alexwhite19800
asked on
Identity Management & Mobile Apps
Currently for mobile we use a third party solution (BlackBerry Dynamics) for enterprise mobility. This is a containerised solution for BYOD, where there is a secure email app and browser.
Users are set up on a BlackBerry Dynamics server, have their own password and so on.
I'm reading more and more that identity management and protecting the corporate data itself is becoming the future rather than containerisation. This would help us towards a more native experience. VMWare Workspace ONE is supposedly a platform that can achieve this, but I'm wondering how this works.
Can someone explain?
Users are set up on a BlackBerry Dynamics server, have their own password and so on.
I'm reading more and more that identity management and protecting the corporate data itself is becoming the future rather than containerisation. This would help us towards a more native experience. VMWare Workspace ONE is supposedly a platform that can achieve this, but I'm wondering how this works.
Can someone explain?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes one common identity provider as true source and all apps managed centrally via ONE.
Workspace ONE provides an abstraction layer between directory and policy, so that access policy management can be centralized for all applications across multiple clouds and on-premises. For those already bridging AD and Azure AD with ADFS or PingFederate, Workspace ONE leverages those investments and still provides device posture-based conditional access controls.
https://blogs.vmware.com/euc/2016/08/office-365-workspace-one.html
There are more from one such as DLP, Multifactor authentication etc
https://blogs.vmware.com/euc/2016/10/workspace-one-office-365.html
Workspace ONE provides an abstraction layer between directory and policy, so that access policy management can be centralized for all applications across multiple clouds and on-premises. For those already bridging AD and Azure AD with ADFS or PingFederate, Workspace ONE leverages those investments and still provides device posture-based conditional access controls.
https://blogs.vmware.com/euc/2016/08/office-365-workspace-one.html
There are more from one such as DLP, Multifactor authentication etc
https://blogs.vmware.com/euc/2016/10/workspace-one-office-365.html
ASKER
Thanks!
I looked at the video in the second link very interesting....
1. When viewing MS Office apps within WS1, we can prevent copy and paste for example. Does this require Intune?
2. I notice that the user has to download a profile, which implies MDM. Is this true?
I looked at the video in the second link very interesting....
1. When viewing MS Office apps within WS1, we can prevent copy and paste for example. Does this require Intune?
2. I notice that the user has to download a profile, which implies MDM. Is this true?
1. No need. It is in ONE.
https://blogs.vmware.com/euc/2015/02/understanding-vmware-workspace-environment-management-wem-welcoming-immidio.html
This quarter, our EUC team will release new data leakage capabilities within Workspace ONE’s already broad set of features. Leveraging these powerful new product enhancements, organizations can finally streamline the deployment of Office 365 and set the right policies for secure access to apps and data.2. The profile is part of ONE Workspace User Environment Manager. It aims to simplify profile and policy management with personalized access across devices and locations for end-users.
The new Workspace ONE update will allow “open-in” policy enforcement across any third-party app, including Office 365, on any device. This will intercept and filter network communications going to cloud-based resources, allowing the Workspace ONE policy engine to block this type of data leakage. Even if a user connects a personal content repository to their Office 365 apps, Workspace ONE blocks copying of corporate data to those content repositories.
https://blogs.vmware.com/euc/2015/02/understanding-vmware-workspace-environment-management-wem-welcoming-immidio.html
ASKER
So, essentially, because more and more apps are going to use a common identify provider, we can use more and more native applications providing that the common identity provider was integrated with our Active Directory (which will increasingly become more and more integrated with Azure AD)?