![Untitled](https://sp-ao.shortpixel.ai/client/to_auto,q_glossy,ret_img,w_4999,h_1810/https://blog.eucse.com/wp-content/uploads/2020/08/Untitled.png)
The Community
Stay up to date…
VMware End-User Computing Blog Bringing you the latest VMware EUC news, trends and product innovations.
- Introducing Omnissa, the former VMware End-User Computing businessby Renu Upadhyay on April 25, 2024 at 6:23 pm
As a marketing leader, one of the most exhilarating and rewarding undertakings is to define and activate a new brand. And it’s a rare opportunity to define a brand for an established business with industry-leading solutions. I’m privileged to have the opportunity to do both as the End-User […]
- Conditional access with Workspace ONE integrates seamlessly with Microsoft Entra ID and Google’s Context-Aware Access for macOSby Chris Morelock and Paul Mounkes on April 16, 2024 at 3:37 pm
As cyber threats become more complex, it’s crucial for organizations to implement robust security measures. In today’s treacherous digital landscape, securing users’ access to organizational resources is critical. Workspace ONE Unified Endpoint Management (UEM) includes conditional access […]
- Preparing for the digital evolution: Insights from the 2024 Gartner Digital Workplace Summitby Bryan Vest on April 5, 2024 at 4:55 pm
Representatives from the Broadcom End-User Computing (EUC) Division had the privilege of attending the Gartner Digital Workplace Summit March 18–19, 2024, in Grapevine, Texas. More than 900 attendees comprising digital workplace leaders, architects, and IT execs came from around the globe to […]
- Creating custom macOS security baselines with the macOS Security Compliance Project and Workspace ONEby Chris Morelock and Paul Mounkes on April 2, 2024 at 6:57 pm
Specific types of organizations are required to configure their endpoint security protocols in accordance with designated standards and benchmarks, such as those established by the National Institute of Standards and Technology (NIST) or the Center for Internet Security (CIS). Some organizations […]
- Introducing enhanced integration between Cisco ISE and Workspace ONE Unified Endpoint Managementby Sivapratap Reddy Chintam on March 28, 2024 at 2:19 am
We’re thrilled to announce the limited availability of Cisco Identity Services Engine (ISE) v3.1+ and Workspace ONE Unified Endpoint Management (UEM) integration with the Workspace ONE UEM 2402 release. This integration ensures that your end user’s devices can safely and securely connect and […]
- New management capabilities now available for macOS Activation Lock in Workspace ONEby Paul Mounkes on March 27, 2024 at 7:12 pm
Anyone who has had a laptop stolen knows the great frustration that comes with losing not only an expensive piece of tech but also the precious work and personal information, photos, and everything else that’s stored on it. Apple understands this, and long ago introduced a feature designed to […]
- Beware of CryptoChameleon, the new phishing threat that uses social engineering to trick victimsby Wendy Leung on March 26, 2024 at 3:01 pm
In the ever-evolving landscape of cyber threats, the CryptoChameleon phishing attack has emerged as a new example of how cybercriminals use advanced social engineering to gain access to victim’s accounts. Like a chameleon, the hackers camouflage themselves, but as trusted authorities, to blend in […]
- ViVE 2024: Why healthcare interoperability is key, and how we’re championing itby Amy Young on March 19, 2024 at 10:54 pm
Unmanaged devices. A mix of traditional and cloud-based applications. Data scattered across different cloud environments. This complexity in the healthcare environment can create a nightmare for data security, compliance, and efficient care delivery. Each separate tool adds another layer of chaos. […]
- Apple iOS 17.4 introduces updates, including alternative app stores and payment methodsby Adam Henry and Paul Mounkes on March 12, 2024 at 8:58 pm
In 2022, European Union (EU) watchdogs, the European Commission (EC), launched an ambitious project aimed at “ensuring fair and open digital markets.” Essentially, the goal of the Digital Markets Act (DMA) is to limit the power of designated technology “gatekeepers” and ensure they behave […]
- Workspace ONE continues to lead the charts in unified endpoint managementby Aditya Kunduri on March 8, 2024 at 2:55 am
In a rapidly evolving digital landscape, managing endpoints effectively has become paramount for enterprises worldwide. With the proliferation of diverse devices and the need for seamless connectivity, organizations are seeking robust solutions to streamline their endpoint management processes. […]
![0 (1)](https://sp-ao.shortpixel.ai/client/to_auto,q_glossy,ret_img,w_150,h_150/https://blog.eucse.com/wp-content/uploads/2019/05/0-1.jpeg)
Arsen Bandurian: Technical Blog Digital Workspace, End User Computing, Enterprise Mobility, AutoID, WLANs, OSes and other technical stuff I happen to work with
- Check if a Microsoft Form comes from a trusted sourceby apcsb on November 6, 2023 at 10:14 am
When you open a Microsoft Form asking you for some sensitive data, do you know where will your data land? Could it be phishing? Read on to find out… Recently, I have received an email at work asking me to fill out a form with some of sensitive personal details (voluntary disclosure). I don’t mind... Continue Reading →
- Enhancing Windows Update Catalog metadata Accessibilityby apcsb on September 11, 2023 at 7:30 am
Microsoft has recently released a major update to the Windows Update catalog back-end, adding crucial information such as CVEs (Common Vulnerabilities and Exposures) addressed by the update and the CVE Score directly info API. This information is essential for Threat and Vulnerability Management decisions as well as Patch management and many organizations pay $$ for... Continue Reading →
- Quickly validate and enable manual application uninstall via Intune Company Portal using Graph APIby apcsb on August 3, 2023 at 7:04 am
I am back and the titles are getting longer! If you are an Intune admin, you will probably be happy to know that one of the most required features has landed: Uninstall Win32 and Microsoft store apps using the Windows Company Portal. One thing you need to be aware of, is that this feature is... Continue Reading →
- Building a custom Windows Update Report p1: Parsing HTML via PowerShell on modern systems (no IE)by apcsb on July 28, 2022 at 7:30 am
Wow, it’s been a while! A customer of mine recently wanted a detailed report that should include info such as how many weeks is the Windows on the machine behind the latest available Security Update. We’ve found to a way to combine Intune Data Warehouse and PowerBI to pull data that allows to identify the... Continue Reading →
- A case of OneDrive Personal Vault not coming up (0x8031000a, MDM, GPO and BitLocker)by apcsb on March 18, 2022 at 6:23 pm
Today I wanted to enable the Personal Vault feature on my Home PC. While following the wizard I got an error 0x8031000a “Your organization requires your device to join the domain before you can use the Personal Vault”. What does this have to do with MDM. GPO and BitLocker troubleshooting? Here’s some quick Friday entertainment!... Continue Reading →
![iKftYmOP](https://sp-ao.shortpixel.ai/client/to_auto,q_glossy,ret_img,w_150,h_150/https://blog.eucse.com/wp-content/uploads/2019/05/iKftYmOP.jpg)
- Mobile Pros is moving to Discordby Jason Bayton on July 22, 2024 at 12:00 am
Mobile Pros has been a slack group since inception, way back in the late 2010s. One of the biggest bug-bears for that platform is Slack's hostile approach to non-paying communities, withholding message history and denying access to attachments; it's meant a lot of valuable information over the years has vanished into the ether and put the community on the back-foot compared to other platforms in the ecosystem, which retain a wealth of available wisdom from their collective members. While it's arguable the ecosystem moves quickly and information soon becomes dated, I say yes and no. Specific questions about Intune or a version of iOS more than a couple of years old? Sure, it has an expiry due to the pace of development and change (perhaps Intune wasn't a great example for pace... heh), but a lot of information - the basics of management, approaches to security, best practices, etc. - change far less over time (just look at the docs here to see things from 2019 still relevant today), and means rewriting the same answers over and over with the Slack we have. Well, as of August, Slack will start deleting old history entirely. I've always wanted to find a way to make access to past messages, solutions, and discussions viable on Slack, even to the point of asking around for sponsorship opportunities, but it's simply not feasible, and so after months of thought and discussion between our core members, the Mobile Pros community is moving from Slack to Discord. Why Discord? Predominantly the popularity of the platform, but equally the reasonable parity of function between that and Slack to avoid it being too-jarring an experience to migrate. It goes without saying Discord has some great community features we can leverage as well, and I'm looking forward to putting these into use. On polling the existing community, Discord won out, with Rocket.Chat, Mattermost, Discourse, and others also considered, though with any community it's immeasurably important to ensure ease of access and simplicity of engagement; my concern with rolling a hosted instance of an (arguably easier to manage) FOSS community platform would be yet another account on yet another platform which I know can put people off. The Mobile Pros community has been going strong over the years and has nearly 1,900 members. While I expect to lose a few of you during the migration, I'm hopeful that most of you will join us on Discord. I know moving platforms can be a farce, but Discord is a very popular platform (far more so than when we looked at it back in 2021!) and I'm hopeful the move won't be too off-putting. The Slack Mobile Pros group will be officially shutting down come August, but engagement there is actively discouraged already as content will not be migrated over to Discord automatically (and I spent a week doing it all manually!). If you want to continue engaging with Mobile Pros or if you’ve been thinking about joining, now’s the perfect time to get involved. You can start joining our new Discord community today. Just follow this link to get started. I look forward to seeing you all there! (Oh, and for good measure, I've also pushed a static copy of Mobile Pros' Slack history to archive.mobilepros.org through the exceptionally simple tool from hfran. I was doing the work to migrate, I figured I might as well!)
- Mobile Pros is moving to Discordby Jason Bayton on July 22, 2024 at 12:00 am
Mobile Pros has been a slack group since inception, way back in the late 2010s. One of the biggest bug-bears for that platform is Slack's hostile approach to non-paying communities, withholding message history and denying access to attachments; it's meant a lot of valuable information over the years has vanished into the ether and put the community on the back-foot compared to other platforms in the ecosystem, which retain a wealth of available wisdom from their collective members. While it's arguable the ecosystem moves quickly and information soon becomes dated, I say yes and no. Specific questions about Intune or a version of iOS more than a couple of years old? Sure, it has an expiry due to the pace of development and change (perhaps Intune wasn't a great example for pace... heh), but a lot of information - the basics of management, approaches to security, best practices, etc. - change far less over time (just look at the docs here to see things from 2019 still relevant today), and means rewriting the same answers over and over with the Slack we have. Well, as of August, Slack will start deleting old history entirely. I've always wanted to find a way to make access to past messages, solutions, and discussions viable on Slack, even to the point of asking around for sponsorship opportunities, but it's simply not feasible, and so after months of thought and discussion between our core members, the Mobile Pros community is moving from Slack to Discord. Why Discord? Predominantly the popularity of the platform, but equally the reasonable parity of function between that and Slack to avoid it being too-jarring an experience to migrate. It goes without saying Discord has some great community features we can leverage as well, and I'm looking forward to putting these into use. On polling the existing community, Discord won out, with Rocket.Chat, Mattermost, Discourse, and others also considered, though with any community it's immeasurably important to ensure ease of access and simplicity of engagement; my concern with rolling a hosted instance of an (arguably easier to manage) FOSS community platform would be yet another account on yet another platform which I know can put people off. The Mobile Pros community has been going strong over the years and has nearly 1,900 members. While I expect to lose a few of you during the migration, I'm hopeful that most of you will join us on Discord. I know moving platforms can be a farce, but Discord is a very popular platform (far more so than when we looked at it back in 2021!) and I'm hopeful the move won't be too off-putting. The Slack Mobile Pros group will be officially shutting down come August, but engagement there is actively discouraged already as content will not be migrated over to Discord automatically (and I spent a week doing it all manually!). If you want to continue engaging with Mobile Pros or if you’ve been thinking about joining, now’s the perfect time to get involved. You can start joining our new Discord community today. Just follow this link to get started. I look forward to seeing you all there! (Oh, and for good measure, I've also pushed a static copy of Mobile Pros' Slack history to archive.mobilepros.org through the exceptionally simple tool from hfran. I was doing the work to migrate, I figured I might as well!)
- Avoid another CrowdStrike takedown: Two approaches to replacing Windowsby Jason Bayton on July 21, 2024 at 12:00 am
In recent days, the tech community has been grappling with the aftermath of a major outage caused by CrowdStrike. This incident resulted in significant disruptions across various enterprise Windows environments, leading to downtime and operational challenges for numerous organisations, public bodies, critical infrastructure, and more. The outage has highlighted the almost impenetrable hold Microsoft has on organisations the world over, and critically flawed Windows can be. It also highlights the importance of secure system installations, change control, and maintenance practices.. but human behaviour is harder to fix. As organisations recover and reassess their IT strategies, it's absolutely worth taking some time to consider reducing the Windows stronghold - particularly for critical services - and explore alternatives to add a little redundancy to your organisation. The below guide offers a quick and simple run-through for installing alternative operating systems on existing endpoints, be they desktop/laptop or server. Obvious heads-up This guide doesn't go into the nuances of enterprise security beyond some basic best practices. Rather, it's to offer a taste of alternatives for non-production devices for intrigued administrators, or those told by their bosses to take a few eggs out of their basket. Proceed with understanding. First up, Ubuntu # Ubuntu is widely used for both desktops and servers, and considered one of a few leading enterprise Linux distributions (others include RedHat, Suse..). Ubuntu is generally known for good compatibility with a range of devices on the market, and so makes for a nice introduction to Linux. This guide will walk you through the best practices for installing Ubuntu securely, whether setting up a workstation for knowledge workers or deploying a server for backend infrastructure. Ubuntu Desktop for knowledge workers and end users # 1. Preparing for Installation Download Ubuntu from Official Sources: Always download the latest Ubuntu ISO image from the official Ubuntu website. Verify the SHA256 checksum to ensure the integrity of the downloaded file. Create a Bootable USB: Use reliable tools like Rufus (for Windows, while you still have it eh?) or Etcher (cross-platform) to create a bootable USB drive. This ensures a clean and secure installation medium. 2. Boot from USB Drive Insert the bootable USB drive into the target device. Restart the device and boot from the USB drive. 3. Try Ubuntu Before Installing When prompted, if you'd like to have a quick test-run to ensure it boots, choose Try Ubuntu to boot into a live session. This allows you to test the system and check compatibility before installation. 4. Begin Installation Double-click the Install Ubuntu icon on the desktop to start the installation process. Installation Options: Language: Select your preferred language. Keyboard Layout: Choose the appropriate keyboard layout. Updates and Other Software: Select Download updates while installing Ubuntu to ensure that your installation is up-to-date with the latest patches. Choose Install third-party software if you need additional codecs or proprietary drivers. Installation Type: Erase Disk and Install Ubuntu: This option will delete all data on the disk and install Ubuntu. Use this if you’re setting up Ubuntu on a fresh system or replacing an existing OS. Something Else: Choose this option for custom partitioning. Recommended for advanced users who want to create separate partitions for /home, /var, /tmp, and /opt. 5. Partitioning For secure installations, it’s recommended to create separate partitions for system directories: /home: For user data. /var: For variable data such as logs. /tmp: For temporary files. /opt: For optional application software. If using LVM, choose the Use LVM with the new Ubuntu installation option for better management of disk space. Encryption: Select the option to Encrypt the new Ubuntu installation for security. This uses LUKS encryption to protect your data. 6. Complete Installation Follow the prompts to select your time zone and create a user account. After installation, remove the USB drive when prompted and reboot the device. 7. Post-Installation Configuration Update System: Immediately update your system to ensure you have the latest security patches. Use the command: sudo apt update && sudo apt upgrade -y Enable Firewall: Activate and configure the Uncomplicated Firewall (UFW) to block unnecessary incoming traffic: sudo ufw enable sudo ufw allow ssh Install Antivirus: Consider installing ClamAV or an equivalent FOSS AV to scan for malware and viruses, particularly if you interact with Windows systems. Ubuntu Server for infrastructure and userless systems # 1. Preparing for Installation Download and Verify ISO: As with the desktop version, download the latest Ubuntu Server ISO from the official source and verify its integrity. Create a Bootable USB: Use a secure method to create a bootable USB drive. 2. Configuring BIOS/UEFI Settings Secure Boot: Enable Secure Boot for added protection during the boot process. Disable Unused Hardware: While you're in BIOS, it's a good opportunity to disable unnecessary hardware to limit exposure. 3. Installation Process Minimal Installation: Choose the minimal installation option to install only essential packages. Disk Encryption: Use LVM with LUKS to encrypt your disk, ensuring data security. Custom Partitioning: Create separate partitions for /var, /tmp, and /opt to contain potential breaches. 4. Post-Installation Hardening Update System: Run system updates immediately: sudo apt update && sudo apt upgrade -y Configure Firewall: Use UFW to configure the firewall appropriately: sudo ufw allow ssh sudo ufw allow http sudo ufw allow https sudo ufw allow [your additional services] sudo ufw enable Install Fail2Ban: Protect against brute force attacks by installing and configuring Fail2Ban: sudo apt install fail2ban sudo systemctl enable fail2ban SSH Hardening: Edit the SSH configuration file (/etc/ssh/sshd_config) to enhance security: Disable root login: PermitRootLogin no Change the default port: Port 2222 (choose any unused port) Allow only specific users: AllowUsers yourusername Ensure login by password is disabled. Key based auth ensures passwords can't be guessed. 5. Regular Maintenance Automate Updates: If you haven't learned your lesson from allowing automatic updates to run amok, configure unattended upgrades to keep your system up to date automatically: sudo apt install unattended-upgrades sudo dpkg-reconfigure unattended-upgrades Monitor Logs: Regularly check system logs for suspicious activity using tools like Logwatch or setting up a SIEM system for central log intake. Next, ChromeOS Flex # Before Google acquired it, CloudReady was the leading provider of a Chromium OS-based solution that aimed to bring a lightweight, secure operating system to older hardware. Now rebranded as ChromeOS Flex, this solution continues to deliver a streamlined computing experience, particularly for repurposing outdated devices. ChromeOS Flex brings the benefits of Google's Chrome OS to a wide range of hardware, offering a modern alternative to traditional operating systems. Prerequisites # Supported Devices List Before beginning, verify that your device is compatible with ChromeOS Flex. Google maintains a list of officially supported devices on their ChromeOS Flex Supported Devices page. While ChromeOS Flex is designed to work with a broad range of hardware, checking compatibility ensures optimal performance and user experience. Unsupported (or unlisted) devices may work perfectly, or may lack functionality. Requirements USB Drive: A USB drive with at least 8GB of capacity. Backup: Ensure all important data on the target device is backed up, as the installation will erase existing data. Installation Steps # 1. Download ChromeOS Flex Visit the ChromeOS Flex website. Download the ChromeOS Flex image and follow the instructions to create a bootable USB drive. 2. Create a Bootable USB Drive Using the Chromebook Recovery Utility: Install the Chromebook Recovery Utility from the Chrome Web Store. Insert the USB drive into your computer. Open the Chromebook Recovery Utility. Click Get Started and select Chromebook or Chromebox. Click Select a model from a list, then choose Google ChromeOS Flex. Follow the prompts to create your recovery media. Using a Different Tool: Download and install a tool such as Etcher or Rufus. Select the ChromeOS Flex image file you downloaded and your USB drive. Follow the tool’s instructions to write the image to the USB drive. 3. Boot from USB Drive Insert the bootable USB drive into the target device. Power on the device and enter the BIOS/UEFI settings (usually by pressing F2, F12, ESC, or DEL during startup). Set the device to boot from the USB drive. Save the changes and reboot the device. 4. Install ChromeOS Flex Upon booting from the USB drive, you’ll be presented with a ChromeOS Flex installation screen. Follow the on-screen instructions to install ChromeOS Flex. You will be prompted to either try ChromeOS Flex or install it. Choose Install. The installation process will erase all data on the device’s internal storage. Confirm that you’ve backed up your data before proceeding. 5. Set Up ChromeOS Flex Once the installation is complete, the device will restart. Remove the USB drive when prompted. Follow the initial setup process, which includes connecting to Wi-Fi, signing in with a Google account, and configuring device settings. Best Practices and Tips # Backup Regularly: Ensure that any important data is backed up regularly, as ChromeOS Flex is designed for cloud-first usage with automatic updates and built-in security. Update Firmware: Check and update your device’s firmware to the latest version before installing ChromeOS Flex to avoid compatibility issues. Enable Developer Mode (if needed): For advanced users, enabling Developer Mode might be necessary to perform certain customisations. However, this is typically not required for most standard installations. Check Compatibility Regularly: As ChromeOS Flex evolves, periodically review the supported devices list to ensure ongoing compatibility with updates. For additional support and troubleshooting, refer to Google’s ChromeOS Flex Help Centre. Conclusion # This is somewhat tongue-in-cheek, and a little dig towards Microsoft for rolling an OS that has the potential to fail so spectacularly to make everything suck for a few days. That said, the above guide nevertheless offers a practical way to explore an alternative, especially if you’re feeling less than thrilled with the current state of Windows. Think of this article not as a comprehensive base on which to build a strategy, but rather as a chance to dip your toes into the world of alternatives. Whether you’re a knowledge worker in need of a new desktop experience or someone managing a server environment, there are secure and robust alternatives that might just be worth your time. Happy experimenting, and here’s to exploring new possibilities!
- Avoid another CrowdStrike takedown: Two approaches to replacing Windowsby Jason Bayton on July 21, 2024 at 12:00 am
In recent days, the tech community has been grappling with the aftermath of a major outage caused by CrowdStrike. This incident resulted in significant disruptions across various enterprise Windows environments, leading to downtime and operational challenges for numerous organisations, public bodies, critical infrastructure, and more. The outage has highlighted the almost impenetrable hold Microsoft has on organisations the world over, and critically flawed Windows can be. It also highlights the importance of secure system installations, change control, and maintenance practices.. but human behaviour is harder to fix. As organisations recover and reassess their IT strategies, it's absolutely worth taking some time to consider reducing the Windows stronghold - particularly for critical services - and explore alternatives to add a little redundancy to your organisation. The below guide offers a quick and simple run-through for installing alternative operating systems on existing endpoints, be they desktop/laptop or server. Obvious heads-up This guide doesn't go into the nuances of enterprise security beyond some basic best practices. Rather, it's to offer a taste of alternatives for non-production devices for intrigued administrators, or those told by their bosses to take a few eggs out of their basket. Proceed with understanding. First up, Ubuntu # Ubuntu is widely used for both desktops and servers, and considered one of a few leading enterprise Linux distributions (others include RedHat, Suse..). Ubuntu is generally known for good compatibility with a range of devices on the market, and so makes for a nice introduction to Linux. This guide will walk you through the best practices for installing Ubuntu securely, whether setting up a workstation for knowledge workers or deploying a server for backend infrastructure. Ubuntu Desktop for knowledge workers and end users # 1. Preparing for Installation Download Ubuntu from Official Sources: Always download the latest Ubuntu ISO image from the official Ubuntu website. Verify the SHA256 checksum to ensure the integrity of the downloaded file. Create a Bootable USB: Use reliable tools like Rufus (for Windows, while you still have it eh?) or Etcher (cross-platform) to create a bootable USB drive. This ensures a clean and secure installation medium. 2. Boot from USB Drive Insert the bootable USB drive into the target device. Restart the device and boot from the USB drive. 3. Try Ubuntu Before Installing When prompted, if you'd like to have a quick test-run to ensure it boots, choose Try Ubuntu to boot into a live session. This allows you to test the system and check compatibility before installation. 4. Begin Installation Double-click the Install Ubuntu icon on the desktop to start the installation process. Installation Options: Language: Select your preferred language. Keyboard Layout: Choose the appropriate keyboard layout. Updates and Other Software: Select Download updates while installing Ubuntu to ensure that your installation is up-to-date with the latest patches. Choose Install third-party software if you need additional codecs or proprietary drivers. Installation Type: Erase Disk and Install Ubuntu: This option will delete all data on the disk and install Ubuntu. Use this if you’re setting up Ubuntu on a fresh system or replacing an existing OS. Something Else: Choose this option for custom partitioning. Recommended for advanced users who want to create separate partitions for /home, /var, /tmp, and /opt. 5. Partitioning For secure installations, it’s recommended to create separate partitions for system directories: /home: For user data. /var: For variable data such as logs. /tmp: For temporary files. /opt: For optional application software. If using LVM, choose the Use LVM with the new Ubuntu installation option for better management of disk space. Encryption: Select the option to Encrypt the new Ubuntu installation for security. This uses LUKS encryption to protect your data. 6. Complete Installation Follow the prompts to select your time zone and create a user account. After installation, remove the USB drive when prompted and reboot the device. 7. Post-Installation Configuration Update System: Immediately update your system to ensure you have the latest security patches. Use the command: sudo apt update && sudo apt upgrade -y Enable Firewall: Activate and configure the Uncomplicated Firewall (UFW) to block unnecessary incoming traffic: sudo ufw enable sudo ufw allow ssh Install Antivirus: Consider installing ClamAV or an equivalent FOSS AV to scan for malware and viruses, particularly if you interact with Windows systems. Ubuntu Server for infrastructure and userless systems # 1. Preparing for Installation Download and Verify ISO: As with the desktop version, download the latest Ubuntu Server ISO from the official source and verify its integrity. Create a Bootable USB: Use a secure method to create a bootable USB drive. 2. Configuring BIOS/UEFI Settings Secure Boot: Enable Secure Boot for added protection during the boot process. Disable Unused Hardware: While you're in BIOS, it's a good opportunity to disable unnecessary hardware to limit exposure. 3. Installation Process Minimal Installation: Choose the minimal installation option to install only essential packages. Disk Encryption: Use LVM with LUKS to encrypt your disk, ensuring data security. Custom Partitioning: Create separate partitions for /var, /tmp, and /opt to contain potential breaches. 4. Post-Installation Hardening Update System: Run system updates immediately: sudo apt update && sudo apt upgrade -y Configure Firewall: Use UFW to configure the firewall appropriately: sudo ufw allow ssh sudo ufw allow http sudo ufw allow https sudo ufw allow [your additional services] sudo ufw enable Install Fail2Ban: Protect against brute force attacks by installing and configuring Fail2Ban: sudo apt install fail2ban sudo systemctl enable fail2ban SSH Hardening: Edit the SSH configuration file (/etc/ssh/sshd_config) to enhance security: Disable root login: PermitRootLogin no Change the default port: Port 2222 (choose any unused port) Allow only specific users: AllowUsers yourusername Ensure login by password is disabled. Key based auth ensures passwords can't be guessed. 5. Regular Maintenance Automate Updates: If you haven't learned your lesson from allowing automatic updates to run amok, configure unattended upgrades to keep your system up to date automatically: sudo apt install unattended-upgrades sudo dpkg-reconfigure unattended-upgrades Monitor Logs: Regularly check system logs for suspicious activity using tools like Logwatch or setting up a SIEM system for central log intake. Next, ChromeOS Flex # Before Google acquired it, CloudReady was the leading provider of a Chromium OS-based solution that aimed to bring a lightweight, secure operating system to older hardware. Now rebranded as ChromeOS Flex, this solution continues to deliver a streamlined computing experience, particularly for repurposing outdated devices. ChromeOS Flex brings the benefits of Google's Chrome OS to a wide range of hardware, offering a modern alternative to traditional operating systems. Prerequisites # Supported Devices List Before beginning, verify that your device is compatible with ChromeOS Flex. Google maintains a list of officially supported devices on their ChromeOS Flex Supported Devices page. While ChromeOS Flex is designed to work with a broad range of hardware, checking compatibility ensures optimal performance and user experience. Unsupported (or unlisted) devices may work perfectly, or may lack functionality. Requirements USB Drive: A USB drive with at least 8GB of capacity. Backup: Ensure all important data on the target device is backed up, as the installation will erase existing data. Installation Steps # 1. Download ChromeOS Flex Visit the ChromeOS Flex website. Download the ChromeOS Flex image and follow the instructions to create a bootable USB drive. 2. Create a Bootable USB Drive Using the Chromebook Recovery Utility: Install the Chromebook Recovery Utility from the Chrome Web Store. Insert the USB drive into your computer. Open the Chromebook Recovery Utility. Click Get Started and select Chromebook or Chromebox. Click Select a model from a list, then choose Google ChromeOS Flex. Follow the prompts to create your recovery media. Using a Different Tool: Download and install a tool such as Etcher or Rufus. Select the ChromeOS Flex image file you downloaded and your USB drive. Follow the tool’s instructions to write the image to the USB drive. 3. Boot from USB Drive Insert the bootable USB drive into the target device. Power on the device and enter the BIOS/UEFI settings (usually by pressing F2, F12, ESC, or DEL during startup). Set the device to boot from the USB drive. Save the changes and reboot the device. 4. Install ChromeOS Flex Upon booting from the USB drive, you’ll be presented with a ChromeOS Flex installation screen. Follow the on-screen instructions to install ChromeOS Flex. You will be prompted to either try ChromeOS Flex or install it. Choose Install. The installation process will erase all data on the device’s internal storage. Confirm that you’ve backed up your data before proceeding. 5. Set Up ChromeOS Flex Once the installation is complete, the device will restart. Remove the USB drive when prompted. Follow the initial setup process, which includes connecting to Wi-Fi, signing in with a Google account, and configuring device settings. Best Practices and Tips # Backup Regularly: Ensure that any important data is backed up regularly, as ChromeOS Flex is designed for cloud-first usage with automatic updates and built-in security. Update Firmware: Check and update your device’s firmware to the latest version before installing ChromeOS Flex to avoid compatibility issues. Enable Developer Mode (if needed): For advanced users, enabling Developer Mode might be necessary to perform certain customisations. However, this is typically not required for most standard installations. Check Compatibility Regularly: As ChromeOS Flex evolves, periodically review the supported devices list to ensure ongoing compatibility with updates. For additional support and troubleshooting, refer to Google’s ChromeOS Flex Help Centre. Conclusion # This is somewhat tongue-in-cheek, and a little dig towards Microsoft for rolling an OS that has the potential to fail so spectacularly to make everything suck for a few days. That said, the above guide nevertheless offers a practical way to explore an alternative, especially if you’re feeling less than thrilled with the current state of Windows. Think of this article not as a comprehensive base on which to build a strategy, but rather as a chance to dip your toes into the world of alternatives. Whether you’re a knowledge worker in need of a new desktop experience or someone managing a server environment, there are secure and robust alternatives that might just be worth your time. Happy experimenting, and here’s to exploring new possibilities!
- Introducing MANAGED SETTINGSby Jason Bayton on July 4, 2024 at 12:00 am
I've been supporting customers on their modern Android management journeys for several years now, and as you can imagine, the more customers you engage with, the more you notice patterns and friction points that resurface time and time again. For me, having access to system settings from within kiosk environments is one such example of those friction points, and one of the first projects for 2024 I opted to undertake after launching my QR code generator last year. Don't get me wrong, plenty of vendors in the ecosystem have Kiosk/launcher applications that will offer a solution from within their own applications, AirWatch/WS1 UEM's launcher & Knox Manage kiosk are some of the several examples of these. Recently though, and particularly with the surge of AMAPI based EMM platforms, it's become increasingly clear many do not. So, I went about designing a relatively straightforward answer - MANAGED SETTINGS. What is it? # MANAGED SETTINGS is a simple app that provides end users the ability to launch settings intents. This isn't a new concept; searching Google Play brings up many such apps. The key differentiator with MANAGED SETTINGS is the ability to toggle these various intents on and off based on the specific requirements of an organisation through managed config (and thus, the name was born). Out of the box I've aimed to support as many intents as is reasonable, omitting only those which are troublesome to support (i.e those commonly adjusted from the behaviour of AOSP across OEMs) or likely not to see any use, but over time more will be added, so too will custom intent support, allowing organisations to leverage OEM-specific intents with their managed estate without relying on me to implement and support them. As an added bonus, organisations that struggle to document and/or support the unique and sometimes confusing layouts of OEM-customised settings applications across both their company owned and personally owned estates, are able now to deploy one consistent settings app to everything. Building your documentation around an agnostic, standardised application makes the whole process quicker and more straightforward for all involved. MANAGED SETTINGS works across fully managed, dedicated, and work profile devices. When can I get it? # I'm releasing MANAGED SETTINGS as a free application on Google Play, available today. In spite of its simplicity, a lot of time and effort has been put into this, so if you'd like to support the continued development of projects like this for the betterment of the Android Ecosystem, I'm offering a licensed upgrade for MANAGED SETTINGS which offers (currently) basic customisation of the in-app experience. In an upcoming release this will extend to theming to allow organisations the option of setting a colour scheme for the MANAGED SETTINGS app that'll enable closer alignment to the organisation's brand - but I want to ensure there's demand for that before I commit to it 🙂 Get it here: If you're interested in learning more, visit the project page for an in-depth overview, support docs, and other resources. Setting expectations for support # Though I've done my best to support the breadth of Settings intents across most major Android OEMs and recent Android versions, it's well known that sometimes intents just don't work, or the OEM Settings application in general causes issues. APN is a good example of an intent that'll work on some devices, but inexplicably fails (or gives permission issues) due to the way OEMs have implemented their telephony stack. I have multiple fallbacks implemented where possible to overcome some instances where an adjusted call is required, but I don't have the resources to test every device on the market. Interestingly, tablet devices with split-screen Settings app implementations are also far more likely to inadvertently expose additional device settings due to how they're designed, and unfortunately I can't do anything to combat that. I'm more than happy to work with organisations finding issues with certain intents, and if I can resolve them I absolutely will. To touch on EMM support as well, the managed config implementation is quite basic and should be supported by all major vendors without issue, certainly confirmed so far through my testing. That said, if your vendor isn't working correctly, I'm happy to get to the bottom of it. Feel free to reach out to debug, and I hope you find MANAGED SETTINGS useful for your managed Android estate!
![HE4bGNln_400x400](https://sp-ao.shortpixel.ai/client/to_auto,q_glossy,ret_img,w_150,h_150/https://blog.eucse.com/wp-content/uploads/2019/05/HE4bGNln_400x400.jpg)
Brooks Peppin's Blog Managing Windows in the Modern Workplace
- How to Create a no-prompt bootable WinPE ISO – Crowdstrike Fixby Brooks Peppin on July 20, 2024 at 8:33 pm
With the massive Crowdstrike outage this week, we looked for a way to automate fixing virtual machines in our environment. Since our VMs were not ... Read more
- A Beginners Guide to Azure AD Join – Everything you Need to Knowby Brooks Peppin on April 26, 2023 at 6:58 pm
Welcome to the beginner’s guide to Azure AD join! As businesses increasingly rely on cloud-based solutions, Azure Active Directory has become an essential tool for ... Read more
- Understanding Windows Feature Updates in Microsoft Intuneby Brooks Peppin on December 19, 2022 at 10:07 pm
Deploying Windows 10/11 feature updates with Microsoft Intune is much simpler than traditional methods. You no longer have to “push” out the full patch or ... Read more
- Intune vs. Workspace ONE: 15 Pros and Cons (2022 Edition)by Brooks Peppin on October 17, 2022 at 4:53 pm
Microsoft Intune and VMware Workspace ONE are both industry-leading Unified Endpoint Management (UEM) solutions. If you look at any Gartner Magic Quadrant chart from the ... Read more
- How to Fix Hybrid Azure AD Join Error 0x801c005b: error_computer_signature_check_failureby Brooks Peppin on September 30, 2022 at 12:34 am
Seeing error 0x801c005b alongside error_computer_signature_check_failure when attempting to Hybrid Azure AD join your Windows devices? This error will prevent the hybrid join process from completing. ... Read more
![Daz_2012_B_W_400x400](https://sp-ao.shortpixel.ai/client/to_auto,q_glossy,ret_img,w_150,h_150/https://blog.eucse.com/wp-content/uploads/2019/05/Daz_2012_B_W_400x400.png)
Many Miles Away Helping you succeed with end user computing technologies
- Implementing Workspace ONE Relay Server Cloud Connectors (RSCC) with an existing Pull Relay...by Darryl Miles on June 1, 2024 at 2:09 am
The Workspace ONE UEM Relay Server Cloud Connector (RSCC) is a hybrid solution that pulls content (products only) from a … More
- Setting up a Workspace ONE UEM Relay Server for Android Rugged devicesby Darryl Miles on May 24, 2024 at 3:38 am
A Workspace ONE relay server acts as a middleman in distributing content within a Workspace ONE UEM environment to Android … More
- Enabling Advanced Device Telemetry for mobile devices through Workspace ONE Intelligence SDKby Darryl Miles on May 16, 2024 at 11:07 am
Spotting what’s causing a bad experience for mobile workers starts with a deep dive into device problems. The latest Workspace … More
- Enabling Shared Device Mode (SDM) for Microsoft Entra ID Conditional Access Policiesby Darryl Miles on April 30, 2024 at 12:17 am
In August 2023, Workspace ONE UEM extended conditional access capabilities for Microsoft Entra ID (formerly Microsoft Azure Active Directory) with … More
- How to deploy macOS PaperCut using Workspace ONEby Darryl Miles on April 14, 2024 at 2:46 am
PaperCut is used by businesses and organizations to track, control, and optimize their printing. PaperCut MF allows businesses to set … More
![dySI-vUS_400x400](https://sp-ao.shortpixel.ai/client/to_auto,q_glossy,ret_img,w_150,h_150/https://blog.eucse.com/wp-content/uploads/2020/08/dySI-vUS_400x400.jpeg)
Sam Akroyd. Thoughts on Tech
- Frigate, Home Assistant and AIby Sam Akroyd on July 23, 2024 at 8:34 am
So if you’ve seen the first blog on Frigate NVR and Home Assistant, and you’ve followed along –…
- Security Cameras in Home Assistant with Frigateby Sam Akroyd on July 16, 2024 at 12:43 pm
Home security systems are common-place nowadays, and smart cameras are even more common with the advent of Ring…
- Smart Lighting in Home Assistantby Sam Akroyd on July 9, 2024 at 12:22 pm
We’ve walked through the build of Home Assistant, we’ve talked through the basics, now let’s focus a little…
- Home Assistant – Building a Dashboardby Sam Akroyd on July 1, 2024 at 12:00 pm
Home Automation is great, especially when it works seemlessly using your voice as a command or a sensor…
- Home Automation: The Networkby Sam Akroyd on June 18, 2024 at 8:22 am
With Home Automation brings devices…. lots of devices. If you have a tonne of Zigbee or Z-Wave devices,…
![0](https://sp-ao.shortpixel.ai/client/to_auto,q_glossy,ret_img,w_150,h_150/https://blog.eucse.com/wp-content/uploads/2019/10/0.jpeg)
- Workspace ONE UEM Sensors and custom Registry valuesby techhub981158167 on June 10, 2024 at 12:58 pm
I had a customer enquiry recently where they were looking to pull some custom fields from a device to identify a device location, well at least where it was deployed, as well as come custom tags and other information they associate with a device at the time of deployment. If you have used Workspace ONE … Continue reading Workspace ONE UEM Sensors and custom Registry values →
- VMware App Volumes Apps on Demandby techhub981158167 on January 8, 2024 at 3:26 pm
There are plenty of articles explaining what VMware App Volumes Apps on Demand are and the benefits, for example https://www.vmware.com/uk/topics/glossary/content/apps-on-demand.html. This video demonstrates how quick and east it is to associate an App Volumes Server with an RDS Host in VMware Horizon and subsequently deliver a package using Apps on Demand.
- End of Yearby techhub981158167 on December 20, 2023 at 10:14 am
When I started this blog and YouTube channel a few years back I never really had a target other than to share any tips, tricks, information and how to for various EUC products. It’s always nice to see the end of year stats and know that people are looking at your content. Diving into the … Continue reading End of Year →
- The next phase of Workspace ONE UEM Sensorsby techhub981158167 on December 8, 2023 at 11:14 am
Earlier this year I wrote a blog article about using ChatGPT to write PowerShell scripts that could be used in Workspace ONE UEM to create Sensors. This works fine, but bear in mind that ChatGPT created PowerShell scripts for me based on best endeavours, there is no guarantee they would work or would not contain … Continue reading The next phase of Workspace ONE UEM Sensors →
- Workspace ONE UEM and Windows Multi Userby techhub981158167 on August 23, 2023 at 3:48 pm
Multi User or Shared Device, if you want to look at it that way, is something that has been supported with VMware Workspace ONE UEM but more so for Mobile Operating Systems rather than Windows. VMware has received feedback from several customers on wanting to be able to support a Windows Multi User use case. … Continue reading Workspace ONE UEM and Windows Multi User →
![0](https://sp-ao.shortpixel.ai/client/to_auto,q_glossy,ret_img,w_150,h_150/https://blog.eucse.com/wp-content/uploads/2019/05/0-2.jpeg)
Thomas Cheng Welcome to my digital home!
- Proofpoint Certified Insider Threat Specialist Course 3 – A Day in the Life of an Insider Threat...by techiecheng on March 29, 2023 at 8:38 pm
Proofpoint recently released a three-part training webinar on identifying and mitigating insider threats. By viewing and taking the exam after all the sessions, Proofpoint will award you with a certificate. This post will recap what I learned in course 3 of this series.
- Proofpoint Certified Insider Threat Specialist Course 2: Building a Successful Insider Threat...by techiecheng on March 29, 2023 at 6:59 pm
Proofpoint recently released a three-part training webinar on identifying and mitigating insider threats. By viewing and taking the exam after all the sessions, Proofpoint will award you with a certificate. This post will recap what I learned in course 2 of this series.
- Proofpoint Certified Insider Threat Specialist Course 1 – Getting Started with Insider Threatsby techiecheng on March 26, 2023 at 4:47 am
Proofpoint recently released a three-part training webinar on identifying and mitigating insider threats. By viewing and taking the exam after all the sessions, Proofpoint will award you with a certificate. This post will recap what I learned in course 1 of this series.
- ‘Invalid credentials. Try again.’ when signing onto Workspace ONE UEM console with Active...by techiecheng on September 23, 2022 at 4:00 pm
Awhile back, I wrote a post on the error when signing into UEM with my AD credential. “Please contact Administrator” when signing onto Workspace ONE UEM console version with Active Directory credential Today, I got a different error when signing in with my AD credential to our shared SaaS/sandbox CN135: ‘Invalid credentials. Try again.’ I
- The true beauty of the Apple Beta Software Programby techiecheng on June 6, 2022 at 4:00 pm
Throughout the years, I’ve written many blog posts related to iOS update. Prevent users from installing iOS beta software in VMware Workspace ONE UEM by AirWatch Managing iOS update with Workspace ONE UEM Schedule iOS Update with VMware AirWatch Stop iOS update on its track with VMware AirWatch iOS 12.2 is here and how it
![zHI_oCxo_200x200](https://sp-ao.shortpixel.ai/client/to_auto,q_glossy,ret_img,w_150,h_150/https://blog.eucse.com/wp-content/uploads/2019/05/zHI_oCxo_200x200.jpeg)
VirtuallyUnboxed Lifting the lid on everything virtual
- End of support for vSphere 6.5.x and 6.7.xby virtuallyunboxed on October 20, 2022 at 4:31 pm
In case you missed it, last week marked the end of general support for vSphere 6.5 and 6.7. This is the same regardless of whether you were using it for data centre services or EUC services like Horizon.
- Desktop Repurposing v4by virtuallyunboxed on October 20, 2022 at 4:23 pm
This year, myself and Matt Evans joined forced again, along with newcomer, Jonathan D'arcy to review some of the best desktop repurposing tools on the market. As with previous years we reviewed imaging and performance. However, this year we also took a look at the accompanying management solutions.
- VMware SASE and Cloud Web Securityby virtuallyunboxed on January 22, 2022 at 3:11 pm
Let's start with the basics! SASE is a Gartner term and is an abreviation of Secure Access Service Edge. Still not much help right? Well lets start explaining this by looking at how people typically work, espeically remotely, and how their traffic is secured. Most of you that ever work remotely will most likely use a device level VPN. This uses software on your device to create a tunnel into your company data centre and allows you to remotely access internal resources. This is how most companies have done it for many years, and it really dates back to the days when all a companies resources were in their own data centre. Tunnelling all the traffic back into the data centre was the perfect way to reach everything a remote user would need.
- Workspace ONE UEM and Workspace ONE Access Integration for Hub Servicesby virtuallyunboxed on March 2, 2021 at 4:06 pm
I know there are a lot of SaaS customers out there who have only been using basic MDM functionality within Workspace ONE. The platform has moved on a lot in the last few years and if you haven't already seen it i strongly suggest you check out hub services. This takes the Workspace ONE agent that is used for device management and adds additional functionality to the application such as a unified app catalogue, people search and a notifications platform to name but a few!
- Workspace ONE Access FIDO2 integrationby virtuallyunboxed on February 19, 2021 at 2:33 pm
As of this month (Feb 2021) All Workspace ONE Access SaaS tenants, now supports FIDO2 as an authentication method. So, I thought i'd put together a short video showing how easy it is to configure it and some different device types using the solution.
![h9poSusu_400x400](https://sp-ao.shortpixel.ai/client/to_auto,q_glossy,ret_img,w_150,h_150/https://blog.eucse.com/wp-content/uploads/2020/08/h9poSusu_400x400.jpg)
Mobile Jon's Blog My WordPress Blog
- Using Intune Remediations to Address Massive CrowdStrike Outageby [email protected] on July 19, 2024 at 3:04 pm
CrowdStrike faces a major outage due to a driver channel file causing widespread BSOD. Intune scripts detect and remove problematic files. Intune can also enable users to self-service BitLocker keys. Conditional Access can control key access and Audit Logs can monitor key usage. Compliance ensures key access from compliant devices only.
- Windows 365 Powering your Business Continuity and Disaster Recovery Plansby mobilejon on July 15, 2024 at 4:00 am
Since COVID, focus has been on BCP and DR. Windows 365 now offers new capabilities like Cross Region Disaster Recovery, Enterprise State Roaming, and Cloud PC resiliency. These features ensure 99.9% uptime, RPO of ~0, and easy activation and deactivation of fallback devices. The new DR feature costs $4.50/user.
- Fixing Issues with Add-ins and Office Apps Security Baselinesby mobilejon on July 8, 2024 at 4:01 am
This article explores the importance of Microsoft Word security policies and the issues that can arise with Office security baselines. It covers challenging settings such as add-in signing and trust bar notifications, and provides a solution using Microsoft Intune to address trusted publisher issues. Proper implementation of security baselines is emphasized to avoid potential problems.
- Moving Toward a Passwordless World: Powered by Temporary Access Passes and Passkeysby mobilejon on June 27, 2024 at 3:48 am
The article discusses the concept of Temporary Access Passes (TAP) as an alternative to passwords for authentication. It covers the configuration of TAP, its use during onboarding, and for web-based sign-in. The author recommends using TAP to enroll in Microsoft Authenticator and activate passkeys for a seamless and secure user experience.
- Windows 11 Best Practices Part Four: User Experienceby mobilejon on June 17, 2024 at 4:00 am
This multi-part series on Windows 11 best practices has covered onboarding, security, and advanced security. Part 4 delves into user experiences, addressing Windows Hello for Business with Cloud Kerberos Trust, OneDrive best practices, Microsoft Edge configuration, user password solutions, 3rd party ADMX integrations with Intune, self-service password reset, and Office 365 cloud app policies. These components aim to enhance the end user's experience.
VMware | Digital Workspace Tech Zone Go from zero to hero with the latest technical resources on the VMware Digital Workspace Tech Zone.
- Privileged Access Workstationby Graeme Gordon on July 24, 2024 at 12:39 pm
The Privileged Access Workstation document outlines a strategy for securing access to privileged applications that can be achieved using Omnissa Workspace ONE and Omnissa Horizon. A Privileged Access Workstation deployment uses the concept of zones to secure traffic and access before allowing traffic to enter the next zone. It also enables the user to move between security classifications within the organization in a secure manner.
- Distributing Microsoft Office Apps to macOS Devices with Workspace ONE UEMby Michael Bradley on July 23, 2024 at 8:37 pm
In this walkthrough, we'll demonstrate how to distribute Microsoft Office apps to macOS devices using volume purchase licenses in Apple Business Manager and Workspace ONE UEM.
- Guided Tour: Using the Guided Root Cause Analysis Tool in Workspace ONE Experience Managementby Caroline Arakelian on July 23, 2024 at 7:58 pm
From a list of Experience Management insights about the devices in your company, you can drill down on an incident, such as OS crashes on a particular day, and find a ranked list of the top most probable root causes.
- Guided Tour: Horizon Cloud Power Managementby Caroline Arakelian on July 23, 2024 at 7:52 pm
Learn how provisioning settings and power management settings work together to ensure that the resources you're paying for match the resources you're actually using.
- Enabling BitLocker Encryption to Remote Windows Devices: Workspace ONE Operational Tutorialby Graeme Gordon on July 22, 2024 at 4:47 pm
This tutorial shows you how to configure remote encryption for your Windows devices with Workspace ONE UEM. Learn how to configure a BitLocker Encryption profile, explore Workspace ONE UEM device compliance and remediation actions, and explore how to create reports, dashboards, and automated actions with Workspace ONE Intelligence.
- Introducing Omnissa Workspace ONE Mobile Threat Defense Dual Enrollmentby Andreano Guedes Rocha on July 22, 2024 at 11:57 am
We're excited to announce Workspace ONE Mobile Threat Defense Dual Enrollment which provides full protection for devices with Android work profiles. Give your IT department control over threats in both personal and work areas, and safeguard against application and phishing threats on employees' personal devices.
- Securing your Endpoints with Workspace ONE Intelligence Risk Scoringby Yan Luo on July 17, 2024 at 5:06 pm
Workspace ONE Intelligence provides robust risk scoring to enhance security by evaluating user and device behaviors. It dynamically assesses risk levels, offering insights through an intuitive dashboard and facilitating proactive threat mitigation.
- Automating Application Management with Freestyle Orchestrator in Omnissa Intelligenceby Michael Bradley on July 16, 2024 at 2:02 pm
Omnissa Intelligence empowers organizations with comprehensive insights and analytics by integrating data from various sources within their digital workspace. And, with Freestyle Orchestrator, Intelligence offers administrators the ability to accelerate IT tasks and issue resolution using automation.
- Configuring macOS Platform SSO Using Okta and Workspace ONE UEMby Michael Bradley on July 16, 2024 at 12:47 pm
This tutorial takes you through the steps to configure the device profile required to implement Okta as the IdP for Platform SSO 2.0 on your macOS devices.
- Distributing Scripts to macOS Devices: Workspace ONE Operational Tutorialby Michael Bradley on July 15, 2024 at 5:25 pm
This tutorial covers how to deploy scripts to macOS devices using the Scripts resource within Workspace ONE UEM. The tutorial will also offer an alternative method for delivering scripts as payload-free packages for customers who are not licensed to use the Scripts resource.
- Using Apple Automated Device Enrollment with Workspace ONE UEMby Michael Bradley on July 15, 2024 at 5:21 pm
This tutorial provides an overview of the features of Apple’s Automated Device Enrollment and takes you through the steps required to integrate Automated Device Enrollment with Workspace ONE UEM.
- Blocking Unwanted Apps on Managed iOS Devicesby Michael Bradley on July 15, 2024 at 5:13 pm
The Blocking Unwanted Apps on Managed iOS Devices operational tutorial guides you through the process of using Workspace ONE to restrict malicious and unauthorized applications on iOS devices.
- Getting Started with Apple Vision Pro in Workspace ONE UEMby Kat Orta on July 15, 2024 at 5:05 pm
This guide outlines the steps to integrate Workspace ONE with Apple Vision Pro, facilitating centralized device management, secure browsing, email management, access to corporate content, secure connectivity to enterprise networks, and interaction with virtual desktops and applications to optimize productivity on visionOS devices.
- Using Workspace ONE to Manage Operating System Updates on macOS Devicesby Michael Bradley on July 15, 2024 at 4:59 pm
Read this tutorial to configure and deploy macOS updates to your devices using macOS Update Management in Workspace ONE UEM. That includes learning how Workspace ONE UEM handles conflicting updates for macOS, creating a software update device profile to control the behavior of the macOS native Software Update utility, creating a smart group to use for assigning updates to macOS devices, and more!
- A Primer on Declarative Device Management for Apple Devicesby Michael Bradley on July 15, 2024 at 3:24 pm
This tutorial will serve as an introduction to Apple’s new Declarative Device Management methodology and will discuss how Workspace ONE UEM is changing to incorporate this new paradigm in device management.
- Managing iOS Updates: Workspace ONE Operational Tutorialby Michael Bradley on July 15, 2024 at 3:16 pm
The Managing iOS Updates operational tutorial details how to effectively use the iOS update framework in Omnissa Workspace ONE UEM to keep iOS devices up-to-date.
- Managing Updates with the macOS Updater Utility: Workspace ONE Operational Tutorialby Michael Bradley on July 15, 2024 at 3:10 pm
The macOS Updater Utility was created by subject matter experts within Omnissa to extend the functionality of Workspace ONE UEM. This utility grants administrators enhanced control over major and minor OS updates, offering configuration options for deferral parameters, user notifications, and customization of messages to end users.
- Onboarding Options for macOS: Workspace ONE Operational Tutorialby Michael Bradley on July 15, 2024 at 3:02 pm
This tutorial discusses the different enrollment workflows available in Workspace ONE UEM and provides IT admins with the knowledge required to make informed decisions about macOS device onboarding.
- Using Intelligent Hub hubcli to Manage macOS Updatesby Michael Bradley on July 15, 2024 at 2:52 pm
Workspace ONE UEM provides a comprehensive management solution for macOS devices, supporting operating systems version 10.15 and later. This guide explains how to configure Software Update utility settings, such as installing updates, deciding which updates to install and how often to check for updates, and setting up restart behaviors such as force restart, allow deferrals, max number of deferrals, and so on.
- Troubleshooting macOS Management: Workspace ONE Operational Tutorialby Michael Bradley on July 15, 2024 at 2:34 pm
In this tutorial, learn how to troubleshoot macOS features in a Workspace ONE UEM environment. Procedures include parsing the Unified Log, validating console settings, and deploying profiles that aid troubleshooting.
VMware Workspace ONE The un-official subreddit for VMware Workspace ONE. I recently started learning/managing Workspace One for the company I work for, I came to reddit to find others and saw that there wasn’t a community, so I started one. Our discord is here https://discord.gg/Zhr3TqMMf6
- Managing Device OS updatesby /u/evilteddibare on July 26, 2024 at 2:22 am
How do you guys manage/deploy iOS updates? I'm in the process of trying to figure out the best method right now. Do you use the device update utility on the WS1 console? Intelligence freestyle workflow? Which has a schedule os update action as well. How do you handle kiosk devices in single app mode that are not connected to Wi-Fi and only have cellular data? if you have any feedback or tips I'd be very grateful! 🙏 submitted by /u/evilteddibare [link] [comments]
- Problem installing ne version of app via Admin Assistant (MacOS)by /u/Working_Painter_9920 on July 25, 2024 at 2:29 pm
I'm trying to update VMWare Horizon on my MacBooks, but every time I try to add the new version in Admin Assistant it tells me it already exists, even though it's a new version. I can't delete our current version to even see if that helps because it would through everyone out of working. Since my users keep getting notified there is a new version and it is requiring Admin credentials it's creating a huge problem. Any assistance would be great. submitted by /u/Working_Painter_9920 [link] [comments]
- ldap login for macOSby /u/mrtzdmr on July 25, 2024 at 9:24 am
Hello everyone, I want my macOS devices to be logged in with LDAP via Workspaceone. I already have macOS devices registered and managed in Workspaceone. I couldn't find any good resources on the internet. I think I can SSO this. But I couldn't find an article. I am currently using Workspace UEM cloud version. Thanks in advance for your answers. submitted by /u/mrtzdmr [link] [comments]
- Intelligent Hub Syncby /u/richardmartinjmp on July 25, 2024 at 6:11 am
what is the general practice to make end users to sync their devices ? Manual sync? Automatic through UEM Any script involved to trigger the sync ? submitted by /u/richardmartinjmp [link] [comments]
- Omnissa pitchby /u/CryptoPersia on July 24, 2024 at 2:17 pm
How’s been everyone’s experience with all the changes? Any concerns of typical PE behavior with WS1? submitted by /u/CryptoPersia [link] [comments]
- Google Play Service Errorby /u/chiwepau on July 24, 2024 at 1:12 pm
After updating TC52 devices to Android 11 from 10.0.0 and 8.1.0 - we are getting "google play services keeps stopping" on the Zebra Device. The fix is to update the google play service on the Play Store however this will be a big manual process. Anyway we can update the google play service using an xml script or some automation. I have an xml script to clear cache but I'm not sure if this can be altered to update the application; <wap-provisioningdoc> <characteristic type="AppMgr" version="8.0" > <parm name="Action" value="ClearApplicationCache"/> <parm name="Package" value="com.google.android.gms"/> </characteristic> </wap-provisioningdoc> submitted by /u/chiwepau [link] [comments]
- Removed AppStore - Users can't install Appsby /u/ContentAd5010 on July 24, 2024 at 11:52 am
Hi all, we have an issue where we had to remove the appstore and force users to download from our company app store but some users with new Apple ID accounts get a pop up 'This Apple Account has not yet been used in the Itunes Store, then when tapping review we get an error and I think that is because we have removed the AppStore. Any suggestions without having to re-enable the AppStore? submitted by /u/ContentAd5010 [link] [comments]
- content locker failes to up-and download since uem upgrade (on-prem)by /u/dev-snapshot on July 24, 2024 at 9:15 am
hi there, after the upgrade from uem 23.06 to uem 23.10.2x with uag 23.10 and 23.12 running for different content locker deployments fails to download files. upload works for some users, sometimes. problem is presistent on android and ios. the smb shares are netapp based, so the needed boolean aw.fileshare.jcifs.active = true is set in both uem content locker settings. and it worked till the upgrade to 23.10. while upgradeing the public certificate was also changed on all needed uem and uag settings, also included in uag content gateway seetings trusted certificates maybe someone has an idea why we get a sudden 401 error uag logs shows: Error status code 401 UNAUTHORIZED for GET request with URI https://DOMAIN-REPLACED/Content/ContentHandler.ashx?data=ukCwePCb%2BR2ynu4mmHRgdc2wpwRxnaWNjeAqCHAcjvYKkdEz%2Fidma5Dgjs6kP7Lwwm%2Fsa..... . Reason: com.vmware.enterprise.content.protocol.UnauthorizedAccessException: null 11:21:01.706 [vert.x-eventloop-thread-0] 03851748790117215059 ERROR io.vertx.core.impl.ContextBase - Unhandled exception java.lang.NoSuchMethodError: 'io.vertx.rxjava.core.http.HttpServerResponse io.vertx.rxjava.core.http.HttpServerResponse.write(io.vertx.rxjava.co re.buffer.Buffer)' submitted by /u/dev-snapshot [link] [comments]
- Hub Servicesby /u/richardmartinjmp on July 24, 2024 at 4:54 am
Hub Services Action items not visible on intelligent Hub even though enabled from Hub services . Any inputs ? submitted by /u/richardmartinjmp [link] [comments]
- Boxer issue with image in email bodyby /u/Impressive-Gas-4630 on July 23, 2024 at 9:08 am
when i have a image on the body not attachment just a image on the body of the email is shown the header of the photo only on the ios phones . can anyone help me on this? submitted by /u/Impressive-Gas-4630 [link] [comments]
- In what scenarios would we use DEPNotify? Is there something built in Workspace One to make apps available to a user based on role/department? What’s the best way to handle this?by /u/NoExpert3980 on July 23, 2024 at 3:12 am
submitted by /u/NoExpert3980 [link] [comments]
- How do you think the Crowdstrike and Microsoft 365 chaos will affect future decisions for companies regarding device managementby /u/Standard-Image-0405 on July 19, 2024 at 8:25 pm
View Poll submitted by /u/Standard-Image-0405 [link] [comments]
- App publishby /u/Impressive-Gas-4630 on July 18, 2024 at 7:32 am
I made an user group is assign to smart group to install office apps . Word and excel.and powerpoint it works only for word.app . When i made the assignments gives me an empty with any deivces oppsite the word app one show me the device.i will push the app to them . submitted by /u/Impressive-Gas-4630 [link] [comments]
- Action for inactive users - workflow workspace oneby /u/Hungry_Job7549 on July 17, 2024 at 1:55 pm
Hello , can we do any workflow from workspace one for inactive users like not allowing users to login to device , removing access to office apps , removing device certificates etc . submitted by /u/Hungry_Job7549 [link] [comments]
- Wrong QR code ask your it admin for the correct codeby /u/Living-Confidence228 on July 16, 2024 at 9:19 pm
Hello all, as the title says I get this error while trying to enroll a Samsung phone via QR code. I'm not sure what is the issue. I did this a few months back with no issue. I replicate it the same profile as before... Any thoughts? submitted by /u/Living-Confidence228 [link] [comments]
- Report on Registry Keyby /u/AnothrITguy on July 16, 2024 at 8:18 pm
Is it possible to report on the presence of a specific registry key? Looking to identify some Windows 19 devices that may be missing some known configs. submitted by /u/AnothrITguy [link] [comments]
- App showing "Removed by user" status incorrectlyby /u/bambamnj on July 16, 2024 at 1:52 pm
I am running into an odd problem while attempting to deploy an application to a few thousand devices. These are all iOS devices, primarily running iOS 16 and 17. The app is CrowdStrike falcon. I'm finding that when I push it to devices, a certain percentage of them will show a status of "removed by user" even though the user does not actually touch the application. In some cases simply pushing the app again will allow it to install, while in others devices will continually show removed by user status even when the user is not touching the application. I have never encountered this with any other applications I have pushed to my device inventory. Anyone ever run into this, and if so what was the cause? submitted by /u/bambamnj [link] [comments]
- MassDeployment Azure and ADby /u/Alternative_Hippo_25 on July 15, 2024 at 2:29 pm
Anyone has a good way to do Mass-Deployment when the device is on and joined, but the users are enrolling with their Azure username and password. The username and password should be the same. The accounts are MFA at some point down the line, we are moving to Autopilot Azuer only submitted by /u/Alternative_Hippo_25 [link] [comments]
- Disable Google Play Protectby /u/Winter_Mix_6049 on July 15, 2024 at 1:27 pm
Hi, lately, every application installation is “Play Protect” blocked and requiring manual ‘allow’ permission to install on Android devices. ALL applications used to install automatically about 2 months prior today. Imaging thus has become time consuming. Is there a way to disable the play protect? I found a kb for Android 9 device, however I couldn't find anything for Android 11+ devices. submitted by /u/Winter_Mix_6049 [link] [comments]
- is ios 18 compatible with workspaceoneby /u/Impressive-Gas-4630 on July 14, 2024 at 7:19 pm
after we register an ipad with ios 18. it gives us an error.. sdk error emptyprofile there is no SDK profile assigned to intelligence hub submitted by /u/Impressive-Gas-4630 [link] [comments]
The Support Insider VMware Support News, Alerts, and Announcements
- Simpler Licensing with VMware vSphere Foundation and VMware Cloud Foundation 5.1.1by Kelcey Lemon on March 21, 2024 at 5:28 pm
Tweet VMware has been on a journey to simplify its portfolio and transition from a perpetual to a subscription model to better serve customers with continuous innovation, faster time to value, and predictable investments. To that end, VMware recently introduced a simplified product portfolio that consists of two primary offerings: VMware Cloud Foundation, our flagship … Continued The post Simpler Licensing with VMware vSphere Foundation and VMware Cloud Foundation 5.1.1 appeared first on VMware Support Insider.
- VMware Skyline Advisor Pro Proactive Findings – January 2024 Editionby James Walker on January 24, 2024 at 11:16 am
Tweet VMware Skyline Advisor Pro releases new proactive Findings every month. Findings are prioritized by trending issues in VMware Technical Support, issues raised through post escalation review, security vulnerabilities, issues raised from VMware engineering, and nominated by customers. For the month of January, we released 60 new Findings. Of these, there are 37 Findings based … Continued The post VMware Skyline Advisor Pro Proactive Findings – January 2024 Edition appeared first on VMware Support Insider.
- Skyline Advisor Pro: Introducing Inventory Export Reportsby Kelcey Lemon on January 16, 2024 at 12:00 pm
Tweet You’ve asked for the ability to export inventory information, including licensing, and we’ve listened. The Skyline Team is proud to introduce this highly requested feature, Inventory Export Reports. Inventory Export Reports allow you to generate reports on your inventory, licensing, and configuration data. These reports can help you to identify potential problems, track changes … Continued The post Skyline Advisor Pro: Introducing Inventory Export Reports appeared first on VMware Support Insider.
- VMware Skyline Advisor Pro Proactive Findings – December 2023 Editionby James Walker on December 15, 2023 at 6:56 pm
Tweet VMware Skyline Advisor Pro releases new proactive Findings every month. Findings are prioritized by trending issues in VMware Technical Support, issues raised through post escalation review, security vulnerabilities, issues raised from VMware engineering, and nominated by customers. For the month of December, we released 56 new Findings. Of these, there are 35 Findings based … Continued The post VMware Skyline Advisor Pro Proactive Findings – December 2023 Edition appeared first on VMware Support Insider.
- VMware Skyline Advisor Pro: Proactive and Diagnostic Findings Demystifiedby Kelcey Lemon on December 13, 2023 at 3:07 pm
Tweet While supporting VMware Explore 2023 in Barcelona, a customer asked me, “What’s the difference between Proactive Findings and Diagnostic Findings in Skyline Advisor Pro and how are each one produced?” So, I’d like to take this moment to elaborate more on my original blog that introduced Diagnostic Findings. Proactive Findings Proactive Findings are potential … Continued The post VMware Skyline Advisor Pro: Proactive and Diagnostic Findings Demystified appeared first on VMware Support Insider.
- VMware Skyline Advisor Pro Proactive Findings – October 2023 Editionby James Walker on October 27, 2023 at 4:33 pm
Tweet VMware Skyline Advisor Pro releases new proactive Findings every month. Findings are prioritized by trending issues in VMware Technical Support, issues raised through post escalation review, security vulnerabilities, issues raised from VMware engineering, and nominated by customers. For the month of October, we released 39 new Findings. Of these, there are 30 Findings based … Continued The post VMware Skyline Advisor Pro Proactive Findings – October 2023 Edition appeared first on VMware Support Insider.
- From upgrading vSphere to troubleshooting issues with Tanzu Kubernetes Grid: Top 10 VMware Tanzu Knowledge Base Articles in September 2023.by Marcela Gleixner on October 11, 2023 at 12:18 pm
From upgrading vSphere to troubleshooting issues with Tanzu Kubernetes Grid: Top 10 VMware Tanzu Knowledge Base Articles in September 2023. The post From upgrading vSphere to troubleshooting issues with Tanzu Kubernetes Grid: Top 10 VMware Tanzu Knowledge Base Articles in September 2023. appeared first on VMware Support Insider.
- 10 most popular KB articles in September 2023, for VMware Tanzu Application Service, BOSH and more.by Marcela Gleixner on October 9, 2023 at 9:54 pm
10 most popular KB articles in September 2023, for VMware Tanzu Application Service, BOSH and more. The post 10 most popular KB articles in September 2023, for VMware Tanzu Application Service, BOSH and more. appeared first on VMware Support Insider.
- Top 10 Most Popular Knowledge Articles for Horizon, WorkspaceONE, End User Computing (EUC), Personal Desktop for September, 2023 by Jamie Gravatte on October 6, 2023 at 4:31 pm
Tweet Get answers and solutions instantly by using VMware’s Knowledge Base (KB) articles to solve known issues. Whether you’re looking to improve your productivity, troubleshoot common issues, or simply learn something new, these most used and most viewed knowledge articles are a great place to start. Here are the top 5 most viewed KB articles … Continued The post Top 10 Most Popular Knowledge Articles for Horizon, WorkspaceONE, End User Computing (EUC), Personal Desktop for September, 2023 appeared first on VMware Support Insider.
- Top 10 Most Popular Knowledge Articles for HCX, SaaS, EPG Emerging Products Group for September, 2023 by Jamie Gravatte on October 5, 2023 at 2:26 pm
Tweet Get answers and solutions instantly by using VMware’s Knowledge Base (KB) articles to solve known issues. Whether you’re looking to improve your productivity, troubleshoot common issues, or simply learn something new, these most used and most viewed knowledge articles are a great place to start. Here are the top 5 most viewed KB articles … Continued The post Top 10 Most Popular Knowledge Articles for HCX, SaaS, EPG Emerging Products Group for September, 2023 appeared first on VMware Support Insider.