Today at VMworld 2019 Europe, VMware, Inc. unveiled innovations to its VMware Workspace ONE digital workspace platform to help organizations improve employee engagement from the moment they sign their offer letter through the day they retire. In addition, a new zero trust security architecture and hybrid and multi-cloud VDI advancements were launched, and the company provided an update it is partnering with Microsoft to speed modern management adoption.
“For too long, enterprise security and digital employee experience have been pitted against one another. There is a common misconception that when efforts are made to strengthen one area, the other must ultimately suffer. This simply is not true,” said Shankar Iyer, senior vice president and general manager, End User Computing, VMware. “Through many of the innovations announced today, Workspace ONE enables an organization to provide a productive and engaging employee experience while simultaneously embracing a zero trust security model.”
“Day Zero” Experiences Engage New Employees Across Entire Lifecycle
At VMworld 2019 U.S., VMware introduced digital concierge services, including an artificial intelligence-driven virtual assistant, to help IT and HR reimagine the onboarding and day-one employee experiences. Today at VMworld 2019 Europe, VMware unveiled new Workspace ONE Intelligent Hub innovations aimed at further improving the employee experience. These new features are focused on improving engagement between a company and an employee even before that employee’s first day on the job.
Workspace ONE supports new day zero experiences to more securely provide new hires access to useful resources in Intelligent Hub such as company directory, intranet, and benefits information before their start date. In addition, new hires will be able to use Intelligent Hub to complete certain onboarding workflows, such as selecting technology to be delivered to the employee on their first day.
In an effort to seamlessly blend employee’s physical and digital experiences with technology, VMware is introducing a new integration of Intelligent Hub with HID Global, a worldwide leader in access control solutions. The new Intelligent Hub “Passport” feature will enable employees to use the app on their personal or company-owned mobile device to gain entry to buildings. The first-to-market solution makes it possible for the employee’s identity and access allowances to be verified instantly, providing employees with a seamless experience and security teams with a modernized approach to physical access control.
Finally, to help companies improve the experience consumers have while using their mobile applications, VMware also launched Workspace ONE Intelligence for Consumer Apps. This service empowers organizations to capture and monitor performance data from their consumer-facing mobile apps to help them make data-driven decisions to resolve issues faster, improve engagement, and reduce churn.
New Privacy Guard Provides Transparency Into How Employee Devices and Apps are Being Managed
Workspace ONE Privacy Guard will provide employees with transparency into how their device and business apps are being managed by IT. For instance, employees have visibility into the data that is being collected as well as device permissions that are being requested by an application on both personal (BYO) or corporate devices. Launched today, employees will now receive notifications from Privacy Guard in Intelligent Hub that indicate when IT has changed any app or device management policies.
VMware built the Privacy Guard software developer kit (SDK) into Workspace ONE productivity applications, including Boxer, Content, Notebook, Web, and more to protect the privacy of employees when using these business apps. In addition, VMware has made the Privacy Guard SDK available to all application developers so they can provide the same level of transparency to their end users.
Workspace ONE Simplifies Zero Trust Access to Any Application Across the Digital Workspace
Employees are demanding employers enable flexible workstyles. Apps are moving to the cloud. A company’s device mix is increasingly heterogeneous. All of these factors are breaking down the enterprise security perimeter, rendering the traditional “castle and moat” security approach obsolete. In its place, zero trust security and other similar models are emerging.
VMware today published a zero trust security architecture to help customers modernize their approach to digital workspace security. The architecture outlines how to bring together device management and compliance; conditional access; app tunnel and proxy; risk analytics; and automated remediation & orchestration to enable a zero trust security model.
Workspace ONE is the only digital workspace platform that can bring these critical technologies together to enable zero trust security:
Device Management and Compliance: Workspace ONE Unified Endpoint Management (UEM) enables customers to manage all devices – mobile, desktop, rugged and IoT – across all platforms from a single console;
Conditional Access: Workspace ONE Access is the conditional access engine, supporting customers’ existing identity infrastructure, and leverages continuous verification of compliance provided by Workspace ONE UEM and Workspace ONE Intelligence analytics. Workspace ONE Access also can invoke step up multi-factor authentication as dictated by policy;
App Tunnel and Proxy: Least privilege access to on-premises applications is enabled via cross-platform VMware Tunnel and Unified Access Gateway (UAG) and/or by enabling virtual application access with VMware Horizon. Virtualization inherently protects the application infrastructure and can be accessed via UAG edge services;
Intelligence Risk Analytics: Launched at VMworld 2019 U.S., Workspace ONE Intelligence now offers user and device risk scores – quantifiable scores based on multiple risk attributes that can be used within conditional access policies and to initiate automated remediations; and,
Automated Remediation & Orchestration: Workspace ONE Intelligence enables automated remediations and orchestrates workflows across critical ITSM investments for ticketing, notifications, and other actions.
VMware continues to enrich its Workspace ONE Trust Network ecosystem and today introduced the Trust Network Ingest API. With this API, partners can integrate with Workspace ONE Intelligence faster, ultimately enabling customers to take advantage of integration sooner. Additionally, VMware announced that Zscaler, Wandera and Zimperium are committed to release their integrations with Workspace ONE Intelligence via this Trust Network Ingest API soon.
Also announced today, multi-factor authentication (MFA) is now built directly into the Workspace ONE Intelligent Hub app and Workspace ONE Access, enabling IT to step up authentication requirements when deemed necessary without putting inconvenient roadblocks in the way of employees trying to access apps and workflows from Intelligent Hub. Part of the Workspace ONE platform, no additional apps or integrations are required to enable MFA to a customer’s digital workspace environment.
Finally, VMware Workspace Security will bundle Workspace ONE Intelligence with Carbon Black Cloud Endpoint Advanced as an add-on service for Workspace ONE Advanced edition. The new offering brings cloud-based Next Generation Antivirus (NGAV) and behavioral threat detection into Intelligence’s analytics and automation across the digital workspace, which is further complemented by Carbon Black LiveOps on demand query and security response capabilities.
Simplified Hybrid and Multi-Cloud VDI and App Management Drive Day 2 Operational Efficiencies
VMware is simplifying management of virtual desktops and apps from on-prem to cloud with unique advancements in VMware Horizon. Firstly, several of the Horizon Services for Multi-Cloud announced at VMworld 2019 U.S. are now, or will soon be, generally available.
The Monitoring service is now available, enabling administrators to surface Horizon performance data so they can proactively monitor, troubleshoot, and remediate their environment from a single, cloud-based console. In addition, the Horizon Image Management service will enter beta testing phase in fiscal year (FY) Q4. The service will help admins create and manage images, and easily reuse those images distributed across Horizon deployments.
In addition, generally available in FYQ1 for Horizon 7, including Horizon 7 on VMware Cloud on AWS, a new version of App Volumes will enable customers to simplify app packaging and lifecycle management by leveraging new algorithms for AppStack delivery. By decoupling package management and delivery, applications owners and packagers can work freely and respond quicker to user requests.
Enhancements to Horizon Cloud on Microsoft Azure continue to release at a rapid pace. Updates in the latest release include high availability for Pod Manager, support for custom Azure Resource Tags for desktop and farm assignments, enhanced logging and auditing capabilities in the Horizon Cloud administration console, and enhanced alerting during pod upgrades. These updates help simplify day two administrative work for enterprises and deployments of all sizes. Customers in highly-regulated industries can also take advantage of compliance certifications available with Horizon Cloud, including HIPAA, PCI (which includes Horizon Cloud control plane PCI certification), and SOC 2 Type 1.
Lastly, Workspace ONE now enables admins to manage their Horizon persistent virtual desktops alongside all other physical and virtual workspaces from the Workspace ONE UEM console. Leveraging UEM for day-to-day desktop operations, such as new patches and policies, deploying applications, etc., minimizes the need to create new desktop images for smaller updates, reducing re-imaging frequency and associated time and cost.
Workspace ONE Leads in Modern Management Across Devices and Platforms
As the PC market shifts to UEM, VMware is rapidly innovating to prepare customers for Windows 10 modern management, including the introduction of Baseline auditing for Windows 10 Group Policy Objects (GPO) and Mobile Device Management (MDM) security policies to protect against configuration drift. Workspace ONE’s modern PC management depth and AirLift migration contributed to VMware attaining the highest score for the PC management use case in the 2019 Gartner Critical Capabilities for UEM report.
Workspace ONE is leading the way in helping customers quickly adopt complete Windows 10 modern management – an integral part of their digital workspace transformation journey. Customers are managing the full lifecycle of any endpoint; orchestrating workflows across multiple identity, security, and IT tools; and supporting modern cloud services from Google, Apple, Samsung, and others. VMware sees a similar need to offer Microsoft 365 customers a tailored option to better address their specific Windows 10 modernization requirements.
Introducing Workspace ONE for Microsoft Endpoint Manager
VMware and Microsoft are working together to enable customers’ rapid move to modern management solutions that are built on cloud intelligence and automate Windows 10 management tasks to help IT spend their time in the most impactful ways. Building on Microsoft’s announcement of Microsoft Endpoint Manager yesterday at Microsoft Ignite 2019, today VMware announced it will partner with Microsoft to develop a new solution – VMware Workspace ONE for Microsoft Endpoint Manager – to help enable modern management for Windows 10 devices.
Workspace ONE for Microsoft Endpoint Manager will enable customers to take advantage of Workspace ONE’s digital workspace platform with modern management for the Windows desktop, and data and cloud insights built on top of Microsoft Endpoint Manager. Workspace ONE will continue to deliver to customers enterprise-ready services including – multi-platform management depth, unified app catalog experience, Intelligence analytics and automation, multi-tenancy, industry-leading VDI and apps, and a zero trust security framework.
The first phase of this integration will be made available middle of calendar year 2020 and will focus on maximizing employee experience for Workspace ONE for Microsoft Endpoint Manager customers – including unique onboarding workflows, proactive employee experience management, and self-service access to enterprise services and apps. This will become VMware’s recommended solution for mutual Workspace ONE and Microsoft Endpoint Manager customers to manage Windows 10 devices. VMware will also provide migration assistance to these customers to adopt this new integrated solution, once available.
In addition, VMware will extend conditional access for Microsoft 365 apps and services via Workspace ONE and integration with Microsoft Endpoint Manager and Azure Active Directory Premium across BYO use cases, which will be available as a tech preview in FYQ4. Also, VMware will extend Microsoft Windows Virtual Desktop capabilities to customers using Horizon Cloud on Microsoft Azure. Available in tech preview in FYQ4, Horizon Cloud on Microsoft Azure will add industry-leading functionality to the benefits that customers can only receive on Azure with Windows Virtual Desktop, such as Windows 10 Enterprise multi-session and up to three years of free Extended Security Updates for Windows 7.
La Poste Enhances Customer Services with Workspace ONE
La Poste, a subsidiary of Le Groupe La Poste, is a postal service provider in France that serves more than 1.3 million customers every day. La Poste delivers 23.3 billion items worldwide (letters, printed advertising media and parcels) every year, and with its 17,000 postal retail outlets, it is one of France’s leading local business networks.
“With the emergence of e-commerce, businesses and consumers alike have drastically different expectations of their postal service provider than those they had just a decade ago. As such, La Poste is undergoing a digital transformation to modernize and expand its services that ultimately help us get closer to our customers,” explained Lionel Chaine, chief information officer, Parcel and Courier Services, La Poste. “For instance, we are arming our postal workers with smartphones so they can better serve customers they encounter on their daily routes as well as installing tablets in our retail locations to enable customer self-service. With VMware Workspace ONE, we are able to manage and better secure hundreds of thousands of these devices from a single platform. And, the seamless delivery of applications to these devices via Workspace ONE is critical to serving our customers in an efficient manner.”