JosueNegron's Posts

Ensure that they are not marked as personal/BYO devices. Many data points are not collected when set to BYO/personal. Also you can check under settings > privacy to see what you are allowed to collected vs not allowing to be collected for BYO devices. 

All of the options to achieve policy configuration on Windows via Workspace ONE is covered in this guide: https://techzone.vmware.com/understanding-windows-group-policies-vmware-workspace-one-operational-tutorial Take a look at using Baseline (Build your Own Baseline) to configure that policy. 

I am hesitant to even post anything here since VMware DOES NOT support Windows management on a closed network, hopefully someone has already made you aware of that.  Not allowing WNS and AWCM break real-time communication and defeats the main purpose of modern management.  WNS is used to communicate with the builtin device management client (OMA-DM) while AWCM is used my the Intelligent Hub. Both are enabled from the console side out of the box. You are just responsible for ensuring the device has access to the respective endpoints.  Refer to this doc for more info: https://techzone.vmware.com/resource/windows-modern-management-security-design-and-implementation#windows-modern-management-framework-overview

So I am not familiar with your use case but their is some general guidance in this tutorial. It should be able to answer all of your questions and concerns.  https://techzone.vmware.com/understanding-windows-10-group-policies-vmware-workspace-one-operational-tutorial#_1235782 You can see how to validate what policies are on the device. The MDM diagnostic will tell you more around what’s MDM policy and what’s GPOs.   It’s generally not advised to use all of these different options together at the same time. 

Under enrollment options you can choose the default action for inactive users. By default it will unenroll devices but there is an option to prevent future enrollments which might be better for your use case 

So it sounds like you are using SAML integration to integrate with AAD if that’s the case you will want to ensure that the username attribute is sent in the exact same format that the username matches today. Domain\username. You are likely sending a different format. 

I am not the expert here but you can start by leveraging a custom settings payload https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/Android(Legacy)_Platform/GUID-AWT-ANDROIDPROFILECUSTOM.html

This is a simple fix. By default only basic users are allowed to enroll into Workspace ONE. You can enable directory users by going into the UEM console, Devices > Devices Settings > Devices & Users > General > Enrollment. You will see there that basic is checked, you want to also check Directory then save and try again. 

I suggest following the steps for the integration exactly as outline in the following guide. https://techzone.vmware.com/enrolling-windows-10-devices-using-azure-ad-workspace-one-uem-operational-tutorial Please let me know if after following these steps you are still having issues. 

I haven’t done this in years but it used to be that if you were a SaaS customer this was pre-configured for you at Global. This would only break if you override the settings in the console. I would just make sure this is set to inherit. Again this might have changed were it is no longer provided. But for my test on-premises environments my go to was always Twilio since they offered a free trial for me to just test the connections and send a few SMS messages.  https://www.twilio.com/sms I hope this helps you!