The Schwartz Report

Blog archive

AirWatch Upgrade Extends Windows 10 Management and Endpoint Security

VMware has extended Windows 10 endpoint management and security options offered in its Workspace One platform, the company's new digital workspace platform released last year that brought together the company's AirWatch mobile device management (MDM) tooling and Horizon application delivery offerings.

The upgrade, released this week, is the first major update to Workspace One. In addition to adding new Windows 10 security and management controls to its AirWatch 9.1 MDM offering, which the company describes as unified endpoint management (UEM), the update also adds new support for Android devices, real-time threat detection and an advance rules engine for devices used in specific vertical industries and ruggedized computers.

Workspace One and AirWatch 9.1 adds more granular controls to work around off-network OS patching of Windows 10 endpoints and restrictions imposed by Microsoft's new Windows Update as a service and includes a new dashboard to track patch compliance and perform audits of Windows updates. AirWatch 9.1 also now provides advanced BitLocker configurations, which the company says eliminates the need for encryption management tools from Microsoft or other third-party providers.

Adam Rykowski, VMware's VP of UEM Product Management, said in an interview that the upgrade lets Windows administrators encrypt an entire disk, system partition or take a device's built-in TPM chip to eliminate the need for USB-based flash drives for Secure Boot or startup keys. At the same time, it enables the enforcement of logical PINs in conjunction with the TPM chip to lock the OS from starting up or resuming until a user is authenticated. It also offers various controls for rotation key policies, recovery controls and the ability to suspend BitLocker enforcement policies when deploying critical maintenance updates.

AirWatch 9.1 also now supports Microsoft Business Source Packages (BSPs), the set of components designed for specific hardware and the Windows Store for Business. Rykowski said that will ease the deployment of applications in Microsoft's Windows Store via VMware's Workspace One company store catalog.

VMware has also added real-time threat detection and access control remediation for Windows by integrating with VMware's TrustPoint endpoint security tool. The company added TrustPoint as an option to AirWatch through an OEM agreement inked last year with Tanium, a provider of real-time security and endpoint management tools, which both companies claim can query millions of endpoints in seconds to detect and remediate threats. VMware said TrustPoint offers accelerated compliance and threat management.

Many of the key updates are the result of feedback from early customers of last year's Workspace One release, which included the new AirWatch 9.0 that wanted to bring more MDM-like management to Windows 10, according to Rykowski. "It was interesting to see how Windows management required another deeper level of control that's very different from mobile," he said. "But the way we're doing it, is in this cloud way where you can apply updates and patches in real time with devices that are not on the network, regardless of where they are. We can provide the same level of deep capabilities but do it in that more modern management style."

The new Android support added to the update includes new onboarding support for managed devices, which now offers configuration of devices via a QR code or an e-mail to the user. It supports automatic app permissions and configurations, enforces app-level passcode polices for work applications without requiring an SDK and adds improved integration of Google Play and App Config setups. VMware's update also adds support for Apple's forthcoming iOS 10.3 and MacOS 12.4 releases with a new SDK, app wrapping engine and support for productivity applications.

A newly added browser plugin now offers single sign-on access to nonfederated software-as-a-service Web apps that don't support SAML. VMware is also slashing the price of the various packaging options. The new standard license was reduced from $4.33 per device to $3.50 and the advanced cut from $6 to $5.50.

Posted by Jeffrey Schwartz on 03/17/2017 at 1:14 PM


comments powered by Disqus

Subscribe on YouTube