Previewing Some of the New Workspace ONE UEM 2109 Features

It is not often that I spend time to talk about a new release of Workspace ONE UEM, but 2109 introduced a few features that are really useful as mentioned in their release notes. Today, we will be talking about 3 features that I am very interested in. Those 3 items are by no means perfect, but they are quality-of-life enhancements for administrators of Workspace ONE. No better way to build on my recent article about great hidden gems in Workspace ONE. Whenever we can make our lives easier, I say let’s do it!

Enhanced Automated Certificate Revocation

Today, most of us are used to leveraging some of the strong security features of the WS1 certificate integrations. They offer things like including SIDs in the certificate, automated renewal, and revocation. This has definitely delivered a strong security posture for us for a very long time as you can see below:

The problem being that you would often see certificates that have an “unknown” status or some other variety of status:

Now, Workspace ONE is able to offer a new capability that will enhance your security even further. With their new certificate revocation based on sampling, if a deployed certificate is not found in the data send back to WS1, it will revoke it for you.

This really helps a ton with things like orphaned certificates, sync issues, etc. This is even more valuable in areas where you are leveraging certificate-based authentication with your IDP like Workspace ONE Access to keep your real estate clean. I would like to see them enhance this by ALSO revoking certificates that were returned in the sample that aren’t supposed to be there, but we can’t have everything. That is an issue I’ve seen on MacOS where the old cert is not always removed.

With that in mind, let’s check out a short demo all about this great new feature:

Workspace ONE Global Search

New in 2109, Workspace ONE has enhanced their search capabilities. Search can often be a bit rigid. Often if you didn’t know exactly what you were looking for it may not find it. One thing to note with this feature is that you NEED to use it in 2109.

In older versions of the console, you could search for SSO and get results, but now with Global Search you have to include wildcards to search for things containing the word SSO to find proper results. Below are some examples of search queries you can use in global search:

  • *device will return anything that ends with device e.g. restrictions-ios-device
  • m*e will return things that begin with m and end with e such as manufacture
  • admin* will return things that begin with admin like administrator restrictions profile
  • *tern* returns things that have tern in the middle of them like internal
  • double quotes or a backslash are now required if you need to include a * in your search item

You will find that the new WS1 Global Search is very powerful and definitely delivers a stronger quality-of-life for your team. My one criticism is I would love to see deeper searching where you could search for a device with a specific IP (for Windows-managed devices) or devices with certain characteristics beyond device name and user name. Overall, I think everyone will love it. Check the demo:

Data Driven UI Profiles in WS1 2109

The last feature that I wanted to touch on are DDUI profiles. The idea was pretty basic: “How do we make the profile experience better?”

Being honest, it has always been painful between the whole editing/add version stuff, the creation of the profile, and figuring out how to make it all work together. That is outside of the entire paradigm of deploying the wrong profile to the wrong people.

I think DDUI is a nice step forward, but personally they had an opportunity to do more with this. My big issue is that they added search capabilities into DDUI, but you can’t search on Profile features. Say you want to show all profile features that have the word “block” in it or maybe find all supervised features (when it launches for iOS). That is something you cannot do.

I think DDUI is a really nice start, but is largely unfinished. I would have personally marked this as a preview feature, because I think they’re just scratching the surface. For me, if you want to call it data-driven (which actually means the decision-making process of collecting data, extracting patterns and facts from that data, and them using those facts to influence decision making), you need to go deeper. DDUI is “nice” but to make it life-changing then elevate the indexing and search capabilities of the profile process.

Let’s go into the demo, which is very easy on the eyes:

Final Thoughts on Workspace ONE UEM 2109

There are certainly other features in 2109 like:

  • Automatic assignment of the default SDK for Hub
  • DEM integration in the console
  • Improved device refresh for Windows 10
  • Windows update query enhancements and much more!

Overall, the nice thing for me is that we are back to our monthly releases. For awhile, we had seen limited releases, but things are getting back on track. I was sad to hear that Freestyle Orchestrator has been delayed again, but some of the other capabilities appear to be ramping up. My hope with COVID trying to get behind us that VMware will get back on track and execute on their Digital Employee Experience vision which is only possible when you deliver capabilities that let your Workspace ONE team focus on improvements and less on operational nonsense.

Leave a Reply

Scroll to Top
%d bloggers like this: