Be the first to hear the mobile news. Enter your email to join.


6 New PCLM Capabilities for Windows 10 + Unified Endpoint Management

  • Aditya Kunduri By

As part of the VMware End-User Computing (EUC) mobile team, I am completely humbled seeing the level of enthusiasm from customers, media and analysts for our innovations in workspace and unified endpoint management (UEM).

At VMworld 2017, top customers, spanning industries and locations, talked about putting an end to IT management silos, about saving costs and about enabling new business and user experiences. Record audiences packed Windows 10 breakout sessions. And industry experts didn’t shy away from sharing their thoughts either.


So yes, it’s clear the force is strong with UEM!

What’s New for Windows 10 with VMware AirWatch UEM?

There’s no doubt that platform changes in Windows 10 drove UEM adoption. However, UEM was never going to be good enough if it only supported a modern mobile device management (MDM) feature set for Windows (e.g. new onboarding methods, MDM APIs, Universal apps, etc.). While this may allow IT to bring mobile and some desktop use cases (e.g. remote worker, off-domain, companion devices, etc.) under one console, they do not scale across every desktop use case that customers have today (e.g. domain-joined, corporate-imaged, large branch office deployments, etc.).

Thus, a robust UEM offering should not only embrace modern MDM efficiencies, but also combine these with traditional PC lifecycle management (PCLM) requirements, such as operating system (OS) deployment, configuration management, software distribution, OS patching and others.

In our latest release of VMware Workspace ONE, powered by AirWatch UEM technology, we continued to build upon these essential Windows 10 PC lifecycle management capabilities. These new features will allow IT to scale management across every Windows device and across any desktop use case, and truly lowers the cost of managing and securing your Windows deployments.


Let’s take a deeper look across each of these next-generation PCLM capabilities enabled via AirWatch UEM.

1. New Deployment Experience for Dell Devices

Businesses always tailored Windows deployments based on device types, use cases and even user roles and needs. This was not only expensive and resource intensive for IT, but also resulted in weeks spent procuring a device before handing it over to the end user.

Dell and VMware are introducing an industry-first, cloud provisioning service for Windows 10 devices, helping businesses realize the promise of “drop-ship.” This new Windows 10 Provisioning Service for Dell devices enables IT to deliver enterprise-secure, pre-configured Dell hardware straight from the factory to the user—whether the device is connected to a cloud (with Azure AD join) or on-premises (AD)domain. The experience is zero-touch for IT, and saves time and money associated with device deployment, setup and asset tracking.

2. Unique First Launch Experience Powered by Workspace ONE

The deployment is also complemented by a unique, first launch experience. The right work profiles, OS customizations, security policies and apps users need are delivered over the air (OTA) during first boot for instant productivity, without waiting on IT.

Critical IT and security settings automatically provision OTA, so devices stay protected and access to critical data and apps is only available on these secure endpoints. Users also see the installation status of apps IT makes available to them. As apps install, single sign-on access to approved cloud or remote apps minimizes users’ downtime.

This quick demo (0:17:06–0:18:05) walks through these two features.

3. Deeper Integration into Dell BIOS

At Dell EMC World, we announced the integration of AirWatch with the Dell Client Command Suite—Dell’s industry-leading client systems management tools—to extend management capabilities to the system BIOS. The extensible platform allows admins to query and retrieve key system attributes, configure critical BIOS settings and take remediation actions from the same AirWatch admin console used for managing other Windows policies.

In our latest release, we added new BIOS management use cases to improve system reliability and security.

  • Remotely manage BIOS dependencies (e.g. boot from USB) and settings for various security technologies (e.g. Secure Boot, Trusted Execution Technology/TXT).
  • Collect and report new asset management data points for device and desktop monitors (e.g. manufacture date, warranty end date).
  • Enable device error reporting (e.g. SMART error reporting for storage devices) to reduce user downtime.
  • Define the “how” and “when” of battery charging to generate value and meet a company’s sustainability and energy savings initiatives. (This cool AirWatch video further explains this feature!)

4. Scalable & Reliable Software Distribution for Win32 Apps

A majority of Windows enterprise software consists of classic Win32 (x86/x64) applications—large in size and complex to package, deploy and maintain. To deploy apps to remote worker and branch office endpoints, organizations mostly rely on costly distribution servers and storage infrastructure, requiring labor-intensive dedicated teams to maintain. Branch offices do not have the network bandwidth to support delivery of applications at scale.

To address this challenge, VMware partnered with Adaptiva to bring their industry-leading peer-to-peer (P2P) content distribution capability to AirWatch. The zero-footprint caching technology ensures no additional on-premises infrastructure will be needed to support faster and more reliable app delivery and download.

P2P caching and local deduplication ensures no content is downloaded twice from the content distribution network (CDN), minimizing bandwidth utilization. Innovative bandwidth harvesting capabilities allow for congestion-free utilization of the CDN, so business-critical traffic is unaffected. Also, since data is distributed locally between peers, branch office users receive apps and updates faster and at LAN speeds within the subnet.


Note: VMware Peer Distribution Client will soon be made available as part of Feature Pack 1 (FP1).

5. Windows Update Analytics to Meet Compliance Needs

Patching is critical in order to maintain overall OS security and health. However, a very low percentage of devices are patched, even months after updates are available.

In fact, in a recent study across more than 300 global companies, we found one-in-ten enterprises take a year or more to complete Windows patches that affect most or all of their endpoints.

IT admins find it difficult to deploy patches to users off network and off domain. Moreover, they struggle to get any on-demand visibility into installed updates and are often forced to write massive SQL queries to get simple reports on updates status. In today’s world of constantly evolving cybersecurity threats, it is clear that this traditional Windows update management model is broken and painful for IT.

Powered by Workspace ONE Intelligence, AirWatch now provides IT with the required patch intelligence and reporting to stay on top of InfoSec requirements. For example, IT can now receive detailed inventory and perform compliance auditing of individual Windows updates across the fleet of their devices. IT can intelligently predict average time to patch to optimize rollouts by targeting when to install, to which groups, etc. In addition, all this data is tied to a powerful rules engine to automate compliance (e.g. immediately quarantine non-compliant endpoints from company resources) and remediation (e.g. deploy patch to get the endpoint to a compliant state).

This quick demo video (1:15:16–1:17:16) walks through this new feature.

6. Simplified Migration to Windows 10 & AirWatch UEM

There’s little doubt that adopting UEM for Windows 10 drives positive outcomes for IT. But our customers often voiced that the cost of switching and the heavy investments in current legacy management practices turn out to be the biggest bottlenecks in the transition.

To take the complexity out of migration projects, we introduced numerous open source code samples and tools for admins.

  • An in-place migration tool helps upgrade from Windows 7 or 8 to Windows 10. This tool is customized for Dell devices, performs a filesystem upgrade (MBR to GPT and BIOS to UEFI) and also onboards the device for AirWatch management.
  • Admins can transition existing policy sets and Group Policy Objects (GPOs) to AirWatch and cloud provision policies to devices on or off the company network.
  • Admins can seamlessly migrate existing app packages in the System Center Configuration Manager (SCCM, also known as ConfigMgr) to their AirWatch tenant without repackaging or uploading individual software in the AirWatch console.

Check out our Windows 10 migration blueprint blog to get more details on how best to leverage these tools. And of course, as an admin we encourage you to contribute feedback and code samples for the rest of the community to leverage at VMware {code}.


We hope you are just as excited as we are about these latest innovations in Windows 10 unified endpoint management. Keep following The Redmond Series on the AirWatch Blog as we drill down into each of these new features over the next few posts.

Continue reading about Windows 10 and unified endpoint management:

Aditya Kunduri

Aditya Kunduri

Aditya Kunduri is the product marketing manager for Microsoft platforms at VMware AirWatch.

Leave a Reply

Your email address will not be published. Required fields are marked *


Blog By Region

Blog By Category: