Workspace ONE UEM Console Configuration

This section will explain what configurations must be made in the Workspace ONE UEM Console to achieve the features and restrictions that were outlined in the Introduction section.

1. iOS Per-App VPN Profile

This section will explain how to create a Per-App VPN profile, which will be used to allow Workspace ONE Web to connect to an intranet site.

1.1. Add a Profile

  1. Click Add
  2. Click Profile

1.2. Select the Platform

Click Apple iOS

1.3. Configure the General Properties of the Profile

  1. Enter Per-App VPN as the Name.
  2. Select All Devices ([email protected]) as the Assigned Group.

1.4. Enable the VPN Payload

  1. Click the VPN payload tab.
  2. Click CONFIGURE

1.5. Configure the VPN Payload

  1. Set Connection Type to VMware Tunnel.
  2. Set Enable VMware Tunnel to enabled.
  3. Click SAVE & PUBLISH

1.6. Publish the VPN Profile

Click PUBLISH

2. Configure Security Policies

This section will explain how to configure the default Security Policies to determine DLP controls.

  1. Click Groups & Settings
  2. Click All Settings
  1. Click Apps
  2. Expand Settings & Policies
  3. Click Security Policies
  4. Set Current Setting to Override

2.3. Configure Data Loss Prevention

  1. Scroll down to find the Data Loss Prevention section.
  2. Click ENABLED for Data Loss Prevention.
  3. Ensure Enable Printing is set to NO
  4. Ensure Enable Camera is set to NO
  5. Ensure Enable Composing Email is set to NO
  6. Ensure Enable Copy and Paste is set to NO

2.4. Save Security Policies Settings

  1. Scroll down to the bottom of the Security Policies menu.
  2. Click SAVE

2.5. Confirm Saved Security Policies

Confirm that the Saved Successfully prompt shows.

3. Configure Workspace ONE Web Settings

This section will explain how to configure the Workspace ONE Web settings, including security settings, whitelisted and blacklisted sites, bookmarks and kiosk mode.

If you already closed the All Settings menu, reopen it by click Groups & Settings > All Settings.

  1. Click Apps
  2. Click Browser
  3. Set Current Setting to Override

3.2. Configure Kiosk Mode Settings

  1. Scroll down to find the Mode section.
  2. Select Enabled for Kiosk Mode.
  3. Select Enabled for Enable Multiple Tabs Support.
  4. Enter https://internal.airwlab.com for the Home Page URL.
  5. Select Deny for Selection Mode.  This enables Blacklisting for the included site URLs, where selecting Allow would enable Whitelisting for the included site URLs.
  6. Enter *.airwatch.com for the Denied Site URLs.  This will allow traffic to all URLs except the *.airwatch.com domain.

NOTE - Normally, Kiosk Mode would restrict Workspace ONE Web to a single page and it's available links.  For the purposes of the lab, we enable Multiple Tabs Support to showcase multiple bookmarks.  In this mode, the navigation bar returns and bookmarks can be selected from the menu, but other items are still restricted in this mode.

3.3. Save Browser Settings

  1. Scroll down to the bottom of the Browser Settings page.
  2. Click SAVE
  1. The menu will return to the top, and you should see the Saved Successfully prompt display.
  2. Click Bookmarks

3.5. Add New Bookmark

  1. Select Current Settings as Override
  2. Enter name as Internal Splash Page
  3. Enter URL as https://internal.airwlab.com
  4. Click ADD BOOKMARK
  5. Enter name as AirWatch Home
  6. Enter URL as https://www.airwatch.com
  7. Click Save.

3.6. Close the Browser Settings Page

  1. Confirm the Saved Successfully prompt shows.
  2. Click X to close the pop-up window.

4. Add Workspace ONE Web as a Public App

  1. Click Add
  2. Click Public Application

4.1. Search for the Application to Add

  1. Select Apple iOS from the Platform dropdown.
  2. Enter Workspace ONE Web in the Name field.
  3. Click Next

4.2. Select the Application From the Search Results

Click Select on the Workspace ONE Web application.

4.3. Save and Assign Workspace ONE Web

Click SAVE & ASSIGN

4.4. Add Assignment for Workspace ONE Web

Click + ADD ASSIGNMENT

4.5. Configure Workspace ONE Web Assignment Settings

  1. Click in the Selected Assignment Groups field. This will pop-up the list of created Assignment Groups. Start Typing All Devices and select the All Devices ([email protected]) Group.
  2. Select AUTO for the App Delivery Method.

4.6. Configure Policies for Workspace ONE Web

  1. Scroll down to find the Policies section.
  2. Select ENABLED for Remove On Unenroll
  3. Select ENABLED for App Tunneling
  4. Select the profile named Per-App VPN you created in the earlier section.
  5. Click ADD

4.7. Confirm Assignment and Save

  1. Confirm that the Assignment you just configured is displayed.
  2. Click SAVE & PUBLISH

4.8. Preview Assigned Devices and Publish

Click PUBLISH

5. Publish the VMware Tunnel Application

In order to leverage the Per-App VPN profile we created for Workspace ONE Web, we will need to also publish VMware Tunnel to the device.

5.1. Add the VMware Tunnel Client as a Public Application

In order to leverage the VPN profile, the VMware Tunnel Client must be installed on your device. We can leverage AirWatch to deploy the client as a managed application to the device This step will walk you through the process of adding the client application to the AirWatch Console to automatically install on enrolled devices. Please note, while it is required that the Tunnel client application is installed on any device using Per App Tunnel, it does not have to be a managed application. Users can download the VMware Tunnel client from the App Store.

5.2. Add VMware Tunnel as a Public App

  1. Click Add
  2. Click Public Application

5.3. Search App Store for VMware Tunnel

  1. Select Apple iOS for the Platform.
  2. Enter VMware Tunnel for the Name.
  3. Click NEXT

5.4. Select the VMware Tunnel Result

Click SELECT for the VMware Tunnel result.

5.5. Save and Assign VMware Tunnel

Click SAVE & ASSIGN

5.6. Add Assignment for VMware Tunnel

Click + Add Assignment.

5.7. Configure VMware Tunnel Assignment Settings

  1. Click in the Selected Assignment Groups field. This will pop-up the list of created Assignment Groups. Start Typing All Devices and select the All Devices ([email protected]) Group.
  2. Select Auto for the App Delivery Method.

5.8. Configure Policies for VMware Tunnel

  1. Scroll down to find the Policies section.
  2. Select ENABLED for Remove On Unenroll.
  3. Click ADD

5.9. Confirm Assignment and Save

  1. Ensure the Assignment you created is displayed.
  2. Click SAVE & PUBLISH

5.10. Preview Assigned Devices and Publish

Click PUBLISH

0 Comments

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.