Application version control with Workspace one UEM and Intelligence
In this lab we are going to go over the tools Workspace ONE UEM and Workspace ONE Intelligence give us for visibility and control of application version and their use on scenarios where certain application versions have been deemed not secure due to unpatched vulnerabilities.
The lab environment we built for this course has network limitations that dont allow SaaS based Workspace one intelligence to communicate with on-premises Workspace ONE UEM deployments, so we are going to connect to https://cn-livefire.awmdm.com instead of https://uem.euc-livefire.com
Part 1: Adding an application to the UEM console
on this part we are going to add an application to the Workspace one UEM application catalog, so we can deploy it to machines that have the vulnerable old versions of the application. We are doing this on the SaasS based UEM tenant (https://cn-livefire.awmdm.com) so you could do this from your own computer's browser
1. Navigate to the Workspace ONE UEM SaaS based console, from your browser:
- in the Address Bar type https://cn-livefire.awmdm.com
- In the Username field type in the Username you got in your Welcome email.
- Click Next.
2. finish authenticating into the Workspace ONE Saas based console:
- in the Password field, type VMware1!
- click on Log in
3. If you get the Workspace ONE UEM Console Highlights window:
- Check the box next to Don't show this message on login
- Click on the X on the upper right corner to close the window
4. Hover over the organizational navigation tree and make sure you are on your organizational group.
5. Navigate to APPS & BOOKS > NATIVE and click on ADD APLICATION
6. In the add application window:
- the organizational group id should default to your organization group. If not cancel this wizard and check the organization Group Dropdown menu.
- Next to Application file click on UPLOAD
7. in the Add prompt:
- Choose the Link radio button next to Type
- on the link field, type https://download.videolan.org/pub/vlc/3.0.10/win64/vlc-3.0.10-win64.msi
- Click SAVE
8. in the Add application window click on CONTINUE
9. Click on SAVE & ASSIGN
10. In the assignment window click on ADD ASSIGNMENT
11. In the Select Assignment Groups field Start typing All and select All Devices from your organizational group.
12. Make sure the App Delivery Method is set to ON DEMAND and click ADD. We dont want Workspace ONE UEM to push the application to every device, we want the pushing of the application to be triggered by workspace one Intelligence.
13. Verify your assignment and click on SAVE AND PUBLISH
14. In the Preview Assigned Devices window, you should see your Windows 10 machine. Click PUBLISH
15. This is what your native implementation window should look like right now. Click on the newly created VLC media player 3.0.10 (64-bit) application
16. In your address bar, look for a number after internal/ this is the payload ID of your application in the Workspace ONE UEM database. Please write this down as you are going to need it later. Leave this window open for later use.
Part 2: configure intelligence
In this part we will create a dashboard displaying the information about the application version distribution, and an automation to update software version which have beem deemed vulnerable.
1. Launch Intelligence:
- On your left menu bar navigate to MONITOR > Intelligence
- Click on LAUNCH
2. In the Workspace ONE Intelligence console click Dashboards and Click ADD DASHBOARD on the My Dashboards page
3. In the Dashboard Name field, type Application version control and click SAVE
4. Click on ADD WIDGET
5. In the Add Widget wizard click on START
6. In the category dropdown menu:
- Select Workspace ONE UEM
- Select Apps
7. In the Add widget wizard:
- Type VLC Versions on the Name field
- In the Data Visualization section make sure SNAPSHOT is selected
- In the Chart type section Choose DONUT
- In the Measure section make sure Count is selected in the first field and App Identifier in the second one.
- In the Group by field select App Version from the dropdown menu
8. On the filter section:
- On the first column select App Identifier from the dropdown menu
- On the second column select Includes
- On the third column start typing VLC and select VLC media player
- Click on SAVE to save the widget
9. Click SAVE to save the dashboard
10. Click on SAVE to confirm saving the dashboard
11. Click VIEW on the VLC Versions widget
12. To create the automation flow, click on AUTOMATE
13. On the Add automation window, on the filter section click the PLUS SIGN to add another filter to the IF part of the automation
14. In the second row:
- Select App Version from the dropdown menu on the first column
- Select Starts With on the second column
- type 2 on the third column
15. in the Action menu:
- Under Available Connectors select Workspace ONE UEM
- Click Install Internal Application
16. On the Payload Body section:
- Next to application ID type the number you captured in Part 1 step 16.
- Click the slider next to Enable automation
- Click Save
17. Click SAVE & ENABLE to confirm your action
18. You should now see your newly created automation. leave this window open for later use.
Part 3: Verifying automation functionality
In this part we will see in action the automation you just created, from the virtual machine and the Workspace ONE Intelligence dashboard.
1. From your Controlcenter2 desktop:
- open the Remote Desktops folder
- double click the W10Client02.RDP shortcut
2. Enter VMware1! in the password field and click OK
3. In the notification area, right click the Workspace ONE hub App and click Sync
4. Go back to your browser with the Automation window open, and on the VLC UPDATE card click VIEW
5. On the Automations > VLC UPDATE page click on Activity
6. Check the Activity window until you see an install action show up as COMPLETED
7. Go back to your Windows 10 vm remote desktop session:
- From your desktop, open VLC media player
- In the VLC window go to Help > About
8. In the about window you can see your vlc application has been updated succesfully.