Lab 4: Intelligent Hub and Hub Services
Introduction
Omnissa Workspace ONE Intelligent Hub is an application that provides a secure digital workspace to employees on any device, anywhere. It serves as a central hub where employees can access all the necessary tools and resources to be productive, regardless of whether they are using a desktop, mobile device, or web browser.
Objectives and Tasks
Sensors
Create a sensor reporting the free disk space available on a macOS device.
Create a sensor reporting the build version of the operating system.
Create a sensor reporting the CPU architecture of a macOS device.
Scripts
Create a script for macOS in the Workspace ONE console
Custom Command
Send a custom command from the console
Module 1: Sensors
Sensors monitor specific device attributes, such as battery charge cycles, virus definition file updates, or security agent build versions. They can execute periodically or in response to system events like Login, Logout, and Startup.
Sensors use Bash, Python 3, or Z shell scripts to retrieve attribute values. If a script returns multiple values, Workspace ONE UEM interprets the output as a single value. If a script returns a null value, Workspace ONE UEM doesn’t report the sensor.
For privacy reasons, sensors are not supported on employee-owned devices.
In this module, you will create three sensors to collect device attributes from macOS devices.
If you don’t have an enrolled macOS in your lab environment, you won’t see the sensor results in the Workspace ONE console. Nevertheless, you should still proceed with performing the tasks to learn how to deploy sensors.
Task 1: Create a sensor reporting the free disk space available on a macOS device
In this exercise, you will create a sensor that will report the available free disk space on macOS devices.
To create the sensor:
In the Workspace ONE console, click on Resources.
Select Sensors.
Click Add and select macOS from the dropdown menu.
Enter system_disk_free_space{labid} as the sensor name. Click Next.
From the Language dropdown, select Bash.
Set the Execution Context to System.
Select String from the Response Data Type.
Paste the following code into the Code window.
#!/bin/bash
free_space=$(/usr/sbin/diskutil info /| grep 'Available Space:\|Free Space' | awk '{print $4, $5}')
echo $free_space
# Description: Returns free disk space of root volume '/'
# Execution Context: SYSTEM
# Execution Architecture: UNKNOWN
# Return Type: STRING
Click Next.
Click Save & Assign.
Click New Assignment.
Name the assignment All Corporate macOS Devices.
Click in the Select Smart Group field and select Corporate-owned macOS Devices. Click Next.
For Triggers, select Login and Log Out. This will trigger the sensor to report its value to Workspace ONE whenever an end user logs in or out of their device.
Click Save.
Click Close.
Task 2: Create a sensor reporting the build version of the operating system
In this exercise, you will create a sensor that will report the build version of the operating system on macOS devices.
To create the sensor:
In the Workspace ONE console, click on Resources.
Select Sensors.
Click Add and select macOS from the dropdown menu.
Enter os_build_version{labid} as the sensor name. Click Next.
From the Language dropdown, select Bash.
Set the Execution Context to System.
Select String from the Response Data Type.
Paste the following code into the Code window.
#!/bin/bash
buildv=$(/usr/bin/sw_vers -buildVersion)
echo $buildv
# Description: Returns the OS build version
# Execution Context: SYSTEM
# Execution Architecture: UNKNOWN
# Return Type: STRINGClick Next.
Click Save & Assign.
Click New Assignment.
Name the assignment All Corporate macOS Devices.
Click in the Select Smart Group field and select Corporate-owned macOS Devices. Click Next.
For Triggers, select Login. This will trigger the sensor to report its value to Workspace ONE whenever an end user logs in to their device.
Click Save.
Click Close.
Task 3: Create a sensor reporting the CPU architecture of a macOS device
In this exercise, you will create a sensor that will report the CPU architecture of managed macOS devices.
To create the sensor:
In the Workspace ONE console, click on Resources.
Select Sensors.
Click Add and select macOS from the dropdown menu.
Enter system_cpu_arch{labid} as the sensor name. Click Next.
From the Language dropdown, select Zsh.
Set the Execution Context to System.
Select String from the Response Data Type.
Paste the following code into the Code window.
#!/bin/zsh
PROC=$(/usr/sbin/sysctl -n machdep.cpu.brand_string)
if grep -q "Apple" <<< "$PROC"; then
echo "arm64"
else
if grep -q "Intel" <<< "$PROC"; then
echo "x86_x64"
else
echo "unknown_cpu"
fi
fi
# Description: Returns CPU processor architecture. Either arm64, x86_64 or unknown_cpu.
# Execution Context: SYSTEM
# Execution Architecture: UNKNOWN
# Return Type: STRINGClick Next.
Click Save & Assign.
Click New Assignment.
Name the assignment All Corporate macOS Devices.
Click in the Select Smart Group field and select Corporate-owned macOS Devices. Click Next.
For Triggers, select Startup. This will trigger the sensor to report its value to Workspace ONE during device startup.
Click Save.
Click Close.
Once the sensors are triggered on the devices, you will see values populated in the Sensors tab under Device Details.
Module 2: Scripts
Task 1: Create a macOS script in Workspace ONE UEM
Utilize scripts to execute Bash, Python 3, or Z shell commands for endpoint configuration management on macOS devices using Omnissa Workspace ONE UEM. You can configure the execution context for the script, either as a user or system context. Additionally, you can specify a timeout in case the script becomes looped or unresponsive for any reason.
If this is the first time you have accessed the Scripts interface, you might be prompted with an information screen with helpful links to get you started with the Scripts feature in Workspace ONE. Click Get Started to proceed.
For this exercise, you will use a simple script that creates a text file on the desktop of the device’s logged-in end user.
To create a script:
In the Workspace ONE console, select Resources. Then, click Scripts.
Click Add, and select macOS from the dropdown menu.
Name the script Create-File-On-Desktop(labid). Leave the App Catalog Configuration disabled. Click Next.
Set the Language to Bash, and the Execution Context to System.
Paste the following script into the Code window.
#!/bin/sh
loggedInUser="root"
while [[ "$loggedInUser" == "root" ]];
do
sleep 10
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
done
touch /Users/$loggedInUser/Desktop/textfile.txt
Click Next, and then click Save.
Click Save.
In the Scripts list, check the new script you just created, and click Assign.
Click New Assignment. Name the assignment All macOS Devices.
For Select Smart Group, click in the search box. From the list of Assignment Groups that appear, select Corporate-owned macOS Devices.
Click Next.
Check Run Once Immediately.
Click Add.
Click Save & Publish, and then click Publish.
Task 2: Validate successful script execution (optional)
This exercise is optional. If you do not have a macOS device enrolled in your lab environment, feel free to skip to module 3 of this lab.
To validate that the script has successfully executed:
Log into a macOS device that is included in the assignment you configured earlier. Look on the desktop for a file called textfile.txt.
If you have just logged into your macOS device, it may take a few minutes for the script to execute.
You can also check the execution status in the Workspace ONE UEM console by selecting Devices, and then Devices.
Click a macOS device in the list, and then select Scripts.
Look for the script you created earlier. Check the Status of the script. If it was successful, the status will be Executed.
If the script does not appear on the list, try refreshing the screen. It might take a moment for Intelligent Hub to update Workspace ONE UEM on the status of the script’s execution.
Module 3: Custom Commands
Task 1: Send a custom command to an iOS device
Omnissa Workspace ONE UEM empowers administrators to deploy a custom XML command to managed Apple devices. This feature provides enhanced granular control over your devices. Some commands are restricted to supervised devices
The availability of commands depends on both the operating system version and the device’s supervision status. Some commands are only applicable to supervised devices. For example, the ShutDownDevice command works on iOS devices, but only if the device is supervised.
Use custom commands to support device actions that the UEM console doesn’t currently support. However, avoid using custom commands to send commands that are already available in the UEM console as Device Actions.
To send a custom command to a device:
In the Workspace ONE console, navigate to Devices, and then click on Devices.
Select your enrolled iOS device using the check box in the left column.
Select the More Actions drop-down and select Custom Command.
The Custom Command dialogue box opens.
Copy the below XML code in the Command window.
<dict>
<key>RequestType</key>
<string>RemoveApplication</string>
<key>Identifier</key>
<string>com.apple.Keynote</string>
</dict>This custom command will uninstall the managed Keynote application, which was installed on your iOS device during an earlier lab. If you have not completed the lab, Lab 3: Automated Device Enrollment and Application Distribution, this command may fail on your device.
Select Send to deploy the command to the device.
Task 2: Validate the custom command execution
To validate that the custom command executed as expected:
In the Workspace ONE console, click on Devices.
Select Devices.
Click on the name of the device to which you sent the custom command.
From the More menu, select Troubleshooting.
Click the Commands tab.
The list might be empty because it shows active commands only. You will need to filter the commands. Click Filters.
Click on Category, and select All from the dropdown menu.
You should now see all commands sent to this device, as well as their status. The custom command you sent in the last exercise should be listed at the top.
Log into your iOS device and check if the Keynote app has been uninstalled.
0 Comments
Add your comment