September 12, 2017 - Sven Huisman
AirWatch Express hands on
AirWatch Express is available for quite some time now, but I never had the chance to experience the features of this basic mobile device management (MDM) solution from VMware. I recently helped a customer to configure AirWatch Express and it really was ‘mobile device management made simple’. On the other hand, it offers really basic functionality, so if you need just a little bit more features you have to upgrade to the Green Suite (or Workspace ONE).
The features that AirWatch Express offers are:
- Devices: Device management for Android, iOS, macOS and Windows devices.
- Apps: Distribute apps from public app stores.
- Email: Configure E-mail (Exchange Active sync).
- Wi-Fi: Configure Wi-Fi.
- Integration: Integrate with Directory services.
- Blueprints: All configuration is done by creating blueprints. Just a couple of clicks to configure the policies.
- Security: Create policies to secure your devices (remote wipe, lock, force encryption).
- Reports: Use real-time dashboards to see information like security status, operating system, device ownership and more.
The get an impression of AirWatch Express, here are a couple of screenshots.
The first time you log on to your AirWatch Express console, you are guided through a setup:
The first question you have to answer is if you are going to manage Apple devices. If so, you have to request a Apple Push Notification Certificate.
After you downloaded the Certificate request file, uploaded it to Apple, downloaded the Apple certificate, you can then upload the Apple certificate to the AirWatch Express portal.
The next step is to install the VMware Enterprise Systems Connector (VMESC, also known as the AirWatch Cloud Connector). Enter a certificate password to secure the installer. You need this password to install the VMESC on an internal domain-joined server.
This VMESC has an outgoing connection to your AirWatch Express environment.
Once the VMESC is installed and the connection is tested and successful, the Directory services can be configured. I recommend using a read-only AD service account:
The final step of the configuration is set Up Apple’s Volume Purchase Program.
This is an optional step. Once you finished the configuration, you are ready to create blueprints.
In the menu on the left, select Blueprints:
You are now presented with 7 steps to create a blueprint. In a blueprint, you configure Apps, resources and policies and assign the blueprint to users or user groups.
First step is to give the blueprint a name:
Add one or more applications to the blueprint:
Configure Email and Wi-Fi.
The Email configuration basically asks to enter the Exchange ActiveSync host and an account name (the name of the Email profile on the mobile devices). It seems that no other Email configurations are possible.
Configuring Wi-Fi is also pretty basic. Security type can be set to: None, WEP, WPA or WPA2.
The next step is to configure policies. You Can see which policies are applied to the different types of platforms. The ‘Require Passcode’ policy is also very basic. If you want users to be able to use fingerprint are a pattern to unlock their phone, you can’t use this policy. Again, if you need more functionality, upgrade to Green.
An overview of all the policies:
Final step is to assign users or groups to the policy:
Finally, you can publish the blueprint. Immediately it becomes active:
In the dashboard you get a nice overview of the status of your devices:
If you select one of the devices, and you go to profiles, you can actually get an overview of the profiles that are created by the blueprints:
You can also open the profiles to see what’s in it, but unfortunately you cannot edit the profiles. These are the profiles you normally configure with the other AirWatch suites.
This was a quick overview of the AirWatch Express features. It’s pretty easy to configure and to setup, but also very basic. If you need more functionality, consider one of the other AirWatch suites or one of the Workspace ONE editions.