VMware Cloud Expert

LAB 02 - Restricting Device access in Secure Facilities

Updated on

INTRODUCTION

Profiles in Workspace ONE UEM are the primary means to manage and configure your Windows devices. Find information about various profiles that connect to and protect resources, that restrict and control devices, and that are specific to the user and/or device

You can think of profiles as the settings and rules that, when combined with compliance policies, help you enforce corporate rules and procedures. They contain the settings, configurations, and restrictions that you want to enforce on devices.

A profile consists of the general profile settings and a specific payload. Profiles work best when they contain only a single payload..

While profiles can be used to manage any device (Windows, Android, iOS) in this lab we focus on creating profiles for iOS and Android devices. You can however, create profiles for other devices if you choose to.

TASKS

STATE/ORGANIZATION MANDATE

For security reasons, you have to enforce a mandate you have to eliminate/minimize exposure to the threat of users copying secure information from secure facilities and illicitly or otherwise taking that data offsite. Record management solutions have been deployed that  ensures only the appropriate users can access specific secured data. This solution also tracks the check-in and check out of files, limits users ability to copy, email or print the files. However a huge concern is the possibility of users simply taking a photo of the files content and then walking away with it.

Your Organization would also like Employees devices configured with corporate Wifi access, eliminating the need of them configuring it manually and possibly choosing outdated security protocols.

Task 1 - Restrict Device Camera access (iOS)

In this task, you explore and implement the core payload to restrict an iOS device functionality. You will also configure this restriction to only be enforced when the device(s) are within a defined Geo Location.

  1. If you are no longer logged into the WS1 Console, From your laptop/desktop launch your preferred browser
    and go to http://ws1.creedtek.com
  2. Login to Workspace One Console URL as:
    • Username:  [Your UserID listed in table in lab 1]
    • Password:   WorkSpace0ne! (Or whatever you set it to in lab 1)
  3. Once in the WS1 Console, Click Resources --> Profiles --> Settings --> Areas
  1. Click + GEOFENCING AREA to define a new Geo Fenced location
  2. In the Add/Edit Area Prompt, enter the following details
    • Area Name: {YourName}-Location I.E. CReed-Location
    • Address: {An address of your choice, preferably, your current physical address}
    • Radius: 0.8 KM
  3. Click CLICK TO SEARCH
  4. Click SAVE
  1. Click the "X" in the upper right hand of the settings dialog to close it
  2. Click Profiles --> ADD to add a new Profile
  3. Click Add Profile
  1. Click iOS
  2. Click Device Profile
  3. On the General page define the profile as follows:
    • Name: {Your Initials} iOS Restrict Camera Use on-Site I.E. CR iOS Restrict Camera Use On-Site
    • Smart Groups: Employed Owned (xxxx /Employee Owned)
      Where       xxx is the name of your OG
    • Check Only install on devices inside selected areas
    • Assigned Geofence & iBeacon Areas: {Select the area you created in step 7}
  1. In the left pane Select the Restrictions Payload
  2. Click Configure
  3. Uncheck Allow use of camera
    Look to the right and note that this payload is only effective for iOS4, IOS 13+ and the device must be supervised
  4. Click SAVE AND PUBLISH
Task 2 - Setup Corp Wifi Profile for Multiple Platforms

Profile Resources simplify the provisioning of Wi-Fi, VPN, and Exchange payloads for Workspace ONE UEM deployments that support multiple device platforms, such as iOS, Android, and Windows.

Create a profile resource for any of these payloads and define the general settings each device platform receives. You can then optionally configure platform-specific settings that apply only to those devices.

Profile Resources are defined, managed, and deployed separately from device profiles. Deploy profile resources alongside device profiles to provide deep and broad device management for all supported platforms in your deployment

In this task you will define a Wifi Profile resource for iOS and Android devices

 

  1. WS1 Console, Click Resources --> Profiles & Baselines
  2. Click Profile Resources
  3. Click ADD RESOURCE
  4. Click Wi-Fi
  1. Define the Resource as follows:
    • Resource Name: {Your Initials} Employee Org Wi-Fi
    • Service Set Identifier: VMware Wifi
    • Security Type WPA Personal
    • Encryption: AES
  2. Click NEXT
  1. Select iOS and Android
  2. Click Next
  1. In the Smart Group field, select Employee Owned (xxxx /Employee Owned)
  2. Click SAVE

Conclusion

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Message

Download Article PDF Print Article