A central console is provided by Workspace One Intelligent Hub for an IT administrator team to enroll end-user devices and deploy applications to end-users to access corporate resources. To make the user experience simpler through a single app, boost productivity and creativity, Workspace One Intelligent Hub is an integrated digital workspace solution.

Introduction

With the development in cloud technology and personal device capabilities, more and more organizations are moving to Bring Your Own Device(BYOD) policies. The enterprise employees can remotely access corporate servers and perform tasks on their personal devices. These personal devices are unsecured and gain access through local networks, which present endpoint security challenges for the enterprise. Traditionally employees were needed to connect to a VPN to gain access to corporate resources. Also, they were required to remember and enter multiple ids and passwords for different applications. These methods are tedious and time-consuming and therefore impact employee productivity. By providing a single application to gain access to the company application catalog, Workspace One Intelligent Hub simplifies this process, in addition to single sign-on (SSO) to access corporate resources and no need to connect to VPN. By providing a single console to register and control all devices, the process of onboarding is also simplified for administrators through Mobile Device Management(MDM) capabilities.

The transition from traditional mobile device management (MDM) and PC management to a digital workspace represent key challenges.

• Data overload – IT departments are deluged by an overwhelming volume of data when incorporating identity into device management from numerous sources.
• Visibility silos – Working with multiple unintegrated modules and solutions from a visibility and management standpoint often results in security silos.
• Manual processes – Bottlenecks are created, and constant monitoring and corrections are required for traditional approaches such as using spreadsheets and scripting.
• Reactive approach – Delays can be introduced for the process of first studying data for security vulnerabilities and then finding solutions. The effectiveness of the solution is significantly reduced by these delays. A reactive approach is not best suited long-term strategy.

To simplify the user experience, VMware Workspace ONE Intelligence is designed without compromising security. To provide complete visibility into the entire environment, the intelligence service aggregates and correlates data from multiple sources. Insights and data are made available that allow the admin to make the right decisions for the VMware Workspace ONE deployment. Create compliances to take automatic action on security issues within Workspace ONE Intelligence that has a built-in automation engine.

What is Workspace One Intelligent Hub?

On the enterprise catalog, to access corporate networks and applications, Workspace One Intelligence Hub provides end-users with an application. For the onboarding process, End Users are first needed to download and register on the app. A single console is featured to the admin for enrolling and approving devices. At all times, employees can stay connected with powerful collaboration and sharing capabilities. Users can also access the corporate directory to mail their colleagues or to call, message on company social in a single touch. For exclusive projects, groups can be created, and order of hierarchy can be maintained. In order of priority, a common bulletin board that provides all company updates is provided as well. The user experience is enhanced with a single sign-on for the unified app catalog. From a single platform, enterprise apps, SAas based applications, and app store applications can all be accessed with a single touch. From a single admin console, the app deployment procedure is also hassle-free, and mass upgradation can be done in a single click as opposed to traditionally upgrading one device at a time. In Windows rugged devices, Workspace One Intelligence Hub is the only way to provide Mobile Device Management capabilities(MDM).

Architecture

Hosted on Amazon Web Services (AWS), Workspace ONE Intelligence is a cloud-only service that offers the following advantages:

• Enables users to focus on utilizing the product by reducing the overhead of infrastructure and network management.
• Allows new features and functionality to be released with greater speed and frequency by complementing the continuous delivery and continuous integration approach to software development.
• By supporting only one version of the software, helps with solution delivery without any patching.
• Enable the service to be hosted in different regions around the world with AWS, which are industry leaders in the field of cloud infrastructure, with a global footprint.
• For high availability and easy monitoring, AWS offers a variety of managed services out-of-the-box.
• Focus on product feature development and security by leveraging these services rather than infrastructure management.

Workspace ONE Intelligence includes the following components.

• Workspace ONE Intelligence Connector: For collecting data from the Workspace ONE database, an ETL (Extract, Transform, Load) service is responsible and feeds it to the Workspace ONE Intelligence cloud service.
• Intelligence Cloud Service: Generate and schedule reports and aggregate all the data received from an Intelligence Connector. Populate with different data points, the Workspace ONE Intelligence dashboard, in the format of choice.
• Consoles: Two consoles are currently leveraged by Workspace ONE Intelligence:
  • Workspace ONE Intelligence Console
  • Workspace ONE UEM Console
• Data Sources: Workspace ONE Intelligence SDK, VMware Workspace ONE UEM, Workspace ONE Access, Workspace ONE Trust Network, and Common Vulnerability and Exposures (CVE).

Advantages of Workspace One Intelligent Hub

• Across all devices and Operating Systems (OS), consistent and user-friendly experience.
• Powerful collaboration tools to help employees stay connected at all times with applications like mail, company social, and calendar.
• Create teams and share resources in addition to connectivity anywhere anytime, with access to the company directory to call, message, or mail a colleague.
• To access the company intranet, enterprise apps, SAas based apps, and internal resources, a Single sign-on(SSO) for the Unified app catalog is used.
• From a central console, streamlined onboarding, which is easy to use and to deploy applications.
• To answer the most frequently asked questions(FAQ) on onboarding and troubleshooting, self-service is provided with KB articles. The company’s virtual assistant, AVA, provides guided help for registering and controlling new devices.
• To update employees about all recent developments, a “For you” section and smart notifications for corporate communications and actionable items.
• The only way to allow windows rugged devices with MDM capabilities

Reports for Workspace ONE Intelligence

To collate data in the Workspace ONE UEM Powered by AirWatch deployment, use Reports by Workspace ONE Intelligence. To gather data and create the reports, Workspace ONE Intelligence reporting uses a cloud-based report storage system. Check the Sync Status Page if the admin wants to know the status of data coming into the reports.

Get faster, easier access to critical business intelligence data with the Workspace ONE Intelligence feature than the stock reports included in Workspace ONE UEM. Customize canned reports or build reports using starter templates, choose from several categories, like apps, devices, and OS updates. These reports display the most recent data extracted from the Workspace ONE UEM environment.

Insights and Automation

All data taken from the data sources are correlated and aggregated by the Workspace ONE Intelligence service. From a business, process, and security standpoint, the data is then made available for visualization. Also, based on the rules defined in the Intelligence Console, the Workspace ONE Intelligence service can perform automatic actions.

Dashboards

About the selected attributes, such as users, operating systems, devices, and applications, dashboards present the historical or latest snapshot of information. Using widgets that are fully customizable, these dashboards are populated, including, for example, editing filters, layout tools, and other options. Information can be shown in the form of vertical or horizontal bar charts, donuts, and tables. To visualize historical data, the admin can also choose a specific date range. As part of My Dashboard, all the widgets can be added.

A summary is provided in the following section about some of the predefined widgets.

• Devices: Number of operating system breakdowns, enrolled devices, compromised status
• Apps: Agent installed (by version), most popular apps.
• OS Updates: Devices with a CVSS risk score higher than 7, Top-ten KBs installed.
• User Logins: Trend of login failures, user logins (by authentication method)
• App Launches: According to both the total number of launches and unique user count, Top-five apps launched.

The admin can create new widgets from scratch or extend the data points and filters for the out-of-the-box widgets.

Workspace ONE Intelligence has three additional predefined dashboards in addition to My Dashboard (Security Risk, OS Updates, and Apps), enabling IT administrators to quickly gather insights and information into their environment and make data-driven decisions for rectification.

As a part of the package of Workspace ONE Intelligence cloud offerings, Dashboards are available, and no additional configuration is needed.

Reports

Depending on data fetched from Workspace ONE UEM, reports are generated, providing administrators real-time information about the deployment. The data is extracted from OS updates, devices, applications, and user data points.

A set of predefined templates is offered by Workspace ONE Intelligence. Additionally, the admin can create a new template from scratch or customize these templates to generate reports on the specific data points. The admin can edit, copy, delete, run, subscribe to, and download (CSV format) reports using the reports dashboard of Workspace ONE Intelligence.

As a part of Workspace ONE Intelligence cloud offerings, reports are available. When the admin uses cloud-based Workspace ONE UEM, no additional configuration is needed for this feature. The admin must deploy the Workspace ONE Intelligence Connector for an on-premises deployment of Workspace ONE UEM. Only for groups whose organization group type is Customer reports are available.

Automation Capabilities

Across categories that include apps, devices, and OS updates, automation in Workspace ONE Intelligence is enacted. Under which circumstances automatic actions will be performed, administrators can specify those conditions. Automation removes the requirement for manual processing and constant monitoring to react to a security vulnerability. Setting up the conditions, trigger, and automated action is required for Configuring automation, such as installing or removing a certain profile or app or sending out a notification.

Automation connectors facilitate automation. To communicate with third-party services and Workspace ONE UEM, these connectors leverage Workspace ONE UEM REST APIs. The current list of automation connectors includes service Now, Slack, and out-of-the-box Workspace ONE UEM. Any system that features a REST API interface, the REST APIs also extend the connector capabilities to that, which can leverage the Workspace ONE Intelligence Custom Connectors.

Reports Service

Reports use a separate service to push data to a reports cloud service. When trying to answer critical questions, this service captures data useful to administrators. An initial snapshot of the deployment is gathered by this feature and continues to capture ongoing changes.

Limits to the Number of Reports

For each organization group (OG), the admin can create and run up to 50 reports. The admin must delete a report to make space if they have 50 reports in an OG but require another unique report.

Sharing Reports

The admin can share Reports with other Workspace ONE Intelligence users. For any report that the admin may create, this action is available. While the users who are responsible for sharing the report are designated as Can Edit access (read and write) or Can View (read-only), the owner of the report is designated with full access. Limited actions are available for users with Can View access, such as:

• Duplicate
• Add to Bookmarks
• View

After the admin shares a report with users, they receive an email. By clicking on Created By Me or Shared With Me, the admin can filter reports.

Selecting Users to Share

The admin can source users from the following After selecting the Share action:

• Azure AD Admin List View
• UEM Admin List View

Transferring Ownership of Reports

The transfer of the ownership of reports is enabled for the Admins with the Administrator’s permission. When enterprise colleagues move on to other opportunities, this feature is useful. While they are offboarding, transfer the ownership of their Workspace ONE Intelligence objects to retain object management.

Finding Unowned Reports

Admins can assign ownership to other admins and find unowned reports:

1. Navigate to Reports, In Workspace ONE Intelligence.
2. Click on the Unowned filter and deselect the Shared With Me and Created By Me filters.
3. Work with a single report or multiple reports.
   • Move from the Reports list page:
     • Select the checkboxes corresponding to all the reports the admin wants to transfer the ownership.
     • The admin can use this option for both single transfers and bulk transfers.
   • Move from the report’s details page: Use this method for a single report transfer.
     • In the Report Name column, select the report name. The report’s details are opened by this action.

• Click on the Overview tab.
  • Access to the Transfer Ownership feature is now enabled.

4. Choose Transfer Ownership.

5. Start to provide an admin user in the transfer to the owner text field and choose the user from the list.

The new admin owner of the report is emailed by the system emails.

Run the Reports Wizard

On the Workspace ONE UEM environment, the reports wizard guides the admin through creating a customized report. The wizard has customized canned reports that the admin may use or blank templates that the admin can use as a base for their reports.

Procedure

1. The admin logs in and gains access to the Workspace ONE Intelligence UI.
2. Navigate to Reports and then click on Add Report.
3. Choose the report category and then select a template and click on Next.
4. Choose a template and then click on Next.
5. Select the add rule icon (+) on the configuration screen to customize a pre-existing template or to add rules to the starter template.
   • Filter: Choose an attribute that is linked to the data the admin is trying to gather. For example, The Enrollment Status attribute is used by the Managed Apps template to narrow results.
   • Selectors: Choose an operator that is applicable to the value of the attribute. For instance, select the Equals selector, if using the Managed App attribute, to include all devices in the OG that match the value.
   • Value: Provide a value on which the admin wants to receive data. For some selectors require an explicit entry, whereas others can select the value from a drop-down menu. For instance, Select Enrolled, if using the Enrollment Status attribute and the Equals selector, to receive a value for all enrolled devices.
6. Click on Edit Columns under Report Preview.
7. To see a preview of the report, search for the column that corresponds to the filter the admin has selected.
8. To return to the Add Report screen, select Save and then click on Next.
9. Provide a name as well as a description of the report.
10. If the admin wants to run the report, click on Run report now after saving the customized report.
11. (Optional) A schedule can be created for the report at another time, or click on Run report now.
12. Click on Save to save the report.

Filter Descriptions

Use filters to create the report on specific areas of your Workspace ONE UEM deployment, reports, dashboards, and automation in Workspace ONE Intelligence. These filters use a specific logic to determine what information to include in the dashboard, automation, or report. The data the system collects is also represented by them.

Apps Filters

Device Last Seen – When the analysis engine detects changes in the states of data samples, the Workspace ONE Intelligence console records and shows historical data in reports. However, there are some exceptions to this behavior. For the device, the Last Seen filter in Apps Reports is not reflected in historical Apps Reports, and the listed data samples do not trigger a status change.

• Device Available Physical Memory
• Device Available Capacity
• Device Next Compliance Check
• Device Backup Battery Life Percent

The admin can always find accurate data for Device Last Seen in the snapshot version.

Note: Workspace ONE Intelligence shows app details it gets from Workspace ONE UEM. Every environment shows different application statuses since environments have various apps in various app management life cycle stages.

Integrating Syslog with Workspace ONE UEM

The admin can configure integration with a SIEM tool with the Syslog settings page that leverages the Syslog protocol to record system events.

Information about security alerts generated by network software and hardware components is gathered by Security Information and Event Management (SIEM) technology. It centralizes this data and formulates reports to help the admin perform log audits, monitor activity, and respond to incidents. Workspace ONE UEM integrates with the SIEM tools by sending event logs using Syslog.

• Current Setting – Select whether to Override or Inherit the displayed settings. Use of the settings of the current organization group’s parent OG comes under inherit, while Override allows the settings for editing so the admin can modify the current OG’s settings directly.
• Test Connection – To ensure successful communication, use the Test Connection button between the Workspace ONE UEM console and the SIEM tool.
• Child Permission – Below the currently selected organization group, select the available behaviour of child organization groups that exist. Only child OGs are allowed to inherit these settings under inherit settings. Override only allows them to override the settings, and Inherit or Override means the admin can choose to override or inherit settings in child OGs that exist below the currently selected OG.

The admin can opt to send Console events, Device events, or both during Syslog configuration. According to the scheduler settings, any events generated by the Workspace ONE UEM console are sent to the SIEM tool. Syslog can be configured for both SaaS deployments and on-premises.

Note: ACC is highly recommended for Syslog integration for SaaS customers, even if Syslog is publicly accessible.

Procedure:

1. Go to Monitor, navigate to Reports & Analytics, click on Events and select Syslog.
2. Set the Syslog Integration to Enabled if necessary to display the settings table.
3. Configure the following Syslog settings on the General tab.

• Syslog Integration: Allow or prohibit Syslog integration.
• Hostname: In the Host Name text box, provide the URL for the SIEM tool.
• Protocol: From available options (TCP, UDP, or Secure TCP), choose the required protocol to send the data. Support for TLS v1.1 is given.
• Port: To communicate with the SIEM tool, provide the port number in the Port text box.
• Syslog Facility: Select the facility level for the feature from the Syslog Facility menu. The Syslog facility is defined by the Syslog protocol.

The widespread manipulation and use of the Syslog protocol can confuse the meaning of the Syslog facility. However, it can help distinguish different classes of messages, and it can roughly suggest from what part of a system a message originated. Some administrators use the Syslog facility in rules to route different parts of messages to different log files.

• Message Tag: The Message Tag text box from the Workspace ONE UEM console provides a descriptive tag to identify events. For instance, “AirWatch.”
• Message Content: In the Message Content text box, provide the data to include in the transmission. When sent using Syslog to the SIEM tool, this is how the message data gets formatted. To set the content, use lookup values. For secure TCP, Newline (CRLF) formatting gets automatically converted to tab, \t for secure TCP, and using Enter, \n, \r does not work.

4. On the Advanced tab, customize the following settings :

• Console Events: Select whether to allow or prohibit the reporting related to Console events.
• Select Console Events to deploy to Syslog: Visible if the admin enables Console Events. Select the specific events for each sub-heading that the admin wants to trigger a message to Syslog.

For selecting or unselecting all the events all at once, use Select All or Clear All. Enable or disable the checkboxes to select or unselect specific events.

Note: All events under all categories of console events are selected on enabling the Console Events by default.

• Device Events: Select whether to allow or prohibit the reporting of Device events.
• Select Device Events to Send to Syslog: Visible if the admin enables Device Events. The specific events are selected that the admin wants to trigger a message to Syslog for each subheading.

To select or unselect all the events, select All or Clear All all at once. Enable or disable the checkboxes to select or unselect specific events.

Note: All events under all categories of device events are selected on enabling the Device Events, by default

5. Between the Workspace ONE UEM console and the SIEM tool, use the Test Connection button and select Save to ensure successful communication.

Telecom Management in Workspace One

Introduction

To help the admin manage the individual policies for the mobile devices, Workspace ONE UEM Powered by AirWatch provides the Telecom Management solution. Telecom Foundational and Telecom Advanced are two Telecom Management solutions offered by Workspace ONE UEM.

Telecom Foundational solution is provided as a standard feature of the Workspace ONE UEM console. The data limits are preconfigured-configured by Workspace ONE UEM. More customization options are offered by Telecom Advanced solution. The Telecom Management capabilities for both advanced and foundational are described in the following section:

Telecom Foundational

Telecom Foundational capabilities cover the basic functionalities such as the functions to:

• Track device voice usage, data usage, and SMS usage.
• Control roaming, for instance, the feature to disable the sync over the roaming.
• Dashboard analytics can be seen.

Telecom Advanced

Using custom profiles, settings, and compliance policies, the admin can track telecom data in some ways from the UEM console, such as:

• Configure telecom plans with a specific voice, telecom data, and messaging limits.
• Based on multiple device attributes, assign plans manually or automatically to mobile assets.
• Configure telecom plans with pooled usage for calls, messages, and data.
• If usage limits are exceeded, perform compliance actions, including escalations, end-user notifications, and device restrictions.

Supported Platforms for Telecom

Telecom monitoring and management capabilities differ depending on the device model and the operating system. The Device operating systems and models on which Workspace ONE UEM supports telecom features are described below:

Within the UEM console, additional information on specific telecom data attributes that Workspace ONE UEM supports on the operating system and devices version pairings can be found.

• Platform: Android
• Version: 3.2+
• Usage Tracked: Voice, SMS, Data
• Platform: iOS
• Version: 4.1+
• Usage Tracked: Data
• Platform: BlackBerry
• Version: 5.0
• Usage Tracked: Voice, SMS

Prerequisites

The admin must know the prerequisites before starting the Workspace ONE UEM Telecom Management solution to streamline the process. To experience the benefits of the product, these prerequisites help the admin:

• Only in the topmost organization group, Telecom management can be enabled.
• The communication between the console and the devices in Android (Legacy) devices (that is, sending samples and telecom usage data from device to console) occurs in the telecom service application. During the Workspace ONE Intelligent Hub enrollment, this application gets installed automatically onto the device if the device is configured to collect the Telecom usage information.
  Note: The telecom sampler app must be installed manually for Android Enterprise devices enrolled in work managed or COPE mode to track telecom data.

• The samples from the devices in iOS/Blackberry devices are sent through the Workspace ONE Intelligent Hub.

Information About iOS Devices Reporting Data Usage

Immediately, the Workspace ONE Intelligent Hub starts reporting the data usage if the admin configures Telecom Management in the UEM console and then onboards the iOS devices under device details.

However, to receive the new settings, the end-user must select the Workspace ONE Intelligent Hub from their device, if iOS devices are enrolled first, and then the admin configures the Telecom Management. to start collecting the Telecom usage data and to receive the new settings, and the Workspace ONE Intelligent Hub must be launched if the Workspace ONE Intelligent Hub is not running on the device.

It is recommended to toggle on the Background App Refresh setting within the Workspace ONE Intelligent Hub (Navigate to Groups & Settings, go to All Settings, select Devices & Users, click on Apple, select Apple iOS, and click on Hub Settings). On the device, when running as a background app, this setting ensures the Workspace ONE Intelligent Hub checks into the UEM console regularly. The settings are upgraded, and Telecom usage data is collected and ensured by regular check-ins. The end-user does not need to launch the Workspace ONE Intelligent Hub. The app needs to be relaunched to remain in the background if the user closes the app or reboots the device.

A frequency of once per day only is followed by Querying or reporting cellular data usage.

Set Up deployment using Telecom Wizard

The Telecom Wizard guides the admin through the initial setup of your telecom settings. By selecting telecom from the main menu, access the Telecom Wizard in the Workspace ONE UEM console. Summary of the Telecom Management configuration is viewed, Unlike Telecom Foundational, in Telecom Advanced.

Procedure

1. To begin the setup process, select Configure. The Telecom Settings page pops up.
2. Configure the telecom data the admin wants to collect for each supported platform. Click on Next.
   Apple iOS – For enrollment purposes, Workspace ONE UEM utilizes the Workspace ONE Intelligent Hub downloaded originally to the device to collect telecom data from iOS devices when telecom data collection is toggled as enabled. Without the end-user interaction, the Hub runs in the background. The admin can only gather Cellular Data Usage from iOS devices.
   Android – To collect telecom data from Android devices, Workspace ONE UEM uses a Telecom Service App. When telecom is enabled upon device enrollment, this application is installed automatically and, without the end-user interaction, runs in the background. SMS Logs, Call Logs, and Cellular Data Usage are the three types of telecom data collected from Android devices.
3. The privacy settings are configured by specifying the telecom usage data to be collected and shown in the UEM console. The settings may take up to a few hours to execute.
4. Select by device ownership and also telecom data element. For instance, For Corporate-Dedicated and Corporate-Shared devices, the admin can collect and show Roaming status but ignore it for Employee-Owned devices.
5. The telecom privacy settings can be configured in the UEM console.
   1. Roaming Status
   2. Carrier/Country Code
   3. Call Usage
   4. Cellular Data Usage
   5. SMS Usage
6. The cursor is pointed over the applicable radio button to execute a pop-up selection window.
7. For the device ownership and specific element pairing, the icon is selected, representing how to manage telecom data collection.
8. To proceed to the Summary page, select Next.
9. Select Save & Close and return to the Telecom Management Settings page to save the settings. To create and manage telecom plans, Select Save and View Plans.

Telecom Dashboard

Using the Telecom Dashboard, the telecom usage for your deployments can be monitored. A view of all your deployment-related analytics is provided by the Telecom Dashboard. Usage and roaming analytics for the deployment are displayed by the dashboard with Telecom plans assigned to them, including devices under the current Organization Group. For both Telecom Advanced users and Telecom Foundational, the Telecom dashboard is available. Based on your configuration and the differences, the functionality varies and is detailed in this section. Go to telecom and select a dashboard from the UEM console to access the Telecom Dashboard. Using the dashboard across different plans to track calls, data, and SMS usage.

The following information is displayed by the Telecom Foundational dashboard:

• With the mouse pointer, monthly usage ranging from low to high can be seen by pointing to the graph.
• The number of devices that are either roaming or not is shown by the Roaming Status.

The following information is displayed by the Telecom Advanced dashboard:

• For individual and pooled plans, Plan Utilization.
• For the three highest usage plans, Usage History.
• For all devices Roaming usage is shown here.
• The device count and the three largest plans.

Subject to the Privacy Settings the admin can configure in the System Settings, the data on the TelecomDashboard is displayed. For instance, if the admin does not want to collect or display any data, call, or SMS usage statistics for employee-owned devices, then the Telecom Dashboard does not display this information.

In the top-right corner of the screen, the planned filter filters all the graphs down to a particular plan.

Viewing the Telecom Foundational Dashboard

More simple telecom information is available on the Telecom Foundational dashboard. The admin can view roaming and usage details graphed here.

Usage

The usage for data, calls, and SMS messages is shown in the Usage section compared to the limits preconfigured-configured by Workspace ONE UEM. Low to high threshold values are displayed in the graph. To expand the view, point to each individual usage section.

Devices that have not reported any usage details to Workspace ONE UEM are listed as Not Reported and might warrant further investigation if this is unexpected.

Roaming

The Roaming section shows history, status, and data usage for all telecom-enabled devices.

According to how much they have roamed, Devices are grouped. These devices may not be roaming presently. For instance, 3% have roamed for between 1-4 weeks, and 4% of devices have roamed 1–7 days in the past 30 days.

Viewing the Telecom Advanced Dashboard

More detailed information is displayed on The Telecom Advanced Dashboard. The admin can view usage history, roaming, plan utilization, and top plans for all telecom-enabled devices.

Plan Utilization

The usage statistics for data, voice, and SMS messages are displayed by the Plan Utilization section compared to the plan limits the admin configures a part of the telecom plan creation. Devices that have not reported any usage details to Workspace ONE UEM are listed as Not Reported and might warrant further investigation if this is unexpected. Individual and Pooled are the two types of graphs shown here. The individual is enabled by default.

Only in case one of the three usages has devices to graph Not Reported, Not Supported, and Private columns display. The category does not appear if there are no devices that match this criteria-enrolled.

Configuring Pooled Data Limits

The charts are updated to represent pooled data usage if the admin selects to view Pooled data usage. From the System, Settings pages, Pooled plan usage ranges can be configured.

Go to telecom, and navigate to Settings to view the Telecom General page. Configure usage limits on the Telecom General page in the Pooled Plans Usage Ranges section.

In the System Settings menu only, changing the Pooled Plan Usage ranges and configuring how the users’ plan consumption is shown on the Telecom Dashboard and is for reference purposes only. Actual carrier billing may not be reflected by the Data presented and configured in the UEM console.

• Current Setting – Select whether to Override or Inherit the displayed settings. While Override allows the settings for editing so the admin can modify the current OG’s settings directly, Inherit allows to use the settings of the current organization group’s parent OG.
• Enable Telecom Management – An administrator’s ability to configure and monitor telecom usage is removed by Disabling Telecom Management.
• Pooled Plan Usage Ranges – Configure how the OG’s telecom usage is displayed in the dashboard.
• Child Permission – The available behavior of child organization groups is selected that is present below the currently selected organization group. Child OGs are only enabled to inherit these settings under Inherit. Override only allows them to override the settings, and the admin can choose to inherit or override settings in child OGs under Inherit or Override that exist below the currently selected OG.

Usage History

The voice, data, and SMS message statistics are shown by The Usage History section for all devices assigned to a telecom plan within the UEM console. The red horizontal line is used to represent pooled plans for calls, data, and SMS, which indicates an overage for the plan. This section shows the last three billing cycles for each plan. The Device List View of each Device is displayed by selecting a bar graph section that falls under the plan. To expand the view, point to each individual column.

Top Plan

The number of devices is displayed in the Top Plan graph in the various assigned telecom plans. The Device List View of each Device is displayed by selecting any one of these sections assigned to that plan.

Roaming

Roaming statistics of telecom-enabled devices are displayed in the Roaming section.

• History – Workspace ONE UEM adds the duration if any devices roam during the billing cycle, and during the current billing cycle, this graph represents the total sum of all roaming time. For instance, a device that might not be roaming currently shows five days of roaming. The device roamed four days last week and for one day two weeks ago. Devices have not reported any usage details listed as Not Reported to Workspace ONE UEM, and if this is unexpected, it may warrant further investigation.
• Status – Across all devices, this graph shows the current roaming status during the billing cycle. The different statuses are:
  • Approved – Devices that Workspace ONE UEM flags as roaming are listed as Approved; those devices are allowed to roam. Since the assigned telecom plan allows it to roam, the devices are allowed to roam.
  • Not Approved – Devices that Workspace ONE UEM flags as roaming are listed as Not Approved; those devices are not allowed to roam. Since the assigned telecom plan does not allow it to roam, the devices are not allowed to roam.
  • Not Roaming – Devices that are not in roaming presently are listed as Not Roaming.
  • Not Reported – Devices that have not reported any usage details to Workspace ONE UEM are listed as Not Reported and may warrant further investigation if this is unexpected.
• Data Usage – During the billing cycle, the devices that were flagged as roaming, in context to the data usage. Devices that have not reported any usage details to Workspace ONE UEM are listed as Not Reported and may warrant further investigation if this is unexpected.

Plan Usage Details for Telecom Assets

The admin can view the detailed information on messaging, data, voice, and roaming of devices from the ListView page. A Pooled tag next to the data indicates usage for messages, voice, and data registered within a pooled plan.

To view the message, data, voice, and roaming details, go to telecom, and navigate to List View. The Device Details page and ListView can be viewed by Telecom Foundational and Telecom Advanced users, as discussed in this section. The information available between the two may be different. Exporting the usage and the Roaming details is enabled by the Exports button from the ListView page in the CSV or XLSX format. On the Exports page, the exported files are available for download. The general columns for messaging, data, voice, and roaming tabs on the list view page are listed in the following table.

• Last Seen: The most recent time during which Workspace ONE UEM queried the device is shown as the most recent date and the time.
• General Info: The Name of the ownership type and Device are displayed. Including user name and email address, the User Displays user information.
• Peak Voice (Min)*: The number of minutes is displayed which were used during the configured Peak Voice Time Interval.
• Message: The message usage of the device is displayed against the actual set limit.
• Data (MB): The device’s data usage is displayed against the actual set data usage limit.
• Plan Details*: The telecom plan is displayed, which was assigned to the device.

On the list view page, the columns specific to the Roaming tab are:

• Roaming Data Usage (MB): The data usage is displayed
• Roaming Status: The status of the device is displayed while roaming:

Unapproved Roaming – Devices that Workspace ONE UEM flags as roaming are marked with a cross sign during the billing cycle and are prohibited from roaming due to the selected plan attribute in the UEM console.

Not Roaming – Devices that are not flagged as roaming presently are marked with a tick sign. Current Country/Home CountryDisplays the country where the device is connected.

• Current Carrier/Home Carrier: The name of the service provider is displayed to which the device is connected.
• Plan Details*: which plan the listed device is assigned to is shown.

*Telecom Advanced only.

Device Details

The admin can view the telecom-related data from the Device Details tab for that specific device, including data, messages, calls, and roaming statistics. To open the Device Details Telecom Tab select a device from the Telecom List View page for a particular device. Android devices display messages, data, calls, and AW App usage details, whereas iOS devices show only data. If there are Telecom Advanced settings, this feature is available only then.

Show Latest Usage – Advanced

The telecom usage statistics are stored by UEM console Server, and on a scheduled basis, these statistics are updated. As a result, for a device’s usage statistics, there may be a discrepancy between those that have been stored within the Console Server and those that appear on the UEM console. The admin sees the data, by default, as it was reported at the time of the last scheduled update. The admin can select the Show Latest Usage option on each Device Details page if they want to view the absolute latest updates, which may not have been processed yet. In the calculations utilized for data usage limits or compliance policies, a message displays indicating the data the admin may not have included.

Calls

In addition to the duration of the calls and individual calls made, the admin can view the call history from the Calls page of the last three billing cycles.

Data

In addition to the amount of data sent and received and the individual data transfers made from the Data page, the admin can view the data history of the last three billing cycles.

Messages

In addition to the individual messages received and sent from the Message page. The data, calls, and messages graphs provide insights if the plan is individual or pooled.

Roaming

The admin can view the roaming history of a particular device from the Roaming page. The activity displays under Roaming History if there is roaming activity for the device. This section also provides insights into the roaming carrier, the total number of days it was roaming, and the roaming country.

AW App Usage

The admin can view the AW App usage history from a particular device’s AW App Usage page. Details about different AW Apps being used and downloaded can also be viewed.