Workspace ONE on Robert Terakedis

Mapping Concepts from Munki to WS1 UEM

Mon, 23 Aug 2021 00:00:00 +0000

Since Workspace ONE UEM version 9.3, VMware has included the open-source munki binaries in the Workspace ONE Intelligent Hub for macOS. The intent of this integration was to give macOS admins the ability to distribute 3rd-party non-store macOS apps, without the need to host any backing instrastructure for munki. Because this integration was meant to give admins some of the commonly used functionality, it was not integrated in such a way to include support for ALL munki's functionality. This has left some confusion in the community, particularly with Workspace ONE UEM administrators with extensive munki knowledge/background.

Best Practices for Apple Admins in Workspace ONE UEM

Thu, 15 Jul 2021 00:00:00 +0000

I was recently reading a post about What to do when you have to lay off your Jamf administrator, and it got me thinking. The Workspace ONE UEM documentation generally specifies what you need from a software and hardware perspective in pre-requisites. That said, over the years I've come to know a few unwritten (or written but obscure) best practices for setting up Workspace ONE UEM to manage Apple devices. Hopefully you find this post helpful, but I welcome any comments and feedback!

Converting Jamf Custom Schema JSON for Workspace ONE UEM

Tue, 09 Mar 2021 00:00:00 +0000

Periodically, I see app vendors providing custom JSON schema files to help build app-specific configuration profiles for MDM (specifically Jamf). Workspace ONE UEM supports app-specific configuration, but currently via Custom Settings in an XML format. While many vendors also suppply a custom mobileconfig file or Custom Settings dictionary that can be used with Workspace ONE UEM, I hope in this post to show how any Workspace ONE admin can manually convert a Custom Schema JSON file to Custom Settings XML.

Troubleshooting macOS Management with Workspace ONE

Tue, 27 Oct 2020 00:00:00 +0000

Short post today - just to cover some thoughts on my most recent asset published to TechZone. I finally sat down and dug out all my notes on troubleshooting macOS and put them all together into a single, comprehensive macOS Troubleshooting Guide. This thing was the result of almost 46 hours of fingers on keys: typing, formatting, and testing. I truly hope you all get some value out of it, and do feel free to send me feedback if you'd like it extended and/or notice something missing.

Deploying NoMAD over VMware Per-App Tunnel

Fri, 16 Oct 2020 00:00:00 +0000

Some folks recently reached out to me asking for help figuring out how to route NoMAD traffic over VMware Tunnel. Basically, the ask was to use Per-App Tunneling to give NoMAD the ability to obtain Kerberos Tickets and Sync AD passwords without being directly on the Enterprise network. If you're familiar with my previous article about the macOS Catalina Kerberos SSO Plugin, you'll know that Apple's built-in functionality in Catalina doesn't work well with Per-App Tunneling.

macOS Big Sur and Kerberos SSO via Per-App Tunnel

Fri, 14 Aug 2020 00:00:00 +0000

If you've read my blogs about macOS Catalina Kerberos SSO over Per-App Tunnel and the followup, you'll know that this has been a use-case I'm interested in solving. I put a great deal of effort into filing feedback with Apple and providing steps to replicate the issue. I was quite excited when I saw the per-app Tunnel improvements specifically mentioned in the WWDC videos, and hoped perhaps some changes were made to enable this functionality.

macOS Catalina Kerberos SSO over VPN Followup

Sun, 22 Mar 2020 00:00:00 +0000

I've been going back and forth with Apple about some of the issues I previously found using the macOS Catalina Kerberos SSO over Per-App VPN. As it turns out, they acknowledged some of the issues I was seeing and are supposedly working on a fix. I've been watching the past few beta releases for macOS, and I've not yet seen anything in the release notes to indicate they've implemented any fixes.

Deploying Microsoft Defender ATP for macOS using Workspace ONE UEM

Tue, 18 Feb 2020 00:00:00 +0000

I had a few folks recently approach me on the MacAdmins slack asking for help with deploying Microsoft Defender ATP for Mac. We got it working, but it came down to 2 issues: conflicting documentation and Jamf/inTune specific templates. Once I was able to parse through the Jamf/InTune documentation, we were able to put together some guidance. We recently published this guide to the EUC Samples GitHub Repository.

Conflicting Documentation

The initial problem I found was some confusion generated by Microsoft's documentation. The first article, Set Preferences for Microsoft Defender ATP referenced a payloadType of com.microsoft.wdav. These preferences seem related to the UI and various configuration settings. In other words, it controls what changes can be made in the UI if opened by the end-user.

Testing macOS Catalina Kerberos SSO Extension Over VPN

Tue, 04 Feb 2020 00:00:00 +0000

Working at VMware, I'm surrounded by great technology and super-smart folks! In our portfolio of technologies, the folks in our R&D have recently been putting quite a bit of effort into building out macOS capabilities for our Workspace ONE Tunnel client for macOS. Workspace ONE admins can leverage the same VMware technology they used to enable per-app VPN for iOS and Android, but now on macOS! There's a bit of nuance to configuring the VPN client if you're previously familiar with iOS (look for my Operational Tutorial soon to hit TechZone). That said, the premise is the same -- by configuring the appropriate rules, the Tunnel app redirects traffic from whitelisted applications back into your network through the Unified Access Gateway.