VMware announces AirLift for co-management and releases Workspace One products announced at VMworld

Workspace One Intelligence, Mobile Flows, macOS client, and Graph API support are all GA now; plus VMware is announcing a new security partner program.

VMware for the last few years has been in the habit of dropping a big spring EUC update, and for 2018, that’s happening today.

It seems like VMworld wasn’t that long ago (or maybe I’m just getting older so time is going faster), but the list of products that were announced at VMworld and are now becoming generally available today is impressive. In addition, there are some new efforts, including AirLift for Windows 10 co-management and the Workspace One Trust Network. Let’s dive in!

Workspace One Intelligence and Trust Network

The big thing that’s going GA today is Workspace One Intelligence. This is a set of security and management controls that apply to anything Workspace One can touch, which includes mobile devices, desktops, virtual desktops, mobile apps, and SaaS apps. VMware’s Apteligent acquisition is now also integrated, so Workspace One Intelligence can get performance and user behavior visibility into mobile apps that have been instrumented to work with Apteligent.

The overall idea behind Workspace One Intelligence is that it can aggregate data about all these endpoints—including historical data—and then customers can take actions, set policies, build workflows, and automate tasks. The platform will find correlations and make recommendations, too. The dashboard has lots of visuals and graphs, and their are integration with Slack and ServiceNow. Intelligence is available as part of the Workspace One Enterprise and Enterprise with VDI SKUs.

On a related note, today VMware is announcing a new partner program called the Workspace One Trust Network. This is similar to the previous AirWatch Mobile Security Alliance, but the partner vendors now cover a wider range of security products. The initial partners are McAfee, Symantec, Carbon Black, Cylance, Netskope, Lookout, and CloudStrike. The API for integration is much broader and more interactive, too. With the Mobile Security Alliance, partners could pass in point-in-time information, but now partners can pull historical data out of Workspace One.

Regarding these two announcements, a few thoughts and questions come time mind:

First off, like we’ve been doing for years, a lot of folks will be comparing this to Citrix Analytics, which was announced last May at Synergy. VMware wins the ‘time from announcement to GA’ round, but of course that doesn’t matter too much in the big picture. To do a full comparison, it will only be fair to wait until Citrix’s product becomes GA, too. For now, we can note that a unique aspect of Citrix Analytics is its visibility into data inside of Citrix products (such as ShareFile data, or user activity within a XenApp session). VMware has the advantage of a much more full-featured identity management offering, and their embrace of partners in the Trust Network is also notable.

Another question that comes up is what type of visibility Workspace One Intelligence will have on Windows 7 devices. Naturally, Workspace One Intelligence can see SaaS app and remote desktop app activity, and could pull in data via partner integrations, but remember that this is just launching now, and in theory, all those Windows 7 devices should be gone in less than 22 months, anyway.

I do wonder how Workspace One Intelligence will compare to existing SIEM (security information and event management) products, because if you look at what they do, there are a lot of similarities. I’m not an expert in SIEM, but one obvious answer is that Workspace One will be a lot closer to the endpoints.

The final and most important question is how EUC pros will start leveraging these tools—the walls between EUC and security roles seem to be breaking down quickly. At community events this year, I’ll be hoping to see sessions along the lines of “How we put Workspace One Intelligence to work.”


Microsoft made waves back at Ignite by introducing the idea of co-management, where Windows 10 devices are managed both by SCCM and MDM at the same time.

Today, VMware is announcing their take, in the form of “AirLift” co-management capabilities. Workspace One UEM can co-exist with SCCM on Windows 10 versions 1607, 1703, 1709, and 1803, and there’s an AirLift Connector that can integrate with any version of SCCM. (For comparison, co-management with Microsoft Intune requires at least Windows 1709 and SCCM 1710.)

The AirLift Connector pulls configuration data out of SCCM and surfaces it in Workspace One, the idea being that it can help coordinate management and make recommendations for policies that you can move over. There’s a lot to dig into (I have a deep dive briefing scheduled), and I don’t think anybody is ready to turn off SCCM any time soon, but the battle lines on this front have been drawn.

Other releases

Several other products are now generally available:

For macOS, the native Workspace One client is out; and Workspace One has now integrated Munki for app management. Jamf has seen huge growth in this space, so we’ll be watching to see if Workspace One starts taking a portion of that.

Workspace One’s support for the Microsoft Graph API for Intune is out, too, which means that customers can use Intune as middleware to manage the proprietary MAM policies built into Office Mobile apps.

Mobile Flows, VMware’s workflow app tool, is also GA; for now the only supported client is Boxer. If you’re asking what a workflow app is, head to the article I wrote back when it was announced. Mobile Flows is part of the Workspace One Enterprise SKUs.

Lastly, Horizon Cloud on Azure support for full Windows 10 VDI desktops is now in beta. (I thought I saw this a few weeks ago, but the blog post isn’t showing up anymore.) This is the product Gabe called the Synergy Thunder Stealer when it was announced a year ago. Support for RDS/apps came out back in November.