Home > Demo Guides > Workspace ONE

Experience Workspace ONE on Android

Workspace ONE is a digital workspace platform that simply and securely delivers and manages any app on any device by integrating access control, application management, and multi-platform endpoint management. Follow the steps below to experience Workspace ONE on Android.

Overview

• Section 1: Register your Android device

  • Download and install the Intelligent Hub.
  • Install Workspace Services on your device (Direct Enrollment)

• Section 2: Guided Work Experiences

  • Native Apps: Boxer and Office 365
  • SaaS Apps
  • Horizon Apps

• Section 3: Understanding Security Features

  • Data Loss Prevention
  • Conditional Access
  • Policies and Profiles

• Section 4: Enterprise Wipe

  • Login to the Workspace ONE UEM Console and issue an enterprise wipe

Before You Begin

Please ensure you have the following:

• A valid Omnissa TestDrive account.
• Microsoft Office 365 service enabled in the TestDrive Portal.
• An active Workspace ONE UEM service in the Omnissa TestDrive portal.

• Android device:

• Highly recommended OS level: Android 7.0+

• Minimum OS level: Android 5.0.  If Android 6.0 or under, encrypt the device.
• Workspace ONE UEM Admin Role: Device Administrator at World Wide Enterprises
• Network access from your device and TCP port 443 enabled on your network
• For Horizon apps: TCP ports 80, 443; and if using PCoIP, both TCP & UDP 4712

Section 1: Workspace ONE Registration

On the device, navigate to Google Play and download the Workspace ONE Intelligent Hub (Hub).

Your TestDrive email address follows the below format:

<TestDriveUsername>@asismon.com:

You can find your TestDrive email address by clicking View Details in the Workspace ONE Intelligent Hub section of the TestDrive Portal.

Launch the Hub and enter your TestDrive email address.

Authenticate using your TestDrive user credentials.

Choose the Enterprise - BYOD Demo organization group (OG).

Next, you will be guided through Workspace ONE Enrollment, beginning with the creation of the Android work profile.

Set your work profile PIN—only for the work profile, not your device—and install the recommended apps.  PIN complexity and apps are configurable in the Workspace ONE console.

After enrollment, the Workspace ONE guides you through setting up your device to make it compliant and provide recommended apps.  If you miss a step or exit the Hub, don't worry, the Hub will return to the setup.

Additionally, note the Workspace ONE notifications showing up in Android's notification area, each badged with the work profile icon.

Enter the work profile, where the Hub is now located. Note the "work" badging on the the work apps.

Section 2: Guided Work Experiences

The Hub aggregates all the apps your employees need whether its a virtual app, web app, or native app. Underpinning it all is Workspace ONE's identity solution, Workspace ONE Access, which provides single sign on and access policy controls to these apps regardless of what device type, enrollment status, or endpoint utilized.

In Favorites, users create links to their most used virtual and web apps.

In Explore, all available apps are listed.  Users can add web and virtual apps to Bookmarks; as well, native app installation is initiated from the Catalog.  Review the list apps showing all of the assigned apps.

Open Boxer and demonstrate the streamlined user access. Because of Workspace ONE's hidden security processes, other than confirming one-time Android security prompts, there is no user interaction or credentials entry required.

Both the app's settings and authentication certificate are configured by Workspace ONE UEM.  Workspace ONE Access provides SSO.

Open the Recruiting PowerPoint email or any other email with an Office attachment matching your installed Office 365 app. Using Workspace ONE or Boxer's "open in" function (pictured below), you can install your chosen app.

Install PowerPoint.

Office 365 setup will require you to enter your Office 365 email address which follows this syntax:

<TestDriveUsername>@asismon.com:

When prompted, choose the Workspace ONE-managed certificate. You'll then be set to use all Office 365 apps in the work profile.

Next, show SSO into another Office 365 native app.  Install one of the remaining Office 365 apps.  Launch it.  You'll be provided unfettered access to the other native apps.

Now try a web app. In the Hub, locate and launch the Microsoft 365 web app.

Android will prompt you to allow the authentication certificate provided by Workspace ONE. After allowing the cert just this once, you'll be able to access to your Office 365 instance.

Next, let's see the user experience when opening a Horizon app.

Go back to the Hub. The Horizon environments are divided by region. Search for the Visio 2016 Horizon app for your region. Once you find the Visio horizon app, click to launch the app. It will open into either the native Horizon app if you have it downloaded or HTML access if you do not have the Horizon app downloaded.

Finally, let's launch the Workspace ONE Web and tunnel to an internal site.  Install the Workspace ONE Web app from the Hub.

In tandem with the Workspace ONE Tunnel (VPN), Workspace ONE Web securely accesses internal corporate websites.  Web allows you to access important websites on your device while allowing your organization to ensure you're maximizing your productivity. Note the landing page is hosted on an internal server.

Additionally, show Workspace ONE Web's blacklisting. Web is setup in restricted mode. Tap either the Facebook or Twitter link to show those sites are blacklisted.

Section 3: Understanding Security Features

Workspace ONE brings data loss prevention, conditional access, plus policies and profiles to your users and devices.

First, we'll look at data loss prevention (DLP) controls. Return to Boxer. Copy some of the text from one of the demonstration emails.

While in the work profile, show the protected clipboard's contents by pasting the copied text into another Boxer email.  The clipboard will paste the contents.

Next, switch to a messaging app on the personal side of the device, not in the work profile. When you attempt to paste the clipboard, you will NOT have access to the clipboard'd contents from Boxer in the work profile.

Moving forward, let's review conditional access. In the Hub, find and launch the Patient Records web app. You will be denied access to the site because your device it NOT on an approved network.

Finally, let's attempt to uninstall one of the protected apps, like Workspace ONE Web. Apps can be designated protected apps to prevent accidental removal of key productivity apps. The protected apps are not allowed to be uninstalled.

Section 4: Enterprise Wipe

Workspace ONE can either be removed from within the Hub app by the user (if permitted), or most commonly, by an enterprise wipe command issued from the console. An enterprise wipe performed by an admin can be sent either manually or automatically by a triggered compliance policy. When the enterprise wipe happens on Android, the entire work profile and all of its contents are removed. Enterprise wipes do not touch personal data.

Log in to the Workspace ONE UEM console. Find your device and send the enterprise wipe command.

You may need to open the Hub so that it can receive the command.

After the enterprise wipe, note how not only all organizational app access is now removed, but also the work profile has been removed.  Also, be sure to state that no personal data was ever touched.  All that remains is the Hub.