Setting up your Environment
For this Virtual Livefire lab, you will be working on the SaaS Workspace ONE UEM & Carbon Black tenants to secure your devices.
In this lab you will be completing a few pre-requisites before we can implement policies and automations to remediate potential threats on our endpoints.
There are four parts to this Lab
1. Create a basic user
2. Setup Intelligence
3. Setup Automation connector
4. Enrolling Windows in Workspace ONE UEM
NOTE: Screenshot precedes Instructions in this lab
In our SaaS tenant, we are using a basic user account to enroll our device for Day 1. This helps us eliminate the pre-requisite work for setting up connector and adding users from Directory to our SaaS Workspace ONE UEM.
- Log into your lab environment using your MyLearn credentials.
- On the desktop of ControlCenter2 open Google Chrome and browse to https://cn-livefire.awmdm.com
- Use the e-mail address you signed up to the course with as the User Name (<your email address>).
- Click NEXT.
- Enter the password: VMware1!
- Click Log In
- Now set a security question and answer and a four digit Pin. Hit SAVE.
- You should now be on the Getting started window of the UEM console which is the default landing page.
Remember to keep a note of your 4 digit pin.
NOTE: If login fails, verify you are using the same Email address your signed in to myLearn portal and start this course. If yes, please reach out to your instructor for assistance.
- Now create a basic user for enrollment
- Click ACCOUNTS in the left navigation pane
- Under Users > List View click ADD > Add User from the ADD dropdown.
- On the Add/ Edit User window,
- Fill in the following fields and leave the rest as default.
- User name: Livefireuser
- Password: VMware1!
- First Name & Last Name: (Values need not be real)
- E-mail Address: [email protected]
- Click SAVE.
- Fill in the following fields and leave the rest as default.
- Enable Intelligence,
- Open a new tab on the browser and navigate to your Workspace ONE UEM portal. (www.cn-livefire.awmdm.com)
- Select Monitor on your left of the Workspace ONE UEM pane and then select Intelligence and click GET STARTED
- On the next page click the check box next to Opt In and click NEXT at the bottom of the page.
- Read through the Terms of Service, then scroll down and fill in your details and click ACCEPT at the bottom of the page to accept the Terms and Conditions. You will be redirected to the Intelligence interface at this point.
NOTE: Values need not be real.
With the Automation connector, insights from Workspace ONE Intelligence can be used to create automations that connect to Workspace ONE UEM and other third party tools, such as a home-grown ITSM or ticketing solution, to take action within those tools. Notifications can also automatically be pushed to these tools via the Automation Connector.
Intelligence comes with built in automation connectors for Workspace ONE UEM, Slack & ServiceNow. You can also choose to use Custom connectors, use REST APIs for communication and the API development tool Postman to create standard requests.
In this section we will be setup built in connector for Workspace ONE UEM.
- On the Workspace ONE Intelligence console, from the top Options Menu, Click on Integrations.
- Under Workflow Connectors tile, click on VIEW.
2.5. Click GET STARTED to proceed to the Workflow Connectors page.
NOTE: If you do not see the below Workflow Connectors page click back into Integrations and click VIEW on the Workflow Connectors tile.
- Under Workspace ONE UEM Tile, click on SET UP.
- Click Provide Credentials.
- Provide the following infomation,
Base URL: https://cn-livefire.awmdm.com
API User Name: <Workspace ONE UEM admin username> (hint: The email address you logged in to the workspace ONE UEM console)
API Password: VMware1!
Workspace ONE UEM API KEY: PAUSE & FOLLOW THE BELOW STEPS TO RETRIEVE THE API KEY.
- To retrieve the API key,
- Open your previous browser tab to open the Workspace ONE UEM Console or start a new tab and navigate to Workspace ONE UEM tenant. (www.cn-livefire.awmdm.com)
- Navigate to Groups & Settings > All Settings.
If you do not have the Workspace ONE UEM open in the previous tab, simply open a new browser tab and navigate to cn-livefire.awmdm.com
- Override REST API Settings,
- Under Settings Window, Navigate to System > Advanced > API > REST API.
- Select Override under Current Setting. Hit SAVE.
- Once you SAVE, you will see it will Re-generate the API key for the Service AirWatchAPI. Copy this API Key and go to Intelligence console in your previous browser tab.
In the Intelligence Console, paste the API key,
- Paste the Workspace ONE UEM API Key you copied from UEM console in Intelligence.
- Click on Authorize.
Verify the status says Authorized.
If this fails, verify the admin credentials (Same credentials used to login Workspace ONE UEM Console) and ensure you copied the correct API KEY for the service AirWatchAPI.
Once you have setup your environment and successfully completed the previous section, you will proceed to enroll a Windows 10 VM client in our LAB environment using WorkspaceOne Intelligence Hub.
- Access the W10Client01 Virtual Machine,
- Log into the ControlCenter2 and open the Remote Desktop folder on the Desktop.
- Double click on W10Client01 RDP client to open an RDP session and sign-in with password VMware1!
- Enrolling using Workspace ONE intelligent hub
- Select the WorkspaceONE Intelligent Hub from the taskbar on the W10Client01. NOTE: This can take a minute as it will launch the Hub for the first time.
- Enter Server Address,
- Under Email or Server Details field, enter cn-livefire.awmdm.com
- Click NEXT
Note: If you are seeing an error: Agent Connection Failed. Unable to get the enrollment details. This means the Agent initialization has not completed. This is a new issue we are observing in our lab environments and have an escalation in place with our development team. This can be resolved by restarting the Task Scheduler service from Task Manager > Details tab. Please reach out to one of the instructors for assistance.
- In the Group ID Prompt,
- Enter the groupID unique to your tenant. (If you do not have your GroupID information follow the next step to retrieve the same. )
- If you have it, Click NEXT.
- To retrieve the group ID value,
- Navigate to your ControlCenter2 Machine and open Google Chrome. Browse to Workspace ONE UEM console (cn-livefire.awmdm.com)
- Hoover your mouse pointer over the LIVEFIRE (next to the Workspace ONE UEM Logo). You should see a small pop up window with Group ID information.
- Copy or take a note of this group id value.
- RDP back to your Win10Client02 Machine
- Paste your Group ID. Click NEXT.
- Enter credentials for Basic user you created in the previous section.
- Enter the basic user username as Livefireuser
- Enter the password as VMware1!
- Click Sign In
- When the Enrollment Complete Message appears, select Finish
Your device has been successfully enrolled! Click DONE.
Great Job! You have successfully completed this lab. Please proceed to the next lab!