EUCZero Trust 2020 Device TrustSetting up your Environment

Setting up your Environment

Our Day 1 labs focuses on the Device Trust pillar of Zero Trust architecture. Today you will be working on the SaaS Tenants of VMware Workspace ONE UEM & VMware Carbon Black Cloud to secure your devices. 

In this lab you will be completing a few pre-requisites before we can start implementing our use cases.  This will be required configuration before we proceed with the rest of the labs for Device Trust.

There are four parts to this Lab

1. Create a basic user

2. Connect and configure Workspace ONE Intelligence

3. Setup an Automation connector

4. Enrolling a Windows Device in your assigned Workspace ONE UEM environment

NOTE: Screenshot precedes Instructions in this lab

Part 1 -Create a basic user

In our SaaS tenant, we are using a basic user account to enroll our device for Day 1. This helps us eliminate the pre-requisite work for setting up connector and adding users from Directory to our SaaS Workspace ONE UEM.

  1. Log into your lab environment using your MyLearn credentials.
    1. Navigate to the ControlCenter2 Machine from the Left Console panel in your LAB portal.
    2. On the desktop of ControlCenter2 open Google Chrome and browse to
    3. Use the e-mail address you signed up to the course with as the User Name (<your email address>).
    4. Click NEXT.
  1. In the Workspace ONE UEM console
    1. Enter the password: VMware1! 
    2. Click Log In
    3. In the Terms of service select Accept
    4. Answer a Password Recovery question and answer and a Security Pin. Select SAVE.
    5. Select the X to Close Workspace ONE UEM Highlights
    6. You should now be on the Getting started window of the UEM console which is the default landing page.

Remember to keep a note of your 4 digit pin.

NOTE: If login fails, verify you are using the same Email address your signed in to myLearn portal and start this course. If yes, please reach out to your instructor for assistance. 

  1. Now create a basic user for enrollment
    1. Click ACCOUNTS in the left navigation pane
    2. Under Users > List View click ADDAdd User from the ADD dropdown.
  1. On the Add/ Edit User window,
    1. Fill in the following fields and leave the rest as default.
      1. User name: Livefireuser
      2. Password: VMware1!
      3. First Name & Last Name: (Values need not be real)
      4. E-mail Address: [email protected]
    2. Click SAVE.


Part 2 - Setup Workspace ONE Intelligence

  1. Enable Workspace ONE Intelligence,
    • Open a new tab on the browser and navigate to your Workspace ONE UEM portal. (
    • Select Monitor on your left of the Workspace ONE UEM pane and then select Intelligence and click GET STARTED
  1. On the next page click the check box next to Opt In and click NEXT at the bottom of the page.
  1. Observe the Terms of Service,
    • Scroll down and fill in the required details (possibly create a custom email for this session)
    • Select ACCEPT
    • You will be redirected to the Workspace ONE Intelligence interface at this point.

NOTE: Values need not be real.

Part 3: Setting up Automation Connector in Intelligence

With the Automation connector, insights from Workspace ONE Intelligence can be used to create automations that connect to Workspace ONE UEM and other third party tools, such as a home-grown ITSM or ticketing solution, to take action within those tools. Notifications can also automatically be pushed to these tools via the Automation Connector.

Intelligence comes with build in Automation connector for Workspace ONE UEM, Slack & ServiceNow. You can also choose to use Custom connectors use REST APIs for communication and the API development tool Postman to create standard requests.

In this section we will be setup built in connector for Workspace ONE UEM.

  1. On the Workspace ONE Intelligence console,
    • From the panel at the top, click on Integrations.
  1. Under Workflow Connectors tile, click on VIEW.
    • You will notice you get redirected to the Automations tab on the Panel
    • Select GET STARTED
  1. Select the Integrations tab again
  1. Under Integrations
    • In the Workflow Connectors area, select VIEW
  1. In the Workspace ONE UEM Tile, click on SET UP.
  1. Provide the following infomation,
    • Base URL:
    • Auth Type: Leave default
    • User Name: <Workspace ONE UEM admin username>  (hint: The email address you logged in to the workspace ONE UEM console)
    • Password: VMware1!
  1. To retrieve the API key,
    • Open a new browser tab and navigate to your Workspace ONE UEM Console. (
    • Navigate to Groups & Settings > All Settings.
  1. Override REST API Settings,
    • Under Settings Window, Navigate to System > Advanced > API > REST API.
    • Select Override under Current Setting.
  1. Once you SAVE, you will see it will Re-generate the API key for the Service AirWatchAPI. Copy this API Key and go to Intelligence console in your previous browser tab.
  1. In the Intelligence Console, paste the API key,
    • Paste the Workspace ONE UEM API Key you copied from UEM console in Intelligence.
    • Click on AUTHORIZE

Verify the status says Authorized.

If this fails, verify the admin credentials (Same credentials used to login Workspace ONE UEM Console) and ensure you copied the correct API KEY for the service AirWatchAPI.

Part 4:  Windows 10 - Intelligence Hub Enrollment

Once you have setup your environment and successfully completed the previous section, you will proceed to enroll a Windows 10 VM client in our on-premise LAB environment using the WorkspaceOne Intelligence Hub.

  1. Access the W10Client02 Virtual Machine,
    • On the ControlCenter2 Machine's desktop, open the Remote Desktop folder.
    • Double click on W10Client02 RDP client to open an RDP session and sign-in with password VMware1!
  1. Enrolling using Workspace ONE Intelligent hub
    • Select the Start button to launch the Programs Menu.
    • Under W , launch Workspace ONE Intelligent HUB.
  1. Enter Server Address,
    • Under Email or  Server Details field, enter
    • Click NEXT

Note: If you are seeing an error: Agent Connection Failed. Unable to get the enrollment details. Follow the below step to resolve:

1. Navigate to Task Scheduler service from Start > Task Manager > More Details >  Details tab.

2. End task on Task Scheduler service. It automatically restarts.  Wait for 30 seconds before Intelligence HUB agent restarts. (Can be verified by an icon showing in your taskbar icon tray. )

3. Close the intelligent HUB application and reopen. Enter the Server Address as

This error means the Agent initialization has not completed. This is a new issue we are observing in our lab environments and have an escalation in place with our development team.

Please reach out to one of the instructors for assistance.

  1. In the Group ID Prompt,
    • Enter the groupID unique to your tenant. (Follow the next step to retrieve your GroupID information. )
    • If you have it, Click NEXT.
  1. To retrieve the group ID value,
    1. Navigate to your ControlCenter2 Machine and open Google Chrome. Browse to Workspace ONE UEM console (
    2. Hover your mouse pointer over the LIVEFIRE (next to the Workspace ONE UEM Logo). You should see a small pop up window with Group ID information.
    3. Copy or take a note of this group id value.
    4. RDP back to your Win10Client02 Machine to proceed with the enrollment.
    5. Paste your Group ID. Click NEXT.
  1. Enter credentials for Basic user you created in the previous section.
    1. Enter the basic user  username as Livefireuser
    2. Enter the password as VMware1!
    3. Click Sign In
    4. When the Enrollment Complete Message appears, select Finish
  1. In the Want an even better experience window?, select I Agree
    • On the Congratulations window, select Done.

Great Job! You have successfully completed this lab. Please proceed to the next lab!

Rohit Masand


Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.