Workspace ONE Intelligence Overview

Updated on

Workspace ONE Intelligence is a set of capabilities that provide deep insights into the entire digital workspace, enable smart unified endpoint management (UEM) planning and deliver powerful automation. Together, these capabilities help IT improve security, compliance and user experience across the entire environment.

  • Navigating to Workspace ONE Intelligence
  • Intelligence Dashboards
  • Data Slicing and Dicing with Custom Visualizations
  • Risk Analytics
  • Tying Insights to Automation
  • Scheduling Reports
  • Managing Data Sources
Before You Begin

Before you begin this walkthrough ensure you have the following:

  • A valid account in the VMware TestDrive environment, sign up here if you do not yet have an account

There are two different methods to navigate to Workspace ONE Intelligence within TestDrive. First, you can navigate to the Workspace ONE UEM (formerly VMware AirWatch) Console from the TestDrive Portal. Alternatively, you can navigate directly to the site url.

To launch into the Workspace ONE UEM Admin Console from TestDrive:

  1. Log in at portal.vmtestdrive.com with your TestDrive account.
  2. Under Ready to Use (RTU) experiences, go to the Workspace ONE UEM section and click launch. 
  3. You'll then use your TestDrive credentials to log in to the RTU Workspace ONE user portal (testdrive.vidmpreview.com).
  4. In the Workspace ONE user portal, use the Workspace ONE UEM Console web app to SSO into UEM.

Once in the Workspace ONE UEM Admin Console, verify you're using the correct role. In the top right, click your username and view your account details. 

Verify your role is

Intelligence & Tenant Administrator at TestDrive.

The page will reload and you may see an admin error. This would happen if you were previously viewing a page that this new role no longer can see. Simply navigate to click Hub > Intelligence to continue.

Next, click Launch.

A new page will load containing the Workspace ONE Intelligence console. Click Get Started.

Intelligence Dashboards

Next, let's review the features of Workspace ONE intelligence starting with Dashboards. Click on

on the left.

Intelligence gives admins the ability to view and create dashboards around any KPI’s across apps, devices, users and OS updates. As with everything in Intelligence, everything is template driven giving admins a starting point but allowing them to customize the KPI to meet their specific needs. Admins can resize and move these widgets around the dashboard as they choose.


It is very easy to create a

and add

to it. Start with clicking on

, choose a Name and Description (optional), and hit save.


Let's click

to see the experience of adding to your dashboard. You could also edit any of the existing widgets if you prefer. When adding a widget I can choose from any of the templates which have already been created or create my own.


I'm also able to add any filters to drill down to the exact data I'm looking for.

Data Slicing and Dicing with Custom Visualizations

Below the filters the widget definition continues with ways to aggregate the data and group on specific data attributes. We can customize how the data will display on our dashboard and see previews as we edit the settings in real time. Click save or cancel to return to the dashboards.

Risk Analytics
Talking Points
  • Define tiered access policies using risk score to apply the right access controls when a user tries access to the network. For example, if the user risk score is low – allow access, medium – ask for MFA (multi-factor authentication, for example with RSA Secure ID or VMware Verify), and high – deny access.
  • Warn users with notifications asking them to take action on risky device postures.  For example,  in the case of a laggard OS update where users can chose when to update, automate user notifications  asking them to update their OS version. If the user continues to ignore the update, send a firmer request, and finally, enforce the OS update. Another example is to warn users about security protections (i.e., their encryption is turned off). These notifications can be sent through the Workspace ONE Intelligent Hub UI, out-of-the-box integration with Slack, via email, or 3rd party tools that support REST APIs using Intelligence’s Automation Connectors.
  • Determine habitually non-compliant users and assign to training.  

Risk Analytics in Workspace ONE Intelligence is a risk scoring capability that analyses user behavior and device posture before calculating a risk score for all devices and users in the system. Admins can then leverage the user risk score to set policies for conditional access to apps and data. Using Intelligence’s powerful Automation Engine, admins can also automate actions such as updating OS, patch deployment, updating risky device security protections etc. to increase overall security.

Risk Analytics works by analyzing data from multiple Workspace ONE sources, such as Workspace ONE UEM and Workspace ONE Access, and applying machine learning capabilities.  After calculating a baseline of normal rick level for each user based on historical data, Risk Analytics then continuously looks for anomalies.  Behavior anomalies can be detected based on user activity and device context and are compared to both the user’s baseline and to other users in the organization. When a user behavior deviates from the baseline, Risk Analytics will raise the risk score until the user behavior is back to normal.  Here're some anomaly examples: 

  • Laggard OS update – the user keeps postponing OS update beyond what’s normal in the organization (based on what most users do)
  • Risky Settings – the device security protections posture (turned on/off)
  • Compulsive App Download – the number of apps that are being downloaded in a period of time
  • Rare App Collector – the type of applications that are being downloaded, rare apps might impose a risk

Risk Analytics analyses all this data and calculates a risk for each user:

  • Low – trustworthy – little potential to introduce threat to the network and internal resources
  • Medium – moderate – potential to introduce threat to the network and internal resources
  • High – least trustworthy – high potential to introduce threat to the network and internal resources
Tying Insights to Automation

The automation and workflow engine allows the admin to take action directly on the data in real time across any of the data sources as well as take action, using Workspace ONE actions but also easily hooking up 3rd party services as well.

Select Automations on the left menu bar. We've setup sample automation within the TestDrive.
Please do not make changes to these automations.

Please DO NOT edit / delete / disable the automation components that start with STAGED, as those are for viewing purposes only. Only Quick View should be used.

Click to edit the 'Malware Threat Detected' automation.

An automation is broken into triggers and actions which will evolve into full blown workflows for things like app approvals for licensed apps, app rollbacks during app performance issues or quarantine-ing security issues and then giving them back access automatically once remediated.

Moving to the extensive toolbox of actions, we have added Workspace ONE actions to:

  • Notify the end user via email
  • Remove access to VPN
  • Push down a profile to enable the BIOS settings
  • Push down a profile to ensure Firewall and AV is turned on
  • Optionally – you have the ability to remove malware or push down an update patch

In addition to Workspace ONE actions, we have started the framework for easily integrating third party services like Slack and Service Now. We have integrated “Lookup values” which allows the admin to input any variable of data that exists in the data lake. Once the automation looks good, I can save and activate to start the self healing process. (Do not make changes within the TestDrive environment!)

Scheduling Reports

Next, let's review custom reporting within Workspace ONE intelligence and scheduling reports. Click Reports on the left menu bar and click Add Report. We can create custom reports from a template or from scratch similar to the Dashboard widgets.

Choose the filters and columns you would like to use for your report and select next.

Once your report is configured, you can schedule this report to run on a regular basis, providing critical historical information. To schedule a report, click on your Report Name and then navigate to the Schedules Tab and click Add.

Lastly, customize your recurrence and members who should be sent the report in the settings. By default, Scheduled Reports will only send a report to the user that adds it. To add more members, click on your Report Name and then navigate to  Overview -> SHARE and then add entries to the Add Users field.

Managing Data Sources

Lastly, click on Settings -> Integrations and View to manage connections to Workspace ONE Intelligence. (Do not edit these!)

The team is continuing to build additional integrations so that Workspace ONE intelligence provides a comprehensive view of your company data.

This wraps up Workspace ONE Intelligence within TestDrive. You can also check out the Apteligent walkthrough within TestDrive found here.

For Additional Support
Previous Article Experience Workspace ONE on Windows Desktop
Next Article Experience Workspace ONE on iOS