VMware Hands-on Labs - VMware AirWatch - Productivity Apps


Lab Overview - HOL-1857-04-UEM - Workspace ONE Productivity Apps

Lab Guidance


NOTE - It will take more than 90 minutes to complete this lab. You should expect to only finish 2-3 of the modules during your time.  The modules are independent of each other so you can start at the beginning of any module and proceed from there. You can use the Table of Contents to access any module of your choosing.

The Table of Contents can be accessed in the upper right-hand corner of the Lab Manual.

AirWatch productivity apps are engaging and intuitive with a consumer-simple experience and enterprise-grade security. VMware Boxer provides better-than-native email experience with turbo-charged productivity features and integrated mail, calendar and contacts. AirWatch School Manager allows organizations to configure and deploy the Apple Classroom app for organizations ineligible to use Apple School Manager. VMware Browser provides you with an intuitive browsing experience and seamless access to backend services while protecting sensitive corporate data.  Take this lab to learn how to setup and configure these productivity apps that your employees actually want to use.

 Lab Module List:

 Lab Captains:

This lab manual can be downloaded from the Hands-on Labs Document site found here:

http://docs.hol.vmware.com

This lab may be available in other languages.  To set your language preference and have a localized manual deployed with your lab, you may utilize this document to help guide you through the process:

http://docs.hol.vmware.com/announcements/nee-default-language.pdf


 

Location of the Main Console

 

  1. The area in the RED box contains the Main Console.  The Lab Manual is on the tab to the Right of the Main Console.
  2. A particular lab may have additional consoles found on separate tabs in the upper left. You will be directed to open another specific console if needed.
  3. Your lab starts with 90 minutes on the timer.  The lab can not be saved.  All your work must be done during the lab session.  But you can click the EXTEND to increase your time.  If you are at a VMware event, you can extend your lab time twice, for up to 30 minutes.  Each click gives you an additional 15 minutes.  Outside of VMware events, you can extend your lab time up to 9 hours and 30 minutes. Each click gives you an additional hour.

 

 

Alternate Methods of Keyboard Data Entry

During this module, you will input text into the Main Console. Besides directly typing it in, there are two very helpful methods of entering data which make it easier to enter complex data.

 

 

Click and Drag Lab Manual Content Into Console Active Window

You can also click and drag text and Command Line Interface (CLI) commands directly from the Lab Manual into the active window in the Main Console.  

 

 

Accessing the Online International Keyboard

 

You can also use the Online International Keyboard found in the Main Console.

  1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.

 

 

Activation Prompt or Watermark

 

When you first start your lab, you may notice a watermark on the desktop indicating that Windows is not activated.  

One of the major benefits of virtualization is that virtual machines can be moved and run on any platform.  The Hands-on Labs utilizes this benefit and we are able to run the labs out of multiple datacenters.  However, these datacenters may not have identical processors, which triggers a Microsoft activation check through the Internet.

Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft licensing requirements.  The lab that you are using is a self-contained pod and does not have full access to the Internet, which is required for Windows to verify the activation.  Without full access to the Internet, this automated process fails and you see this watermark.

This cosmetic issue has no effect on your lab.  

 

 

Look at the lower right portion of the screen

 

Please check to see that your lab is finished all the startup routines and is ready for you to start. If you see anything other than "Ready", please wait a few minutes.  If after 5 minutes you lab has not changed to "Ready", please ask for assistance.

 

Module 1 - VMware Boxer (30 minutes)

Introduction


As part of the Workspace ONE suite of apps, VMware Boxer combines consumer simplicity with enterprise security. The app provides frictionless access to enterprise email, calendar and contacts across both corporate-owned and employee-owned devices.

In this lab, we will perform VMware Browser setup in AirWatch Console for Data Loss Prevention (DLP) and a mail account configuration. We will then validate those configurations while highlighting some exclusive features of VMware Boxer.


Login to the AirWatch Console


To perform most of the lab you will need to login to the AirWatch Management Console.


 

Launch Chrome Browser

 

Double-click the Chrome Browser on the lab desktop.

 

 

Authenticate to the AirWatch Administration Console

 

The default home page for the browser is https://hol.awmdm.com. Enter your AirWatch Admin Account information and click the Login button.

NOTE - If you see a Captcha, please be aware that it is case sensitive!

  1. Enter your Username. This is you email address that you have associated with your VMware Learning Platform (VLP) account.
  2. Enter "VMware1!" for the Password field.
  3. Click the Login button.

NOTE - Due to lab restrictions, you may need to wait here for a minute or so while the Hands On Lab contacts the AirWatch Hands On Labs server.

 

 

Accept the End User License Agreement

 

NOTE - The following steps of logging into the Administration Console will only need to be done during the initial login to the console.

You will be presented with the AirWatch Terms of Use. Click the Accept button.

 

 

Address the Initial Security Settings

 

After accepting the Terms of Use, you will be presented with a Security Settings pop-up.  The Password Recovery Question is in case you forget your admin password and the Security PIN is to protect certain administrative functionality in the console.  

  1. You may need to scroll down to see the Password Recovery Questions and Security PIN sections.
  2. Select a question from the Password Recovery Question drop-down (default selected question is ok here).
  3. Enter "VMware1!" in the Password Recovery Answer field.
  4. Enter "VMware1!" in the Confirm Password Recovery Answer field.
  5. Enter "1234" in the Security PIN field.
  6. Enter "1234" in the Confirm Security PIN field.
  7. Click the Save button when finished.

 

 

Close the Welcome Message

 

After completing the Security Settings, you will be presented with the AirWatch Console Welcome pop-up.

  1. Click on the Don't show this message again check box.
  2. Close the pop-up by clicking on the X in the upper-right corner.

 

Configure VMware Boxer


In this chapter, you will configure and deploy the VMware Boxer client to the device.


 

Add the VMware Boxer Client as an iOS Public Application

We can leverage AirWatch to deploy and automatically configure the VMware email client on the device through AirWatch. This step will walk you through the process of adding an application from the iOS Public App store.

 

Add VMware Browser as a Public App


VMware Boxer also supports VMware Browser for opening links and other features, so in order to demo this functionality, we will be publishing VMware Browser to the iOS device.


 

Add A New Public Application

 

  1. Click Add
  2. Click Public Application

 

 

Search for the Application to Add

 

  1. Select Apple iOS from the Platform dropdown.
  2. Enter "VMware Browser" in the Name field.
  3. Click Next

 

 

Select the Application From the Search Results

 

Click Select on the VMware Browser application.

 

 

Save and Assign VMware Browser

 

Click Save & Assign

 

 

Add Assignment for VMware Browser

 

Click + Add Assignment.

 

 

Configure VMware Browser Assignment Settings

 

  1. Click in the Selected Assignment Groups field. This will pop-up the list of created Assignment Groups. Start Typing "All Devices" and select the All Devices (your@email.shown.here) Group.
  2. Select Auto for the App Delivery Method.

 

 

Configure Policies for VMware Browser

 

  1. Scroll down to find the Policies section.
  2. Select Enabled for Remove On Unenroll
  3. Click Add

 

 

Confirm Assignment and Save

 

  1. Confirm that the Assignment you just configured is displayed.
  2. Click Save & Publish.

 

 

Preview Assigned Devices and Publish

 

Click Publish

 

iOS Device Enrollment (Using the e-mail address from lab automation)


A temporary Exchange mailbox has been generated for you to use throughout this lab.  The account credentials were emailed to the email address associated with your VMware Learning Platform (VLP) account at the start of the lab and also uploaded to the AirWatch Content section of the AirWatch Console.


 

Locate Your Exchange Account Details

If you have access to your email account, continue to the next step to retrieve your Exchange account details.  If you do not have access to your email account, continue to the step titled "Accessing Your Exchange Account Details in the AirWatch Console" for instructions.

 

 

Enroll Your iOS Device

You are now going to enroll your iOS device for use with this module.

 

Exploring VMware Boxer


In this series of steps you will sync email to a sample account and get introduced to a few of the features in VMware Boxer that make it the top choice for enterprise productivity.


 

Sync your HOL email account

In this step you will sync the Boxer client with the HOL Exchange server and receive email.

 

 

Create a new Custom Box to sync your Sent Items in the Background

In this step you will add a Custom Box to your boxer folders. This is really just a group of folders that can be set to sync in the background just like your Inbox.

NOTE - It may take around 1 -2 minutes for Boxer to sync and populate emails in your mailbox.

 

 

Earlier we set Boxer to open all links into AirWatch Browser which has been delivered to your device. We will now demo this functionality.

 

 

Explore Settings and Advanced Options

This is a dive into the some of the available settings options for the Boxer email client. Feel free to explore on our own as well!

 

 

Respond to an email with a Quick Response

Boxer has a unique feature that allows you to quickly respond to an email with either a Quick Response or your availability by interactively selecting available times directly on your calendar. We'll see how these features work in the next steps.

 

 

Open a file into Content Locker

When we configured the settings for VMware Boxer in the AirWatch Console we set attachments to open into white listed applications like AirWatch Content Locker. In this section we will show how to use this feature.

 

 

Conclusion of Intro to Boxer Lab

This concludes the Intro to Boxer lab. You may continue to explore Boxer and move to the next step when you are ready.

 

Un-enrolling Your Device


You are now going to un-enroll the iOS device from AirWatch.

NOTE - The term "Enterprise Wipe" does not mean reset or completely wipe your device. This only removes the MDM Profiles, Policies, and content which the AirWatch MDM Agent controls.

It will NOT remove the AirWatch MDM Agent application from the device as this was downloaded manually before AirWatch had control of the device.


 

Enterprise Wipe (un-enroll) your iOS device

 

Enterprise Wipe will remove all the settings and content that were pushed to the device when it was enrolled.  It will not affect anything that was on the device prior to enrollment.

To Enterprise Wipe your device you will first bring up the AirWatch Console in a web browser. You may need to re-authenticate with your credentials (VLP registered email address and "VMware1!" as the password).

  1. Click Devices on the left column.
  2. Click List View.
  3. Click the checkbox next to the device you want to Enterprise Wipe.

NOTE - Your Device Friendly Name will very likely be different than what is shown. It will, however, be in the same location as shown on image in this step.

 

 

Find the Enterprise Wipe Option

 

  1. Click More Actions. NOTE - If you do not see this option, ensure you have a device selected by clicking the checkbox next to the device.
  2. Click Enterprise Wipe under Management.

 

 

Enter your security PIN

 

After selecting Enterprise Wipe, you will be prompted to enter your Security PIN which you set after your logged into the console ("1234").

  1. Enter "1234" for the Security PIN. You will not need to press enter or continue, the console will confirm your PIN showing "Successful" below the Security PIN input field to indicate that an Enterprise Wipe has been requested.  NOTE: If "1234" does not work, then you provided a different Security PIN when you first logged into the AirWatch Console.  Use the value you specified for your Security PIN.

NOTE - If the Enterprise Wipe does not immediately occur, follow the below steps to force a device sync:

  1. On your device, open the AirWatch Agent application.
  2. Tap the Device section (under Status) in the middle of the screen.
  3. Tap Send Data near the top of the screen.  If this does not make the device check in and immediately un-enroll, continue to Step #4.
  4. If the above doesn't make it immediately un-enroll, then tap Connectivity [Status] under Diagnostics.
  5. Tap Test Connectivity at the top of the screen.

NOTE - Depending upon Internet connectivity of the device and responsiveness of the lab infrastructure, this could take a couple of minutes or more if there is excessive traffic occurring within the Hands On Lab environment.

Feel free to continue to the "Force the Wipe" step to manually uninstall the AirWatch services from the device if network connectivity is failing.

 

 

Verify the Un-Enrollment

 

Press the Home button on the device to go back to the home screen. The applications pushed through AirWatch should have been removed from the device.

NOTE - The applications and settings pushed through AirWatch management should have been removed. The Agent will still be on the device because that was downloaded manually from the App Store. Due to lab environment settings, it may take some time for the signal to traverse through the various networks out and back to your device. Continue on to the next step to force the wipe if the needed.

 

 

Force the Wipe - IF NECESSARY

 

If your device did not wipe, follow these instructions to ensure the wipe is forced immediately. Start by opening the iOS Settings app.

  1. Tap General in the left column.
  2. Scroll down to view the Device Management option.
  3. Tap Device Management at the bottom of the list of General settings.

 

 

Force the Wipe - IF NECESSARY

 

Tap the Workspace Services profile that was pushed to the device.

 

 

Force the Wipe - IF NECESSARY

 

  1. Tap Remove Management on the Workspace Services profile.  
    NOTE - If prompted for a device PIN, enter it to continue.  VMware provisioned devices should not have a device PIN enabled.
  2. Tap Remove on the Remove Management prompt.

After removing the Workspace Services profile, the device will be un-enrolled.  Feel free to return to the "Verify the Un-Enrollment" step to confirm the successful un-enrollment of the device.

 

Conclusion


VMware Boxer is an industry leading e-mail app with features and functionality targeted towards increased productivity. As we saw in this lab, the containerization of business data from personal data enables IT organizations to exceed their enterprise security, compliance, data loss prevention (DLP) and user privacy requirements.


Module 2 - VMware AirWatch School Manager (45 Minutes)

Introduction


In this section we'll cover a basic introduction to AirWatch School Manager and it's requirements.


 

What is AirWatch School Manager

AirWatch School Manager is designed to let organizations leverage Apple's Classroom application in organizations that are not eligible for Apple School Manager.

 

 

Requirements

AirWatch School Manager requires the following software and hardware:

NOTE - If your iOS Devices do not meet the above requirements, you will not be able to complete this entire module!

 

 

Optional Functionality

While not required, the following optional 3rd-party software features can augment the functionality of AirWatch School Manager.  These 3rd-party features can help streamline your classroom setup and configuration:

 

 

Differences from Apple Education

While employing similar concepts and functionality, AirWatch School Manager has a few differences from Apple Education.  

  1. Apple School Manager is not required.  AirWatch School Manager can therefore be leveraged in countries where Apple School Manager is not available.  It also means AirWatch School Manager can be leveraged by entities (such as businesses) which are not eligible to enroll in Apple School Manager.
  2. Managed Apple IDs are not required.   AirWatch School Manager does not require Managed Apple IDs which can only be created via Apple School Manager.   This means you can create a class device without the need for any Apple ID (if you leverage Device-Based Licensing via the Apple Volume Purchase Program).
  3. AirWatch School Manager does not require 32GB+ iPads.   This makes AirWatch School Manager work with a greater number of devices, including older 16GB iPads.

 

 

Typical Uses for AirWatch School Manager

AirWatch School Manager is designed to let organizations leverage Apple's Classroom application in organizations that are not eligible for Apple School Manager.  Some typical use cases are as follows:

 

Login to the AirWatch Console


To perform most of the lab you will need to login to the AirWatch Management Console.


 

Launch Chrome Browser

 

Double-click the Chrome Browser on the lab desktop.

 

 

Authenticate to the AirWatch Administration Console

 

The default home page for the browser is https://hol.awmdm.com. Enter your AirWatch Admin Account information and click the Login button.

NOTE - If you see a Captcha, please be aware that it is case sensitive!

  1. Enter your Username. This is you email address that you have associated with your VMware Learning Platform (VLP) account.
  2. Enter "VMware1!" for the Password field.
  3. Click the Login button.

NOTE - Due to lab restrictions, you may need to wait here for a minute or so while the Hands On Lab contacts the AirWatch Hands On Labs server.

 

 

Accept the End User License Agreement

 

NOTE - The following steps of logging into the Administration Console will only need to be done during the initial login to the console.

You will be presented with the AirWatch Terms of Use. Click the Accept button.

 

 

Address the Initial Security Settings

 

After accepting the Terms of Use, you will be presented with a Security Settings pop-up.  The Password Recovery Question is in case you forget your admin password and the Security PIN is to protect certain administrative functionality in the console.  

  1. You may need to scroll down to see the Password Recovery Questions and Security PIN sections.
  2. Select a question from the Password Recovery Question drop-down (default selected question is ok here).
  3. Enter "VMware1!" in the Password Recovery Answer field.
  4. Enter "VMware1!" in the Confirm Password Recovery Answer field.
  5. Enter "1234" in the Security PIN field.
  6. Enter "1234" in the Confirm Security PIN field.
  7. Click the Save button when finished.

 

 

Close the Welcome Message

 

After completing the Security Settings, you will be presented with the AirWatch Console Welcome pop-up.

  1. Click on the Don't show this message again check box.
  2. Close the pop-up by clicking on the X in the upper-right corner.

 

Enabling VMware AirWatch School Manager


In this section we will enable AirWatch School Manager functionality in your AirWatch environment.


 

Enter Devices Settings

 

  1. Click Devices.
  2. Click Devices Settings.

 

 

Enable AirWatch School Manager

 

  1. Under Devices & Users, click Apple.
  2. Click Education.
  3. Select Override for Current Setting.
  4. Select Enabled for Enable Education Features.
  5. Select AirWatch for the Class Source.
  6. Click Save.

 

 

Enter Security PIN

 

  1. Enter the Security PIN (e.g. 1234) that you entered when first logging into your AW environment.
  2. After inputting your Security PIN, you should see the Successful confirmation appear and automatically closes the menu.

 

 

Close Device Settings

 

Click the X in the top right corner of the Settings screen to return to the Device Dashboard.

 

Creating the Class List


In this section we'll walk through the initial stages of configuring AirWatch School Manager.


 

The Education Overview Hub

 

  1. Click on Hub
  2. Expand Education
  3. Click Overview
  4. Note the Overview page that details the AirWatch School Manager Setup and Use.

 

 

The Class List Page

 

  1. Click on Class List
  2. Click on Add Class

 

 

Add a Class

 

  1. Enter a name for the class: "1st Grade - Ms Smith"
  2. Click the Assigned Teachers box and select "imateacher". NOTE - As you type the console will filter a list of users.  You can select the user without having to type the whole name.
  3. Click the Assigned Students box and select "imastudent".
  4. Click Save.

 

 

Add Another Class

 

  1. Click on Class List
  2. Note the presence of the class you just created.
  3. Click Add Class

 

 

Enter Class Information

 

  1. Enter a name for the class: "1st Grade - Mr Jones"
  2. Click the Assigned Teachers box and select "imateacher". NOTE - As you type the console will filter a list of users.  You can select the user without having to type the whole name.
  3. Click the Assigned Students box and select "imastudent".
  4. Click Save.

 

Publish the Classroom Application


Next, we will publish the Classroom app so that our the Classroom functionality can be shown on devices that we will enroll in a later step.


 

Add a Public Application

 

In the top-right corner of the AirWatch Console:

  1. Click Add.
  2. Click Public Application.

 

 

Search for the Classroom App

 

  1. Select Apple iOS for the Platform.
  2. Enter "Classroom" for the Name.
  3. Click Next.

 

 

Select the Classroom App

 

  1. Find the Apple Classroom app in the list.  The identifier will be com.apple.classroom.

    NOTE - It may not be the first result and may require you to scroll down to find it!
  2. Click Select on the Apple Classroom app.

 

 

Review Classroom Application Information

 

Review the information about the application you've selected and click Save & Assign

 

 

Configure the Classroom Assignment Settings

 

  1. On the "Update Assignment" screen, click Add Assignment.

 

 

Create the Classroom Configuration.

 

Begin to fill-out your classroom configuration.  Please ensure you've met the following:

  1. Assign to your "All Device" smart group.
  2. Set the app delivery method as "Auto"
  3. Scroll down to the policies section and select Enabled for Remove On Unenroll.
  4. Click Add.

 

 

Finish the Classroom Configuration and Save

 

Click Save & Publish.

 

 

Publish the Classroom App

 

Click Publish.

 

Enroll Class Devices


You are now going to enroll your iOS device for use with this module.


 

Download/Install AirWatch MDM Agent Application from App Store - IF NEEDED

 

NOTE - Checked out devices will likely have the AirWatch MDM Agent already installed. You may skip this step if your device has the AirWatch MDM agent installed.

At this point, if using your own iOS device or if the device you are using does NOT have the AirWatch MDM Agent Application installed, then install the AirWatch Application.

To Install the AirWatch MDM Agent application from the App Store, open the App Store application and download the free AirWatch MDM Agent application.

 

 

Launching the AirWatch MDM Agent

 

Launch the AirWatch Agent app on the device.  

NOTE - If you have your own iOS device and would like to test you will need to download the agent first.

 

 

Choose the Enrollment Method

 

Click on the Server Details button.

 

 

Find your Group ID from AirWatch Console

 

 

  1. To find the Group ID, hover your mouse over the Organization Group tab at the top of the screen. Look for the email address you used to log in to the lab portal.
  2. Your Group ID is displayed at the bottom of the Organization Group pop up.

NOTE - The Group ID is required when enrolling your device in the following steps.

 

 

Attach the AirWatch MDM Agent to the HOL Sandbox

 

Once the Agent has launched you can enroll the device.  To do so, follow the below steps.

  1. Enter "hol.awmdm.com" for the Server field.
  2. Enter your Group ID for your Organization Group for the Group ID field.  Your Group ID was noted previously in the Finding your Group ID step.
  3. Tap the Go button.

NOTE - If on an iPhone, you may have to close the keyboard by clicking Done in order to click the Continue button.

 

 

Authenticate the AirWatch MDM Agent

 

On this screen, enter the Username and Password as shown below.  

NOTE - You will need to enroll one device as "imateacher" and another device as "imastudent" in order to complete the lab.

  1. Type in the Basic User Account Username i.e. "imateacher".  
  2. Type in the Basic User Account Password. This should be "VMware1!".
  3. Tap the Go button.

 

 

Redirect to Safari and Enable MDM Enrollment in Settings

 

The AirWatch Agent will now redirect you to Safari and start the process of enabling MDM in the device settings.

Tap on Redirect & Enable at the bottom of the screen.

 

 

Install the MDM Profile

 

Tap Install in the upper right corner of the Install Profile dialog box.

 

 

Install and Verify the AirWatch MDM Profile

 

Tap Install when prompted at the Install Profile dialog.

NOTE - If a PIN is requested, it is the current device PIN. Provided VMware devices should not have a PIN.

 

 

iOS MDM Profile Warning

 

You should now see the iOS Profile Installation warning explaining what this profile installation will allow on the iOS device.

Tap Install in the upper-right corner of the screen.

 

 

Trust the Remote Management Profile.

 

You should now see the iOS request to trust the source of the MDM profile.

Tap Trust when prompted at the Remote Management dialog.

 

 

iOS Profile Installation Complete

 

You should now see the iOS Profile successfully installed.

Tap Done in the upper right corner of the prompt.

 

 

AirWatch Enrollment Success

 

Your enrollment is now completed. Tap Open to navigate to the AirWatch Agent.

 

 

Accept the Authentication Complete Prompt

 

Click on Done to continue.

 

 

Accept Notification Prompt (IF NEEDED)

 

Tap Allow if you get a prompt for Notifications.

 

 

Accept the App Installation (IF NEEDED)

 

You may be prompted to install a series of applications depending on which Module you are taking. If prompted, tap Install to accept the application installation.

 

 

REMINDER - Enroll TWO Devices

 

REMINDER - You will need to enroll one device as "imateacher" and another device as "imastudent" in order to complete the lab.

Please ensure you have completed the "ENROLL CLASS DEVICES" section twice and have a device enrolled as the teacher and another enrolled as the student!

  1. Type in the Basic User Account Username i.e. "imastudent".  
  2. Type in the Basic User Account Password. This should be "VMware1!".
  3. Tap the Go button.

 

 

OPTIONAL - Validate Education Profile

 

On either the Student or Teacher iPad:

  1. Click on the Settings app
  2. Click on General then scroll and click Profiles & Device Management
  3. Click the Workspace Services profile
  4. Click More Details
  5. Note the Education Configuration profile (e.g AirWatch School Manager####)

 

Control Student Devices with Classroom App


This section is meant to give you a brief introduction to the Classroom application and its use within AirWatch School Manager.  More details on the Classroom app can be found on Apple's support website:  https://help.apple.com/classroom/ipad/1.1


 

Open Classroom App

 

Return to the Teacher iPad. On the Teacher iPad:

Tap the Classroom app to open it and click Continue at the Welcome Screen.

 

 

Accept Notification Prompt (IF NEEDED)

 

You may see a prompt to allow notifications from Classroom app. Tap Allow if you get a prompt for Notifications.

 

 

Choose Class

 

Click on 1st Grade - Mr Jones

 

 

Explore Classroom Interface

 

Note the following areas of the Classroom app interface:

  1. Select -- allows you to select multiple devices (#5) in order to apply commands (#3) to simultaneously.
  2. Action Buttons -- The actions you can take against a group of devices (#4) or individual devices (#5)
  3. Device Groups -- Groupings of devices (can be one or more).   Classroom includes an All group by default.
  4. Individual devices -- each device/user is shown in the classroom application.

 

 

Verify Student iPad Connectivity

 

  1. If your student iPad displays as Offline, click the hardware power button the iPad to power it on.
  2. You will see the status change to Home Screen (or whatever app is currently running in the foreground).
  3. Note that the iPad is now displayed on the Device Groups bar based on the currently running app.

 

 

Control Single iPad

 

  1. Click on the Student device.   Note actions that are disabled - this functionality relates to Managed Apple IDs (requires Apple School Manager)
  2. Open allows you to open an application on the student iPad.  NOTE -  The app must already exist on the iPad.
  3. Navigate allows you to open a web location in Safari on the Student device.
  4. Lock allows you to put the device into a "locked" state (such as for "eyes up front").
  5. AirPlay allows you to force a device to send its screen to an AirPlay compatible device.  You can populate the list of AirPlay destinations via an EMM Profile.
  6. Password allows you to reset the device password if one has been set.
  7. View Screen allows you to watch the screen on the device in real-time.
  8. When choosing an action, completion of the action will display a Done link to return you to main Classroom App screen.
  9. You can exit from the Actions list for a device by clicking outside the dialog screen.

 

 

Control Multiple Devices

 

  1. Select a Group from the list of Device Groups.
  2. Note that you can now take actions against the group, such as Open, Navigate, Lock, and Screen Viewing.
  3. Click Screens on the Teacher device.
  4. Note the icon for the student device in the Classroom app now displays the screen capture of the device. Also note on the student device that the status bar is now blue and there is also an airplay icon displayed.
  5. Click the Screens button to end screen viewing. Note the icon returns to normal in the Classroom app and the student device status bar returns to normal.

 

Un-enrolling Your Device


You are now going to un-enroll the iOS device from AirWatch.

NOTE - The term "Enterprise Wipe" does not mean reset or completely wipe your device. This only removes the MDM Profiles, Policies, and content which the AirWatch MDM Agent controls.

It will NOT remove the AirWatch MDM Agent application from the device as this was downloaded manually before AirWatch had control of the device.


 

Enterprise Wipe (un-enroll) your iOS device

 

Enterprise Wipe will remove all the settings and content that were pushed to the device when it was enrolled.  It will not affect anything that was on the device prior to enrollment.

To Enterprise Wipe your device you will first bring up the AirWatch Console in a web browser. You may need to re-authenticate with your credentials (VLP registered email address and "VMware1!" as the password).

  1. Click Devices on the left column.
  2. Click List View.
  3. Click the checkbox next to the device you want to Enterprise Wipe.

NOTE - Your Device Friendly Name will very likely be different than what is shown. It will, however, be in the same location as shown on image in this step.

 

 

Find the Enterprise Wipe Option

 

  1. Click More Actions. NOTE - If you do not see this option, ensure you have a device selected by clicking the checkbox next to the device.
  2. Click Enterprise Wipe under Management.

 

 

Enter your security PIN

 

After selecting Enterprise Wipe, you will be prompted to enter your Security PIN which you set after your logged into the console ("1234").

  1. Enter "1234" for the Security PIN. You will not need to press enter or continue, the console will confirm your PIN showing "Successful" below the Security PIN input field to indicate that an Enterprise Wipe has been requested.  NOTE: If "1234" does not work, then you provided a different Security PIN when you first logged into the AirWatch Console.  Use the value you specified for your Security PIN.

NOTE - If the Enterprise Wipe does not immediately occur, follow the below steps to force a device sync:

  1. On your device, open the AirWatch Agent application.
  2. Tap the Device section (under Status) in the middle of the screen.
  3. Tap Send Data near the top of the screen.  If this does not make the device check in and immediately un-enroll, continue to Step #4.
  4. If the above doesn't make it immediately un-enroll, then tap Connectivity [Status] under Diagnostics.
  5. Tap Test Connectivity at the top of the screen.

NOTE - Depending upon Internet connectivity of the device and responsiveness of the lab infrastructure, this could take a couple of minutes or more if there is excessive traffic occurring within the Hands On Lab environment.

Feel free to continue to the "Force the Wipe" step to manually uninstall the AirWatch services from the device if network connectivity is failing.

 

 

Verify the Un-Enrollment

 

Press the Home button on the device to go back to the home screen. The applications pushed through AirWatch should have been removed from the device.

NOTE - The applications and settings pushed through AirWatch management should have been removed. The Agent will still be on the device because that was downloaded manually from the App Store. Due to lab environment settings, it may take some time for the signal to traverse through the various networks out and back to your device. Continue on to the next step to force the wipe if the needed.

 

 

Force the Wipe - IF NECESSARY

 

If your device did not wipe, follow these instructions to ensure the wipe is forced immediately. Start by opening the iOS Settings app.

  1. Tap General in the left column.
  2. Scroll down to view the Device Management option.
  3. Tap Device Management at the bottom of the list of General settings.

 

 

Force the Wipe - IF NECESSARY

 

Tap the Workspace Services profile that was pushed to the device.

 

 

Force the Wipe - IF NECESSARY

 

  1. Tap Remove Management on the Workspace Services profile.  
    NOTE - If prompted for a device PIN, enter it to continue.  VMware provisioned devices should not have a device PIN enabled.
  2. Tap Remove on the Remove Management prompt.

After removing the Workspace Services profile, the device will be un-enrolled.  Feel free to return to the "Verify the Un-Enrollment" step to confirm the successful un-enrollment of the device.

 

Conclusion


This section will cover some key takeaways for you to remember before ending this lab.


 

Requirements and Optional Add-ons for AirWatch School Manager

AirWatch School Manager requires the following software and hardware:

You may also extend your AirWatch School Manager functionality by leveraging the following programs:

 

 

 

Typical Uses for AirWatch School Manager

AirWatch School Manager is designed to let organizations leverage Apple's Classroom application in organizations that are not eligible for Apple School Manager.  Some typical use cases are as follows:

 

 

For More Information

For additional information on AirWatch School Manager, please speak with your Account Executive or refer to the documentation on MyAirWatch.

 

Module 3 - VMware Browser (45 Minutes)

Introduction


VMware Browser is an Enterprise-grade mobile browser that can be configured to meet your business requirements by providing a streamlined and productive browsing experience for your employees without sacrificing security and compliance.


 

VMware Browser Feature Overview

Before diving in, explore the features available in VMware Browser to better understand the use cases that could benefit from deploying VMware Browser to their mobile workforce.

Productivity:

  1. Per-App VPN allows employees to access corporate web apps and intranet sites without manually connecting.
  2. Corporate home pages and bookmarks can be pre-configured for a no-hassle setup.
  3. Personal bookmarks can be synced across devices automatically.
  4. Utilize built-in SSO to eliminiate authentication issues and challenges.
  5. Seamlessly access web app links from business emails by integrating with VMware Boxer.

Security:

  1. End-to-end encryption of data at rest and in-transit with AES 256-bit encryption.
  2. Separate business and personal data, allowing you to manage security policies while keeping individual information private.
  3. Employ Data Loss Prevention (DLP) controls to determine whitelisting/blacklisting, cut/copy/paste restrictions, cookie behaviour, and more.
  4. Trigger manual or automatic compliance actions to block or wipe enterprise data based on flexible policies.

Line of Business:

  1. Lock the device into a single, configurable web application kiosk.
  2. Control browsing to specific home pages, web apps, and links.
  3. Remove the navigation bar for a controlled browsing experience.
  4. Enable shared device modes using VMware Browser as the central point for users to log in and out.

 

 

Lab Overview

In this lab, you will be configuring a few of the features in VMware Browser that will showcase:

 

Login to the AirWatch Console


To perform most of the lab you will need to login to the AirWatch Management Console.


 

Launch Chrome Browser

 

Double-click the Chrome Browser on the lab desktop.

 

 

Authenticate to the AirWatch Administration Console

 

The default home page for the browser is https://hol.awmdm.com. Enter your AirWatch Admin Account information and click the Login button.

NOTE - If you see a Captcha, please be aware that it is case sensitive!

  1. Enter your Username. This is you email address that you have associated with your VMware Learning Platform (VLP) account.
  2. Enter "VMware1!" for the Password field.
  3. Click the Login button.

NOTE - Due to lab restrictions, you may need to wait here for a minute or so while the Hands On Lab contacts the AirWatch Hands On Labs server.

 

 

Accept the End User License Agreement

 

NOTE - The following steps of logging into the Administration Console will only need to be done during the initial login to the console.

You will be presented with the AirWatch Terms of Use. Click the Accept button.

 

 

Address the Initial Security Settings

 

After accepting the Terms of Use, you will be presented with a Security Settings pop-up.  The Password Recovery Question is in case you forget your admin password and the Security PIN is to protect certain administrative functionality in the console.  

  1. You may need to scroll down to see the Password Recovery Questions and Security PIN sections.
  2. Select a question from the Password Recovery Question drop-down (default selected question is ok here).
  3. Enter "VMware1!" in the Password Recovery Answer field.
  4. Enter "VMware1!" in the Confirm Password Recovery Answer field.
  5. Enter "1234" in the Security PIN field.
  6. Enter "1234" in the Confirm Security PIN field.
  7. Click the Save button when finished.

 

 

Close the Welcome Message

 

After completing the Security Settings, you will be presented with the AirWatch Console Welcome pop-up.

  1. Click on the Don't show this message again check box.
  2. Close the pop-up by clicking on the X in the upper-right corner.

 

AirWatch Console Configuration


This section will explain what configurations must be made in the AirWatch Console to achieve the features and restrictions that were outlined in the Introduction section.


 

iOS Per-App VPN Profile

This section will explain how to create a Per-App VPN profile, which will be used to allow VMware Browser to connect to an intranet site.

 

 

Configure Security Policies

This section will explain how to configure the default Security Policies to determine DLP controls.

 

 

Configure VMware Browser Settings

This section will explain how to configure the VMware Browser settings, including security settings, whitelisted and blacklisted sites, bookmarks and kiosk mode.

 

 

Publish the VMware Browser Application

Let us add VMware Browser as a Public app to manage and configure.

 

 

Publish the VMware Tunnel Application

In order to leverage the Per-App VPN profile we created for VMware Browser, we will need to also publish VMware Tunnel to the device.

 

iOS Device Enrollment


In this section, we are going to enroll an iOS device to complete the steps on the device side.


 

Download/Install AirWatch MDM Agent Application from App Store - IF NEEDED

 

NOTE - Checked out devices will likely have the AirWatch MDM Agent already installed. You may skip this step if your device has the AirWatch MDM agent installed.

At this point, if using your own iOS device or if the device you are using does NOT have the AirWatch MDM Agent Application installed, then install the AirWatch Application.

To Install the AirWatch MDM Agent application from the App Store, open the App Store application and download the free AirWatch MDM Agent application.

 

 

Launching the AirWatch MDM Agent

 

Launch the AirWatch Agent app on the device.  

NOTE - If you have your own iOS device and would like to test you will need to download the agent first.

 

 

Choose the Enrollment Method

 

Click on the Server Details button.

 

 

Find your Group ID from AirWatch Console

 

 

  1. To find the Group ID, hover your mouse over the Organization Group tab at the top of the screen. Look for the email address you used to log in to the lab portal.
  2. Your Group ID is displayed at the bottom of the Organization Group pop up.

NOTE - The Group ID is required when enrolling your device in the following steps.

 

 

Attach the AirWatch MDM Agent to the HOL Sandbox

 

Once the Agent has launched you can enroll the device.  To do so, follow the below steps.

  1. Enter "hol.awmdm.com" for the Server field.
  2. Enter your Group ID for your Organization Group for the Group ID field.  Your Group ID was noted previously in the Finding your Group ID step.
  3. Tap the Go button.

NOTE - If on an iPhone, you may have to close the keyboard by clicking Done in order to click the Continue button.

 

 

Authenticate the AirWatch MDM Agent

 

On this screen, enter the Username and Password for the basic user account.

  1. Enter "testuser" in the Username field.
  2. Enter "VMware1!" in the Password field.
  3. Tap the Go button.

 

 

Redirect to Safari and Enable MDM Enrollment in Settings

 

The AirWatch Agent will now redirect you to Safari and start the process of enabling MDM in the device settings.

Tap on Redirect & Enable at the bottom of the screen.

 

 

Allow Website to Open Settings (IF NEEDED)

 

If you prompted to allow the website to open Settings to show you a configuration profile, tap Allow.

NOTE - If you do not see this prompt, ignore this and continue to the next step.  This prompt will only occur for iOS Devices on iOS 10.3.3 or later

 

 

Install the MDM Profile

 

Tap Install in the upper right corner of the Install Profile dialog box.

 

 

Install and Verify the AirWatch MDM Profile

 

Tap Install when prompted at the Install Profile dialog.

NOTE - If a PIN is requested, it is the current device PIN. Provided VMware devices should not have a PIN.

 

 

iOS MDM Profile Warning

 

You should now see the iOS Profile Installation warning explaining what this profile installation will allow on the iOS device.

Tap Install in the upper-right corner of the screen.

 

 

Trust the Remote Management Profile.

 

You should now see the iOS request to trust the source of the MDM profile.

Tap Trust when prompted at the Remote Management dialog.

 

 

iOS Profile Installation Complete

 

You should now see the iOS Profile successfully installed.

Tap Done in the upper right corner of the prompt.

 

 

AirWatch Enrollment Success

 

Your enrollment is now completed. Tap Open to navigate to the AirWatch Agent.

 

 

Accept the Authentication Complete Prompt

 

Click on Done to continue.

 

 

Accept Notification Prompt (IF NEEDED)

 

Tap Allow if you get a prompt for Notifications.

 

 

Accept the App Installation (IF NEEDED)

 

You may be prompted to install a series of applications depending on which Module you are taking. If prompted, tap Install to accept the application installation.

 

Explore VMware Browser


We will now launch and explore VMware Browser to confirm that the settings we've configured are controlling the application as expected.


 

Confirm Intranet Access in Safari

Let's try to access internal webpage from Safari Browser first to ensure that we can't connect it without any VPN.

 

 

Confirm the VMware Browser Configurations

Now, let's access the same link from VMware Browser.

 

 

Review

You've now confirmed all of the configurations we deployed to VMware Browser during our setup in the AirWatch Console.  Feel free to explore any other features of VMware Browser and continue to the next step when you are ready.

 

Un-enrolling Your Device


You are now going to un-enroll the iOS device from AirWatch.

NOTE - The term "Enterprise Wipe" does not mean reset or completely wipe your device. This only removes the MDM Profiles, Policies, and content which the AirWatch MDM Agent controls.

It will NOT remove the AirWatch MDM Agent application from the device as this was downloaded manually before AirWatch had control of the device.


 

Enterprise Wipe (un-enroll) your iOS device

 

Enterprise Wipe will remove all the settings and content that were pushed to the device when it was enrolled.  It will not affect anything that was on the device prior to enrollment.

To Enterprise Wipe your device you will first bring up the AirWatch Console in a web browser. You may need to re-authenticate with your credentials (VLP registered email address and "VMware1!" as the password).

  1. Click Devices on the left column.
  2. Click List View.
  3. Click the checkbox next to the device you want to Enterprise Wipe.

NOTE - Your Device Friendly Name will very likely be different than what is shown. It will, however, be in the same location as shown on image in this step.

 

 

Find the Enterprise Wipe Option

 

  1. Click More Actions. NOTE - If you do not see this option, ensure you have a device selected by clicking the checkbox next to the device.
  2. Click Enterprise Wipe under Management.

 

 

Enter your security PIN

 

After selecting Enterprise Wipe, you will be prompted to enter your Security PIN which you set after your logged into the console ("1234").

  1. Enter "1234" for the Security PIN. You will not need to press enter or continue, the console will confirm your PIN showing "Successful" below the Security PIN input field to indicate that an Enterprise Wipe has been requested.  NOTE: If "1234" does not work, then you provided a different Security PIN when you first logged into the AirWatch Console.  Use the value you specified for your Security PIN.

NOTE - If the Enterprise Wipe does not immediately occur, follow the below steps to force a device sync:

  1. On your device, open the AirWatch Agent application.
  2. Tap the Device section (under Status) in the middle of the screen.
  3. Tap Send Data near the top of the screen.  If this does not make the device check in and immediately un-enroll, continue to Step #4.
  4. If the above doesn't make it immediately un-enroll, then tap Connectivity [Status] under Diagnostics.
  5. Tap Test Connectivity at the top of the screen.

NOTE - Depending upon Internet connectivity of the device and responsiveness of the lab infrastructure, this could take a couple of minutes or more if there is excessive traffic occurring within the Hands On Lab environment.

Feel free to continue to the "Force the Wipe" step to manually uninstall the AirWatch services from the device if network connectivity is failing.

 

 

Verify the Un-Enrollment

 

Press the Home button on the device to go back to the home screen. The applications pushed through AirWatch should have been removed from the device.

NOTE - The applications and settings pushed through AirWatch management should have been removed. The Agent will still be on the device because that was downloaded manually from the App Store. Due to lab environment settings, it may take some time for the signal to traverse through the various networks out and back to your device. Continue on to the next step to force the wipe if the needed.

 

 

Force the Wipe - IF NECESSARY

 

If your device did not wipe, follow these instructions to ensure the wipe is forced immediately. Start by opening the iOS Settings app.

  1. Tap General in the left column.
  2. Scroll down to view the Device Management option.
  3. Tap Device Management at the bottom of the list of General settings.

 

 

Force the Wipe - IF NECESSARY

 

Tap the Workspace Services profile that was pushed to the device.

 

 

Force the Wipe - IF NECESSARY

 

  1. Tap Remove Management on the Workspace Services profile.  
    NOTE - If prompted for a device PIN, enter it to continue.  VMware provisioned devices should not have a device PIN enabled.
  2. Tap Remove on the Remove Management prompt.

After removing the Workspace Services profile, the device will be un-enrolled.  Feel free to return to the "Verify the Un-Enrollment" step to confirm the successful un-enrollment of the device.

 

Conclusion


VMware Browser has a wide variety of configurations that can be adjusted to meet your business needs across multiple platforms.  We explored a few options through this lab, but there are more features that can provide a higher quality user experience at the level of security that your business requires.  Consider how VMware Browser can improve your productivity by providing a secure and configurable browsing experience!

This concludes this lab module.


Conclusion

Thank you for participating in the VMware Hands-on Labs. Be sure to visit http://hol.vmware.com/ to continue your lab experience online.

Lab SKU: HOL-1857-04-UEM

Version: 20180323-183916