lukaszwa's Posts

The new education screen flashes really quick as Luke pointed out and you can go back to it by the top left return to HUB option so you can actually use the new flow(as we know users dont read - pictures seems to work with them). We have opened a case with VMware after talking to our TAM as its very inconsistent, screen is useless as you don't see it in 50% of enrollments. Also the safari pages change in 1902 is a good idea but this should be available for lower versions of console as well as a patch. We only moved to 1811 for COPE as well and I dont see why i would have to go to 1902 just for a new web page..... EDIT: end there seems to be a patch for 1811 and 1902 for the Safari info screens now available.

Hi Peter and thank you for the comment, Let me try to address it but please keep me honest here if I am not correct. As far as I understand the user agent scenario the issue is there regardless of the mobile redirection. Anyone can set user agent to what they want, so I am unsure how this would create the security risk. This risk is already there. For the onload.js I didn't see this being canceled in my tests. In fact you can build up the logic in it to cover all agents scenarios and automate realms selection so user cannot select wrong one. Last but not least any other user agent scenario of course should have some security measures as well if we are talking about securing email access in general. So for example requiring 2FA on non mobile agents would cover one for the agent chance aspects. Hope this address the concern but please let me know if I misunderstood or missed anything. At the end of the day we want any advice to be a good one and not causing security issues.

It's terrible. Breaks the flow. Requires user to leave the enrollment and go to settings, then user needs to go back. Not techie ones wont know how. You can end up with several identical profiles waiting to install. Even after complete enrollment you have those extra profiles there hanging for 24 hrs. Not every country or carrier supports DEP so its a very bad end user experience.

anybody having weird workflow on enrolling iOS Beta 12.1.1? enrollment goes as far as profile install and rather than asking to install the profile it downloads it and tells you to manually go and install it from settings.

So neither Xs or Xs max will complete enrollments now due to UUID issue (failing on profile install). Support states it will take some more time (LOL) to develop the patch. Absolute nightmare .......

1.5 option if budget it tight to pay for Azure Premium. VIDM - ADFS integration as Idp, Redirect in ADFS for Mobile traffic to go to vidm and set your auth there to only allow Airwatch managed devices (or even add exception for Exec etc). Non AW managed devices will get access denied (ADFS will pass all mobile traffic to vidm). You can then do SSO plus compliance check at auth time. Real time compliance from AW can than revoke Azure tokens (but this piece requires Prmium AD). For that setup you can use SaaS vidm (easy deployment) plus Auth via Airwatch so no need for full ESC install on prem. Lukasz