Exporting Apps and Creating Configuration Files

As of Workspace ONE UEM 1811, the IT administrator can leverage the provisioning wizard in the console to create the configuration file and export the apps. If you on console version pre-1811, please refer to the Exporting Apps to Provisioning Packages and Creating Configuration Files section. The IT administrator can configure OOBE, domain join and MDM enrollment from the wizard. Additionally, with a Windows 10 Enterprise license, the IT administrator can also choose to set the provisioning configuration for removal of consumer applications bundled with Windows 10. The active directory types that are supported for provisioning configuration are: on-premises domain join, Azure Active Directory Premium, Azure Active Directory - No Premium and local user/workgroup.

The provisioning configuration is exported in Windows unattend XML file format. This file follows the standard unattend XML schema, with some additional configuration for MDM enrollment into Workspace ONE UEM. The configuration is applied when the end user logs into the device.

Now that the enterprise applications are uploaded or imported using Workspace ONE AirLift (from SCCM) into Workspace ONE, the administrator is ready to export the applications into a provisioning package to share with Dell. The container used for this provisioning package is a Windows Provisioning Package (.ppkg) recognized natively by Windows 10. A custom mechanism is used in the PPKGs generated by Workspace ONE to install the applications, so it is not recommended for a customer to treat these PPKGs as generic PPKGs.

To export the enterprise applications, the IT administrator opens the Workspace ONE UEM console, and navigates to the Native Applications under the Apps & Books section. In the export dropdown, there is a new option to export PPKG. Selecting that option brings up a new dialog box with a list of applications to pick from. Currently, Windows classic desktop applications and Universal Windows Platform (UWP) apps which install in device or user context are supported.

Once the IT administrator initiates the PPKG export process, a confirmation is shown. On completion of PPKG export, a notification is sent to the Workspace ONE UEM console with a link to download the PPKG. A console administrator can have one PPKG export in progress at a time. To start a new PPKG export, the administrator needs to wait for the existing PPKG export to complete. A new PPKG export request overwrites any previously exported PPKG for that administrator. Multiple console administrators can concurrently request PPKGs to be exported though.

Lets take a look at how to export apps to provisioning packages and create the configuration file in the Workspace ONE UEM Console.

The above diagram shows the process of uploading, exporting and leveraging factory provisioning to load the apps and deliver the device to the end user.

  1. Workspace ONE UEM admin uploads apps to Workspace ONE UEM manually or using Workspace ONE AirLift.
  2. Workspace ONE UEM admin exports selected apps as a provisioning package (.ppkg).
  3. Admin provides the provisioning package, along with a configuration file to Dell.
  4. Dell performs factory provisioning using the exported apps and configuration file.
  5. Devices are shipped directly to end users or IT.
  6. End users boot device and device onboard into Workspace ONE UEM and receive app updates and other policies over-the-air.

1. New Provisioning Package

  1. Click Devices.
  2. Click Lifecycle.
  3. Click Staging.
  4. Click Windows.

1.1. New Windows Provisioning Package

Click New.

1.2. Export PPKG for Windows

  1. Enter Tech Zone Corp for the Provisioning Package Name.
  2. Click Next.

1.3. Windows Provisioning Package

  1. Select Workgroup from the Active Directory Type dropdown.
  2. Enter TechZone for the Workgroup.
  3. Enter VMware1! for the Administrator Password.
  4. Scroll down to the bottom of the page.

The following screens will be leveraging the Workgroup Active Directory Type, reference the table with all options for more information and explanations of all required fields.

1.4. Configurations Details

The following table details all of the options for the configuration file. Leverage the below table for a detail explanation of each field.

Settings Description
Select AD Type

Select the type of Active Directory to use.

The settings below change based on your AD type.

Select Language Ensure the language of the operating system matches what you selected with Dell
OOBE Configuration
Show EULA Page Select Yes/No to show the EULA page during the OOBE.
Show Privacy Page Select Yes/No to show hide the privacy page during the OOBE.
Show Region and Keyboard Settings Select Yes/No to show the region and keyboard settings during the OOBE.
Language If No is selected (and thus hidden from OOBE), select the language below to pre-configure the system to that locale.
System Configuration
Domain Name

Enter the name of the domain you want the device to join.

This setting displays when you set the AD type to On-Prem AD Join.

Domain Username

Enter the username that has Domain Join privileges.

This setting displays when you set the AD type to On-Prem AD Join.

Note: This information is saved in plain text in the XML file. Please ensure this file is always secured and not sent over insecure transports.

Domain Password

Enter the password for the Domain Join user.

This setting displays when you set the AD type to On-Prem AD Join.

Note: This information is saved in plain text in the XML file. Please ensure this file is always secured and not sent over insecure transports.

AD Organization Unit (OU)

Enter the organization unit for the AD.

Th OU must follow the correct formatting:

OU=,OU=,DC=Company,DC=com

This setting displays when you set the AD type to On-Prem AD Join.

Workgroup

Enter the workgroup you want the device to join.

This setting displays when you set the AD type to Workgroup.

Registered Owner Enter the registered owner for the device.
Registered Organization Enter the registered organization for the device.
Remove Windows 10 Consumer Apps

Select Yes to prevent consumer apps from appearing in Windows 10.

This setting is only supported for Windows 10 Enterprise or Education. Entering a Windows 10 Enterprise or Education key is required.

Product Key

Enter the Windows 10 product key.

You must follow the correct format:

12345-54CDE-XYZ78-ONM98-456TY

Create Local User

Select Yes to create a local user account.

If you select No, the user is prompted during OOBE.

This setting displays when you set the AD type to Workgroup or Azure AD.

Local Username

Enter the username for creating an additional local user account.

This setting displays when you set the AD type to Workgroup or Azure AD.

Local User Password

Enter the password for the local user account.

This setting displays when you set the AD type to Workgroup or Azure AD.

Make Administrator?

Select to make the local account an administrator.

You must make the local user account an administrator to start Workspace ONE enrollment automatically.

During OOBE, the device prompts the user to enter their enrollment credentials.

This setting displays when you set the AD type to Workgroup or Azure AD.

Computer Name Computer name will be randomized by default so that every system coming from the factory is unique. To create a naming convention, use the Registered Owner and Registered Organization fields. The computer name will take  the first 7 characters from Registered Org or Registered Owner as the  prefix and then randomize the rest up to the max of 15 characters. For example, setting both of those fields to be "VMWARE-" (without quotes), will yield a computer name of VMWARE-8QJJCTJB where the last 8 characters are randomized for every system. See Microsoft documentation for more info.
Enable Administrator Account

You must enable the built-in administrator account to facilitate Workspace ONE enrollment.

You can later disable this account after enrollment is complete.

Administrator Password Enter a password for the administrator account.
Auto Admin Login A one-time auto login of the admin account is required for Workspace ONE enrollment when selecting On-prem AD use case.
User Account Control Select the level of User Account Control (UAC).
Additional Synchronous Commands Add commands that automatically run at the end of the Windows setup process but before any user logs in.
First Logon Commands

Add commands that automatically run the first time a user logs in.

This setting requires the user have local admin privileges.

Workspace ONE Enrollment
Enrollment Server

Enter your Workspace ONE UEM enrollment server URL.

Find the enrollment URL by navigating in the Workspace ONE UEM console to Groups & Settings > All Settings > System > Advanced > Site URLS.

This setting displays when you set the AD type to On-Prem AD Join or Workgroup.

Enrollment OG

Enter the devices organization group.

This setting displays when you set the AD type to On-Prem AD Join or Workgroup.

Staging Account

Enter the username for the staging account.

Find this username by navigating in the Workspace ONE UEM console to Groups & Settings > All Settings > Devices & Users > Windows  > Windows Desktop > Staging & Provisioning .

This setting displays when you set the AD type to On-Prem AD Join or Workgroup.

Staging Account Password

Enter the password for the staging account.

This setting displays when you set the AD type to On-Prem AD Join or Workgroup.

Device Services URL

Enter your device services URL.

Find the device services URL by navigating in the Workspace ONE UEM console to Groups & Settings > All Settings > System > Advanced > Site URLs.

This setting only displays when you set the AD type to Azure AD - No Premium.


1.5. Workspace ONE Enrollment Details

Enter ws1.airwlab.com for the Enrollment Server.

We will now go back to the Workspace ONE UEM Console to obtain the following required information.

1.6. All Settings

Back in the Workspace ONE UEM Console,

  1. Click Groups & Settings.
  2. Click All Settings.

1.7. Staging & Provisioning

  1. Expand to Devices & Users > Windows > Windows Desktop > Staging & Provisioning.
  2. Copy the UPN value which will be used in the next step.
  3. Copy the Secret (staging password) value which will be used in the next step.
  4. Copy the Group ID by hovering over your email address. This value will be used in the next step.

1.8. Workspace ONE Enrollment Details

  1. Enter your Group ID obtained from the last step for Enrollment OG.
  2. Enter your UPN obtained from the last step for Staging Account.
  3. Enter your Secret obtained from the last step for Staging Account Password.
  4. Click Next.

1.9. Selecting Applications

  1. Click the checkbox at the top to select all apps.
  2. Click Next.

Apps with MSTs or MSPs will fail to deploy as those additional configurations are smart group specific, as a workaround re-package or ZIP the app with the MST/MSP already included then deploy and export.

1.10. Summary

Click Save and Export.

1.11. Success Message

Notice the Success message. Depending on how many apps you have chosen to export will determine how long the export takes. The Unattend XML configuration file will be ready to download right away. In this lab, it will take about 20 seconds to process the request, then you can refresh the page.

1.12. Confirm Unattend and Provisioning Package Download

  1. Click Unattend XML and PPKG to download.
  2. Confirm that the download was successful. We will use this exported provisioning package and unattend.xml in a future step.

These are the files which need to be sent to the Dell Factory for Provisioning, however you will first want to test and validate that these apps and configuration work on a test device. The next steps will walk you through how to validate on a virtual machine (VM). You will want to log back into the Workspace ONE UEM Console from the test VM to download these files.

0 Comments

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.