Save to My DOJO
For several years now, the IT landscape has been increasingly favourable to remote working and flexibility in terms of devices, apps and location. In fact, VMware Workspace One has been spearheading the company’s User Endpoint management strategy to achieve an eco-system that is “any app, any device, anywhere”.
While this shift in ways of working was already well in motion, the pandemic and its multiple lockdowns significantly accelerated the adoption by organizations and VMware Workspace One was among the leading offerings on the market.
“2021 Gartner Magic Quadrant for Unified Endpoint Management (UEM) Tools”
A recurrent problem with digital workspace is that users usually have multiple devices that are out of the organization’s control, opening the door to all sorts of security breaches. Add on top of that the need to manage all sorts of modern or legacy apps and you have yourself a right mess to untangle. This is where VMware Workspace One adds value by consolidating management.
If you manage a Microsoft 365 environment, you’ll surely want to know what the best security configurations are to secure your data and deter attacks. Learn more about our upcoming webinar on June 28 & 30, 6 Must-Have Microsoft 365 Security Configurations Every Admin Needs to Know.
What is VMware Workspace ONE?
If the term AirWatch rings a bell then you are in the right place. AirWatch was a company distributing its own Enterprise Mobility Management software (different from MDM) and was acquired by VMware in 2014. After a couple of renames to AirWatch by VMware and VMware AirWatch, the company settled to rebrand the product to VMware Workspace ONE in 2018.
A bit of confusion exists when it comes to what Workspace ONE is. Because it is in the realm of user and device management, most vSphere administrators don’t get exposed to it it’s not something they deal with on a daily basis.
In the end, Workspace ONE is a powerful User Endpoint Management system that aims at consolidating management across mobile devices, desktops, virtual desktops, apps all the while offering automation capabilities and zero trust access control.
“VMware Workspace ONE supports several deployment models but it must be connected to a directory infrastructure”
To quote VMware themselves: “Workspace ONE is a digital platform that delivers and manages any app on any device by integrating access control, application management, and unified endpoint management.”
5 main components make up Vmware Workspace ONE:
-
- Workspace ONE Access: (Formerly vIDM) Provides SSO capabilities to SaaS and Horizon desktops and application access control based on specific policies.
-
- Workspace ONE UEM: (Formerly AirWatch) The EMM software that powers the solution to deliver apps in a secure way to build mobile workspaces. It integrates with public app stores or Office 365.
-
- Workspace ONE Intelligence: AWS Cloud service aimed at simplifying the user experience and providing insight into the entire environment.
-
- VMware Unified Access Gateway: If you work with Horizon View, you may already be familiar with UAG, a virtual appliance that replaced the Windows-based Security servers to access internal resources from the outside in a secure manner without the need for VPN access.
-
- Workspace ONE Intelligent Hub: End-user application to access the resources distributed through Workspace ONE.
VMware Workspace One Access Pricing
The licensing associated with Workspace ONE may be tricky to ascertain as there are several ways to tackle the pricing. You can pay a monthly subscription based on the number of users or devices. You can also purchase perpetual licenses. It gets a little more convoluted when looking at the various Editions available for you and their limitations which involve features sets, app storage space, support…
“There are no less than 7 editions of Workspace ONE to choose from”
The best way to ensure that you are choosing the best fit for your organization is to get the assistance of your VMware retailer. They will help you define what features you need and in turn, find the best pricing model.
In the meantime, the easiest way to get a sense of the pricing is to look at the Standard, Advanced and Enterprise feature sets. You will find the full comparison in this exhaustive table.
“Workspace ONE subscription prices as of January 2022”
Workspace ONE Office 365 Management
As you may already know, Altaro is more involved than ever in Office 365, especially since the acquisition by Hornet Security, distributor of 365 Total Protection. Because of it, we thought Workspace ONE Office 365 Management would be a great product overview to cover for our audience.
Anyways, a rather lengthy run-up to this blog’s topic but no less important in order to get to set some context for Workspace ONE Office 365 Management. Even more so given that when mentioning Office 365, many people usually think about the end-user apps such as Word, Office, Excel but there are also all these enterprise services like SharePoint, emails…
“The Workspace ONE app offers SSO capabilities and lets users install company apps through an administrator managed store”
Mobile Device Management
Mobile devices are supported by VMware Workspace ONE through the workspace one intelligent hub which provides an easy way for end-users to access apps and confidential company information. Integrated workflows let users install a device profile which will let the organization manage the device along with automatically installing company apps to facilitate BYOD use cases.
With workspace one intelligent hub, the self-service portal lets users install other apps such as Office 365 apps. It has the added benefit to offer employees one touch SSO (Single-Sign-On) across all of the work apps and web apps. Work protected apps co-exist alongside the employee’s personal apps, however, they won’t be able to transfer data in-between (copy-paste disabled for instance).
“Work protected data is automatically encrypted and copy/paste capabilities are disabled to prevent confidential data leaks”
Secured simplicity and flexibility
Nowadays, users want to access their Office apps from any device, whether it is a desktop, a mobile phone, OWA, an app, you name it. In a nutshell, simplicity and flexibility are the main keywords here. Similarly in a way to how you would use the Horizon client or the Web client to access resources served by a VMware Horizon infrastructure (apps or desktops).
Regardless, while you want to give your users the best experience, ensuring secure access remains paramount to any organization. On top of that, Data Loss Prevention (DLP) mechanisms prevent users from grabbing confidential company data (willingly or not) and exporting it through copy/paste or file transfers across private and professional environments.
“Workspace ONE offers flexibility to clients while enforcing user entitlement and mode of access”
Workspace ONE adds value to the user experience but also to the administrator overhead. It allows to automatically deploy Office 365 email and apps from one’s own custom app stores. At the same time, Workspace ONE offers SSO authentication and will transparently allow access to Office 365 only to licensed users and revoke access to those who are not authorized, think of simplified offboarding processes for instance.
Modern authentication
While not being a security expert, if you followed the tech news over the last several years, you probably came across the term “passwordless” a number of times. As you know, human error is often the reason for cybersecurity events, or should I say the lack of discipline they demonstrate. I mean, you will get the chills just looking at the most common password of 2021 (if yours is in the list, please change it now!).
Modern authentication architectures are based on certificates and private key mechanisms. For instance, interacting with a Kubernetes cluster can only be done through the use of a certificate embedded in a config file.
Anyway, Workspace ONE Office 365 Management supports passwordless authentication with a certificate-based mechanism extending to Azure AD or other identity solutions. Restricted access through security policies to Office 365 apps and services can then be supplemented with checks based on compliance groups and device types (web, mobile, desktop…). This is what is referred to as adaptive access.
“Workspace ONE Office 365 Management leverages secured access to cloud services”
If you want to learn more about security in Microsoft 365, check out our dedicated FAQ on the topic.
Office 365 Graph API
Now you may be wondering, how does Workspace ONE interact so tightly with Office 365. Well, we currently are in the API decade, right? Enters Microsoft’s Graph API. Graph API exposes a number of Microsoft 365 resources for Microsoft based or third-party products to leverage and interact with.
“Graph API opens the gates for Workspace ONE to interact with Microsoft 365”
I will not attempt to go into the details of Graph API as I am nowhere near qualified enough to pretend trying so you can find an introduction to it here.
To protect your VMware environment, Altaro offers the ultimate VMware backup service to secure backup quickly and replicate your virtual machines. We work hard perpetually to give our customers confidence in their backup strategy.
Plus, you can visit our VMware blog to keep up with the latest articles and news on VMware.
Essential Webinar for all M365 Admins – Must-Have M365 Security Settings
If you run a Microsoft 365 environment you of course will want to make sure you’re optimizing your security. And while M365 has tons of in-built security options and settings for admins, it’s easy to miss some that would provide a significant boost to your setup. In this upcoming free webinar on 28 and 30 June, IT Consultant Paul Schnackenburg and fellow Microsoft MVP Andy Syrewicze, will demo critical security features, as well as some underrated ones, that hit hard and provide significant protection for your M365 tenant. Learn more and save your seat
So, Should I be Using VMware Workspace ONE Then?
As you may know VMware Workspace ONE is a bit of a special snowflake when it comes to VMware products. Even internally at VMware, they have a dedicated team to manage the customers of the solution for instance. Whether they go through with it or not, many organizations equipped with Horizon View infrastructure take interest in Workspace ONE at some point in their IT lifecycle as several concepts translate to it such as distributing resources to the end-user.
Evaluating VMware Workspace ONE isn’t as straightforward as it is with other Cloud products like vRealize Log Insight Cloud as they are a lot of intricacies and requirements. The easiest way to get your hands on VMware Workspace ONE is to start with the online Hands-On-Lab (HOL) which offers a complete environment to play with.
Regardless, we suggest you check out 365 Total Protection from HornetSecurity. A comprehensive protection product for Microsoft cloud services – specifically developed for Microsoft 365 and seamlessly integrated to provide comprehensive protection for Microsoft cloud services.
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!