AirWatch is an Enterprise Mobility Management (EMM) solution with Unified Endpoint Management (UEM) offering Mobile Device Management (MDM) and Mobile Application Management (MAM) capabilities only after enrolling personal and corporate devices in AirWatch.
Table of Contents
These days, employees use personal devices to perform enterprise activities with development in cloud technology and personal mobile capabilities. This led to the development of Bring Your Own Device (BYOD) policy. Although the policy has its pros, this led to many security challenges for the enterprise as the compromise of any of these devices could lead to a breach in the entire enterprise framework. This led to modern-day solutions to modern-day problems called Enterprise Mobility Management (EMM) Solutions. Endpoint use devices could now be secured and managed with greater capabilities, remotely and centrally on a unified platform deploying security configurations and enterprise apps while maintaining compliance with company security policy.
AirWatch is an EMM solution with Mobile Device Management (MDM) and Mobile Application Management (MAM) capabilities on a central Unified Endpoint Management (UEM) platform.
These features can be implemented on devices enrolled in the platform. Enrolling of devices is an automatic onboarding process where users are first created on the AirWatch console. The user name and password, among other credentials, are configured by the admin and communicated to users via email or SMS. Users have to download the AirWatch application on their devices. They have to enter credentials provided by the admin. Once the credentials are verified, user devices are configured as per company policy, and enterprise apps and access to the company database are available on the user device. This process is called enrollment. Multiple devices can be associated with a single user, and AirWatch is available on iOS, Windows 10, and Android platforms. The features also include repurposing the device that is whenever a new user logs in. The device is reconfigured as per the new user by process of check-ins and check-outs on the AirWatch application changing app catalog, permissions, and database.
How to enroll Android devices into AirWatch?
Before you begin
- The device should be backed up as per specific instructions for the device.
- For Samsung, HTC, LG, or Sony mobile devices, VMware email account should be deleted if the user has one(AirWatch will add a secured VMWare email account)
Install and Configure AirWatch agent
- Go to the play store and search for AirWatch Agent. Download it.
- Select email address as the authentication method after opening the AirWatch app.
- The user is redirected to the VMware Corporate Single Sign-On page
- The agent/browser walks the user through the steps once the authentication is complete. During configuration, users should not switch to any other apps.
Complete Email Setup
For devices that are not Samsung, HTC, LG, or Sony
- For users having an existing AirWatch account, the email account settings should be updated for Microsoft Exchange Server as “awseg.vmware.com” (exclude quotes) and user email password.
- For devices not having an email setup, follow device-specific email account instructions with the following details.
Microsoft Exchange Server: awseg.vmware.com
How to enroll Apple devices into AirWatch
To install applications from Appetize, including Activate and KDS, iOS devices must be registered in AirWatch.
Add a device to AirWatch (MDM)
- Enter the website appetizeapp.com/enroll on Safari app on iOS devices.
Note: Jump to Disabling Desktop View for Websites if you do not see the screen prompting for a Group ID.
- Group ID needs to be entered for the venue. If the user does not have a group ID, they should contact Support.
- The Username and Password should be entered.
- The device prompts for install a profile. Navigate to the top right corner of the prompt and select the ‘Install’ option.
- The system will install an app named ‘App Catalog’ after the profile is installed.
Install Applications from the App catalog
The following steps should be filled once the AirWatch App catalog is installed to install the Appetize applications.
- From the home screen of the iOS device, select App Catalog
- Click on Activate/KDS to install
- Select ‘Install’ when prompted.
Note: The app catalog shows ‘Processing’ which is not a real-time representation. In such a case, navigate to the home screen to observe the app install process.
Disabling Desktop View for Websites
Disabling Desktop Websites for Safari is a setting that was introduced in iOS version 13.0.
- The iOS Settings App should be opened.
- Within the general settings view, access the settings for Safari
- After clicking on Safari, navigate to the section titled ‘Settings for websites’ by scrolling down
- Look for an option titled ‘Request desktop website.’
- Configure that setting to off
How to enroll windows devices into AirWatch
The first time registration of user:
- Go to awagent.com and download AirWatch Agent.
- Install the software.
- A pop-up window shows Email or Server ID login options. Select the email option.
- Enter corporate mail credentials. Enter Group ID.
- Then select an Organization or enterprise profile.
- Authenticate with active directory credentials, username, and password.
- The device is configured and repurposed as the user provides access to company databases and applications configured by the admin.
- The enrollment process is completed.
- Devices enrolled can be seen under the list view in the devices option on the admin console.
- The complete look of the device is changed, including wallpapers, active applications, among others.
Managing Device on Windows 10
- The detailed view under the devices option shows compliance, summary, profiles, applications, content, updates, location user, and more.
- Under the profiles section, specific actions can be deployed on enrolled devices. Green checkmarks are profiles that have been deployed. For instance, to deploy a profile, block Facebook, the option is double-clicked on, and the page is refreshed. The user can no longer download Facebook as per company policy.
- A complete block prevents users from accessing the store at all. If the user tries to access the app store, a message displaying “Blocked by system administrator” comes on the screen.
- The admin can remotely encrypt drives.
- Self-service encryption recovery is a key feature that can be accessed from any device.
Enroll a device on AirWatch Console on Windows 10
- Navigate to devices on the menu bar on the left. Select profiles and resources. Click on profiles. Select add and then add a profile.
- Select the platform from the list available. Select device type from the list of supported devices
- Choose between user profile or device profile.
- Provide user name. Configure passcode from the left side menu and deploy security measures.
- Configure Wifi VPN and credentials.
- Device restrictions can be imposed under restriction settings. E.g. turning off the camera, Blocking certain applications or stores, browser extensions, external web, among a variety of options.
- Configure Data loss settings, firewall, and antivirus settings.
- Provide BitLocker encryption under encryption settings. Select encryption drive, type of encryption, password or TPM, enforcing passwords, and other aspects of encrypting a drive. Users can stop encryption or decrypt.
- Configure and deploy updates under the updates option.
- Application Control, BIOS, Windows licensing, custom settings are among other options for configuring a profile.
- Certain settings for users become inaccessible after the device is enrolled.
- Applications or policies can be deployed individually or to a group of devices.
- Enterprise wipe can be done for lost or stolen devices or users who have left the company. Enterprise privileges are taken away as soon as the device is unenrolled.