EUC

Workspace ONE Intelligence Setup and Windows 10 Enrollment

Over the next 4 days we will be using a combination of Saas and On-premise resources. To be in a position to use these we will setup the following services

There are five parts to this Lab

Configuring Workspace ONE UEM Integrations
Connecting Workspace ONE UEM to Workspace ONE Intelligence
Configuring Workspace ONE Access with Workspace ONE Inteligence
Configure Hub Services
Enroll Windows 10 with Intelligent Hub

NOTE: Screenshot precedes Instructions in this lab

Part 1: Configuring Workspace ONE Intelligence integration with Workspace ONE UEM

Enable Workspace ONE Intelligence,
- Open a new tab on the browser and navigate to your Workspace ONE UEM portal. (cn-livefire.awmdm.com)
- Select Monitor on your left of the Workspace ONE UEM pane
- Select Intelligence
- Select GET STARTED

In the Intelligence, What we collect page
- Scroll down
  - Under Opt in to use Intelligence, select the checkbox next to Opt in
  - Select NEXT

In the Terms of Service window
- Enter anything of your choice, next to Title / Company Name and Company Address
- Select ACCEPT

Part 2: Setting up Automation Connector in Intelligence

With the Automation connector, insights from Workspace ONE Intelligence can be used to create automations that connect to Workspace ONE UEM and other third party tools, such as a home-grown ITSM or ticketing solution, to take action within those tools. Notifications can also automatically be pushed to these tools via the Automation Connector.

Intelligence comes with build in Automation connector for Workspace ONE UEM, Slack & ServiceNow. You can also choose to use Custom connectors use REST APIs for communication and the API development tool Postman to create standard requests.

In this section we will be setup built in connector for Workspace ONE UEM.

On the Workspace ONE Intelligence console,
- From the panel at the top, click on Integrations.

In the Integrations area
- Under the Workflow Connectors tile,
  - Select VIEW.
- You will notice you get redirected to the Automations tab on the Panel

In the INTELLIGENCE AUTOMATIONS
- Select GET STARTED.
  - Note: You will be redirected to the Automation screen.

Select the Integrations tab

Under Integrations
- In the Workflow Connectors area,
  - Select VIEW

In the Workspace ONE UEM Tile,
- Select SET UP

In the Authorize Connector window
- Next to :
  - Base URL:https://cn-livefire.awmdm.com
  - Auth Type: Leave default
  - User Name:<Workspace ONE UEM admin username>
    - (hint: The email address you logged in to the workspace ONE UEM console)
  - Password: VMware1!
  - Workspace ONE UEM API KEY:PAUSE & FOLLOW THE BELOW STEPS TO RETRIEVE THE API KEY.

To retrieve the API key,
- Open a new browser tab and navigate to your Workspace ONE UEM Console.(dw-livefire.awmdm.com)
- Navigate to Groups & Settings > All Settings.

Override REST API Settings,
- Under the Settings Window, Navigate to System > Advanced > API > REST API.
- Select Override under Current Setting.
- Select SAVE. (NOTE: SAVE BEFORE YOU COPY THE API KEY)
- Copy this AirWatchAPI Key and go to Intelligence console in your previous browser tab.

In the Intelligence Console, paste the API key,
- Paste the Workspace ONE UEM API Key you copied from UEM console in Intelligence.
- Click on AUTHORIZE

Verify the status says Authorized.

Part 3: Workspace ONE Access Integration with Workspace ONE Intelligence

From your Laptop / Desktop
- Log in to your Workspace ONE UEM Admin console using your custom credentials
- To the right of the Workspace ONE UEM console, select the MY SERVICES BOX (9 box Dots in the right corner)
- Select Workspace ONE Intelligence

From the Workspace ONE Intelligence console
- Select the Integrations Tab

From the Integrations console
- Under the Workspace ONE Access widget,
  - Select SET UP

In the Set up Workspace ONE Access window
- Select Get STARTED

In the Authorize: Workspace ONE Access window
- Expand Provide Credentials
- Next to Tenant Domain enter your custom Workspace ONE Access Tenant URL
- Select CONNECT TO WORKSPACE ONE ACCESS

You will be redirected to WorkspaceONE Access.
1. If you have already authenticated in Workspace ONE ACCESS move on to step 2 in this paragraph
  - Authenticate using your admin credentials and click Sign In
2. On the Workspace ONE Intelligence Integration window
  - Select Accept

On the Workspace ONE Access authorized successfully window
- Select FINISH

Part 4: Configuring Hub Services

On your ControlCenter VM
- From your Browser, use your custom credentials ensure you are logged in as Sysadmin to your Workspace ONE Access Admin Console
- In the Workspace ONE Access Admin Console
  - Select the drop down next to Catalog tab
  - Select Hub Configuration
- In the Hub Configuration page
  - Select LAUNCH

In the Introducing Templates page
- Select NEXT

In the Introducing Templatespage
- Under Important template considerations
  - Select GOT IT

In the Migrate Your App Catalog Settings page
- Select DISCARD
- In the Discard App Catalog Settings window
  - Select DISCARD

In the Migrate Your App Catalog Settings
- Select FINISH

In Workspace ONE Hub Services
- In the Branding section
  - Find Logos > Organization Logo , to the right select UPLOAD
  - In the left pane,
    - Under Quick access, select Desktop
    - Select Software
    - Select and open Logo
    - Select vmware livefire.png
    - Select Open
    - Scroll down and select SAVE

In the Workspace ONE Hub Services page
- In the left pane, select People
- Under People area, next to Enable People, move the toggle to the right, to enable this function
- Select SAVE

From the left menu, Navigate to the Custom Tab.
- Next to Enable Custom Tab, move the toggle right.
- Next to Title enter: EUCLF (Best practice is not use a label longer than 6 characters).
- Next to URL: enter https://www.Livefire.solutions
- Next to Position, enable the First radio button.
- Select SAVE

Employee Self Service,
- From the left navigation panel select Employee Self Service
  - Note this is now enabled by default.
  - Currently, Employee self service allows employees to add a new BYOD device and re-push profiles.

To the top right of the Workspace ONE Hub Services page
- Select LOG OUT OF HUB SERVICES

In the Workspace ONE Access Console
- Select the Catalog tab
- Select Settings.

Select People Search
- Select the check box next to Enable People Search
- Select NEXT

In the People Search page
- Next to Select the Directory to configure People Search attributes,
  - From the dropdown select LivefireSync
- Leave the default attributes to be used for People Search.
- Select Next

Validate the following with the associated dropdown
- distinguishedName with distinguishedName
- managerDN with manager
- title to title from the dropdown.
- Select Next

In the People Search window
- Under the Specify the user DNs
  - edit the default CN=Users,DC=euc-livefire,DC=com
    - to OU=Corp,DC=euc-livefire,DC=com
  - Select SAVE & SYNC
    - When prompted with missing attributes, Ignore the message
  - Select SAVE & SYNC

The below screenshot is from task 16:-

Open an incognito windows on your browser and navigate back to your Workspace ONE Access tenant
- To Login
  - Under Select Your Domain,
    - From the dropdown, select euc-livefire.com
  - Select Next
  - Under username enter Mark
  - Under password enter VMware1!
  - Select Sign in

Select People
- In the search interface type Kim
  - Notice the search results
  - Select an individual user and notice you can see information related to the user.
- Close your Incognito Browser session

In your Workspace ONE UEM Console
- Select GROUPS & SETTINGS > Configurations
- In the Configurations window
  - Select GO TO CONFIGURATIONS
- Under Configurations type Hub
- Under Name select Intelligent Hub

In the Workspace ONE UEM Console
- In the Intelligent Hub window, select GET STARTED

In the Activate Hub Services window
- Next to Tenant URL* enter your Access Tenant URL
- Next Username * enter your system admin account, which is Administrator
- Next to Password * enter your custom system account Password
- Select TEST CONNECTION
- Select SAVE

When the Hub Services interface closes, you should get a Hub Services successfully activated message.

Part 5: Windows 10 - Intelligent Hub Enrollment

Once you have setup your environment and successfully completed the previous section, you will proceed to enroll a Windows 10 VM client in our on-premise LAB environment using the WorkspaceOne Intelligence Hub.

For this course we will be using two different Windows 10 clients that need to be enrolled for Testing purposes

Both Desktops are on the same vLAN

We will use W10client01 on Day 1 , 2 and 4
W10EXT01a is on a nested esxi environment managed by NSX-T . We will be using this Windows 10 desktop for testing on Day 3

Section 1. Change Windows 10 Machine Name and IP Address

In order to uniquely identify your VM in the VMware Carbon Black Console we will need to assign the VM a new hostname and new IP address. At this point you will need the number assigned to you by the instructor.

If the assigned name is AttendeeXXX (example: Attendee102)

The new hostname of the virtualmachine will be attendeeXXX.euc-livefire.com

(example: attendee102.euc-livefire.com)

The new IP address of the virtual Machine will be 192.168.110.XXX - example: 192.168.110.102

On the ControlCenter desktop
- Open the Remote Desktops folder
- Double click the shortcut for W10Client01.RDP
- Type the password: VMware1! when prompted and select OK

On the W10Client01VM
- In the search field type run and click Run at the top
- type SystemPropertiesAdvanced and click OK

In the of System Properties
- Select the Computer Name tab
- click on Change

In the Computer Name/Domain Change window
- Under Computer name:
  - Change the Computer name to the unique identifier given by the Instructor - for example Attendee102
- Select OK

NOTE: If you do not know your attendee number please stop and ask the instructor.

Click OK for at the next prompt and close the System Properties window.

When prompted for restart click Restart Later.

ATTENTION: At this point do not Restart your VM.

On your W10Client01
- Select and right-click the Start Button > select Run
- In the Run window, next to Open: type ncpa.cpl

In the Network Connections
- Select and right-click your Ethernet adaptor
- Select Properties

In the Ethernet Properties window
- Select Internet Protocol version 4(TCP/IPv4)
- Select Properties

On the Edit IP settings,
- Edit the IP address to 172.16.30.XXX example if your Assignment is Attendee105 the IP should end in 105.
- Select OK
  - Note! You will be disconnected from the Remote Session

On the ControlCenter server Desktop
- Navigate back to the Remote Desktops folder
- Right-Click on the W10Client01.RDP
- Select Edit

In the Remote Desktop Connectionwindow
- Change the Computer name in the RDP Connection to your unique ip Address 172.16.30.xxx (Example 172.16.30.105)
- Select Save
- Select Connect on the page
- On the Authentication window enter VMware1! as the password
- Select OK

NOTE: As we got disconnected, we now need to reboot to also change the hostname of the VM.

On the W10Client01 desktop
- Right click Start > Shut down or sign out > select Restart

Section 2 Hub Enrollment of W10Client01

On the ControlCenter server Desktop
- Open the Remote Desktops folder.
- Double click on W10Client01.RDP client
- Sign-in with password VMware1!
- Select OK to login

NOTE: This should be the VM on which you changed the hostname and IP address in the previous exercise.

Enrolling using Workspace ONE Intelligent hub
- Select the Start button to launch the Programs Menu.
- Under W , launch Workspace ONE Intelligent HUB.

In the Workspace ONE Intelligent Hub
- Under Email or Server Details field, enter cn-livefire.awmdm.com
- Click NEXT

Note: If you are seeing an error: Agent Connection Failed. Unable to get the enrollment details. Follow the below step to resolve:

1. Navigate to Task Scheduler service from Start > Task Manager > More Details > Details tab.

2. End task on Task Scheduler service. It automatically restarts. Wait for 30 seconds before Intelligence HUB agent restarts. (Can be verified by an icon showing in your taskbar icon tray. )

3. Close the intelligent HUB application and reopen. Enter the Server Address as dw-livefire.awmdm.com.

This error means the Agent initialization has not completed. This is a new issue we are observing in our lab environments and have an escalation in place with our development team.

Please reach out to one of the instructors for assistance.

In the Group ID Prompt,
- Enter the groupID unique to your tenant. (Follow the next step to retrieve your GroupID information. )
- If you have it, Click NEXT.

To retrieve the Group ID value,
- Navigate to your ControlCenter Server and open Google Chrome. Browse to Workspace ONE UEM console (cn-livefire.awmdm.com)
- Hover your mouse pointer over the LIVEFIRE (next to the Workspace ONE UEM Logo). You should see a small pop up window with Group ID information.
- Copy or take a note of this Group ID value.
- RDP back to your W10Client01 Machine to proceed with the enrollment.
- Paste your Group ID.
- select NEXT.

You will be re-directed to the WorkspaceONE Access authentication page.
- From the Select your Domain drop down click euc-livefire.com
  - Select Next.
- In the username, enter Mark
- In the password area, enter VMware1!
- Select Sign In

In the Want an even better experience window?,
- Select I Agree
- On the Congratulations window,
  - Select Done

Section 3: Hub Enrollment of W10Ext01a

On the ControlCenter server Desktop
- Open the Remote Desktops folder.
- Double click on W10ClientEXT01a.RDP client
- Sign-in with password VMware1!
- Select OK to login

Enrolling using Workspace ONE Intelligent hub
- Select the Start button to launch the Programs Menu.
- Under W , launch Workspace ONE Intelligent HUB.

In the Workspace ONE Intelligent Hub
- Under Email or Server Details field, enter cn-livefire.awmdm.com
- Select NEXT