Modern BIOS Management from the Cloudfiles.informatandm.com/uploads/2018/10/Modern_BIOS...“Modern Management” of PCs Integrated MDM Framework Simplified Device Onboarding Cloud-based

#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM

Modern BIOS Management from the Cloud

Josué NegrónSr. Solutions Architect

VMware

Brooks PeppinEUS Systems Engineer

VMware


AgendaModern Management ChallengesCloud ArchitectureMicrosoft BIOS & Firmware UpdatesPowerShell Execution & Deploying DriversManaging & Configuring BIOS for DellAutomated OEM UpdatesSensors to Pull in OEM DetailsIntelligence – Reporting & AutomationQ&A

#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM3

With Windows 10, Microsoft Enables “Modern Management” of PCs

Integrated MDM Framework

Simplified Device Onboarding

Cloud-based Management

Microsoft’s own IT is moving away from traditional PC management to modern management for Windows 10.*

* Source: Microsoft IT Showcase; Aug 21, 2017; https://www.microsoft.com/itshowcase/Article/Video/708/Windows-10-deployment-tips-and-tricks-from-Microsoft-IT


OOBE doesn’t fit the bill in all customer situations

Most EMMs

+

Windows 10

Modern Onboarding

Cloud Updates

MDM Configuration

Device Health

Modern Apps

MDM doesn’t support 1000s of OS and firmware settings

Frequency and size of cloud updates is a challenge

Limited features means more siloed security tools

MDM supports limited Win32 app management

Most EMMs Focus on Limited Windows 10 MDM Capabilities


Peer-to-Peer Distribution

Ready-to-workExperience

Always-up-to-date OS updates

Device HealthAttestation

Win32 AppManagement

Standard Baselines& GPOs

Data Protection

Patch Analytics& Automation

Granular Controls

5. Security3. OS Updates 4. Software2. Configuration1. Onboarding

Asset Tracking

Device and OS Lifecycle Management App Management Zero-Trust Security

App Inventory

BitLocker Management

Company App Store &

SSO

Imageless Provisioning

Out-of-the-BoxDeployment

MDM Configuration

Intelligent Insights and Rules Engine

BIOS / Firmware

Management

DeliveryOptimization

AutomatedCompliance

Co-exist withPCLM

Workspace ONE Extends MDM to Meet Critical PC Management Needs


PowerShell

Windows OSWiFi VPN Passcode

Firewall Updates

BitLocker

ZIP, EXE, MSI, P2P

MSI

BIOS

Scripting

Microsoft CSPs

Windows Capabilities

Firmware

VMware CSPDirect Win32

WMI Management API

Policy Engine

CSP / GPO

OMA-DM Client Protection AgentManagement Clients

Workspace ONE UEM Console Management Server

WNS AWCM

OEM Updates

Drivers

Understanding the Workspace ONE UEM Solution Stack


You have two options when leveraging Windows Updates for OEM Updates (Firmware, BIOS, Drivers, etc.):

1. WSUS – devices are on network and have access to WSUS. Very granular control over which updates are approved and when they become available however highly mobile users will never get their updates.

2. Windows Update for Business – devices who are on or off the network, must enable delivery optimization to control large downloads over WAN networks. Granular control when not using auto approvals.

Only works for OEMs who publish their updates to Windows Updates. Works well for Surface devices!

OEM Updates via Windows Updates



Live Demo: Windows Updates in a Cloud

Console


Getting Granular with Scripting

You can leverage scripting to modify and update devices. Intune supports PowerShell scripts, while SCCM and Workspace ONE UEM supports custom scripting (e.g. PS1, BAT, etc.)

1. PROS1. Granular and fits every use-case

2. Automated way of updating devices

2. CONS1. Very custom per device model and OEM

2. Time Consuming



Live Demo: Leveraging Custom Scripting


Deploying Drivers

Leverage software deployment to push drivers to devices, however this might not be the most automated way.

• Most EMMs support deploying MSI packages. Intune now supports other files types with the latest announcement at Ignite!

• Workspace ONE UEM supports deploying EXEs, MSIs (MSI, MSP, MST), and custom ZIP packages (PowerShell wrapped deployments).

• SCCM supports all types and has built-in driver management support.

Overall this is a very manual process to keep drivers updated and deployed, works well when only deploying to a single OEM/Model.


Live Demo: Leveraging Software Distribution

to Deploy Drivers


Dell Command | Monitor

Workspace ONE UEM natively integrates with Dell Command | Monitor to provide the ability to:

1. Set or Read BIOS Attributes 1. Set BIOS Password

2. Update BIOS to UEFI

2. Read System Properties via DCIM classes

3. Report on all attributes and take automated actions (e.g. replace worn batteries before users complain)

4. Supports deploying CCTK packages, created using Dell Command | Configure

Admins just have to create a BIOS profile in the console and Dell Command | Monitor must be installed on the devices.



Live Demo: Configuring and

Reading BIOS Attributes


Dell Command | Update

Workspace ONE UEM natively integrates with Dell Command | Update to provide the ability to:

1. Set Scan Intervals, choose which Updates are Approved, how updates are applied (force reboot, etc.)

2. Provides a per-device and consolidated view of all OEM updates on the devices

3. Provides reporting and automation

Admins just have to create an OEM updates profile in the console and Dell Command | Update must be installed on the devices.


OEM Updates


Live Demo: Automatic OEM Updates


Custom Inventory and Scripting• Run scripts and queries in real-time

• Make edits to the scripts in-line

• Admins can collect any device property and report on it in real time

• Inclusion in smart groups for dynamic targeting

• Expand to new query types for Dell BIOS

• Integrate with Intelligence APIs to invoke sensor through automations

• Create a community library on code.vmware.com for pre-defined sensors


Workspace ONE Sensors

• Allow admins to define and configure different sensor queries and target specific devices

• Write or upload scripts in-place within the console.

• Define multiple query types of PowerShell and Dell BIOS queries

• Define dynamic membership of devices in smart groups based on the attribute values.

• Choose datatypes for device response so they can be compared to other data


Reporting/Dashboards via Intelligence

Workspace ONE

Intelligence

Aggregate Correlate Insights Automate

INGESTION DECISIONS

APTELIGENT

IDM

HORIZON

REPORTS

DASHBOARDS

NOTIFICATIONS

ACTIONS

UEM

TRUST

NETWORK

PARTNERS



Demo: Reporting, Dashboards and

Automation


Demos• https://youtu.be/3OOap0qQOM

Y

• https://vmwarelearningzone.vmware.com/oltpublish/site/cms.do?view=openlearning

Hands-on-Labs• http://labs.hol.vmware.com/HOL

/catalogs/catalog/878

• Beginners: HOL-1857-01-UEM -Getting Started

• Advanced: HOL-1857-02-UEM -Unified Endpoint Management for Windows 10

Sign up to VMware TestDrive: • https://portal.vmtestdrive.com/

TestDrive Getting Started Guide: • https://kb.vmtestdrive.com/hc/en-

us/articles/360001372254-Getting-Started-with-TestDrive

Workspace ONE for Windows 10 Walkthrough Guide:

• https://kb.vmtestdrive.com/hc/en-us/articles/360001152734-Experience-Workspace-ONE-on-Windows-10

POC: Workspace ONE Windows 10 Reviewers Guide:

• https://techzone.vmware.com/resource/reviewers-guide-windows-10-unified-endpoint-management-airwatch

Deployment: Professional Services Use Case Add-on for Windows 10:

• https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/datasheet/vmware-workspace-one-airwatch-service-add-on-use-case-datasheet.pdf

Learn Workspace ONE modern management for Windows 10

Test Drive Workspace ONE on your Windows 10 devices

Get Started on Your POC or Deployment

http://labs.hol.vmware.com/HOL/catalogs/catalog/878

https://portal.vmtestdrive.com/

https://kb.vmtestdrive.com/hc/en-us/articles/360001372254-Getting-Started-with-TestDrive

https://kb.vmtestdrive.com/hc/en-us/articles/360001152734-Experience-Workspace-ONE-on-Windows-10

https://techzone.vmware.com/resource/reviewers-guide-windows-10-unified-endpoint-management-airwatch

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/datasheet/vmware-workspace-one-airwatch-service-add-on-use-case-datasheet.pdf


You’ve got questions, we got answers… hopefully

Documents

Modern BIOS Management from the Cloudfiles.informatandm.com/uploads/2018/10/Modern_BIOS...“Modern Management” of PCs Integrated MDM Framework Simplified Device Onboarding Cloud-based