Workspace ONE Intelligence Use Cases

Updated on

Workspace ONE Intelligence is a new set of capabilities that provide deep insights into the entire digital workspace, enable smart unified endpoint management (UEM) planning and deliver powerful automation. Together, these capabilities help IT improve security, compliance and user experience across the entire environment.
In this walkthrough, we will explore 10 use cases for Workspace ONE Intelligence.
Before You Begin

Before you begin this walkthrough ensure you have the following: 

  • A valid account in the VMware TestDrive environment, sign up here if you do not yet have an account
  • Ensure you are logged into the Workspace ONE UEM (formerly VMware AirWatch) console and have selected the Intelligence & Tenant Administrator at TestDrive role.
  • Ensure you have walked through the Workspace ONE Intelligence Overview.
1) Identify and Mitigate Mobile OS Vulnerabilities

Known vulnerabilities are discovered such as Spectre or Meltdown. Each manufacturer quickly released OS updates but manufacturers vary in how they implement fixes. Each OS has its own update schedule and update version, iOS uses OS version, while Android uses Security patches. How do IT admins easily determine impacted mobile devices and deploy fixes across their entire environment?

How Workspace ONE Intelligence can help:

a. Quickly assess and report on impact of a threat or vulnerability, and share these reports with management and InfoSec teams across the organization

To quickly assess the impact of a threat or vulnerability, you can add a widget. From My Dashboard, start by clicking Add Widget.

Select a template, then customize your widget with filters and visualizations.

Be sure to click Save when finished.

To report on the impact of a threat or vulnerability, and share these reports, click Reports on the left menu bar and click Add Report. We can create custom reports from a template or from scratch similar to the Dashboard widgets.

Choose the filters and columns you would like to use for your report and select next.

Once your report is configured, you can schedule this report to run on a regular basis, providing critical historical information. To schedule a report select the radio button next to the report and select "Schedule".

Lastly, customize your recurrence and members who should be sent the report in the settings. You can refer back to all your scheduled reports in the "Scheduled Reports" tab under "Reporting". 

b. Easily identify assets with known vulnerabilities by creating a visualization of all devices with out-of-date OS version (iOS) or old Security Patch date (Google)

When creating your widget on the dashboard, start by creating filters that identify the OS version, and the Security patch date.

Then scroll down to Data Visualization, set the parameters, and select the type of visualization you would like.

Click Save, then scroll down to the bottom of My Dashboard to see the widget you created. 

c. Segment the data by org group, device type, model to see which devices are the most out of date and most vulnerable

Using the filters within a widget, you can customize the data shown and how it is visualized.

d. Use automation to target vulnerable devices and add actions to force OS Update (iOS Supervised devices only), notify the end user via email or Slack, notify InfoSec team of most vulnerable devices, move devices to Org Group with more strict access requirements

Select Automation on the left menu bar. We've setup sample automation within the TestDrive.

Let's start at the Automation tab. Click Add Automation to begin.

You can create an automation from scratch or use a template.

Set the triggers and filters that will target the vulnerable devices.

Then add an action you would like to activate for the selected trigger. Here we will send the user a message via Slack.

Click Save and your automation has been added.

e. Monitor how many devices have been patched or upgraded across Android and iOS

With a customized widget, you can easily monitor these metrics with the data visualization of your choice.

With custom reporting, you can schedule how often a report runs, and who should be sent the report.

Key benefits: Increase security hygiene across the organization, increase compliance, increase collaboration between IT Ops and InfoSec teams

2) Insights into Windows 10 OS Updates and Patches 

InfoSec is requesting a list of devices without specific KBs installed that are the most at risk (Severe Security or Critical Windows Updates)

How Workspace ONE Intelligence can help:

a. Create a Dashboard that shows – in real time - all current devices that do not have each Critical KB installed

From My Dashboard, click Add Widget.

Select a template, in this case use Security Updates Status.

Set the filter for your specific Windows Patch KB number.

b. Segment the data by model or OS version to see if there are certain models or OS versions that are most at risk

This can be done in the dropdown menus next to "by Group".

c. Use automation to notify users to update their devices

Select Automation on the left menu bar. We've setup sample automation within the TestDrive.

Let's start at the Automation tab. Click Add Automation to begin.

You can create an automation from scratch or use a template.

Set the triggers and filters that will target the vulnerable devices.

Then add an action you would like to activate for the selected trigger. Here we will send the user a message via Slack.

Click Save and your automation has been added.

d. Monitor how many devices have been patched or upgraded across all Windows 10 devices

Using your created widget, you can visually monitor these metrics, and even reposition your chart or table on the dashboard.

Key benefits: Save time, increase user experience, increase security hygiene

3) Predicting Windows 10 Dell Battery Failures and Automate Replacement

Employees are using Windows devices that no longer last a full work day without charging. It disrupts their workday, reduces mobility, increases dissatisfaction and employees either seek remediation via helpdesk or do nothing and end up plugging their laptops at all times.

How Workspace ONE Intelligence can help:

a. Monitor Windows 10 Dell devices with poor battery health (overall remaining life of the battery) Reports or Dashboards

Start by creating a new widget from My Dashboard. Select the template for number of total enrollments to date.

Create a new filter where Platform includes WinRT.

b. Create visualization that proactively highlight users who are experiencing poor battery life

Under Data Visualization, change 'by Group' to the category 'battery health'

 Adjust the chart type and title to your preferences, then click Save.

d. As the battery life decreases, so does its maximum charge capacity. Create automation to tag devices with poor battery life in Workspace ONE UEM to help with reporting and assignment, create Service Now ticket with device info to order new battery and notify employees via Slack or email that a battery replacement is on its way

Select Automation on the left menu bar. We've setup sample automation within the TestDrive.

Start by navigating to the Automation tab, then click Add Automation, and choose to add a custom automation and use a template.

Under the Filter category, add Platform includes WinRT, Enrollment status includes enrolled, and Battery Health includes 25.00.

Under Action, add a Slack API, and add the text that will be sent to the user.

Also under Action, add a ServiceNow API for Create Incident, and add a short description. The comment section allows for the specific user device information to be added to the ticket.

Lastly under Action, add a Workspace ONE UEM API to Add Tag to Device, and create a Tag ID that matches the battery level set in your Filter.

Click Save when you are done to see your automation created.

Key benefits: Reduce costs linked to user-generated support tickets or calls, increase employee experience and productivity. Increase lifespan of devices.

4) Identify Unsupported OS Versions and Platforms, Identify Devices / OS versions that are candidates for End-Of-Life Support 

A big challenge for IT is to understand how many users have devices that are no longer supported by the organization and can be security risks. Another challenge for IT, especially for organizations that are building their own Apps - is the lack of visibility into device and OS distribution across the organization.

How Workspace ONE Intelligence can help:

a. Identify devices that are too old to upgrade to the latest OS and are exposed to the latest security threats. Create a report or a widget on a dashboard that identifies devices that are potential End-of-life candidates

Start by clicking Reports on the sidebar. Then click Add Report.

Select the category for Devices, then select the template for Enrolled Devices.

Under Filters, Add Platform Includes WinRT, and also Model Does Not Include (Add Model Numbers). Then click Next.

Add a report name, and a short description.

After navigating to My Dashboard, let's add a widget. Select the template under Devices, ‘Number of Enrollments to Date’.

Customize with the platform and models numbers as you did in the report.

Customize the Data Visualization section to your preferences. Click Save when finished. Note that you can adjust the position and size of your widget on the Dashboard.

b. Get visibility into most popular device types amongst users and recommend new hardware to employees

On My Dashboard, locate the widget titled Number of Enrollments by Platform. This was created to show a quick view of all enrolled devices, showing which is the most popular device type.

If we click Edit, we can see that the data was taken from all enrolled devices, and under Data Visualization the parameters of Measure: Count of Key Device GUID, and by Group: Platform.

c. Easily communicate device and OS version adoption to App developers to ensure they are building for the most popular device / OS combinations and maximize adoption of their in-house Apps

Using a custom widget, the device and OS version can be identified easily. On My Dashboard, find the widget titled iOS Device and OS Breakdown to see an example.  

d. Quickly determine which device and OS versions to stop supporting based on usage

Using a widget like Total Enrollments Over Time as an example, we can see how easily we can create a visual representation of device types that have been enrolled. 

Key benefits: Optimize development efforts, understand user needs per geo, save time, increase productivity. 

 5) Track OS Upgrade Progress

Every year, Apple and Google release new major OS updates that include new UEM Features for better management and new usability features that admins want their end-users to take control of to improve productivity. When a major OS releases, admins need near real time visibility into how an OS version is adopted so they can forecast how long they have to pilot new features and to determine when is a good time to deploy the new UEM feature (e.g. security policy) to all their devices.

How Workspace ONE Intelligence can help:

a. Create a Dashboard to monitor adoption of old and new OS

Let's add a widget that can quickly show us the adoption of OS. 

Edit the Data Visualization section to Group by OS version. You can also add a field to the filters to exclude a specific OS version.

By changing the visualization type from Snapshot to Historical, we can view the results over a selected window of time.

b. Monitor the increase of devices reporting the latest version of an OS while seeing the decrease of devices reporting the previous version

Using a pre-existing app, we can show how a widget can display the OS versions. Navigate to My Dashboard, and locate the widget titled OS Version Breakdown for Apple Devices.

By clicking Options, then Edit, we can see the parameters used to create this widget. This gives a quick visual representation of OS version that will visibly change as users upgrade.

c. Compare OS adoption between different vendors or year after year. And forecast when a major OS release will reach the majority of their devices

Using a custom widget or multiple widgets that show OS adoption over time, we can compare historical data, and even estimate how long it will take for devices to upgrade to the newest OS release. This procedure is similar to Part a, shown above.

By clicking the values at the bottom of the graph, you can deselect the OS version numbers you do not wish to include in your display. Note here that only 11.3.0, 11.3.1, and 11.4.0 are selected.

Key benefits: Make informed decisions about the entire environment, give quantitative insights to App developers, prioritize feature development based on OS distribution

6) Monitor Device Utilization or Usage 

In Line of business use cases, devices have single or multi-purpose use where they are either shared by a group of users like in retail store or dedicated to one user like an electronic flight bag for an Airline pilot. In either case, IT needs visibility to ensure that all of these assets are online and active. In retail, stores with devices that are inactive are most likely lost or stolen. For airline pilots, they can't fly without their device so there should be almost zero inactive devices.

How Workspace ONE Intelligence can help:

a. IT can get visibility into understanding where and what stores have the most inactive devices. Using the same Intelligence, they can make data-informed decisions when time comes to purchase new devices.

Lets create a custom report that checks for devices that have been inactive for 30 days or more. Navigate to Reports from the sidebar and click Add Report.

Select the Device category, and the Enrolled Device template.

Add the filters for Last Seen before (30 days prior), and Enrollment Status includes Enrolled, then click Next.

Update the report name and description, then click Save.

b. Use automation to notify store managers of potentially lost or stolen devices

Select Automation on the left menu bar. We've setup sample automation within the TestDrive.

Let's use the automation titled "Move Inactive Devices to new OG" to demonstrate this. Using the filter of Last Seen Before (30 days prior), we have a foundation from which to create actions.

Under Actions, we can change the Group ID using Workspace ONE UEM API > Change Device Organization Group.

Then to send a message regarding the inactive device, we create an action under Slack API.

c. Use automation to create tickets (Service Now) and deploy devices in need to the right location

Select Automation on the left menu bar. We've setup sample automation within the TestDrive.

Using the same automation from Part b, we can add an action for ServiceNow API > Create Incident. Here we can add a short description and comments that will automatically add chosen device information to the ticket.

d. Use Dashboards to monitor type of devices most used across the organization or per location / geo

Create a new widget from the Dashboard. Under Devices, select the Number of Enrollments to Date template.

Create a filter for Last Seen Before (30 days prior).

For the Data Visualization, let's create a Table, and organize by Device Organization Group Name. Click Save when complete.

Key benefits: Improve store performance, increase efficiencies within organization, optimize resources

7) Increase Compliance Across Windows 10 Devices 

On Windows 10 PCs, InfoSec and IT teams have to work together to quickly identify what their entire device posture is at any moment. Today, IT has to install multiple agents to pull basic OS and model info or report on more granular device states like BIOS version, Secure Boot status, etc. 

How Workspace ONE Intelligence can help:

a. Only one agent is needed to gather and report on all of the numerous device states that InfoSec team cares about and understand devices at high risk. With that single widget, you can query the entire environment to identify most at risk devices: out of date BIOS version, Secure Boot Disabled, TPM Chip Disabled, Firewall Disabled, AV Disabled, Bitlocker Note Encrypted, etc.

Let's start by adding a new widget from the Dashboard, and select the template for the number of Enrollments to date.

Add a filter for your platform, as well as for Organization Group Hierarchy.

Note that under the Data Visualization section, you could create separate data sets in separate widgets to view BIOS Version, TPM Chip, Secure Boot Enabled, or OS Version by adjusting the 'by Group' value.

To have everything in one place, let's apply some filters. 

b. Sort and segment these devices by OS version, region and model

Using the by Group dropdown, we can select which metric is used to sort or segment these at-risk devices.

c. Create rules that automatically quarantine “high risk” devices and remove access to sensitive data sources

Select Automation on the left menu bar. We've setup sample automation within the TestDrive.

Start by creating a custom automation by selecting a blank template from the Devices category.

Then, create the filters to screen for at-risk devices.

Now let's add the action that will quarantine the device by changing its group ID to the one used for quarantined devices that have not been granted access to sensitive information.

d. Use automation to enforce compliance by re-pushing down security policies: remove access to VPN/Wi-Fi, re-enable BIOS settings, move the device to an org group with less entitlements and app access

Select Automation on the left menu bar. We've setup sample automation within the TestDrive.

Using the automation we created in Part c, we start by adding an action to remove the profile ID associated with the device. The appropriate profile ID numbers can be found inside the console.

Next we add an action to install the new profile, using the ID for the latest BIOS update, also found within the console.

Key benefits: Save time, no need to aggregate multiple reports from different sources, increase compliance across the environment, increase IT Ops efficiencies

8) Comprehensive Mobile App Deployment Visibility 

As an IT admin, deploying an app update is critical to meet business and security needs. Sometimes, there is only a small window of opportunity to deploy Apps. In retail it can only be in the middle of the night, for security it’s as soon as possible and for 24 hour healthcare workers– there may not be a good time to push an update. 

How Workspace ONE Intelligence can help:

a. Get visibility on when the best time to deploy an App based on usage pattern

Navigate to Reports, and open the Upgraded Apps Report. Here we see columns for App Last Seen, and Device Last Seen. This gives us an insight into app usage on a per user basis. Note the filters used (shown above the table next to the funnel icon).

b. Accurately report on how a deployment is going, App adoption, App engagement - in real time – to App dev teams, management, InfoSec and Helpdesk.

Let's create a report for deployment, starting by adding a Report using the All Apps template.

For this we will use VMware Boxer as our app. Add a filter to include this, as well as devices for which the Managed App Status does not include 'Installed'.

From the Report preview, we can already see the various reasons for each installation status.

Save the report, and it's ready to provide insights into deployment in real time that can be sent to every team involved.

c. Get insights into app performance per device manufacturer, model, OS version, and quickly detect the root cause of deployment issues or poor App adoption

Let's create a widget for the Dashboard that will organize this information for easy viewing. Start by clicking Add Widget, then create from a blank template.

Create the same filters from Part b, for Boxer and the Managed app status.

By creating a table, we can view all the necessary information quickly at a glance. Group by Managed App Status, and create a subgroup for Installation Status Reason.

You can also view this information as a graph, as well as change the grouping to organize by things like Platform. 

Using a widget or a report, devices on older App versions can easily be identified, and then notified to update to the latest version. Also, if the report or widget shows that the user base is low, developers can choose to stop maintaining older versions of the app.

d. Leverage automation actions to remediate issues such as notifying store managers of an issue

Select Automation on the left menu bar. We've setup sample automation within the TestDrive.

When an issue is detected with a device, an automation can notify managers via Slack of the issue, and even create a service ticket if desired. Start by adding a new automation.

We could add a filter that identifies all devices that are not compliant for example.

A message can be sent to the channel via Slack, and other more direct actions can be taken by adding something from the Workspace ONE UEM API.

e. Use automation to redeploy a previous release of the App if the new version is not stable

Select Automation on the left menu bar. We've setup sample automation within the TestDrive.

If the new version of an app is not stable, we can create an automation that will get the most stable version back onto the devices. One method is to filter for enrolled devices, then add a Workspace ONE UEM API to first uninstall the current version, then reinstall the desired version, differentiated by separate Application IDs.

This also works for public and purchased applications, if there are compatibility issues.

Key benefits: Reduce costs linked to user-generated support tickets or calls, increase employee experience and productivity. Help developers prioritize features and get insights into older App versions that can be retired.

9) Tracking Migration and Adoption of Productivity Apps 

IT regularly evaluates Productivity Apps based on user feedback and license costs and often migrates end-users from one Productivity App to another. IT’s challenge is understanding how the migration is going and whether users are adopting the new productivity App with the objective to EOL the older solution. Ex: moving from Webex to Skype to Zoom.

How Workspace ONE Intelligence can help:

a. Quickly determine which devices have which productivity App installed 

Let's begin by adding a new widget from the dash board.

Then we will create from a blank template.

Let's add a filter that looks for instances of the apps we are interested in. Here we will use App Name > Includes > Skype + WebEx + Zoom.

b. Monitor popularity of each App per location or group, which allows for a better understanding of App needs within the organization based on usage and adoption. Then make data based decisions on which Apps to buy or renew during the next refresh cycle

Continuing from Part a, organize the Data Visualization using Key > Device GUID, and by Group > App Name.

We can also organize the data by Platform, and see how adoption is going for each group. We can see from these results that for Apple devices, Zoom has a high adoption relative to the other platforms, but relative to the number of people still using WebEx, IT cannot yet EOL this app.

c. Determine if a location or group has completed the migration to the new App

Continuing from Part b, we can organize the data into a table and see very quickly how many users have completed migration from WebEx to Zoom.

d. Use automation to notify users they need to migrate to the new App

Select Automation on the left menu bar. We've setup sample automation within the TestDrive.

Let's start by creating a new custom automation.

Depending on which users are affected, you can either notify certain groups by filtering for Device IDs, or send to everyone by filtering for Enrollment status.

Then, we can add an action to notify the user via Slack that they need to migrate to the new app. We can also choose to install the app for them with Workspace ONE UEM API > Install Purchased Application, then adding the appropriate Application ID.

Key benefits: Optimize resources, reduce risk, increase compliance, increase employee experience, increase IT Ops efficiencies.

10) Internal Mobile App Adoption 

Organizations are investing a lot of money building and maintaining internal Apps and they don’t have visibility on how many are used and how they’re used.

How Workspace ONE Intelligence can help:

a. Line-of-business (LOB) owners can easily monitor usage and engagement of the Apps they are responsible for

b. LOB owners can prioritize feature development using real-time and historical data available in the Apps Detail Dashboard

c. Easily determine why Apps are not used and rule out any performance or compatibility issue

d. Least used Apps that are mandatory can have adoption remediation action plans

e. Least used Apps that are not critical can be EOL’d and resources can be redirected on more important projects

Key benefits: Optimize resources, improve user experience,  increase productivity and maximize dev efforts.

This wraps up the walkthrough of the 10 Workspace ONE Intelligence use cases. You can also check out the Workspace ONE Intelligence Overview found here.

For Additional Support
Previous Article VMware Boxer for iOS (Stand-alone)
Next Article iOS - Supervising Your iOS Device