As a marketing leader, one of the most exhilarating and rewarding undertakings is to define and activate a new brand. And it’s a rare opportunity to define a brand for an established business with industry-leading solutions. I’m privileged to have the opportunity to do both as the End-User Computing Division (EUC) prepares to be divested from Broadcom and become a standalone business under KKR ownership.

I’m thrilled to introduce you to Omnissa — the future name of EUC. While we remain part of Broadcom until the KKR acquisition closes later this year, we are previewing our new brand at www.omnissa.com from May 6, and I want to share the story of what it stands for.

The name Omnissa originated from a rigorous process that included our employees, customers, and partners. We asked these stakeholders to describe EUC and built our brand on this foundation.

Omnissa speaks to the central role our platform plays in making digital work better for everyone. We sought a name that aligned to our company purpose, was memorable, and could be easily pronounced. Omnissa (pronounced ahm-NISS-uh) is inspired by a vision of empowerment. It draws from a blend of ideas that suggest the comprehensive nature of our platform’s capabilities and usefulness. It conveys a sense of working calmly, with all the knowledge and insight you need, no matter what you’re doing or where you are.

The name is new, but our purpose remains unchanged — to empower employees to do their best work from anywhere through smart, seamless, and secure experiences. 

We Are Omnissa

​We are Omnissa.

​We make digital work work, for businesses and their people. 

No painful IT processes or productivity trade-offs. Instead, a seamlessly delivered digital employee experience that simplifies work. 

Our comprehensive digital work platform enables IT teams to provide secure, personalized experiences for every employee, on any device. Omnissa unifies, automates, and efficiently scales the digital workspace. 

By empowering employees to do their best work anywhere, we help workforces everywhere unlock exponential business value. 

We plan to launch the Omnissa brand more broadly once the acquisition of our business by KKR has closed. In the meantime, we continue to prepare for the transition with a strong focus on our go-to-market relationships with customers and partners.

1. We remain committed to our comprehensive digital workspace platform that includes Workspace ONE and Horizon, and the autonomous workspace vision powered by data and intelligence.
2. We are investing in our global partner ecosystem.
3. We are bolstering our dedicated sales, services, and support functions in preparation for becoming a standalone business.

As our SVP and GM Shankar Iyer shared in his recent blog, we are entering an exciting new chapter for the EUC business and for our customers and partners. I look forward to sharing more about our new brand, Omnissa, when we take the next step in our acquisition journey.

The post Introducing Omnissa, the former VMware End-User Computing business appeared first on VMware End-User Computing Blog.

As cyber threats become more complex, it’s crucial for organizations to implement robust security measures. In today’s treacherous digital landscape, securing users’ access to organizational resources is critical. Workspace ONE Unified Endpoint Management (UEM) includes conditional access security capabilities that are beneficial for macOS admins and users.

Conditional access in Workspace ONE allows organizations to define specific access policies based on a variety of conditions. This capability then considers the context of both the device and the user at the moment of access to assess their security status. For example, conditional access may note that a user is logging in from an uncommon location, or there has been an unusual spike in download activity. A variety of actions can be taken based on the results of this analysis, such as granting full access to corporate resources, enforcing multi-factor authentication (MFA), or auto-remediating configuration issues.

This dynamic security capability enables admins to ensure that only trusted devices and users can access sensitive information and applications. Let’s explore how conditional access can be leveraged within Workspace ONE for macOS.

Integration with Workspace ONE UEM enrollment status

One of the key features of conditional access is its integration with Workspace ONE enrollment status. This allows admins to use the enrollment status of devices as a condition for access policies, which can enhance the security of macOS environments.

Per-app conditional access policies

Workspace ONE enables admins to define per-app conditional access policies for macOS devices so access to specific apps can be restricted based on factors like device compliance, user identity, and network location. For example, admins can create policies that require MFA for access to sensitive applications, adding an extra layer of security.

Integration with Microsoft Entra Conditional Access

Workspace ONE enrollment and compliance status for macOS can be integrated with Microsoft Entra Conditional Access policies (formerly Azure AD) to enhance security and compliance. This integration allows organizations to enforce policies based on the enrollment and compliance status of macOS devices managed by Workspace ONE. By utilizing Microsoft Entra Conditional Access policies, organizations can ensure that only compliant and enrolled devices can access corporate resources, reducing the risk of unauthorized access and data breaches.

Integration with Google’s Context-Aware Access

We’ve enhanced Workspace ONE for macOS by integrating Google Chrome Enterprise (formerly BeyondCorp) context-aware policies, boosting security and identity management. This integration with Google enables authentication for Google Workspace apps based on device compliance in Workspace ONE. Workspace ONE communicates with Google through an API to relay compliance status, ensuring macOS devices that meet security standards gain access to necessary resources.

Benefits of using conditional access in Workspace ONE for macOS

Here are three benefits macOS admins can achieve with conditional access in Workspace ONE:

• Enhanced security: By enforcing access policies based on device enrollment status and other factors, organizations can improve the security posture of their macOS environments.
• Improved compliance: Conditional access in Workspace ONE helps organizations comply with regulatory requirements by ensuring that only authorized devices and users can access sensitive information.
• Increased control: Admins have greater control over access to applications and data, allowing them to enforce policies that align with organizational security requirements.

Additional resources

Find more information here:

• Learn more about the integration with Google Context-Aware Access here: Use Compliance Data in Google BeyondCorp Context-Aware Access. 
• Learn more about the integration with Entra ID here: Use Compliance Data in Azure AD Conditional Access Policies. 

The post Conditional access with Workspace ONE integrates seamlessly with Microsoft Entra ID and Google’s Context-Aware Access for macOS appeared first on VMware End-User Computing Blog.

Representatives from the Broadcom End-User Computing (EUC) Division had the privilege of attending the Gartner Digital Workplace Summit March 18–19, 2024, in Grapevine, Texas. More than 900 attendees comprising digital workplace leaders, architects, and IT execs came from around the globe to learn about trends, tools, and techniques to prepare for the evolving digital landscape. Attendees had access to industry experts who presented a vision for the future of digital employee experience (DEX) and ways organizations can leverage the tech. The summit served as a platform to dive into future trends, contemporary tools, and the essence of delivering exceptional DEX.

EUC Division of Broadcom at DWS 2024

As a Platinum sponsor of the summit, we hosted a thought-provoking presentation on the second day. Marshall Anne Busbee, Director of Product Marketing for End-User Computing, shed light on the use cases and tangible ROI of DEX in her session titled “Unlocking Seamless Experiences with Digital Employee Experience (DEX).” This discourse proved timely as attendees sought insights into leveraging digital employee experiences to address challenges associated with hybrid and frontline work models.

During our session, we underscored the pivotal benefits offered by our EUC solution, including holistic visibility into employee experiences, cost savings through reduced support ticket resolution times, optimization of hardware planning, and enhanced employee perception of IT services. Additionally, Marshall Anne gave great insight from recent Fortune 500 CIO roundtable meetings. Just six months ago, CIOs gave VMware* EUC leaders the feedback that they needed a tool to help them monitor the productivity of employees. Fast forward a few months and the sentiments from CIOs were more focused on ensuring that employees have tools to be productive — quite a progression in a relatively short period of time. If you missed it, please review the conference materials for our thought-leadership session, “Unlocking Seamless Experiences with Digital Employee Experience (DEX).”

During the EUC Division session, we discussed the challenges of enabling hybrid work, the evolution to a human-centric DEX model, and our approach to delivering a world-class DEX solution. We also showcased several use cases and enhancements to our platform: 

• How data science and context-driven automation drives evolution to the human-centric DEX model: single platform, common framework for detecting anomalies, remediation recommendations and steps for faster resolution with our guided root cause analysis (you have to check out this click-through RCA demo here).
• How companies leverage Workspace ONE to reduce MTTR for top inbound support tickets: device health score/alerts, AI-driven insights, timelines, and device profile view, and intelligent self-service via ITSM portals. Learn more here.
• Enhancements of DEX for Horizon: the new console and navigation, plus additional capabilities like measuring the Wi-Fi signal strength of the endpoint device to its connected Wi-Fi source. Check out this great new video on Intelligence for Horizon.
• Application license optimization and unused software removal, with unified app ID across mobile, web, and virtual with true usage indicators. Read more in this blog.
• Critical application availability monitoring leverages synthetic URL testing for both internal and external services and how to leverage Freestyle Orchestrator to automate communications.

These innovations demonstrate our dedication to providing a complete DEX solution that boosts productivity, offers quicker issue resolution, and enhances employee engagement. Learn how the EUC digital employee experience (DEX) solution can help your organization:   

• Deliver scalable platform support for a diverse set of use cases
• Offer tangible ROI through data-driven Experience Management
• Allow IT to remediate more issues and “shift left” 

Key takeaways and interactions from DWS 2024

Interacting with attendees at our booth during the summit provided invaluable insights into the prevailing sentiments and interests regarding DEX solutions.

Attendees expressed excitement regarding our DEX capabilities, with many seeking further information immediately following Marshall Anne’s session. Our “Enable Proactive IT” message resonated well, by highlighting features such as proactive alerts and providing ways organizations can reduce their top inbound service desk tickets. There was significant interest in our demos of the ITSM Connector with ServiceNow, which showed how we empower service desks with streamlined access to experience data and remediation actions. First-time encounters with Workspace ONE Intelligent Hub impressed business leaders, as they recognized its value as a centralized hub for end-user experiences. Last but not the least, we had several Horizon admins stop by to learn how we support virtual deployments in addition to physical device deployments.

Looking ahead

In tandem with the Digital Workplace Summit, we announced several new capabilities for the Workspace ONE digital employee experience solution, further underscoring our commitment to driving DEX innovations. Inside this blog, you can continue your voyage toward enhancing digital employee experiences by accessing the 2023 Gartner® Market Guide for DEX Tools. Arm your organization with the insights and tactics detailed in this fantastic report, elevate your hybrid work paradigm to unprecedented levels, and transform your workplace into a nucleus of innovation, cooperation, and unmatched DEX.

As organizations are transitioning to the holistic “human-centric” approach, consider a single platform that measures both qualitative and quantitative aspects, and balances the data derived from all types of devices and all the ways that employees do their work.

For more insights and updates, stay connected with the latest announcements and innovations from the End-User Computing Division team through our End-User Computing Blog, and explore our DEX solution page to discover how we support organizations in offering seamless and secure digital employee experiences across diverse environments.

*Broadcom acquired VMware as of November 23, 2023, and on December 7, 2023, expressed intent to divest EUC. Read more from Shankar Iyer, SVP & GM, End-User Computing Division, Broadcom.

The post Preparing for the digital evolution: Insights from the 2024 Gartner Digital Workplace Summit appeared first on VMware End-User Computing Blog.

Specific types of organizations are required to configure their endpoint security protocols in accordance with designated standards and benchmarks, such as those established by the National Institute of Standards and Technology (NIST) or the Center for Internet Security (CIS). Some organizations choose to align with these standards simply because it’s good practice.

The macOS Security Compliance Project (mSCP) is an open-source tool that allows admins to create security profiles based on these well-defined standards, customize them based on their organization’s specific needs, and import them into Workspace ONE. By leveraging this integration, admins can streamline the deployment and management of their security profiles, solidifying the overall security posture of their macOS fleet.

Benefits of using mSCP

mSCP provides a comprehensive set of security guidelines based on the combined wisdom of industry best practices and Apple’s own security documentation. The tool includes supported baselines from organizations including the aforementioned NIST and CIS, plus the Defense Information Systems Agency (DISA) and the Committee on National Security Systems Instruction (CNSSI). By using mSCP, organizations can establish a baseline security configuration that aligns with the standards that these institutions have carefully constructed to protect their macOS devices against threats and vulnerabilities.

Some of the key benefits of mSCP are flexibility and reliability. Because admins can customize the baseline settings, it’s relatively easy for admins to strike the right balance between higher levels of security and usability for their specific company’s needs. In terms of reliability, mSCP is regularly updated to reflect the latest security guidance from Apple, helping organizations stay ahead of emerging threats.

Enhancing deployment with Workspace ONE

Workspace ONE offers a seamless way to deploy and manage security profiles generated by mSCP. The profile upload functionality in Workspace ONE allows admins to upload the mSCP .mobileconfig profiles directly into the Workspace ONE console.

This integration simplifies the deployment process, allowing admins to apply security configurations to their macOS devices quickly and efficiently. Furthermore, Workspace ONE provides robust management capabilities, such as compliance checks and remote wipe capabilities, ensuring that devices remain secure throughout their lifecycle.

If you want to get started with this process right away, we have a resource on Tech Zone that can help you: Enforcing macOS Security Compliance Project Baselines: Workspace ONE Operational Tutorial.

Conclusion

In conclusion, leveraging the mSCP in conjunction with Workspace ONE can significantly enhance the security of your macOS fleet. By creating a security baseline based on industry best practices and seamlessly deploying it using Workspace ONE, organizations can better protect their macOS devices against a wide range of threats.

Additional resources

• Visit our Tech Zone tutorial.
• Visit Apple’s web page for the macOS Security Compliance Project.
• Visit the mSCP on GitHub.

The post Creating custom macOS security baselines with the macOS Security Compliance Project and Workspace ONE appeared first on VMware End-User Computing Blog.

We’re thrilled to announce the limited availability of Cisco Identity Services Engine (ISE) v3.1+ and Workspace ONE Unified Endpoint Management (UEM) integration with the Workspace ONE UEM 2402 release. This integration ensures that your end user’s devices can safely and securely connect and access network resources, even when their MAC addresses are randomized, or in scenarios where they are connected through multiple network interfaces, dongles, or docking stations.

A bit of history on Workspace ONE UEM and Cisco ISE integration 

For a significant part of the past decade, Workspace ONE UEM (formerly AirWatch) and Cisco ISE have integrated to enhance network security for organizations. By combining Workspace ONE UEM’s robust unified endpoint management capabilities, which ensure data and device integrity, with Cisco ISE’s advanced network access control features, organizations can establish a cohesive security framework that ensures compliance and effectively mitigates security risks. By leveraging Workspace ONE UEM’s device management insights, Cisco ISE can dynamically enforce access policies based on information such as device compliance status. This strengthens the organization’s security posture and helps safeguard against unauthorized access attempts.

Prior to version 3.1, Cisco ISE software leveraged MAC addresses to uniquely identify devices within Workspace ONE UEM and query compliance information.

Depending on the compliance status, Cisco ISE can then either permit the device to access the network or prompt the user to register the device with Cisco ISE and enroll it in Workspace ONE UEM. Conversely, if a device violates an active compliance policy, access to the network is promptly restricted, and the end user is directed to remediate the compliance issues.

The challenge with the rise of MAC address randomization

For years now, major operating systems like iOS 8+ and Android 8+ have integrated some form of media access control (MAC) address randomization. This was aimed at strengthening user privacy by preventing attempts to track devices using their genuine MAC address. Initially, these operating systems only randomized MAC addresses during Wi-Fi network scans but maintained the use of a static, genuine MAC address when actually connecting to networks.

However, this shifted with the introduction of Android 10 by Google in late 2019. This update made MAC address randomization the default behavior even during network connections. Following suit, iOS devices with the release of iOS 14 not only began employing randomized MAC addresses by default for connecting to networks but also introduced a “Private MAC Address” feature. This feature rotates MAC addresses every 24 hours post network connection, further enhancing user privacy. Similarly, Windows 10 by Microsoft incorporated MAC address randomization, extending these privacy benefits to Windows users.

While MAC address randomization offered substantial privacy advantages, it posed challenges for integrations reliant on consistent MAC address for device identification. This is particularly evident in scenarios involving Cisco ISE and Workspace ONE UEM, where devices may present different MAC addresses based on the SSID used, the network connection type (wired, wireless, or VPN), or when connected through dongles or docking stations. Consequently, when Cisco ISE communicates with Workspace ONE UEM using MAC address, Workspace ONE UEM may fail to see the MAC address as belonging to any valid device. This can result in the device not being able to authenticate or gain access to network resources.

Introducing enhanced integration: Harnessing the power of GUIDs

To overcome the challenges posed by MAC address dependencies stated above, Cisco ISE and Workspace ONE UEM will now leverage globally unique identifiers (GUIDs) for unique device identification. Unlike MAC addresses, which can vary, GUIDs offer a stable and consistent means of device identification across various networks and SSIDs.

When a device enrolls in Workspace ONE UEM, an administrator can configure a certificate containing the device UUID, which serves as the Workspace ONE UEM-generated GUID value, to be delivered to the device. This certificate, with the GUID, when utilized by the device for authentication into the network, can be used by Cisco ISE to look up the device uniquely within Workspace ONE UEM. All communications between Cisco ISE and Workspace ONE UEM are seamlessly streamlined through the utilization of GUIDs.

Want to learn more?

To delve deeper into implementing this enhancement and unlocking the full potential of your network security infrastructure, refer to our detailed Tech Zone article “Integrating Workspace ONE UEM and Cisco ISE v3.1 and Beyond.”

Don’t let MAC address randomization disrupt your end user’s access to the network. Enhance your network security and management efficiency now with the advanced integration of Cisco ISE and Workspace ONE UEM. Get in touch with your account manager to enable this feature.

The post Introducing enhanced integration between Cisco ISE and Workspace ONE Unified Endpoint Management appeared first on VMware End-User Computing Blog.

Anyone who has had a laptop stolen knows the great frustration that comes with losing not only an expensive piece of tech but also the precious work and personal information, photos, and everything else that’s stored on it. Apple understands this, and long ago introduced a feature designed to make would-be thieves think twice about stealing Apple hardware.

Activation Lock is a security mechanism for macOS and iOS devices that ensures a device, even if it has been factory-reset — even if an admin has erased the device remotely — can never be accessed by anyone except the original owner (or, at least, someone with their credentials).

Theft deterrent

If a MacBook was stolen and a factory reset performed with Activation Lock enabled, the device would still ask for existing authorization codes at next startup. Without the authorization codes, the only way to gain access would be to contact Apple support, provide proof of purchase, and have them clear the Activation Lock. So, with this function enabled, no thief can ever use or resell a stolen Apple device (to a happy customer at least), nor can identity theft or corporate espionage take place, as all files and resources remain securely locked away even after a reset. Thus, there’s simply no reason to take whatever risks may be involved in stealing an Apple device in the first place. It’s an elegant solution to an ugly problem.

Potential challenges in business

In business, however, Activation Lock can sometimes become an obstacle. Specifically, an employee who has left the company may run a factory reset on a device to wipe personal information before returning it to IT, with Activation Lock still enabled. Because IT doesn’t have the user’s credentials, in the absence of some kind of MDM-based workaround, the only recourse would be a time-consuming search for proof of purchase and a subsequent call to Apple support to get Activation Lock cleared.

The solution in Workspace ONE

With the launch of Workspace ONE version 2402, Workspace ONE now provides the ability both to enable and to clear Activation Lock on supervised Macs. To enable Activation Lock, admins can use the “All Settings” capability to set global policy enabling Activation Lock on all Macs, or by Smart Groups. By contrast, the “Details View” allows you to manage individual devices. Options for bypassing and clearing are more detailed and flexible.

How to disable Activation Lock

You can disable Activation Lock on all Macs or set policy by Smart Groups or by individual device, in the same way you enable the functionality as noted above.

However, if Activation Lock was left enabled and is an obstacle to re-assigning a used device, there are several options:

• Clear Activation Lock in the console: Admins can clear it on a specific Mac through the console in the “Device Details” view with a simple mouse click.

• Enter a bypass code: Workspace ONE provides a code you can enter during Setup Assistant to bypass Activation Lock.

• Wipe the device via Workspace ONE: Simply perform a wipe using Workspace ONE. Doing so will give you the option to disable the Activation Lock function.

For the sake of clarification, we should note this only works on supervised devices. Workspace ONE admins will not be able to clear Activation Lock from BYOD or any other type of unmanaged device.

In conclusion …

We can see that with this new functionality in the console, Activation Lock on macOS becomes what it was always meant to be for Workspace ONE customers: all good in terms of accomplishing security through deterrence, with none of the obstacles.

Additional resources

• Please review our Activation Lock tutorial on Tech Zone.
• Review Apple’s web page for more details about Activation Lock.

The post New management capabilities now available for macOS Activation Lock in Workspace ONE appeared first on VMware End-User Computing Blog.

In the ever-evolving landscape of cyber threats, the CryptoChameleon phishing attack has emerged as a new example of how cybercriminals use advanced social engineering to gain access to victim’s accounts. Like a chameleon, the hackers camouflage themselves, but as trusted authorities, to blend in and stay hidden. This makes these attacks tough to spot and stop, especially for companies trying to keep their data safe. CryptoChameleon targeted the Federal Communications Commission (FCC), Binance, Coinbase, and other cryptocurrency platforms.

The victims of the recent CryptoChameleon phishing attacks shared usernames, passwords, password reset URLs, and even photo IDs. Our Workspace ONE Mobile Threat Defense technology partner, Lookout, uncovered this advanced phishing kit. CryptoChameleon is just one example of a sophisticated social engineering campaign, whereby attackers use information and awareness of human behaviors to infiltrate organizations. Thanks to the automated protections of Lookout, Workspace ONE Mobile Threat Defense customers with phishing and content protection enabled are protected from CryptoChameleon. Let’s dive into what makes CryptoChameleon so different from other phishing tactics.

Why was CryptoChameleon successful?

The phishing campaign looked and felt legitimate. The cybercriminals did their homework and built a very advanced phishing kit with carbon copies of single sign-on (SSO) pages to capture credentials. For example, the domain in question was fcc-okta[.]com, which is only a single character different from the legitimate FCC Okta Single Sign-On (SSO) page. On a mobile device, it’s not easy to spot a very good replica.

Furthermore, the fake page had a built-in captcha, a very clever tactic that made the page appear more legitimate and stopped web page crawling, which prevented automatic evaluation of the phishing site by security teams. Victims entered their login details and were presented with a verification code page. After using the fake verification, the victims were sent to a fake waiting page while the login was utilized. Finally, a live person in the form of a well-spoken operator supported the phishing kit. The operator answered a fake help line and then used a combination of email, SMS, and voice phishing to trick the victims into sharing usernames, passwords, password reset URLs, and photo IDs. The threat actor would tell victims that their accounts were under review and to attempt a log in later. Then, the victims would get an unsolicited phone call that spoofed the organization’s customer support line. The threat actor would inform victims that their account had been hacked, but that the victimized caller would help them recover the account. While the victims were on the phone with the threat actor, they would receive a text message that linked to a login page set up to mimic the organization’s legitimate Okta page. In the meantime, the cyber criminals would access the victim’s accounts with the access they had unwittingly provided.

How can organizations defend against CryptoChameleon?

Protecting against advanced phishing kits employing social engineering requires deep defense tactics. Here are a few key ways to secure your organization:

1. Increase education and awareness. Regularly train employees and users to recognize social engineering tactics and be cautious about sharing sensitive information. Notify and keep employees engaged by delivering the latest news, tips and tricks directly to their digital workspace with Workspace ONE Intelligent Hub.  
2. Use multi-factor authentication Implement additional layers of security, such as multi-factor authentication (MFA), to mitigate the impact of compromised credentials. MFA should be one part of an overall zero trust security approach that includes conditional access and zero-trust access to applications and resources. 
3. Deploy advanced mobile security. Workspace ONE Mobile Threat Defense has multiple layers of defenses, including phishing and content protection, to detect and prevent social engineering attacks. Workspace ONE Mobile Threat Defense protects against malicious links at the URL level, and it also ties in with Workspace ONE Unified Endpoint Management (UEM) so you can respond to threats automatically and share status across IT and security teams.

In conclusion

CryptoChameleon is an example of a very sophisticated social engineering campaign organizations encounter today.Powered by Lookout, Workspace ONE Mobile Threat Defense provides customers with comprehensive mobile security that includes phishing and content protection. With Workspace ONE Mobile Threat Defense, activation of mobile security is simplified, and automations and remediations can happen via security integration with Workspace ONE UEM.

Fortify your defenses by staying vigilant and informed and protect what matters most. See Mobile Threat Defense in action in our upcoming technical webinar here or contact your sales representative for a free trial.

The post Beware of CryptoChameleon, the new phishing threat that uses social engineering to trick victims appeared first on VMware End-User Computing Blog.

Unmanaged devices. A mix of traditional and cloud-based applications. Data scattered across different cloud environments. This complexity in the healthcare environment can create a nightmare for data security, compliance, and efficient care delivery. Each separate tool adds another layer of chaos.

So, what do we do about it?

The answer lies in embracing this diverse technology landscape while keeping the entire ecosystem secure. We need a solution that fosters collaboration between different technologies, safeguards data, and ensures robust system security. In short, we need to enable healthcare interoperability.

That’s why the End-User Computing (EUC) Division of Broadcom was proud to be a sponsor of the InteropNow! pavilion at the recent ViVE trade show. This sponsorship reflects our dedication to fostering discussions and showcasing how technology, like our suite of solutions including Horizon and Workspace ONE, can bridge the gaps in healthcare data. 

The EMR revolution and beyond

Electronic medical records/electronic health records (EMRs/EHRs) have revolutionized healthcare. Today, most healthcare organizations have implemented one. But technology keeps evolving, and so should our end-user computing strategies.

A traditional healthcare IT model relies on physical desktops loaded with applications. However, healthcare organizations are increasingly moving away from legacy EMRs toward more advanced platforms. This shift often coincides with a desire for data virtualization — which can be realized by switching from on-device data storage to virtual desktops in secure data centers, or in the cloud.

Here’s how end-user computing plays a crucial role in achieving interoperability:

• Virtual desktops (VDI) with Horizon. VDI allows healthcare professionals to securely access their virtual workspace and applications from any device, regardless of the underlying operating system. The desktop “follows” them wherever they go, empowering them to work seamlessly across different departments and hospitals, accessing patient data from various sources.
• Unified endpoint management (UEM) with Workspace ONE. Solutions like Workspace ONE Unified Endpoint Management can manage and secure a vast array of devices and applications used in healthcare. With Workspace ONE, end users can get passwordless single sign-on to a catalog that provides them access to virtually any app. This ensures consistent access to healthcare apps — from any device — while maintaining robust security protocols for sensitive patient data.

To summarize, healthcare interoperability ensures that healthcare data flows freely between systems, and EUC solutions like Horizon and Workspace ONE provide the tools and platform for secure access and management within this connected environment. 

It was great to connect with our customers and partners at ViVE to discuss the current state of healthcare end-user computing — and the vast possibilities that lie ahead. 

Are you ready to navigate the complexities of healthcare interoperability and unlock its potential? Let’s work together to create a connected healthcare ecosystem that puts patient data at the center, paving the way for a healthier future. Learn how we helped Hartford HealthCare, here.

The post ViVE 2024: Why healthcare interoperability is key, and how we’re championing it appeared first on VMware End-User Computing Blog.

In 2022, European Union (EU) watchdogs, the European Commission (EC), launched an ambitious project aimed at “ensuring fair and open digital markets.” Essentially, the goal of the Digital Markets Act (DMA) is to limit the power of designated technology “gatekeepers” and ensure they behave “in a fair way online.” These are the six online platforms designated gatekeepers:

• Alphabet
• Amazon
• Apple     
• ByteDance
• Meta
• Microsoft

For these select few, the EC laid out a set of business practices they’d need to change over the coming years to comply with the DMA. In the case of Apple, the EC deemed that the App Store, Safari, and Apple Pay are considered “core platform services,” and that competing developers must be allowed to offer alternative solutions to iPhone and iPad customers. As a result, iOS 17.4 includes multiple changes that will greatly affect users in the EU over time.

Alternative contactless payment systems

Companies are now able to develop solutions that make use of Apple’s Near-Field Communication (NFC) technology in a seamless and convenient way to create alternative tap-and-go payment systems that compete directly with Apple Pay in the EU. A developer entitlement is required for companies that decide to take advantage of the opportunity to compete with Apple Pay. The entitlement process allows Apple to ensure that:

1. Developers will incur fees to piggyback on the NFC tech that Apple spent valuable time and resources creating.
2. Competitors must, of course, be licensed with the proper authorities to provide payment services in the European Economic Area (EEA) 
3. Developers will comply with Apple’s minimal design guidelines. 

Options for Workspace ONE customers

If you are a Workspace ONE customer and have concerns about alternative payments systems running on corporate devices, you can simply block apps from being downloaded. With mobile device management (MDM), you can also use the Restrictions profile to remove the App Store. To hide individual apps and prevent these apps from running, you can use the “Hide App” functionality in the Restrictions profile. For more ways to block apps on corporate devices with Workspace ONE, review the tutorial on Tech Zone.

Alternative app marketplaces

Since the inception of the iPhone, millions of iOS customers have had one single place to download applications — the App Store. As such, it’s likely that the most impactful change in iOS 17.4 is the introduction of alternative app marketplaces that compete directly with the App Store in the EU. App developers may also use alternative (non-Apple) payment service providers (PSPs) to power in-app purchases or link users to out-of-app websites to conduct transactions. They can also, of course, use Apple’s own payment processing for a 3% fee (a typical cost for processing).

Apple has warned that any new marketplaces or alternative payment methods could introduce elements of risk in the form of privacy, security, and fraud threats, as Apple will have very little control over these entities. Constrained as they are by the DMA, Apple is taking what steps they can to mitigate these risks. 

Requirements for third-party marketplace developers

As mentioned, Apple now provides new APIs, allowing third-party developers to create and manage their own application distribution platforms (which will be available for download on their own organizations’ websites). Each aspiring marketplace developer is required to attain the proper developer authorization, through which Apple will ensure that they are adhering to certain requirements:

• Labeling that lets users know the app they’re downloading uses non-Apple payment processing
• In-app notifications telling users they’re about to transact using non-Apple payment processing
• Expanded data portability for users allowing them to export data about their app usage

Requirements for app developers

In addition to these requirements for marketplace developers, Apple has also implemented a notarization process for the applications they’ll be distributing. (Note: Historically, apps distributed through the App Store have always undergone a level of scrutiny by Apple to ensure integrity.) Notarization involves a set of “automated checks and human review” designed as a minimum guard against security and fraud risk. Apple has also implemented new protections that prevent apps from opening if they contain malware. Still, for apps that use alternative payment processing, Apple warns that the company will be unable to issue refunds and will have limited customer support capability. 

The message about alternative app marketplaces and payment services is clear: Swim at your own risk, EU!

App developers now also incur fees from Apple, and additional controversy surrounds a new one called the Core Technology Fee (CTF). The CTF kicks in only after an app has been downloaded 1 million times — so for the vast majority of apps it will never come into play. But in rare types of situations, it could prove costly. Apple has provided a convenient fee calculator to help developers quickly understand the cost of their app on an alternative marketplace.

Options for Workspace ONE customers

If Workspace ONE customers have concerns about alternative app marketplaces running on corporate devices, Apple has introduced a new Restrictions key available to block these from running on supervised devices. This Restrictions key will be supported in our next Workspace ONE Unified Endpoint Management (UEM) console release. In the meantime, you can also easily deploy this Restriction as a Custom Settings profile using the below XML: 

<dict>

        <key>allowMarketplaceAppInstallation</key>

        <false/>

        <key>PayloadDisplayName</key>

        <string>Restrictions</string>

        <key>PayloadDescription</key>

        <string>Block Third-Party App Marketplaces</string>

        <key>PayloadOrganization</key>

        <string></string>

        <key>PayloadType</key>

        <string>com.apple.applicationaccess</string>

        <key>PayloadUUID</key>

        <string>a9f1b84e-6695-4f47-bcfa-e6334228bce1</string>

        <key>PayloadVersion</key>

        <integer>1</integer>

        <key>PayloadIdentifier</key>

 <string>786da36c-8283-48cd-9a23-91dde10cf4d3.Restrictions</string>

</dict>

For more information on how we implement new profile keys, please see our End-User Computing Blog post introducing the data-driven UI for iOS profiles. 

Likewise, the Restrictions profile can be used to remove any suspicious applications from supervised devices via the “Hide Apps” functionality. For more information on ways to block apps on corporate devices with Workspace ONE, review the tutorial on Tech Zone.

Browser apps and alternative web browser engines in the EU

iOS 17.4 introduces a new, user-friendly experience for selecting default browsers. Upon first launching Safari on an iOS 17.4 device, users will be prompted to select their default browser from a list of main browser applications available in their market. Apple is also allowing app developers to embed alternative browser engines in their applications, no longer requiring the use of WebKit. In order to leverage an alternative web browser engine, a special developer entitlement is required, along with adherence to extensive security requirements.

Default app controls and expanded interoperability

To complement these changes, Apple is allowing users to set default app marketplaces and default contactless payment apps. Additionally, Apple has also exposed more than 250,000 developer APIs to provide third-party applications access to core platform technologies, such as device Bluetooth radios, the camera, and the microphone. An interoperability request form must be completed and approved by Apple to access this large swath of APIs. 

More changes may be coming

As things currently stand, Apple has submitted these changes to the EC as their answer to the issues. The EC is assessing the proposals and eliciting feedback from stakeholders. The final solutions that are ultimately implemented could look different from what’s been reported here, and we will endeavor to update you when the final settlement has occurred.

iOS 17.4 is available now

This is just a short summary of all the new technologies and application capabilities available in iOS 17.4. For more in-depth information, please visit Apple’s developer support article, “Update on Apps Distributed in the European Union.“

Additional resources  

Read more about these topics: 

• Announcement from Apple: “Apple Announces Changes to iOS, Safari, and the App Store in the European Union”
• Reuters article:  “Apple Offers to Let Rivals Access Tap-and-Go Tech in EU Antitrust Case“
• Reuters article:  “Exclusive: Apple Faces ‘Strong Action’ If App Store Changes Fall Short, EU’s Breton Says“

The post Apple iOS 17.4 introduces updates, including alternative app stores and payment methods appeared first on VMware End-User Computing Blog.

In a rapidly evolving digital landscape, managing endpoints effectively has become paramount for enterprises worldwide. With the proliferation of diverse devices and the need for seamless connectivity, organizations are seeking robust solutions to streamline their endpoint management processes. VMware^* Workspace ONE, an industry-leading solution within the Broadcom End-User Computing portfolio, continues to be a frontrunner in the unified endpoint management (UEM) domain, offering a comprehensive suite of tools designed to address the complexities of modern IT environments.

The recent industry update by Computerworld sheds light on the emerging trends of enterprise mobility and endpoint management. It highlights the increasing importance of UEM solutions in empowering organizations to navigate the challenges posed by remote work, device diversity, and security threats. Among the various players in the market, Workspace ONE stands out for its innovative approach and comprehensive feature set.

One of Workspace ONE’s key strengths lies in its emphasis on artificial intelligence-driven capabilities. By harnessing the power of AI and machine learning, Workspace ONE delivers predictive analytics, plus intelligent automation and workflows, that enable IT teams to proactively identify and address potential issues before they escalate and impact employee productivity. This predictive approach not only enhances IT efficiency but also strengthens security by preemptively mitigating risks. Recently, Workspace ONE previewed the use of GenAI-based scripting capabilities, which significantly reduce the burden on IT.

The UEM vendor comparison chart provided by Computerworld further underscores Workspace ONE’s leadership position in the market. Workspace ONE excels across various parameters, including security features, integration capabilities, and device support. Its robust security framework, encompassing features such as conditional access, encryption, and threat detection, ensures comprehensive endpoint protection and secure application access without compromising user experience. Furthermore, Workspace ONE’s seamless integration with existing IT infrastructure and third-party applications facilitates smooth implementation and interoperability. Whether managing mobile devices, desktops, or IoT endpoints, Workspace ONE provides flexibility and scalability for holistic endpoint management, eliminates costs across silos, and enhances visibility. These capabilities allow IT administrators to manage endpoints and user experiences effectively from one unified solution. With Workspace ONE’s cloud-native platform, Windows PCs can be managed via a modern approach with real-time updates and dashboards, which are critical in a time of remote work and increasing cyberattacks.

VMware Workspace ONE continues to lead the way as a standout performer in the realm of unified endpoint management. With its modern, AI-driven approach, comprehensive feature set, and broad support across all categories, Workspace ONE empowers organizations to embrace digital transformation with confidence. Here, at the End-User Computing Division, we are excited to be your trusted partner in driving efficiency, security, and innovation in the digital era.

Check out the Computerworld article and the vendor comparison charts below: 

• Enterprise mobility 2024: Welcome, genAI
• Download: UEM vendor comparison chart

* The End-User Computing (EUC) Workspace ONE solution is referred to by Computerworld as “VMware.” However, Broadcom acquired VMware as of November 23, 2023, and on December 7, 2023, expressed intent to divest EUC. Read more in this post by Shankar Iyer, SVP & GM, End-User Computing Division, Broadcom.

The post Workspace ONE continues to lead the charts in unified endpoint management appeared first on VMware End-User Computing Blog.