drive into the target device. Restart the device and boot from the USB drive. 3. Try Ubuntu Before Installing When prompted, if you'd like to have a quick test-run to ensure it boots, choose Try Ubuntu to boot into a live session. This allows you to test the system and check compatibility before installation. 4. Begin Installation Double-click the Install Ubuntu icon on the desktop to start the installation process. Installation Options: Language: Select your preferred language. Keyboard Layout: Choose the appropriate keyboard layout. Updates and Other Software: Select Download updates while installing Ubuntu to ensure that your installation is up-to-date with the latest patches. Choose Install third-party software if you need additional codecs or proprietary drivers. Installation Type: Erase Disk and Install Ubuntu: This option will delete all data on the disk and install Ubuntu. Use this if you’re setting up Ubuntu on a fresh system or replacing an existing OS. Something Else: Choose this option for custom partitioning. Recommended for advanced users who want to create separate partitions for /home, /var, /tmp, and /opt. 5. Partitioning For secure installations, it’s recommended to create separate partitions for system directories: /home: For user data. /var: For variable data such as logs. /tmp: For temporary files. /opt: For optional application software. If using LVM, choose the Use LVM with the new Ubuntu installation option for better management of disk space. Encryption: Select the option to Encrypt the new Ubuntu installation for security. This uses LUKS encryption to protect your data. 6. Complete Installation Follow the prompts to select your time zone and create a user account. After installation, remove the USB drive when prompted and reboot the device. 7. Post-Installation Configuration Update System: Immediately update your system to ensure you have the latest security patches. Use the command: sudo apt update && sudo apt upgrade -y Enable Firewall: Activate and configure the Uncomplicated Firewall (UFW) to block unnecessary incoming traffic: sudo ufw enable sudo ufw allow ssh Install Antivirus: Consider installing ClamAV or an equivalent FOSS AV to scan for malware and viruses, particularly if you interact with Windows systems. Ubuntu Server for infrastructure and userless systems # 1. Preparing for Installation Download and Verify ISO: As with the desktop version, download the latest Ubuntu Server ISO from the official source and verify its integrity. Create a Bootable USB: Use a secure method to create a bootable USB drive. 2. Configuring BIOS/UEFI Settings Secure Boot: Enable Secure Boot for added protection during the boot process. Disable Unused Hardware: While you're in BIOS, it's a good opportunity to disable unnecessary hardware to limit exposure. 3. Installation Process Minimal Installation: Choose the minimal installation option to install only essential packages. Disk Encryption: Use LVM with LUKS to encrypt your disk, ensuring data security. Custom Partitioning: Create separate partitions for /var, /tmp, and /opt to contain potential breaches. 4. Post-Installation Hardening Update System: Run system updates immediately: sudo apt update && sudo apt upgrade -y Configure Firewall: Use UFW to configure the firewall appropriately: sudo ufw allow ssh sudo ufw allow http sudo ufw allow https sudo ufw allow [your additional services] sudo ufw enable Install Fail2Ban: Protect against brute force attacks by installing and configuring Fail2Ban: sudo apt install fail2ban sudo systemctl enable fail2ban SSH Hardening: Edit the SSH configuration file (/etc/ssh/sshd_config) to enhance security: Disable root login: PermitRootLogin no Change the default port: Port 2222 (choose any unused port) Allow only specific users: AllowUsers yourusername Ensure login by password is disabled. Key based auth ensures passwords can't be guessed. 5. Regular Maintenance Automate Updates: If you haven't learned your lesson from allowing automatic updates to run amok, configure unattended upgrades to keep your system up to date automatically: sudo apt install unattended-upgrades sudo dpkg-reconfigure unattended-upgrades Monitor Logs: Regularly check system logs for suspicious activity using tools like Logwatch or setting up a SIEM system for central log intake. Next, ChromeOS Flex # Before Google acquired it, CloudReady was the leading provider of a Chromium OS-based solution that aimed to bring a lightweight, secure operating system to older hardware. Now rebranded as ChromeOS Flex, this solution continues to deliver a streamlined computing experience, particularly for repurposing outdated devices. ChromeOS Flex brings the benefits of Google's Chrome OS to a wide range of hardware, offering a modern alternative to traditional operating systems. Prerequisites # Supported Devices List Before beginning, verify that your device is compatible with ChromeOS Flex. Google maintains a list of officially supported devices on their ChromeOS Flex Supported Devices page. While ChromeOS Flex is designed to work with a broad range of hardware, checking compatibility ensures optimal performance and user experience. Unsupported (or unlisted) devices may work perfectly, or may lack functionality. Requirements USB Drive: A USB drive with at least 8GB of capacity. Backup: Ensure all important data on the target device is backed up, as the installation will erase existing data. Installation Steps # 1. Download ChromeOS Flex Visit the ChromeOS Flex website. Download the ChromeOS Flex image and follow the instructions to create a bootable USB drive. 2. Create a Bootable USB Drive Using the Chromebook Recovery Utility: Install the Chromebook Recovery Utility from the Chrome Web Store. Insert the USB drive into your computer. Open the Chromebook Recovery Utility. Click Get Started and select Chromebook or Chromebox. Click Select a model from a list, then choose Google ChromeOS Flex. Follow the prompts to create your recovery media. Using a Different Tool: Download and install a tool such as Etcher or Rufus. Select the ChromeOS Flex image file you downloaded and your USB drive. Follow the tool’s instructions to write the image to the USB drive. 3. Boot from USB Drive Insert the bootable USB drive into the target device. Power on the device and enter the BIOS/UEFI settings (usually by pressing F2, F12, ESC, or DEL during startup). Set the device to boot from the USB drive. Save the changes and reboot the device. 4. Install ChromeOS Flex Upon booting from the USB drive, you’ll be presented with a ChromeOS Flex installation screen. Follow the on-screen instructions to install ChromeOS Flex. You will be prompted to either try ChromeOS Flex or install it. Choose Install. The installation process will erase all data on the device’s internal storage. Confirm that you’ve backed up your data before proceeding. 5. Set Up ChromeOS Flex Once the installation is complete, the device will restart. Remove the USB drive when prompted. Follow the initial setup process, which includes connecting to Wi-Fi, signing in with a Google account, and configuring device settings. Best Practices and Tips # Backup Regularly: Ensure that any important data is backed up regularly, as ChromeOS Flex is designed for cloud-first usage with automatic updates and built-in security. Update Firmware: Check and update your device’s firmware to the latest version before installing ChromeOS Flex to avoid compatibility issues. Enable Developer Mode (if needed): For advanced users, enabling Developer Mode might be necessary to perform certain customisations. However, this is typically not required for most standard installations. Check Compatibility Regularly: As ChromeOS Flex evolves, periodically review the supported devices list to ensure ongoing compatibility with updates. For additional support and troubleshooting, refer to Google’s ChromeOS Flex Help Centre. Conclusion # This is somewhat tongue-in-cheek, and a little dig towards Microsoft for rolling an OS that has the potential to fail so spectacularly to make everything suck for a few days. That said, the above guide nevertheless offers a practical way to explore an alternative, especially if you’re feeling less than thrilled with the current state of Windows. Think of this article not as a comprehensive base on which to build a strategy, but rather as a chance to dip your toes into the world of alternatives. Whether you’re a knowledge worker in need of a new desktop experience or someone managing a server environment, there are secure and robust alternatives that might just be worth your time. Happy experimenting, and here’s to exploring new possibilities!
- Avoid another CrowdStrike takedown: Two approaches to replacing Windowsby Jason Bayton on July 21, 2024 at 12:00 am
In recent days, the tech community has been grappling with the aftermath of a major outage caused by CrowdStrike. This incident resulted in significant disruptions across various enterprise Windows environments, leading to downtime and operational challenges for numerous organisations, public bodies, critical infrastructure, and more. The outage has highlighted the almost impenetrable hold Microsoft has on organisations the world over, and critically flawed Windows can be. It also highlights the importance of secure system installations, change control, and maintenance practices.. but human behaviour is harder to fix. As organisations recover and reassess their IT strategies, it's absolutely worth taking some time to consider reducing the Windows stronghold - particularly for critical services - and explore alternatives to add a little redundancy to your organisation. The below guide offers a quick and simple run-through for installing alternative operating systems on existing endpoints, be they desktop/laptop or server. Obvious heads-up This guide doesn't go into the nuances of enterprise security beyond some basic best practices. Rather, it's to offer a taste of alternatives for non-production devices for intrigued administrators, or those told by their bosses to take a few eggs out of their basket. Proceed with understanding. First up, Ubuntu # Ubuntu is widely used for both desktops and servers, and considered one of a few leading enterprise Linux distributions (others include RedHat, Suse..). Ubuntu is generally known for good compatibility with a range of devices on the market, and so makes for a nice introduction to Linux. This guide will walk you through the best practices for installing Ubuntu securely, whether setting up a workstation for knowledge workers or deploying a server for backend infrastructure. Ubuntu Desktop for knowledge workers and end users # 1. Preparing for Installation Download Ubuntu from Official Sources: Always download the latest Ubuntu ISO image from the official Ubuntu website. Verify the SHA256 checksum to ensure the integrity of the downloaded file. Create a Bootable USB: Use reliable tools like Rufus (for Windows, while you still have it eh?) or Etcher (cross-platform) to create a bootable USB drive. This ensures a clean and secure installation medium. 2. Boot from USB Drive Insert the bootable USB drive into the target device. Restart the device and boot from the USB drive. 3. Try Ubuntu Before Installing When prompted, if you'd like to have a quick test-run to ensure it boots, choose Try Ubuntu to boot into a live session. This allows you to test the system and check compatibility before installation. 4. Begin Installation Double-click the Install Ubuntu icon on the desktop to start the installation process. Installation Options: Language: Select your preferred language. Keyboard Layout: Choose the appropriate keyboard layout. Updates and Other Software: Select Download updates while installing Ubuntu to ensure that your installation is up-to-date with the latest patches. Choose Install third-party software if you need additional codecs or proprietary drivers. Installation Type: Erase Disk and Install Ubuntu: This option will delete all data on the disk and install Ubuntu. Use this if you’re setting up Ubuntu on a fresh system or replacing an existing OS. Something Else: Choose this option for custom partitioning. Recommended for advanced users who want to create separate partitions for /home, /var, /tmp, and /opt. 5. Partitioning For secure installations, it’s recommended to create separate partitions for system directories: /home: For user data. /var: For variable data such as logs. /tmp: For temporary files. /opt: For optional application software. If using LVM, choose the Use LVM with the new Ubuntu installation option for better management of disk space. Encryption: Select the option to Encrypt the new Ubuntu installation for security. This uses LUKS encryption to protect your data. 6. Complete Installation Follow the prompts to select your time zone and create a user account. After installation, remove the USB drive when prompted and reboot the device. 7. Post-Installation Configuration Update System: Immediately update your system to ensure you have the latest security patches. Use the command: sudo apt update && sudo apt upgrade -y Enable Firewall: Activate and configure the Uncomplicated Firewall (UFW) to block unnecessary incoming traffic: sudo ufw enable sudo ufw allow ssh Install Antivirus: Consider installing ClamAV or an equivalent FOSS AV to scan for malware and viruses, particularly if you interact with Windows systems. Ubuntu Server for infrastructure and userless systems # 1. Preparing for Installation Download and Verify ISO: As with the desktop version, download the latest Ubuntu Server ISO from the official source and verify its integrity. Create a Bootable USB: Use a secure method to create a bootable USB drive. 2. Configuring BIOS/UEFI Settings Secure Boot: Enable Secure Boot for added protection during the boot process. Disable Unused Hardware: While you're in BIOS, it's a good opportunity to disable unnecessary hardware to limit exposure. 3. Installation Process Minimal Installation: Choose the minimal installation option to install only essential packages. Disk Encryption: Use LVM with LUKS to encrypt your disk, ensuring data security. Custom Partitioning: Create separate partitions for /var, /tmp, and /opt to contain potential breaches. 4. Post-Installation Hardening Update System: Run system updates immediately: sudo apt update && sudo apt upgrade -y Configure Firewall: Use UFW to configure the firewall appropriately: sudo ufw allow ssh sudo ufw allow http sudo ufw allow https sudo ufw allow [your additional services] sudo ufw enable Install Fail2Ban: Protect against brute force attacks by installing and configuring Fail2Ban: sudo apt install fail2ban sudo systemctl enable fail2ban SSH Hardening: Edit the SSH configuration file (/etc/ssh/sshd_config) to enhance security: Disable root login: PermitRootLogin no Change the default port: Port 2222 (choose any unused port) Allow only specific users: AllowUsers yourusername Ensure login by password is disabled. Key based auth ensures passwords can't be guessed. 5. Regular Maintenance Automate Updates: If you haven't learned your lesson from allowing automatic updates to run amok, configure unattended upgrades to keep your system up to date automatically: sudo apt install unattended-upgrades sudo dpkg-reconfigure unattended-upgrades Monitor Logs: Regularly check system logs for suspicious activity using tools like Logwatch or setting up a SIEM system for central log intake. Next, ChromeOS Flex # Before Google acquired it, CloudReady was the leading provider of a Chromium OS-based solution that aimed to bring a lightweight, secure operating system to older hardware. Now rebranded as ChromeOS Flex, this solution continues to deliver a streamlined computing experience, particularly for repurposing outdated devices. ChromeOS Flex brings the benefits of Google's Chrome OS to a wide range of hardware, offering a modern alternative to traditional operating systems. Prerequisites # Supported Devices List Before beginning, verify that your device is compatible with ChromeOS Flex. Google maintains a list of officially supported devices on their ChromeOS Flex Supported Devices page. While ChromeOS Flex is designed to work with a broad range of hardware, checking compatibility ensures optimal performance and user experience. Unsupported (or unlisted) devices may work perfectly, or may lack functionality. Requirements USB Drive: A USB drive with at least 8GB of capacity. Backup: Ensure all important data on the target device is backed up, as the installation will erase existing data. Installation Steps # 1. Download ChromeOS Flex Visit the ChromeOS Flex website. Download the ChromeOS Flex image and follow the instructions to create a bootable USB drive. 2. Create a Bootable USB Drive Using the Chromebook Recovery Utility: Install the Chromebook Recovery Utility from the Chrome Web Store. Insert the USB drive into your computer. Open the Chromebook Recovery Utility. Click Get Started and select Chromebook or Chromebox. Click Select a model from a list, then choose Google ChromeOS Flex. Follow the prompts to create your recovery media. Using a Different Tool: Download and install a tool such as Etcher or Rufus. Select the ChromeOS Flex image file you downloaded and your USB drive. Follow the tool’s instructions to write the image to the USB drive. 3. Boot from USB Drive Insert the bootable USB drive into the target device. Power on the device and enter the BIOS/UEFI settings (usually by pressing F2, F12, ESC, or DEL during startup). Set the device to boot from the USB drive. Save the changes and reboot the device. 4. Install ChromeOS Flex Upon booting from the USB drive, you’ll be presented with a ChromeOS Flex installation screen. Follow the on-screen instructions to install ChromeOS Flex. You will be prompted to either try ChromeOS Flex or install it. Choose Install. The installation process will erase all data on the device’s internal storage. Confirm that you’ve backed up your data before proceeding. 5. Set Up ChromeOS Flex Once the installation is complete, the device will restart. Remove the USB drive when prompted. Follow the initial setup process, which includes connecting to Wi-Fi, signing in with a Google account, and configuring device settings. Best Practices and Tips # Backup Regularly: Ensure that any important data is backed up regularly, as ChromeOS Flex is designed for cloud-first usage with automatic updates and built-in security. Update Firmware: Check and update your device’s firmware to the latest version before installing ChromeOS Flex to avoid compatibility issues. Enable Developer Mode (if needed): For advanced users, enabling Developer Mode might be necessary to perform certain customisations. However, this is typically not required for most standard installations. Check Compatibility Regularly: As ChromeOS Flex evolves, periodically review the supported devices list to ensure ongoing compatibility with updates. For additional support and troubleshooting, refer to Google’s ChromeOS Flex Help Centre. Conclusion # This is somewhat tongue-in-cheek, and a little dig towards Microsoft for rolling an OS that has the potential to fail so spectacularly to make everything suck for a few days. That said, the above guide nevertheless offers a practical way to explore an alternative, especially if you’re feeling less than thrilled with the current state of Windows. Think of this article not as a comprehensive base on which to build a strategy, but rather as a chance to dip your toes into the world of alternatives. Whether you’re a knowledge worker in need of a new desktop experience or someone managing a server environment, there are secure and robust alternatives that might just be worth your time. Happy experimenting, and here’s to exploring new possibilities!
- Introducing MANAGED SETTINGSby Jason Bayton on July 4, 2024 at 12:00 am
I've been supporting customers on their modern Android management journeys for several years now, and as you can imagine, the more customers you engage with, the more you notice patterns and friction points that resurface time and time again. For me, having access to system settings from within kiosk environments is one such example of those friction points, and one of the first projects for 2024 I opted to undertake after launching my QR code generator last year. Don't get me wrong, plenty of vendors in the ecosystem have Kiosk/launcher applications that will offer a solution from within their own applications, AirWatch/WS1 UEM's launcher & Knox Manage kiosk are some of the several examples of these. Recently though, and particularly with the surge of AMAPI based EMM platforms, it's become increasingly clear many do not. So, I went about designing a relatively straightforward answer - MANAGED SETTINGS. What is it? # MANAGED SETTINGS is a simple app that provides end users the ability to launch settings intents. This isn't a new concept; searching Google Play brings up many such apps. The key differentiator with MANAGED SETTINGS is the ability to toggle these various intents on and off based on the specific requirements of an organisation through managed config (and thus, the name was born). Out of the box I've aimed to support as many intents as is reasonable, omitting only those which are troublesome to support (i.e those commonly adjusted from the behaviour of AOSP across OEMs) or likely not to see any use, but over time more will be added, so too will custom intent support, allowing organisations to leverage OEM-specific intents with their managed estate without relying on me to implement and support them. As an added bonus, organisations that struggle to document and/or support the unique and sometimes confusing layouts of OEM-customised settings applications across both their company owned and personally owned estates, are able now to deploy one consistent settings app to everything. Building your documentation around an agnostic, standardised application makes the whole process quicker and more straightforward for all involved. MANAGED SETTINGS works across fully managed, dedicated, and work profile devices. When can I get it? # I'm releasing MANAGED SETTINGS as a free application on Google Play, available today. In spite of its simplicity, a lot of time and effort has been put into this, so if you'd like to support the continued development of projects like this for the betterment of the Android Ecosystem, I'm offering a licensed upgrade for MANAGED SETTINGS which offers (currently) basic customisation of the in-app experience. In an upcoming release this will extend to theming to allow organisations the option of setting a colour scheme for the MANAGED SETTINGS app that'll enable closer alignment to the organisation's brand - but I want to ensure there's demand for that before I commit to it 🙂 Get it here: If you're interested in learning more, visit the project page for an in-depth overview, support docs, and other resources. Setting expectations for support # Though I've done my best to support the breadth of Settings intents across most major Android OEMs and recent Android versions, it's well known that sometimes intents just don't work, or the OEM Settings application in general causes issues. APN is a good example of an intent that'll work on some devices, but inexplicably fails (or gives permission issues) due to the way OEMs have implemented their telephony stack. I have multiple fallbacks implemented where possible to overcome some instances where an adjusted call is required, but I don't have the resources to test every device on the market. Interestingly, tablet devices with split-screen Settings app implementations are also far more likely to inadvertently expose additional device settings due to how they're designed, and unfortunately I can't do anything to combat that. I'm more than happy to work with organisations finding issues with certain intents, and if I can resolve them I absolutely will. To touch on EMM support as well, the managed config implementation is quite basic and should be supported by all major vendors without issue, certainly confirmed so far through my testing. That said, if your vendor isn't working correctly, I'm happy to get to the bottom of it. Feel free to reach out to debug, and I hope you find MANAGED SETTINGS useful for your managed Android estate!
Brooks Peppin's Blog Managing Windows in the Modern Workplace
- How to Create a no-prompt bootable WinPE ISO – Crowdstrike Fixby Brooks Peppin on July 20, 2024 at 8:33 pm
With the massive Crowdstrike outage this week, we looked for a way to automate fixing virtual machines in our environment. Since our VMs were not ... Read more
- A Beginners Guide to Azure AD Join – Everything you Need to Knowby Brooks Peppin on April 26, 2023 at 6:58 pm
Welcome to the beginner’s guide to Azure AD join! As businesses increasingly rely on cloud-based solutions, Azure Active Directory has become an essential tool for ... Read more
- Understanding Windows Feature Updates in Microsoft Intuneby Brooks Peppin on December 19, 2022 at 10:07 pm
Deploying Windows 10/11 feature updates with Microsoft Intune is much simpler than traditional methods. You no longer have to “push” out the full patch or ... Read more
- Intune vs. Workspace ONE: 15 Pros and Cons (2022 Edition)by Brooks Peppin on October 17, 2022 at 4:53 pm
Microsoft Intune and VMware Workspace ONE are both industry-leading Unified Endpoint Management (UEM) solutions. If you look at any Gartner Magic Quadrant chart from the ... Read more
- How to Fix Hybrid Azure AD Join Error 0x801c005b: error_computer_signature_check_failureby Brooks Peppin on September 30, 2022 at 12:34 am
Seeing error 0x801c005b alongside error_computer_signature_check_failure when attempting to Hybrid Azure AD join your Windows devices? This error will prevent the hybrid join process from completing. ... Read more
Many Miles Away Helping you succeed with end user computing technologies
- Implementing Workspace ONE Relay Server Cloud Connectors (RSCC) with an existing Pull Relay...by Darryl Miles on June 1, 2024 at 2:09 am
The Workspace ONE UEM Relay Server Cloud Connector (RSCC) is a hybrid solution that pulls content (products only) from a … More
- Setting up a Workspace ONE UEM Relay Server for Android Rugged devicesby Darryl Miles on May 24, 2024 at 3:38 am
A Workspace ONE relay server acts as a middleman in distributing content within a Workspace ONE UEM environment to Android … More
- Enabling Advanced Device Telemetry for mobile devices through Workspace ONE Intelligence SDKby Darryl Miles on May 16, 2024 at 11:07 am
Spotting what’s causing a bad experience for mobile workers starts with a deep dive into device problems. The latest Workspace … More
- Enabling Shared Device Mode (SDM) for Microsoft Entra ID Conditional Access Policiesby Darryl Miles on April 30, 2024 at 12:17 am
In August 2023, Workspace ONE UEM extended conditional access capabilities for Microsoft Entra ID (formerly Microsoft Azure Active Directory) with … More
- How to deploy macOS PaperCut using Workspace ONEby Darryl Miles on April 14, 2024 at 2:46 am
PaperCut is used by businesses and organizations to track, control, and optimize their printing. PaperCut MF allows businesses to set … More
Sam Akroyd. Thoughts on Tech
- Home Assistant: HACSby Sam Akroyd on September 10, 2024 at 10:54 am
You will have seen me reference HACS in a number of my blogs in the past few months.…
- Solar & Batteries in Home Assistantby Sam Akroyd on September 2, 2024 at 8:50 am
Solar panels, batteries and EVs are some of the fastest growing markets worldwide as the green revolution grips…
- Frigate, Home Assistant and AIby Sam Akroyd on July 23, 2024 at 8:34 am
So if you’ve seen the first blog on Frigate NVR and Home Assistant, and you’ve followed along –…
- Security Cameras in Home Assistant with Frigateby Sam Akroyd on July 16, 2024 at 12:43 pm
Home security systems are common-place nowadays, and smart cameras are even more common with the advent of Ring…
- Smart Lighting in Home Assistantby Sam Akroyd on July 9, 2024 at 12:22 pm
We’ve walked through the build of Home Assistant, we’ve talked through the basics, now let’s focus a little…
- Workspace ONE UEM Sensors and custom Registry valuesby techhub981158167 on June 10, 2024 at 12:58 pm
I had a customer enquiry recently where they were looking to pull some custom fields from a device to identify a device location, well at least where it was deployed, as well as come custom tags and other information they associate with a device at the time of deployment. If you have used Workspace ONE … Continue reading Workspace ONE UEM Sensors and custom Registry values →
- VMware App Volumes Apps on Demandby techhub981158167 on January 8, 2024 at 3:26 pm
There are plenty of articles explaining what VMware App Volumes Apps on Demand are and the benefits, for example https://www.vmware.com/uk/topics/glossary/content/apps-on-demand.html. This video demonstrates how quick and east it is to associate an App Volumes Server with an RDS Host in VMware Horizon and subsequently deliver a package using Apps on Demand.
- End of Yearby techhub981158167 on December 20, 2023 at 10:14 am
When I started this blog and YouTube channel a few years back I never really had a target other than to share any tips, tricks, information and how to for various EUC products. It’s always nice to see the end of year stats and know that people are looking at your content. Diving into the … Continue reading End of Year →
- The next phase of Workspace ONE UEM Sensorsby techhub981158167 on December 8, 2023 at 11:14 am
Earlier this year I wrote a blog article about using ChatGPT to write PowerShell scripts that could be used in Workspace ONE UEM to create Sensors. This works fine, but bear in mind that ChatGPT created PowerShell scripts for me based on best endeavours, there is no guarantee they would work or would not contain … Continue reading The next phase of Workspace ONE UEM Sensors →
- Workspace ONE UEM and Windows Multi Userby techhub981158167 on August 23, 2023 at 3:48 pm
Multi User or Shared Device, if you want to look at it that way, is something that has been supported with VMware Workspace ONE UEM but more so for Mobile Operating Systems rather than Windows. VMware has received feedback from several customers on wanting to be able to support a Windows Multi User use case. … Continue reading Workspace ONE UEM and Windows Multi User →
Thomas Cheng Welcome to my digital home!
- Proofpoint Certified Insider Threat Specialist Course 3 – A Day in the Life of an Insider Threat...by techiecheng on March 29, 2023 at 8:38 pm
Proofpoint recently released a three-part training webinar on identifying and mitigating insider threats. By viewing and taking the exam after all the sessions, Proofpoint will award you with a certificate. This post will recap what I learned in course 3 of this series.
- Proofpoint Certified Insider Threat Specialist Course 2: Building a Successful Insider Threat...by techiecheng on March 29, 2023 at 6:59 pm
Proofpoint recently released a three-part training webinar on identifying and mitigating insider threats. By viewing and taking the exam after all the sessions, Proofpoint will award you with a certificate. This post will recap what I learned in course 2 of this series.
- Proofpoint Certified Insider Threat Specialist Course 1 – Getting Started with Insider Threatsby techiecheng on March 26, 2023 at 4:47 am
Proofpoint recently released a three-part training webinar on identifying and mitigating insider threats. By viewing and taking the exam after all the sessions, Proofpoint will award you with a certificate. This post will recap what I learned in course 1 of this series.
- ‘Invalid credentials. Try again.’ when signing onto Workspace ONE UEM console with Active...by techiecheng on September 23, 2022 at 4:00 pm
Awhile back, I wrote a post on the error when signing into UEM with my AD credential. “Please contact Administrator” when signing onto Workspace ONE UEM console version with Active Directory credential Today, I got a different error when signing in with my AD credential to our shared SaaS/sandbox CN135: ‘Invalid credentials. Try again.’ I
- The true beauty of the Apple Beta Software Programby techiecheng on June 6, 2022 at 4:00 pm
Throughout the years, I’ve written many blog posts related to iOS update. Prevent users from installing iOS beta software in VMware Workspace ONE UEM by AirWatch Managing iOS update with Workspace ONE UEM Schedule iOS Update with VMware AirWatch Stop iOS update on its track with VMware AirWatch iOS 12.2 is here and how it
VirtuallyUnboxed Lifting the lid on everything virtual
- End of support for vSphere 6.5.x and 6.7.xby virtuallyunboxed on October 20, 2022 at 4:31 pm
In case you missed it, last week marked the end of general support for vSphere 6.5 and 6.7. This is the same regardless of whether you were using it for data centre services or EUC services like Horizon.
- Desktop Repurposing v4by virtuallyunboxed on October 20, 2022 at 4:23 pm
This year, myself and Matt Evans joined forced again, along with newcomer, Jonathan D'arcy to review some of the best desktop repurposing tools on the market. As with previous years we reviewed imaging and performance. However, this year we also took a look at the accompanying management solutions.
- VMware SASE and Cloud Web Securityby virtuallyunboxed on January 22, 2022 at 3:11 pm
Let's start with the basics! SASE is a Gartner term and is an abreviation of Secure Access Service Edge. Still not much help right? Well lets start explaining this by looking at how people typically work, espeically remotely, and how their traffic is secured. Most of you that ever work remotely will most likely use a device level VPN. This uses software on your device to create a tunnel into your company data centre and allows you to remotely access internal resources. This is how most companies have done it for many years, and it really dates back to the days when all a companies resources were in their own data centre. Tunnelling all the traffic back into the data centre was the perfect way to reach everything a remote user would need.
- Workspace ONE UEM and Workspace ONE Access Integration for Hub Servicesby virtuallyunboxed on March 2, 2021 at 4:06 pm
I know there are a lot of SaaS customers out there who have only been using basic MDM functionality within Workspace ONE. The platform has moved on a lot in the last few years and if you haven't already seen it i strongly suggest you check out hub services. This takes the Workspace ONE agent that is used for device management and adds additional functionality to the application such as a unified app catalogue, people search and a notifications platform to name but a few!
- Workspace ONE Access FIDO2 integrationby virtuallyunboxed on February 19, 2021 at 2:33 pm
As of this month (Feb 2021) All Workspace ONE Access SaaS tenants, now supports FIDO2 as an authentication method. So, I thought i'd put together a short video showing how easy it is to configure it and some different device types using the solution.
Mobile Jon's Blog My WordPress Blog
- The Magnificent 8 Conditional Access Policies of Microsoft Entraby [email protected] on September 9, 2024 at 4:00 am
The blog discusses crucial conditional access policies for standard customers, emphasizing conditional access decision signals, strategies, and specific policies like MFA for all users, blocking legacy authentication, enforcing device compliance, and more. It emphasizes the need for thorough testing, monitoring, and simplicity to build a robust security strategy in Microsoft Entra.
- Microsoft Entra Hybrid Join: Not Dead Yet!by mobilejon on September 2, 2024 at 4:00 am
Microsoft is prioritizing Entra joined devices without neglecting hybrid environments. Entra Hybrid Join still has value, especially for leveraging group policy and certain applications. Embracing a strategy that starts with hybrid and transitions to Cloud Native gradually can lead to successful adoption. Hybrid is a bridge to the future and should not be underestimated.
- Intune Win32 App Logging: One Log to Rule Them All?by mobilejon on August 26, 2024 at 4:00 am
Microsoft Intune released mprovements to Discovered Apps Report and Intune Management Extension (IME) logs for Win32 Apps. The IME handles WinGet Apps, Win32 Apps, PowerShell Scripts, Remediations, App Control for Business Managed Installer, Device Compliance, and Analytics. The new AppWorkload.log provides detailed Win32 app deployment/validation process information. Overall, Intune's logging on application installs is praised for its detailed insights.
- Windows Autopilot Device Preparation: Are We There Yet?by [email protected] on August 20, 2024 at 2:00 pm
Windows Autopilot Device Preparation is a new solution from Microsoft that simplifies the onboarding process for Windows devices. It streamlines device setup, enhancing user experience while reducing IT time investment. The process involves setting up device groups, configuring policies, and importing corporate identifiers. This user-driven flow supports Entra joined devices and offers improved reporting capabilities.
- Using Intune Remediations to Address Massive CrowdStrike Outageby [email protected] on July 19, 2024 at 3:04 pm
CrowdStrike faces a major outage due to a driver channel file causing widespread BSOD. Intune scripts detect and remove problematic files. Intune can also enable users to self-service BitLocker keys. Conditional Access can control key access and Audit Logs can monitor key usage. Compliance ensures key access from compliant devices only.
VMware | Digital Workspace Tech Zone Go from zero to hero with the latest technical resources on the VMware Digital Workspace Tech Zone.
- Zebra Android OS Update Methodsby Arkeem Brinson on September 13, 2024 at 10:28 pm
VMware Workspace ONE is an enterprise mobility management platform that helps organizations manage and secure their mobile devices, including Zebra's Android-based devices. You can use Workspace ONE to remotely manage and update Zebra devices, including applying Lifeguard Patch Updates. This tutorial takes you through the steps to update the Android operating system and apply Lifeguard Patches for Zebra devices 8.x or later.
- Empower Frontline Workers Solution: Stageby David Dwyer on September 13, 2024 at 10:13 pm
There are three main components of VMware’s Frontline Workers Solution: Stage, Manage, and Support. Each component provides technologies to simplify operations for IT teams responsible for mission-critical devices. This deployment considerations document provides an overview of the Stage component of the Empower Frontline Workers solution and is the first document in a three-part series.
- Horizon Partner Peripheral Kitby Ashish Godbole on September 13, 2024 at 9:57 pm
Horizon partner peripheral certification kit.
- Horizon Partner Application Middleware Kitby Ashish Godbole on September 13, 2024 at 9:55 pm
Horizon Partner Application Middleware certification kit.
- Using Workspace ONE to Address Windows 10 End of Lifeby Joannie Harder on September 13, 2024 at 9:28 pm
Whether you’re inventorying Windows devices for Windows 10 End of Life (EOL) planning or tracking Windows endpoints for security purposes, Workspace ONE Unified Endpoint Management (UEM) now easily provides the data points you need.
- Rapid Desktop (Horizon FastTrack)by Ashish Godbole on September 12, 2024 at 7:36 pm
The goal of the Horizon Fast Track program (formerly called Rapid Desktop and FastTrack program) is to accelerate the adoption of view by enabling an ecosystem of pre-assembled easily requested certified appliances, validated reference architectures and certified storage solutions.
- Horizon Validationsby Ashish Godbole on September 12, 2024 at 7:34 pm
The Horizon Validations Package enables partners to certify/validate Virtual Volumes (vVols) at scale with Horizon workflows (500 to 20000 and also enables partners to certify/validate View Composer Array Integration (VCAI) at scale with Horizon workflows (500 – 2000).
- Thin Clientby Ashish Godbole on September 12, 2024 at 7:33 pm
Thin client end point solutions enable manufacturers to work with Horizon ensuring that their thin client end point solutions (hardware devices or software products) are compatible with Horizon platform solutions.
- Horizon Guest OS Validationby Ashish Godbole on September 12, 2024 at 7:20 pm
The certification program enables Guest OS (Operating system) solution to work with VMware to ensure that their solutions are compatible with Horizon platform solutions.
- Horizon Partner Application/Middlewareby Ashish Godbole on September 12, 2024 at 6:51 pm
Horizon Partner Application/Middleware Program enables partners to validate their application or middleware product with Horizon and get a logo and listing on the Marketplace.
- Horizon Partner Peripheralsby Ashish Godbole on September 12, 2024 at 6:49 pm
Horizon Partner Peripherals Program enables partners to validate their peripheral product with Horizon and get a listing on the Marketplace website with the appropriate logo.
- Horizon Accessby Ashish Godbole on September 12, 2024 at 3:43 pm
This program provides information and pre-release materials to partners to enable them to create products that are compatible with End-User Computing products.
- Migrating from Tunnel Proxy to Per-App Tunnelby Andreano Guedes Rocha on September 11, 2024 at 8:34 pm
This guide helps Workspace ONE UEM administrators currently using Tunnel Proxy to migrate to unmanaged Tunnel. The Tunnel module, which is part of the Workspace ONE SDK, enables app tunneling on unmanaged iOS and Android devices without the need for the Workspace ONE Tunnel application.
- Getting Started with Freestyle Orchestrator on macOS Devicesby Michael Bradley on September 9, 2024 at 4:37 pm
This tutorial takes you through the steps to configure the Freestyle Orchestrator workflow engine on macOS devices as well as a couple of sample workflows for managing macOS devices with Freestyle Orchestrator in Workspace ONE UEM.
- Software Update Enforcement for iOS Devices in Workspace ONE UEMby Michael Bradley on September 9, 2024 at 1:03 pm
The latest version of Workspace ONE UEM aligns with Apple's device management approach, enhancing support for Declarative Device Management (DDM) through a Software Update Enhancement. This update empowers IT administrators to manage iOS device updates, allowing them to control which updates are applied and set deadlines for completing all updates.
- Securing Workspace ONE UEM Windows Devices via Baselines and Profilesby Joannie Harder on September 6, 2024 at 9:12 pm
Are your Workspace ONE Windows policies configured for optimal security?
- Configuring Windows Baselines and Profiles: Workspace ONE Technical Walkthroughby Joannie Harder on September 5, 2024 at 7:36 pm
Workspace ONE Unified Endpoint Management (UEM) provides a framework for administrators to securely manage applications on various devices, specifically focusing on Windows devices. This guide covers the options and recommended steps that should be undertaken when implementing and managing Windows devices.
- Managing Android Devices: Workspace ONE Operational Tutorialby Siddesh Patil on September 5, 2024 at 1:18 pm
This operational tutorial covers basic configuration and management for Android devices using Workspace ONE UEM. Learn about the different management modes, then explore the device management features based on device manufacturers (OEMs).
- Resource Delivery Optimization and Deployment Trackingby Andreano Guedes Rocha on September 4, 2024 at 6:02 pm
The upcoming features of Workspace ONE are designed to significantly enhance user interaction with the platform by providing exceptional performance, scalability, and user experience. This article discusses the advantages of resource delivery optimization, which is an essential component of the Modern UEM SaaS Platform.
- Workspace ONE UEM Windows Multiuser Now Availableby Joannie Harder on September 4, 2024 at 3:59 pm
The new Windows Multiuser capability enhances technical and security measures for shared Windows devices, allowing multiple users to access the same device securely, which results in significant cost savings.
VMware Workspace ONE The un-official subreddit for VMware Workspace ONE. I recently started learning/managing Workspace One for the company I work for, I came to reddit to find others and saw that there wasn’t a community, so I started one. Our discord is here https://discord.gg/Zhr3TqMMf6
- Error Message "Boxer-App" - input valid app configuration keysby /u/Prof_Hase on September 16, 2024 at 5:39 am
https://preview.redd.it/lggulghty3pd1.png?width=1437&format=png&auto=webp&s=f351b174d76f6d1a434e4c6f6262815f0e8bd4a0 I get the following error message when I want to change the assignments in the Boxer app. I have an app configuration, but I get the error message even if I completely remove the app configuration. It is a WSO Cloud installation version: 24.2.0.13 (2402) submitted by /u/Prof_Hase [link] [comments]
- Friendy Name in Device Listby /u/Some-Possible-2500 on September 13, 2024 at 12:48 pm
Currently, when I look in devices, list view, every thing shows up as the make, model, and OS version, and the only way I find specific devices is by search by user name with phones, and serial number with windows machines. Is there anyway to get either the device name to show up in the list or search by device name? I've already added computer name to the friendly name section and that did nothing. submitted by /u/Some-Possible-2500 [link] [comments]
- Printer Deployby /u/newtonetworktech on September 12, 2024 at 6:28 pm
How do I deploy HP printer for all my windows enrolled devices? Couldn't find any steps or docs online about it submitted by /u/newtonetworktech [link] [comments]
- How can I redeploy the same version of internal software?by /u/maxcoder88 on September 12, 2024 at 6:26 am
Hi, Recently , I have publish internal software to my smart group. (3 person consist). Now , I have to publish same version. But I am getting an message like below. How can I redeploy the same version of internal software here? Message: Application version already exists at Organization Group. The app can not be uploaded if it already exists in an active, retired or inactive state in the applications list. You can re-activate the existing records or delete them and try to re-upload. submitted by /u/maxcoder88 [link] [comments]
- ws1 intelligence workflow helpby /u/evilteddibare on September 11, 2024 at 5:20 pm
I am trying to setup a workflow which if a device isn't on a certain iOS version they will receive a tag - but if they upgrade to that iOS version the tag will be removed. I am trying to using the condition action in WS1 intelligence and it doesn't seem like it is removing the tag from my test device after I've upgraded. Any tips / assistance would be greatly appreciated! see below for screenshot of workflow config https://preview.redd.it/75ts4eimr7od1.png?width=1171&format=png&auto=webp&s=8bd7bf007df9be6ac31d42d9920fd56d32eba7f4 submitted by /u/evilteddibare [link] [comments]
- Can’t Find the ‘Sensors’ Option in Workspace ONE Device Details Viewby /u/ruhtra09 on September 11, 2024 at 5:14 pm
Hey everyone, I’ve recently started working with Workspace ONE and hit a bit of a roadblock. I’ve created a bunch of sensors and assigned them to my test Windows VM. From what I’ve read and based on a screenshot I came across, I should be able to go to my device in the console and see the data from the sensors. However, when I go to my device, where I can see sections like Summary, Compliance, Profiles, etc., I don’t see anything related to Sensors. Has anyone run into this or know why I’m not seeing the Sensors option? Any guidance would be appreciated. Thank you in advance! submitted by /u/ruhtra09 [link] [comments]
- Unified Access Gateway - Access Denied for new devicesby /u/EndUserExperience on September 11, 2024 at 12:38 pm
Hi all, We are using Unified Access Gateway and Android Tunnel for per-app VPN. We have been experiencing problems the last week when enrolling new devices. New devices can establish a connection, but Access Denied is displayed in the Tunnel app. All previously enrolled devices are working normally. When checking the devices, all profiles and certificates seem fine from UEM, but when I looked for the device on the allowlist on the Unified Access Gateway (following this article: Troubleshooting (omnissa.com)), I got a Bad Response from API. Has anyone experienced something similar before? https://preview.redd.it/hbgtamped6od1.png?width=1112&format=png&auto=webp&s=1d0ab9f390ccdc4262c9cc59bda86d3e2fabbe28 submitted by /u/EndUserExperience [link] [comments]
- Workspace One API - Lost modeby /u/SpurgtFuglen on September 10, 2024 at 8:53 am
When trying to send lost mode command, i get 404 not found. I am using uuid from device search. https://preview.redd.it/up6oqjxe4ynd1.png?width=1275&format=png&auto=webp&s=3bafb418daae848b1afe120767b56ff59059e1d1 submitted by /u/SpurgtFuglen [link] [comments]
- Pincode + launcher full screen notificationby /u/yurtbeer on September 6, 2024 at 11:09 pm
submitted by /u/yurtbeer [link] [comments]
- HUB "com.airwatch.admin.remote.START_REMOTE" permissionby /u/Bravo-Charlie-123 on September 6, 2024 at 9:15 pm
Hello, new user here. I recently find out that on our managed Android devices there is a permission that shows as 'not allowed' for the HUB application. The permission is com.airwatch.admin.remote.START_REMOTE. I was not able to find anywhere what this is. Our devices are running Android 11 and Android 12. Any advice? submitted by /u/Bravo-Charlie-123 [link] [comments]
- Hootsuite config keysby /u/RustQuill on September 6, 2024 at 2:31 pm
This is a long shot, but I'm coming up empty when I looked through Hootsuite documentation. We're looking to deploy Hootsuite to our corporate devices via WS1 with an app config to restrict users to SSO only. Ideally, we'd also prefill their email address, but I'll take what I can get. The Android version of the app has those configuration options preloaded in WS1 which is great, but the iOS version does not. Does anyone know what the keys are to mimic that functionality for iOS? I opened multiple tickets with Hootsuite support, but they have been less than useless in this regard. Thanks in advance submitted by /u/RustQuill [link] [comments]
- On-prem IDM 3.3.7 upgrade path?by /u/myshtigo on September 6, 2024 at 1:41 pm
Hoping someone can clear this up for me. We have a requirement to get updated to Workspace ONE Access 24.07 and we have IDM 3.3.7. Is there an upgrade path from one to the other? I've only found one doc that says this is possible but I tried it and had to revert snapshots and recover. I had opened a ticket and asked this question and did not get a good answer just that something else is coming. submitted by /u/myshtigo [link] [comments]
- WS1 API helpby /u/evilteddibare on September 4, 2024 at 1:25 am
I'm trying to figure out how to reboot a bunch of devices using a .csv via postman. I'm really new at API's and want to learn and I found the api call i want to use but need some help if possible... I have no idea what would go into the body - it shows a example on the left it seems but doesn't help me at all. Would be grateful for some assistance! https://preview.redd.it/9nycevyl3pmd1.png?width=1675&format=png&auto=webp&s=774ee29f53c34d2e46cc7218f37a7ac5b717dd31 submitted by /u/evilteddibare [link] [comments]
- Alternative to "Workspace ONE Notebook"by /u/Standard-Image-0405 on September 3, 2024 at 1:55 pm
Hello together, Since a few Months already VMware decided it was a good idea to deprecate the Workspace ONE Notebook app for syncing tasks and nodes. Instead of implementing this feature into Workspace ONE Boxer (Which I thought they would) just nothing happens. So they removed the app and do not offer any alternatives or best practices or anything. So I am wondering if you guys was using Workspace ONE Notebook in the past and what are you offering to your users as alternative? submitted by /u/Standard-Image-0405 [link] [comments]
- Release notes for 2406?by /u/zombiepreparedness on September 2, 2024 at 2:15 pm
Omnissa is deploying the 2406 console throughout the month of September, but the release notes for it are not posted anymore. The link in the notice email takes you to the 2402 release notes. So, does anyone have the 2406 release notes? submitted by /u/zombiepreparedness [link] [comments]
- Boxer not showing certain emailsby /u/G3rmanaviator on August 31, 2024 at 8:40 pm
We have a ticket open with support but haven’t been able to make any progress. Boxer “hides” certain emails which are visible in Outlook (client and OWA) and based on what we have been able to find so far is that the emails in question have an attachment. Also, the emails seem to have an invalid or untrusted digital signature because in Outlook the message shows an error “This message has been tampered with”. If we search for the specific subject of the email it does show up in the Boxer search results and we can view the message from there. Also when we forward the message including the attachment (which removes the signature) the email is visible on Boxer no problem. submitted by /u/G3rmanaviator [link] [comments]
- Boxer to Outlook migration - Managed access onlyby /u/G3rmanaviator on August 31, 2024 at 8:34 pm
We’re looking to migrate from Boxer to Outlook for corporate email on our mobile devices which are managed by WS1 UEM. With Boxer it’s easy to let only corporate clients access O354 since you can specify BoxerManagedIpad, BoxerManagedAndroid, etc in the mobile access policies in Exchange. With Outlook it seems there is no way to distinguish between a managed and an unmanaged client. Has anyone else managed to solve this in a way that doesn’t require complicated workarounds? submitted by /u/G3rmanaviator [link] [comments]
- Installation of Windows Apps keeps going onby /u/deadly_injured on August 30, 2024 at 6:37 pm
Hello dear community, do you have an idea, why a win app like acrobat reader dc (from WS1 store) gots installed again and again. Sometimes it cannot be installed. Is there any log to troubleshoot that or a setting to tell it how often it can be installed? I am new and have the cloud version and the popup in the bottom right corner tells me it can be installed and it cannot be installed. I am a little bit confused about the messages from windows. BR Rob submitted by /u/deadly_injured [link] [comments]
- Outlook Mobile unable to verify S/MIME certificates on work profilesby /u/TheDisapprovingBrit on August 30, 2024 at 9:10 am
I've been scratching my head with this one for a couple of weeks now. We use S/MIME certificates on email, and mostly use Boxer but we're trialling Outlook on iOS and Android. What we're seeing is that Outlook Mobile initially shows the message as signed, and then after a second or so it changes to "cannot verify signature." Signed mails on personal mail accounts display without any problems, it's just the work profile that can't verify. My best guess is that Outlook Mobile can't reach the CRL to verify the certificate validity, but I can't understand why. Outlook is deployed through WS1 into the work profile, but is configured to bypass the tunnel. Any thoughts on where I can look with this? Omnissa are saying they can't help much since it's a third party app. submitted by /u/TheDisapprovingBrit [link] [comments]
- Restrict Phone Callsby /u/beta_alanine_ants on August 27, 2024 at 7:18 pm
New user here, is it possible to restrict phone calls and text messages to the other phone/phone numbers on my device list? submitted by /u/beta_alanine_ants [link] [comments]
The Support Insider VMware Support News, Alerts, and Announcements
- Simpler Licensing with VMware vSphere Foundation and VMware Cloud Foundation 5.1.1by Kelcey Lemon on March 21, 2024 at 5:28 pm
Tweet VMware has been on a journey to simplify its portfolio and transition from a perpetual to a subscription model to better serve customers with continuous innovation, faster time to value, and predictable investments. To that end, VMware recently introduced a simplified product portfolio that consists of two primary offerings: VMware Cloud Foundation, our flagship … Continued The post Simpler Licensing with VMware vSphere Foundation and VMware Cloud Foundation 5.1.1 appeared first on VMware Support Insider.
- VMware Skyline Advisor Pro Proactive Findings – January 2024 Editionby James Walker on January 24, 2024 at 11:16 am
Tweet VMware Skyline Advisor Pro releases new proactive Findings every month. Findings are prioritized by trending issues in VMware Technical Support, issues raised through post escalation review, security vulnerabilities, issues raised from VMware engineering, and nominated by customers. For the month of January, we released 60 new Findings. Of these, there are 37 Findings based … Continued The post VMware Skyline Advisor Pro Proactive Findings – January 2024 Edition appeared first on VMware Support Insider.
- Skyline Advisor Pro: Introducing Inventory Export Reportsby Kelcey Lemon on January 16, 2024 at 12:00 pm
Tweet You’ve asked for the ability to export inventory information, including licensing, and we’ve listened. The Skyline Team is proud to introduce this highly requested feature, Inventory Export Reports. Inventory Export Reports allow you to generate reports on your inventory, licensing, and configuration data. These reports can help you to identify potential problems, track changes … Continued The post Skyline Advisor Pro: Introducing Inventory Export Reports appeared first on VMware Support Insider.
- VMware Skyline Advisor Pro Proactive Findings – December 2023 Editionby James Walker on December 15, 2023 at 6:56 pm
Tweet VMware Skyline Advisor Pro releases new proactive Findings every month. Findings are prioritized by trending issues in VMware Technical Support, issues raised through post escalation review, security vulnerabilities, issues raised from VMware engineering, and nominated by customers. For the month of December, we released 56 new Findings. Of these, there are 35 Findings based … Continued The post VMware Skyline Advisor Pro Proactive Findings – December 2023 Edition appeared first on VMware Support Insider.
- VMware Skyline Advisor Pro: Proactive and Diagnostic Findings Demystifiedby Kelcey Lemon on December 13, 2023 at 3:07 pm
Tweet While supporting VMware Explore 2023 in Barcelona, a customer asked me, “What’s the difference between Proactive Findings and Diagnostic Findings in Skyline Advisor Pro and how are each one produced?” So, I’d like to take this moment to elaborate more on my original blog that introduced Diagnostic Findings. Proactive Findings Proactive Findings are potential … Continued The post VMware Skyline Advisor Pro: Proactive and Diagnostic Findings Demystified appeared first on VMware Support Insider.
- VMware Skyline Advisor Pro Proactive Findings – October 2023 Editionby James Walker on October 27, 2023 at 4:33 pm
Tweet VMware Skyline Advisor Pro releases new proactive Findings every month. Findings are prioritized by trending issues in VMware Technical Support, issues raised through post escalation review, security vulnerabilities, issues raised from VMware engineering, and nominated by customers. For the month of October, we released 39 new Findings. Of these, there are 30 Findings based … Continued The post VMware Skyline Advisor Pro Proactive Findings – October 2023 Edition appeared first on VMware Support Insider.
- From upgrading vSphere to troubleshooting issues with Tanzu Kubernetes Grid: Top 10 VMware Tanzu Knowledge Base Articles in September 2023.by Marcela Gleixner on October 11, 2023 at 12:18 pm
From upgrading vSphere to troubleshooting issues with Tanzu Kubernetes Grid: Top 10 VMware Tanzu Knowledge Base Articles in September 2023. The post From upgrading vSphere to troubleshooting issues with Tanzu Kubernetes Grid: Top 10 VMware Tanzu Knowledge Base Articles in September 2023. appeared first on VMware Support Insider.
- 10 most popular KB articles in September 2023, for VMware Tanzu Application Service, BOSH and more.by Marcela Gleixner on October 9, 2023 at 9:54 pm
10 most popular KB articles in September 2023, for VMware Tanzu Application Service, BOSH and more. The post 10 most popular KB articles in September 2023, for VMware Tanzu Application Service, BOSH and more. appeared first on VMware Support Insider.
- Top 10 Most Popular Knowledge Articles for Horizon, WorkspaceONE, End User Computing (EUC), Personal Desktop for September, 2023 by Jamie Gravatte on October 6, 2023 at 4:31 pm
Tweet Get answers and solutions instantly by using VMware’s Knowledge Base (KB) articles to solve known issues. Whether you’re looking to improve your productivity, troubleshoot common issues, or simply learn something new, these most used and most viewed knowledge articles are a great place to start. Here are the top 5 most viewed KB articles … Continued The post Top 10 Most Popular Knowledge Articles for Horizon, WorkspaceONE, End User Computing (EUC), Personal Desktop for September, 2023 appeared first on VMware Support Insider.
- Top 10 Most Popular Knowledge Articles for HCX, SaaS, EPG Emerging Products Group for September, 2023 by Jamie Gravatte on October 5, 2023 at 2:26 pm
Tweet Get answers and solutions instantly by using VMware’s Knowledge Base (KB) articles to solve known issues. Whether you’re looking to improve your productivity, troubleshoot common issues, or simply learn something new, these most used and most viewed knowledge articles are a great place to start. Here are the top 5 most viewed KB articles … Continued The post Top 10 Most Popular Knowledge Articles for HCX, SaaS, EPG Emerging Products Group for September, 2023 appeared first on VMware Support Insider.