News

VMware Brings MDM to PCs, Macs and Chromebooks

The quest to unify enrollment, management and security of all devices in Workspace One comes together as VMware extends AirWatch MDM to the desktop.

• By Jeffrey Schwartz
• 08/31/2017

VMware is making it possible for users to connect their Windows 10 PCs, Macs and Chromebooks to enterprise networks the same way they enroll their Android and iOS phones with the company's AirWatch mobile device management (MDM) systems.

AirWatch, an integral component of VMware's Workspace One platform, can now let employees enroll their Windows 10 PCs just like mobile devices, by entering their enterprise credentials. Organizations can now incorporate the same security, polices and MDM capabilities used to manage mobile devices and apply them to Windows 10 PCs, VMware announced at this week's VMworld conference in Las Vegas.

Mac and Chromebook users will have the same capability later this year, the company said. VMware claims it's the first to provide a unified approach to enrolling and managing PCs, Macs and Chromebooks, as well as mobile devices, using the same MDM capabilities. If organizations embrace this new approach to desktop deployment and lifecycle management, it could accelerate a shift away from the traditional approach of creating and deploying images.

The unified MDM capability is now possible because Microsoft earlier this year released the Intune portion of its Graph APIs, and Apple has provided device management APIs that will be available in its fall macOS Sierra upgrade. VMware and Google announced last week a partnership to enable Chromebook management with Workspace One.

"Within VMware, we have leveraged those public APIs extensively," said Sumit Dhawan, senior VP and general manager of the company's End User Computing business in his keynote address Monday afternoon. By "extensively," Dhawan explained that their use goes beyond just enrollment and providing policy management; it's about integrating identity management and applying context, while striking a balance between providing user control and privacy and ensuring that corporate data remains secure.

Dhawan said Workspace One has evolved to meet its mission of bringing mobile, desktop and application management together in a "holistic" manner.  The company has added the VMware Identity Manager into its AirWatch console, which it said will provide a common interface for managing devices, context and identity. It also has a simplified mobile single sign-on interface, and using the Microsoft Graph API, it can apply Office 365 enrollment and management, as well as support for other SaaS apps. The new Workspace One release will manage and enforce security polices and provide Office 365 data loss prevention (DLP) upon release of the Office APIs by Microsoft.

"It gives you one way of unifying the experience across all applications, one place to unify your management across all devices," Dhawan said. "This we believe is a massive change, and we think is a great opportunity for you."

Workspace One will enable administrators to control how policies, patches and upgrades are pushed out to branch offices using the Adaptiva OneSite tool that VMware licensed earlier this year. By distributing the updates on a peer-to-peer basis using a content delivery network (CDN), organizations don't need to have servers at those branch locations, said Jason Roszak, VMware's Windows 10 director of product management.

In addition to enabling PCs, Macs and Chromebooks to be configured and managed like mobile devices, VMware also said that the Workspace One Horizon 7 VDI and virtual application platform will be available on Microsoft's Azure cloud service in October. VMware, which announced its plans to offer Horizon 7 on Azure back in May, released the technical preview last week. The company, which first extended Horizon beyond vSphere to the IBM Cloud earlier this year, said the Horizon Cloud service running on Microsoft Azure will start at $8 per-user, per-month.

VMware also plans to enable automation of Windows desktops and applications using its Just in Time Management Platform (JMP) tools, which include Instant Clone, VMware App Volumes and User Environment Manager, by bringing them into a single console.

That will let administrators more easily design desktop workspaces based on a users' needs, said Courtney Burry, senior director of product marketing for Horizon at VMware, who gave a demo of the new capability during the keynote. "The underlying JMP automation engine [will] build those desktops for you," she said. The integrated JMP console is now in preview.