Introducing Rollcall - Azure Active Directory to Workspace ONE Access SCIM Proxy

I don't even know where to start here!

This project has been one of the most frustrating but educational things I have done in a long time. For a long time I continually get asked how we can use Azure Active Directory natively in Workspace ONE without needing an On-Prem AD and/or LDAP via the Connectors.

Originally I thought it was mostly that the VMware developers just hadn't prioritised getting this in the Access Environment and it was something that Microsoft just didn't allow, but after learning Node.js and Angular and taking on this task I realised there was a lot more to it.

The Elusive Cloud Based Windows Deployment

It's a bit like Bigfoot. Some have said they've seen it, and can suggest how it might work. Some think it will never eventuate the way we want. And Apple has had this capability for years!

There are some technical challenges from a Windows/x86/x64 perspective, but I would have thought it would be easier. My last couple of posts have been talking about building a Windows Deployment Server in your network, and while I was building this out it really made me look at the possibility of making this available over the Internet. I spent days trawling through Windows docs and lots of other pages trying to find a way to embed a VPN client into my WinPE Boot Image, but the answer was surprisingly MUCH simpler than that.

I've been sitting on this for a while and its been pretty exciting to get this working. 

If you want to know how to deploy a customised Windows 10 image to your staff, over the Internet, and have it automatically enroll into Workspace ONE read on.

Imaging Windows 10 Devices for Workspace ONE - Part 2: Creating, Capturing and Deploying a Reference Image

Now that you have a WDS environment that can complete some basic task sequences and deploy images, to make this much more useful we need to create a reference image that has (some or all of) our Workspace ONE UEM Windows 10 apps in it. We also want it to automatially enrol into Workspace ONE UEM for the end users.

I know that we normally talk about "not having an SOE" but seeing you're here you must have a use case for it, however lets make it as simple and lean as possible!

Some of the steps below are a bit out of the ordinary for a default WDS environment task sequence so please read carefully.

Imaging Windows 10 Devices for Workspace ONE - Part 1: Installing Windows Deployment Services

Full disclose straight up - this is a long one.

I often get asked that once we remove SCCM from a customer's environment and provide full Modern Management with Workspace ONE, how do we image machines? Well, you can obviously just use what comes on the PC and enroll it then remove whatever you don't want. There's also Dell Factory Provisioning which allows you to provide the configuration and have the Dell Factory apply the image and have to directly sent ready to be used (GREAT by the way). What about if you're not using Dell? What about if the hard disk fails and needs to be replaced?

That's what I'm going to answer.

So I wrote my first App

And it was exhausting! I've never really been interested in coding, but with being in front a computer a lot more I've been able to spend a bit of time learning some new skills. It started off by wanting to learn some more about interacting with the Workspace ONE APIs, but I ended up wanting to add 'just that little bit more' until I ended up with something I'm somewhat happy with.

I am sure the code is very inefficient and I had to learn a lot of new concepts but what I've created is - Workpace ONE COVID-19 Notifier

What it allows you to do is obtain the latest COVID-19 Statistics for your Country and send a message to Workspace ONE users and devices.

Read on to see how I can see this being used!

Tech For Good: Use your idle desktop compute to help fight COVID-19

We're in a such a strange period of time globally at the moment. On the one hand, the entire world is going through the same thing bringing us together but on the other we're all "social distancing" or being isolated from each other.

Personally, I've been working from home all week.  While this isn't something new - I usually try to block out one or two days a fortnight - I've had a lot more time on my hands without the travel and disuptions. After being prodded by APJ Field CTO here at VMware, suggesting I put some thing social media about VMware and our Tech For Good program, I thought what could I actually do could help others join forces for the greater good as well.

VMware itself has advised all of our global employees to work from home too so there's a lot more chatter on Slack, and one of the things we've been talking about is everyone installing Folding At Home on our homelabs to contribute our spare compute capacity to finding a way to fight COVID-19.

This got me thinking - now that everyone is working from home, think of all the compute that is just sitting on the desks of all offices around the world. Sure we can put it into our datacentres (stay tuned for more on this), but I think I could come up with a way to get this onto all PCs managed by Workspace ONE at scale and fold the night away!

Managing Windows 10 Applications with Workspace ONE UEM

VMware has done a lot of work in the past few years with Application Deployment as part of our Windows 10 Management capabilities.

That is why it's taken me so long to get to this article - I didn't know where to start without being overwhelmed!

For Application Deployment on Windows 10 with Workspace ONE UEM, we (predominantly) support .MSI .EXE and .ZIP files as installers. We also have a lot of parameters and capabilities around deploying these to cover many scenarios. Below you'll find a good overview of what we can do and why you may want to choose one over the other.