GoCoding.org

Managing Devices In Airwatch

by | Apr 7, 2022 | AirWatch, MDM

Airwatch provides a central console for managing endpoint devices in Airwatch. The devices can be remotely managed and controlled on a Unified Endpoint Management(UEM) platform, with Mobile Device Management(MDM) and Mobile Application Management(MAM) capabilities.

Introduction

Traditionally employees could only access company servers on-premise on secured enterprise devices. With the development of cloud technology and Bring Your Own Device(BYOD) policy, employees access enterprise servers on unsecured personal devices through local network connections presenting endpoint vulnerabilities to the enterprise security framework.

Airwatch is an Enterprise Mobility Management(EMM) solution that allows the admin to secure and manage user endpoint devices with Mobile Device Management(MDM) and Mobile Application Management(MAM) capabilities on a Unified Endpoint Management (UEM) platform.

Managing Devices Overview

Airwatch allows securing and managing the entire enterprise fleet on a central console, remotely deploying and configuring the user endpoint devices through Over The Air(OTA) commands. Devices can be managed individually, or a group of devices can be created and configured. Customized lists can be created under Device List View. Multiple screens provide multiple options. The Hub allows the admin to observe the flow of data and the device dashboard allows the admin to view endpoint devices in greater detail. Reports are generated and easily identified by tags. The self-service portal gives an option to the end-users to manage their own devices, reducing the burden on the admin.

Device Dashboard

Airwatch Device Dashboard provides a high-level view of all enrolled devices. It provides management and configuration options that can be taken on an individual device or a group of devices. Device ownership type, compliance statistics, and platform and operating systems breakdowns can be viewed with graphical representations of relevant device information for your fleet. By selecting any available data views from the device dashboard, the admin can access each set of devices in the presented categories. Administrative actions such as sending messages, locking devices, deleting services, and changing groups associated with the device can be done underthe List View option. The following features are available on the device dashboard:

Security: Doughnut charts display a filtered Device List view which shows the top causes of security issues in your enrolled devices list.Configure a compliance policy to act on these devices, if supported by the platform:

Compromised: Displays the number and percentage of compromised devices(jailbroken or rooted) from the list of onboarded devices.

No passcode: Devices without a passcode configured for security are shown in numbers and percentages.

No encryption: Only those Android devices lacking disc encryption and Devices that are not encrypted for security(excludes Android SD Card encryption) are reported in the donut graph in numbers and percentages

Ownership: Total number of devices in each ownership category is displayed. A filtered Device List view composed of devices affected by the selected ownership type is shown by selecting any bar graph segments.

Last seen overview/Breakdown: Devices that have recently communicated with the Air Watch MDM server are displayed in numbers and percentages. Devices can be filtered based on the number of days of inactivity, and amessage can be sent to them requesting that they check in.Platforms: Displays many devices across different platforms. A filtered Device List view comprised of devices der these selected platforms can be seen by clicking on any graphs

Enrollment: The total number of devices under each enrollment category is shown. A filtered Device List view comprised of devices with the selected enrollment status can be seen by clicking on any graphs.

Operating System Breakdown: Based on the operating system, separate charts are prepared for Apple iOS, Android, Windows Phone, and Windows Rugged devices. By clicking on any graphs, a filtered Device List view comprised of devices running on the selected OS version is displayed.

Device List View

A full listing of all devices in the currently selected organization group is available by clicking on devices, then list view. An indicator capable in showing the number of minutes elapsed since the device has checked in is seen under the last seen column depending on the number of minutes defined in Device Inactivity Timeout(min).To set the indicator, go to groups and settings, navigate to All Settings, and click on devices and users. Select general and click advanced. In the General Info column, select a device to open the details page for that device. Review device activity based on specific information by sorting into columns and configuring information filters. A filter like a compliance filter can filter out all non-compliant devices and take specific actions for them. Individual devices can be searched by user name or mail in the search bar option.

Customize Device List View Layout

Go to the Device List view by selecting the Layout button and choose the Custom option to display the full listing of the visible columns to enable display or hide Device List columns as per your preferences. Apply customized column view to all administrators at or below the current organization group(OG). For example, hide ‘Asset Number’ from the current OG and all the OGs underneath the Device List views option. The accept button to save column preferences and apply a new column view is clicked once all customizations are complete. The layout button settings can be returned at any time to re-customize column display preferences.

Search Device in List View

Individual users can be searched for quick access to information and take remote actions on the device.

Go to devices, then select list view, and click the Search List bar. Users can be searched on parameters such as a user name, device-friendly name, or other device-identifying elements. A search is initiated across all devices within the current organization and child groups using search parameters.

Hover Over Pop Up in Device list view

A tooltip icon in the upper-right corner in the General Info column displays a Hover-Over Pop-up in case the icon is tapped (mobile touch device) or hovered over with a mouse pointer(PCorMac). Vital Info such as Friendly Name, Organization Group, Group ID, Management, and Ownership are contained in this pop-up screen.

With in the Device List view and in the Enrollment and Compliance Status columns, similar tooltip icons are found displaying Enrollment Date and Compliance Violations, respectively.

Filtering Devices in List View

Entire categories of devices can be filtered out by using the available filters. Some of these filters are:

  • Smart Groups.
  • User Groups.
  • Management
  • Ownership
  • Device Type (Platform, OS Version, which depends on the choice of platform)
  • Status (Compliance, Enrollment History, Enrollment Status, Last Seen).
  • Advanced:
    • MAC address: Filter the device ​​by the media access control address.
    • IP Range: Filter by the currently assigned Internet protocol address of a device.
    • Tags: Search for and select from a drop-down menu by their assigned tags to view devices.
    • Tunnel: Segregate devices connected to the tunnel from those not connected to the tunnel.
    • Content compliance: View only those devices missing required docs and only those devices lacking the latest version of the required content from the whole list of devices
    • Lost mode: View only Lost Mode enabled devices(applicable to iOS devices only) from the list of devices.

Search for users individually or by the device type.

Add a device from the list view.

A new user can be created or added to an existing user with custom attributes and tagging options. Navigate to Devices, select list view or devices, click Lifecycle, and select Enrollment Status to add a device. Follow these steps:

1. Click on the Add Device button. The Add Device window displays. Fill in the following information in the User tab.

User settings:

  • Search Text: Enter search parameters and select the Search User button to search for a user with this textbox. Every device must be assigned to a particular user. Select the link to Create New User or select a user from among the search results.

Create new user settings:

  • Security Type: Select between Basic and Directory users.
  • User name: The user is identified in the AirWatch environment by a user name that has to be entered.
  • Password & Confirm Password: Corresponding to the user, create a password and confirm it.
  • Email Address: Enter the email address corresponding to the user account.
  • Enrollment Organization Group: Select the organization group (OG) which serves as the enrollment OG for the device enrollment.
  • Advanced user details: Comprehensive information covering username, user phone number, and manager name, among other complete details displayed under advanced user details. Optional identification settings such as department, employee ID, and cost centre are other additional options provided. Select the user role for the added user, which determines the user’s access level and permissions while using a connected device.

Device settings:

  • Expected user-friendly name: Include lookup values that allow you to inject variables specific to the user, the device, and the deployment to enter the device’s name that appears in the device list. Email address, mobile number, device serial number, organization group, and many others are a part of these variables.
  • Organization Groups: From the drop-down menu, select the organization group to which the device is associated.
  • Ownership: From the drop-down menu, select the device ownership type from None, Corporate-Dedicated, Corporate-Shared, and Employee-Owned options.
  • Platform: From the drop-down menu, select the platform for the device.
  • Show advanced device information options: All the advanced device information settings can be viewed.

Advanced Device Information Settings:

  • Model: From the drop-down listing, select the device model. Depending upon the selection made in the Platform drop-down menu, the contents of this drop-down menu are shown.
  • UDID: Input the device’s Unique Device Identifier.
  • Serial number: The device’s serial number has to be entered.
  • IMEI: The device’s 15-digit International Mobile Station Equipment Identity has to be entered.
  • SIM: The device’s SIM card specifications have to be entered.
  • Asset Number: Input an asset number for the device. This setting is provided to hold this data point, and the number is created internally from within the organization.

Messaging Settings

  • Message Type: Upon successful enrollment of the device to the AirWatch environment, choose the type of message to be sent from None, SMS, or Email.
  • Email Address: Send the enrollment message by entering a mail id and is only available when an email is selected as the Message Type, selecting Reports, and clicking
  • Email Message Template: From the drop-down menu, select the email template. A message Template page can be opened by clicking a link where an email message template can be created.
  • Phone Number: The SMS text message is sent to entered phone number and the text box is only available when SMS is selected as the Message Type.
  • SMS Message Template: From the drop-down menu, select the SMS template.A message Template page can be opened by clicking a link where an SMS message template can be created.

2. Custom Attributes can be optionally assigned to devices by clicking the Add button and supplying an Attribute and its Value.

3. Tags can be assigned to devices optionally by clicking the Add button and selecting a tag from the drop-down menu for each tag assigned.

4. Click the Save button.

Bulk Actions in Device List View

Perform bulk actions to multiple devices by filtering a sub-set of devices and selecting from the action button cluster. Bulk Actions should be turned to enabled in the system settings and only then are available in the Device List View. Go to Groups and Settings, click on All Settings, select System, then Security, and click on Restricted Actions. A PIN is required to perform Password Protect Actions. In the ListView, with devices selected, the number of devices selected is displayed next to the action buttons, including filtered devices that are selected as well.

Bulk Management Limit in Device List View

Bulk action command that a maximum number of devices can receive is set to ensure smooth functioning when managing a large fleet of devices. Go to Groups & Settings, then select All Settings. Click on Devices & Users, navigate to Advanced, and select Bulk Management to change these limits. Multiple devices are selected, and when a bulk management limit is in place, a link is visible next to the ‘number of items selected’ message, which reads: “Some actions may be disabled due to bulk limits.”

Queued Bulk Action Warning

Time is required to process bulk actions, and if a new bulk action is initiated while the AirWatch Console is still processing an existing bulk action, a warning message displays:

You’re previously requested bulk actions are still being processed. This request will be executed once the prior actions are completed. Do you wish to continue with the current request?.”

Yes is selected to add a new bulk action to the queue, while no is selected to cancel bulk action.

Selecting Devices in Devices List View

Individual devices on a page can be selected by checking individual checkboxes to each device’s left or selecting a block of devices across multiple pages. All devices in the entire fleet can also be selected but trigger the restricted actions warning.

Selecting a block of devices:

At the beginning of the block, click on the device checkbox to select a contiguous block of devices, even across multiple pages. At the end of the block, select the device checkbox by pressing the shift key. Apply bulk actions to the selected devices, and this action is similar to the block selection in the Windows and Mac environments.

Selecting All Devices:

Select or unselect all the devices in the listing by clicking the Global checkbox located to the Last Seen column header’s left. The Global checkbox can be used to select or deselect all filtered devices if the ListView contains a filtered listing of devices. Not all but at least one device is selected as indicated by a Global check box green minus sign. Devices in the listing (either filtered or unfiltered)have been selected by clicking this icon, and it changes to a checkmark sign. It changes again to an empty checkbox upon clicking for the third time, indicating that no devices in the listing are currently selected.

Restricted Action Warning on All Selected Devices:

A warning message is displayed when an action is initiated with all the devices in the fleet selected:

“You’re trying to take action on [count of selected devices]. This action may not apply to listed devices to all devices. Constraints of this action include model, OS, device platform, enrollment status, or management type. “

A large device fleet featuring many different manufacturers, operating systems, and capabilities of diverse nature prompt this message and is unrelated to the Bulk Management Limit and any warnings it may generate. The Restricted Action Warning message does not display If a Bulk Management Limit System is in place.

Device Details

Track detailed information for a single device and access user and device management actions from the Device Details Window. Device details can be accessed by selecting a device-friendly name from one of the available Dashboards and also by using the search bar within the Airwatch Console. Features of the main page are:

  • Notification Badges: Enrollment Date, Compromised State, Compliance Violations, and time Last Seen for the selected device are displayed.
  • Security: Security settings such as passcode status, data protection, and management software being used are displayed.
  • User info: Basic user information, including full name and email, is displayed.
  • Device info: Device information such as smart groups, serial number, UDID, organization group, location, asset number, power status, storage capacity, physical memory, and warranty information are displayed.
  • Profiles: All profiles, including installed (active), assigned (inactive), and unmanaged (sideloaded), are shown.
  • Apps: Automatic apps and on-demand apps among all installed apps are displayed.
  • Content: Installed content such as user-added documents is displayed.
  • Certifications: All installed certificates, including certifications near their expiration date, are displayed.

Device Details Dashboard

Basic and important device information including the device type, device model, device action button cluster, OS version number, ownership type, and Recent List indicator is displayed on the Device Details Dashboard. Toggling the arrow buttons, the Recent List Indicator changes the selected device based on its position within the filtered List View.

Device Details Action Button Cluster

The action button cluster helps perform common device actions like Query, Send [Message], Lock, and other actions accessed through the More Actions button. Platform, device manufacturer and model, enrollment status, and the specific configuration of the AirWatch Console are factors for available device actions.

Device Details Menu Tab

Access specific device information varies depending on the chosen device platform from the device details menu tab. Some menu tab options are:

  • Summary: General statistics such as enrollment status, compliance, last seen, GPS availability, storage capacity, physical memory, virtual memory, platform/model/OS, organization group, serial number, and power status are displayed.
  • Compliance: View the Policy name, status, date of the previous and forthcoming compliance check, and the actions already taken on the device with advanced troubleshooting and convenience features.

Troubleshooting devices are pending compliance status and non-compliant devices.

Get detailed information regarding the compliance status on the device or reevaluate compliance on a per-device basis.

Administrators can edit the compliance policy, while users with Read-Only privileges can view the specific compliance policy directly from the Compliance tab.

  • Profiles: Profiles currently assigned, installed, and unmanaged on a device among All profiles are shown.
  • Apps: All apps currently assigned and installed on the device are displayed.
  • Content: Last update, date, time of views, acknowledged content, status, type, name, version, priority, and deployment of the content on the device are displayed. A toolbar for Admin action (like install or delete) is also displayed in the bar.
  • Location: A device’s current location or location history is displayed, which can be filtered for a chosen period or length of time you are looking back in search of location data points. A range of dates and times (5-minute increments) can be chosen in the Custom time periods. The collection of location data can be enabled by clicking on Groups & Settings, then clicking on All Settings, and navigating to Devices & Users. Select the platform and click on the specific Agent Settings page. The number of location data points collected can be edited. The minimum distance between locations can be minimized by clicking on Groups & Settings, selecting All Settings, clicking on Installation, and selecting Maps.
  • User: The user details of a device and the status of the other devices enrolled to the user can be accessed.
  • More: Additional menu tabs varying according to device platforms are available:
    • Network: The current network information ( Cellular, Wi-Fi, Bluetooth, IMEI) of a device is displayed.
    • Security: Current security status of a device based on security settings is displayed.
    • Telecom: The amounts of calls, number of messages sent and received, and data usage are displayed.
    • Notes: Notes regarding devices can be created, edited, or deleted.
    • Certificates: the devices can be identified by certificates by name and issuant. Certificate expiration dates are also provided in this tab.
    • Provisioning: Complete history and status of all packages provisioned to the device are displayed. Any provisioning errors are also displayed.
    • Terms of use: A list of End-User License Agreements(EULAs) of devices accepted during enrollment is shown.
    • Alerts: All alerts associated with the device are shown.
    • Shared device log: The shared device history is shown, including past check-ins, check-outs, and status.
    • Status history: Concerning enrollment status, the history of the device is shown.
    • Targeted Logging: A link is provided, enabling you to configure targeted Logging to view the logs for the Console, Catalog, Device Services, Device Management, and Self Service Portal. Navigate to All Settings, click on Admin, select Diagnostics, and click Logging to access the link.
    • Attachments: The storage space on the server can be used instead of device storage space for screenshots, documents, and links for troubleshooting and other purposes.
  • Troubleshooting: Event Log and Commands logging information can be viewed with page features such as export and search functions, enabling you to perform targeted searches and analysis.
    • Event log: The detailed debug information and server check-ins with filter by options such as Date Range, Severity, Module, Category, and Event Group Type are displayed. Hypertext links that navigates to a separate screen with even more information surrounding the specific event are shown in event data under the event log listing. Advanced troubleshooting, such as determining why a profile fails to install, can be performed with the provided data.
    • Commands: Detailed listing of pending, queued, and completed commands sent to the device with filters enabling search by Category, Status, and specific Command.
    • Attachments: Without taking up the space on the device itself, the storage space on the server is used for screenshots, documents, and links for troubleshooting and other purposes.

Device Actions by Platforms

Individual (or bulk) devices in the enterprise fleet and different platforms offer different actions for Airwatch administrators to deploy commands remotely. Remote commands are represented by each of these platform-specific device actions and definitions, which can be invoked from the Airwatch console.

Device Action Descriptions

Airwatch admin can remotely invoke actions on devices whose details are:

  • Add tag: Identify a special device in the enterprise fleet, with an assigned customizable Tag to a device.
  • Airwatch Agent(Query): Ensure Airwatch Agent has been installed and is functioning normally by sending a query command to the device’s AirWatchAgent.
  • App Remote View: A series of screenshots of an installed application can be taken and sent to the Remote View screen in the Admin Console. The number of screenshots and the length of the gap(in seconds) can be chosen between the screenshots.
  • Apps (Query): A query command can be sent to the device to return a list of installed apps.
  • Books (Query): A query command can be communicated to the device to return a list of the installed books.
  • Certificates(Query): A query command can be sent to the device to return a list of installed certificates.
  • Change device passcode: Existing passcode can be replaced with a new passcode to access the selected devices.
  • Change organization group: The device’s home organization group can be changed to another pre-existing OG, with options between selecting a static or dynamic OG.
  • Change Ownership: The ownership setting for a device can be changed where applicable from the options Corporate-Dedicated, Corporate-Shared, Employee Owned, and Undefined.
  • Clear Activation Lock: The activation ID on an iOS device can be cleared. The following actions: disabling Find My iPhone, factory wipe, and reactivating to use of the device can only be performed with Apple ID and password with the Activation Lock enabled.
  • Clear passcode(Container): Container-specific passcodes are cleared and used when users forget their device’s container passcode.
  • Clear passcode(Device): Device-specific passwords are cleared and used when the user has forgotten their device’s password.
  • Clear passcode(Restriction Setting): The passcode which restricts device features such as app installation, Safari use, camera use and more is cleared.
  • Clear Passcode(SSO): For situations where the user has forgotten their single sign-on(SSO) passcode, SSO passwords are cleared.
  • Delete Device: A device is unenrolled and deleted from the list on the Admin console, but this action does not remove any data from the device itself, only its representation.
  • Device Information(Query): A query command is sent to the device to return basic information such as organization group, operating system version, friendly name, platform, model, and ownership status.
  • Device Wipe: All data is cleared on a device, including email, profiles, and MDM capabilities, and the device is then restored to the factory default state. All personal user information, if applicable, is wiped as well, and action cannot be undone.
  • Edit Device: Device information such as Device Ownership, Device Group, Friendly Name, Asset Number, and Device Category can be edited.
  • Enable/Disable lost mode: Send a message, phone number, or text to the lock screen and lock the device. The user cannot disable the lost mode, but when disabled by the administrator, the device returns to normal functionality. In iOS 9.3+Supervised, users receive a message that informs them that the device’s location was shared.

When in Lost Mode, the device can be queried, and then use the Location tab to find the device.

  • Enroll: Device users are sent a message to enroll their devices. Enrollment information such as step-by-step instructions and helpful links can be sent through a message template that maybe be included optionally. This action is only valid for unenrolled devices.
  • Enterprise Reset: Restore a device to factory settings, retaining only the VMware AirWatch enrollment.
  • Enterprise Wipe: Remove all managed enterprise resources, including applications and profiles and unenroll the device with the Enterprise Wipe feature. Re-enrollment of the device is required for VMware AirWatch to manage this device again, and action cannot be undone. Future re-enrollment can be prevented with an optional feature and a Note Description field for the admin to add any noteworthy details about the action.

They are not users forget, supported for cloud domain-joined devices.

  • File Manager: Within the Airwatch console, the file manager is launched, which allows the admin to remotely view a device’s content, conduct searches, add folders, and upload files.
  • Find Device: A message is sent to the applicable VMware AirWatch application, and an audible sound can be added optionally. The user can locate the misplaced device with the help of audible sound. Configure settings to repeat the sound a configurable number of times and the length of the gap, in seconds, between sounds.
  • iOS Update: Applicable to only supervised, DEP-enrolled devices with iOS version 9 or greater, an operating system update can be pushed to one or more iOS devices.
  • Location: A device can be located on the map using the GPS feature.
  • Lock Device: The device’s screen is locked and cannot be used unless the admin unlocks the device. A custom Message, Phone Number, and Note Description are additional optional fields.
  • Lock SSO: The device user is locked out of VMware Air Watch Container and all the participating apps.
  • Managed settings: Voice roaming, data roaming, and personal hotspots can be enabled or disabled.
  • Mark Do Not Disturb: Prevents the device from receiving messages, emails, profiles, and any other type of incoming interaction after the device is marked as Do Not Disturb. Devices actively marked as Do Not Disturb, which removes the restrictions, only have the action Clear Do Not Disturb available.
  • Override Job Log Level: The currently specified level of job event logging on the selected devices is overridden, setting the logging verbosity of Jobs pushed through Product Provisioning and overrides the current log level configured in Android Agent Settings. By changing the Job Log Level under the Product Provisioning category in Android Agent Settings or by navigating to and selecting the drop-down menu item Reset to Default on the action screen, the Job Log Override can be cleared.
  • Profiles(Query): A query command is sent to the device to return a list of installed device profiles.
  • Provision(Now): The ability to create an ordered installation of files, actions, profiles, and applications into a single product that can be pushed to devices through which products can be provisioned to a device.
  • Query All: A query command is sent to the device to return a list of installed apps (including VMware AirWatch Agent, where applicable), device information, profiles, books, certificates, and security measures.
  • Reboot Device: A device can be remotely rebooted, reproducing the effect of powering it off and on again.
  • Registry Manager: Within the Airwatch console, launch the registry manager that enables the admin to remotely view a device’s OS registry, conduct searches, add keys, and add properties.
  • Remote control: A supported device can be remotely controlled using this action. A console application is launched that enables the admin to perform support and troubleshooting on the device.
  • Remote Management: A supported device can be remotely controlled using this action. A console application is launched that enables the admin to perform support and troubleshooting on the device.
  • Remote View: Allows an active stream of the device’s output to a destination of choice (including IP address, audio port, password, port, and scan time), allowing the admin to view what the user sees as the device is operated.
  • Rename device: The device-friendly name within the AirWatch Console can be changed.
  • Request Debug Log: The debug log on the selected device can be requested, after which the admin may view the log by clicking the more tab, navigating to Attachments, and then clicking on Documents. Troubleshoot can be provided by the log, which is delivered as a text file.
  • Request Device Check-in: The selected device can be requested to check itself into the AirWatch Console, and the Last Seen column status is updated.
  • Restart Airwatch Agent: The VMware AirWatch Agent can be restarted and is used during troubleshooting when the enrollment processor submodule installation process is interrupted.
  • Security(Query): A query command is sent to the device to return the list of active security measures( passcode, certificates, device manager, encryption, etc.).
  • Send message: A message is sent to the owner of the device through Email, Push Notification and SMS.
  • Start AirPlay: Audiovisual content from the device can be streamed to the AirWatch Console using Apple’s proprietary wireless streaming protocol. The MAC Address (media access control) and Scan Time in seconds must be provided by the admin and runs only on iOS 4.2 or greater.
  • Start/Stop AWCM: The AirWatch Cloud Messaging service for the selected device can be started or stopped. AWCM streamlines the delivery of messages and commands from the Admin Console and eliminates the need for end-users to access the public Internet or utilize consumer accounts, such as Google IDs.
  • Sync Device: The selected device can be synchronized with the AirWatch Console, updating its Last Seen status.
  • Task Manager: A Task Manager can be launched within the AirWatch Console that allows the admin to remotely view a device’s currently-running tasks, including task Name, ProcessID, and applicable Actions.
  • View Manifest: The device’s Package Manifest can be viewed in XML format from the Air Watch Console. Manifests lists metadata for widgets and apps are available on Windows rugged devices.
  • Warm boot: A restart of the operating system can be initiated without performing a power-on self-test(POST).

Enrollment Status

Assess enrollment status on a per-device basis, whitelist/blacklist devices, import and register devices in bulk, and revoke/reset device tokens on the enrollment status page.

Navigate to Devices, click on Lifecycle, and go to Enrollment Status to view a full list of all devices sorted by enrollment status in the currently selected organization group.

Review device activity based on specific information by sorting into columns and configuring information filters. For instance, view only devices whose registration is not applicable and act only on those specific devices by selecting the token status column. Search for a friendly name or user name from the list of all devices to isolate a particular user or device.

Filter settings:

  • Filters: Filters allow the admin to view only those devices that the admin is interested in by filtering out entire device categories.
  • Types of filters:
    • Ownership
    • Token Status
    • Token Type
    • Source
    • First Seen
    • Enrollment Status
    • Platform
  • Add:
    • Register device: Admin can register or Add a single device to be enrolled.
    • Whitelist or Blacklist devices: Enroll only those devices that the admin has identified or whitelisted.
    • Batch Import: With the Batch Import screen, import multiple devices or multiple users.
  • Resend message: The original message sent to a user can be resent, including Self-Service Portal URL, Group ID, and login credentials.
  • Change Organization Group: The type of ownership for the selected device can be changed.
  • Delete: The registration information for the selected devices can be permanently deleted. Users are forced to re-register to enroll. Admin must first revoke the token before deleting a device registration for devices where applicable.
  • Reset token: If a token has been revoked or is expired, reset its status.
  • Revoke token: Block access for unwanted users or devices by forcing the token registration status of the selected devices to expire. Admin can choose to disable the Notify Users setting, which prevents the default email notification from being sent for the Reset Token and Revoke Token actions.
  • Selecting Multiple Devices: Select the checkbox next to each device and use the action buttons to act on individual devices or multiple devices. Perform bulk actions to multiple selected devices by applying a filter to show a specific set of devices. The devices have to be selected, and action from the Resend Message is selected. And click the More Actions buttons to perform this action. Individual checkboxes can be selected or select the entire set of filtered devices by selecting the global checkbox located atop the checkbox column. A confirmation screen is displayed, allowing the admin to Save or Cancel the action when the admin selects an action for one or more devices.
  • Layout: The full listing of visible columns is shown or display or hides columns per preferences by choosing the Custom option. Admin can also apply customized column view to all administrators at or below the current organization group. Modify column display preferences, by returning to layout buttons settings.

Enrollment Status Details View

Open the Details View for a particular device, by selecting a device-friendly name in the General Info column. Resend the enrollment message by selecting the Resend Message button, edit a device registration info by selecting the Edit Registration or complete the Advanced Device Information section from the details view. A series of tabs, each containing relevant enrollment information about the device is shown in Details View.

  • Summary: The basic device and user info, registration date, and the time elapsed since the device was first seen are displayed,
  • User: Detailed user info is available.
  • Message: The outgoing device Activation email message, including credential information and QRcode, is displayed. AirWatch administrator can hide the Message tab after the device has successfully enrolled with a resource called “User Registration Message.”
  • Custom Attributes: The Device’s custom attributes are displayed.
  • Tags: Tags associated with a device are shown.
  • Offline enrollment: The device can be enrolled while it is offline, and this feature is useful for when the admin wants to make the most of scheduled time for a device in an unavailable state, for instance, traveling.

Wipe Protection

When a device is untracked, lost or stolen, remotely wiping a device of privileged corporate content is called an Enterprise Wipe. Protects sensitive enterprise data from being leaked to competitors or third-party cloud servers. Scheduled processes like the Compliance Engine and other automated directives wipe multiple devices under certain circumstances. When such a directive is scheduled, the admin is informed and given a chance to intervene. By defining a wipe threshold, Wipe protection settings can be configured, which is a minimum number of devices wiped within a certain time frame. For instance, future wipes are put on hold if more than ten devices are wiped within 20 minutes until after you validate the wipe commands. Wipe logs can be reviewed to see when devices were wiped and for what reason. Based on the reviewed information, Allow or restrict the on-hold wipe commands. Unlock the system to reset or wipe the threshold counter,

Configure Wipe Protection Settings for managed devices

A wipe threshold for managed devices can be set, and administrators are notified through email when the threshold is met. These settings can be mangaged at the Global or Customer level organization group by the admin.

Click on Devices, navigate to Lifecycle, select Settings, and click on Managed Device Wipe Protection. The following settings can be configured and then saved.

  • Wiped devices: The number of Wiped Devices can be entered that act as the threshold for triggering wipe protection.
  • Within(minutes): The amount of time the wipes must occur to trigger wipe protection is the value of Within expressed in minutes.
  • Email: A message template can be selected and sent to the admin.

Go to Devices & Users, select General, and click on Message Templates to create a message template for wipe protection. Select Device Life cycle as the Category and Wipe Protection Notification as the type to add a new template. Following lookup values can be configured as part of the message template.

{EnterpriseWipeInterval}: Within (minutes) is entered on the settings page.

{WipeLogConsolePage}: Wipe log page link.

  • To: The email addresses of administrators are entered who should receive this notification message. Administrators who have access to the Wipe Log page should only be notified.

Configure Wipe Protection Settings for un-managed devices

Automatic enterprise wipe commands can be sent to unmanaged devices in certain exceptional and rare cases. Similar wipe threshold settings are provided, as are for managed devices. The email entered is notified by the system. All future enterprise wipe commands are put on hold once the threshold is fulfilled until an administrator specifies otherwise. These settings can be managed at the Global or Customer level organization group.

Go to Groups & Settings, select All Settings. Click on Devices & Users, navigate to Advanced, select Unmanaged Device Wipe Protection. Following settings can be configured and saved:

  • Wiped devices: The number of Wiped Devices can be entered that act as the threshold for activating wipe protection.
  • Within(minutes): The amount of time the wipes must occur to activate wipe protection is the value of Within expressed in minutes.
  • Email: A message template can be selected and sent to the admin.

Go to Devices & Users, select General, and click on Message Templates to create a message template for wipe protection. Select Device Life cycle as the Category and Wipe Protection Notification as the type to add a new template. Following lookup values can be configured as part of the message template.

{EnterpriseWipeInterval}: Within (minutes) is input on the settings page.

{WipeLogConsolePage}: Wipe log page link.

  • To: The email addresses of administrators are entered who should receive this notification message. Administrators who have access to the Wipe Log page should only be notified.
  • Allow Enterprise Wipe: Enterprise wiping of unmanaged devices can be enabled, and the default setting is enabled.

View Wipe Logs

The Wipe Log page can be viewed to see which devices were wiped and for what reason. After reviewing the information, accept or reject any on-hold wipe commands and unlock the system to reset the wipe threshold counter. A banner at the top of the page is shown that the system is locked, indicating this status.

  • Go to Devices, select Lifecycle and then click on WipeLog. The access to the Wipe Log page is managed by the Report Device Wipe Log resource and is available by default for SaaS admins, system admins, and AirWatch admins. Using the Create Admin Role page, this resource can be added to any custom admin role.
  • Wipe The following parameters can filter log:
    • Source
    • Ownership
    • DateRange
    • Wipe Type
    • Status
  • The list of devices can be viewed, and the admin can determine whether the presented devices are valid wipes. A status of “On Hold” is shown for devices pending actions. “Processed” is displayed for devices wiped before the threshold limit is reached.

Select each device and then select Approve wipes from the command list if the wipes are valid. Approved is shown in the status bar.

Select each device and then select Reject wipes from the command list if the wipes are invalid. Rejected is shown in the status bar.

The device threshold counter can be reset, and wipe commands are allowed to go through by selecting Unlock System. Future automated wipe commands are allowed by the system until the threshold limit is exceeded again. This action can only be performed at a Global or Customer level organization group.

Airwatch Hub

The Airwatch hub is the central portal for fast access to critical information to quickly identify important issues and act from a single location in the AirWatch Console. A device list view is displayed by selecting any bar or donut graph on the page. All the devices specific to the metric selected by the admin are displayed in the list view. Actions such as sending a message to those devices can be performed from the console.

For instance, the Device List View displays a list of devices whose lack of antivirus software has triggered a policy violation by selecting the Antivirus Status donut graph. Select the checkboxes to the far left of each device to select devices. The “select all” checkbox below the Add Device button can be clicked to select all devices. Above the listing, the action button cluster can be found. A message can be sent to the users of the selected devices by clicking the Send button as an Email, a push notification, or an SMS text message.

Airwatch Hub Elements

Summary of graphs and the detailed view is provided by Airwatch Hub:

  • Devices: The exact number of devices is displayed.

All devices (including enterprise wipe pending, device wipe pending, registered, enrolled, and unenrolled) status of breakdown is displayed.

Devices enrolled in the AirWatch platform breakdown are displayed.

Enrollment history is displayed, and filters are available to choose from over the past day, past week, and past month.

  • Compliance: All devices violating compliance are displayed.

Devices are displayed,, including apps, security settings, geolocation, and more currently violating company security compliance.

All types of compliance policies established are covered, and top violated policies are shown.

Ranked by order of instances of violation, Blacklisted Apps, including all black listed apps installed on the devices, are displayed.

Devices not having the apps that the admin wants to be installed and ready for users.

  • Profiles: Profiles out of date are displayed.

Devices with old versions of each profile as well as the Latest Profile Versions are shown.

  • Apps: Applications associated with the devices are shown.

Devices with old versions of each application as well as the Latest Application Versions are shown.

Ranked by devices that have the application currently installed, most installed Apps are shown.

  • Content: Content that is out of date is displayed as well.

Ranked by order of instance, the latest content version, including each out-of-date file, is shown.

  • Email: Devices that are currently unable to receive email are shown.

Devices blocked by default, blacklisted or unenrolled, and devices blocked from email are shown.

  • Certificates: Certificates set to expire are shown.

View certificates that have already expired, set to expire within one month, one to three months, three to six months, six to 12 months, and greater than 12 months.

Depending on the current organization group selected, the set of devices shown varies, including all devices in child organization groups. Lower organization groups can be switched to and automatically update device results using the organization group drop-down menu.

The views can be toggled by selecting the List View icon or the Chart view icon. Device List View for that specific set of devices is shown by selecting any metric to open. Actions such as sending a message to those devices can be performed as well.

By selecting the Available Sections icon, the Hub can be customized, select or deselect checkboxes representing available sections (Devices, Compliance, Profiles, and so on). Select Save to craft the Hub’s Overview.

Hub data in PDF format can be exported by selecting the Export icon, and it is very useful for exporting daily, weekly, or monthly reports of the current state of mobile device deployment.

Admin Panel Dashboard

An overview of the module license information and deployed AirWatch components is provided in the admin panel. In the summary of AirWatch licenses condensed into two separate sections, Active Products and Deployed Components are displayed as well.

Navigate to the Hub and select Admin Panel to access the Admin Panel. A Customer organization group can only access the Admin panel.

Active products in the Admin panel

The Active Products section confirms the active Products and Deployed Components. In license validity of features included in deployments such as Browser, Mobile Device Management, AppCatalog, Container, and more. The cumulative number of active licenses with the license model, and the license type is displayed for each feature.

Deployed Components in the Admin panel

A panel for all the enabled component at the customer organization group, each reporting the connectivity status, is featured in the Deployed components section.

  • VMware Tunnel
  • VMware Enterprise Systems Connector
  • AirWatch Secure Email Gateway

To refresh the connectivity status of the individual-enabled component, click the refresh button.

Thereafter display the systems’ setting page that corresponds to the enabled component by clicking the settings button.

Industry Template for iOS

An industry template is a collection of mobile apps and device profiles that the admin can push to devices, making the deployment process easier. Templates can be chosen to support industries such as health care and retail, and admin can edit templates to fit industry needs.

Reports and Analytics

Extensive reporting and event logging capabilities are provided to administrators with actionable, result-driven statistics about device fleets in the Airwatch console. These predefined reports can be used, or new custom reports can be created based upon specific devices, user groups, date ranges, file preferences and other filters. Reports can be checked by navigating to the Reports page at Hub, clicking Reports & Analytics, selecting Reports, and clicking List View. “My Reports” section/tab at the top of the “Reports” page for quick access allows the access of the added reports.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.