[Win10] Limiting users that can log into a workstation using Restricted Groups CSP

The title says it for itself. It is a useful capability for shared workstations and other scenarios, where the PC access needs to be limited. The credit goes to this blog post on EMM.how, you can read it for full details and pictures I just want to make a few points that I’ve taken out of that post and add some of mine.

(more…)

VMware Launcher on Android Enterprise – nuances

I regularly get questions from customers and partners who used kiosk mode on older Device Admin devices with VMware (then AirWatch) Launcher, and have issues since they had migrated to Android Enterprise and Launcher 4.0+.

In this post you will learn how to:

  • Solve the most frequent (and annoying) issue when migrating Launcher setups to AE
  • Find further settings for Launcher, which are not exposed in the GUI, and apply them via custom XML
  • Control Launcher versions per OG using Settings and Inheritance.
(more…)

Remediate the Pixel4 and Galaxy S10 biometric security flaws with Workspace ONE

I am pretty sure you’ve heard already about the issues with Samsung Galaxy S10 fingerprint sensor and Google Pixel 4 Face Unlock. Both companies have acknowledged the issues and committed to releasing the patches “soon” (Samsung is said to be testing fixes in certain countries already). What can you in the meantime? With Workspace ONE and Android Enterprise is it easy!

(more…)

On Apple, Security by Obscurity and WS1 Trust Network.

In the last several weeks a number of bugs were found in Apple’s iOS, MacOS and protocols. This had coincided with a partner workshop last Friday, where the decisive argument was “Have you ever heard of an Antivirus for an iPhone“.

Apple is well known for refusing to publish any details behind the inner workings of its solutions, locking everything that may be locked down and suing all those who try to work around those limitations..

Despite all that, flaws are being found, iOS was jailbroken again (because Apple unpatched a fix they implemented in 12.3) and malware on App Store is just as common as everywhere else.

Security Researchers about Apple’s Security Through Obscurity
(more…)

Workspace ONE Notifications in Intelligent Hub – a real-life use case

A few weeks ago, like many others, we were hit by an O365 Exchange outage. What does usually an admin do, when something is down? -Send an email! But what do you do when email is also down? Ring/Text everyone? Blast it in Teams/Skype/Slack/etc? Pigeons?

This is what happened in our case with Workspace ONE Notifications API for Intelligent Hub.

VMware Workspace ONE Intelligent Hub notifications communicating O365 outage
(more…)

Important enrollment switches for Samsung KNOX with Android Enterprise (VMware Workspace ONE UEM)

Workspace ONE has a ton of features built specifically for Samsung: KNOX OEM Extensions (modern and legacy), KNOX Service Plugin support (OEMconfig), E-FOTA, KNOX Mobile Enrollment, Legacy containers etc etc. There are a few switches controlling the end result. Today I want to discuss a few ones, that pop up in my practice every few months: License Key and Enable Containers, and how they make (or break) your Android Enterprise Samsung deployment.

(more…)