You explore the core payloads available when creating device profiles for Windows endpoints.

1. Log in to the ControlCenter desktop VM.
   • User name: administrator
   • Password: Pa$$w0rd
2. Open Chrome and log in to Workspace ONE UEM.
   • User name: studentadmin{labid}
   • Password: Pa$$w0rd
3. On the Workspace ONE UEM console menu bar, verify that Student{labid} is selected from the Organization Group drop-down menu.
4. In the navigation pane on the left, select RESOURCES > under the Profiles & Baselines > Profiles.
5. From the Add drop-down menu, select Add Profile.
6. In the Add Profile dialog box, click Windows.
7. In the Select Device Type dialog box, click Windows.
8. In the Select Context dialog box, click Device Profile. The General page opens.
9. In the navigation pane on the left, explore the available settings for the selected payloads.
10. Click Password.
11. To display the configuration options, click Configure.
12. In the navigation pane on the left, select a different payload without making any changes.
13. Click Cancel to close the Add a New Desktop Profile dialog box.
14. Click OK to discard changes.

You configure profile restrictions for your Windows devices to remove user access to device features and to ensure that your Windows devices are secure.

1. On the Workspace ONE UEM console menu bar, verify that Student{labid} is selected from the Organization Group drop-down menu
2. In the navigation pane on the left, select RESOURCES > under the Profiles & Baselines > Profiles.
3. From the Add drop-down menu, select Add Profile.
4. Select Windows > Windows > Device Profile. The General page appears.
5. Configure the General settings.
   1. Enter Block Date Time Adjustment in the Name text box.
   2. Click the Smart Groups search bar and select Windows Devices (Student####). Note: The #s represent the Lab ID.
6. In the navigation pane on the left, select Restrictions and click Configure.
7. Under Settings, click Don’t Allow next to Date/Time.
8. Click Cancel to close the Add a Windows Restriction Profile dialog box.
9. Click OK to discard changes.

You configure a Wi-Fi profile.

The W11Client-01a VM cannot connect to a Wi-Fi network, so this task is for demonstration purposes only.

1. On the Workspace ONE UEM console menu bar, verify that Student{labid} is selected from the Organization Group drop-down menu
2. In the navigation pane on the left, select RESOURCES > under the Profiles & Baselines > Profiles.
3. From the Add drop-down menu, select Add Profile.
4. Select Windows > Windows > Device Profile. The General page opens.
5. Configure the General settings.
   1. Enter Test Wi-Fi in the Name text box.
   2. Click in the Smart Groups search box and select Windows Devices (Student####).
6. In the left pane, select Wi-Fi and click Configure.
7. Configure the General settings.
   • The network determines many of these values.
8. Enter Test Wi-Fi in the Service Set Identifier text box.
9. From the Security Type drop-down menu, verify that Open is selected.
10. Click Save and Publish.
11. To push the configuration, click Publish.

You configure a Windows Hello profile.

Because the lab environment is not set up for Windows Hello, you cannot successfully apply a Windows Hello profile to your device.

1. In the navigation pane on the left, select RESOURCES > under the Profiles & Baselines > Profiles.
2. From the Add drop-down menu, select Add Profile.
3. Select Windows > Windows > Device Profile.
   • The General page opens.
4. Configure the General settings.
   1. Enter Test Windows Hello in the Name text box.
   2. Click in the Smart Groups search box and select Windows Devices (Student####).
5. In the navigation pane, select Windows Hello and click Configure.
6. Review the available settings.

• Biometric Gesture: You enable this setting to permit users to use the device biometric readers.
• TPM: You click Require to disable passport use without a Trusted Protection Module (TPM) installed on the device.
• Minimum PIN Length: You enter the minimum number of digits that a PIN must contain.
• Maximum PIN Length: You enter the maximum number of digits that a PIN can contain.
• Digits: You set the permissions level for using digits in the PIN.
• Uppercase Letters: You set the permissions level for using uppercase letters in the PIN
• Lowercase Letters: You set the permissions level for using lowercase letters in the PIN.
• Special Characters: You set the permissions level for using special characters in the PIN.

Special characters: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~

7. Click Cancel to close the profile creation page without saving.
8. Click OK to discard changes.

You review the Windows Update management capability.

1. In the navigation pane on the left, select RESOURCES > under the Profiles & Baselines > Profiles.
2. From the Add drop-down menu, select Add Profile.
3. Select Windows > Windows > Device Profile. The General page opens.
4. Configure the General settings.
   1. Enter Windows Update Profile in the Name text box.
   2. Click the Smart Groups search box and select Windows Devices (Student####).
5. In the navigation pane on the left, select Windows Updates and click Configure.
6. Review the Windows Updates settings.

• Device Scheduling
• Update Behavior
• Device Behavior
• Delivery Optimization
• OS Version

7. Click Cancel to close the profile creation page without saving.
8. Click OK to discard changes.

You enable Application Control to allow and deny specific applications to permit or prevent the installation of applications on devices.

1. On the Workspace ONE UEM console menu bar, verify that Student{labid} is selected from the Organization Group drop-down menu
2. In the navigation pane on the left, select RESOURCES > under the Profiles & Baselines > Profiles.
3. From the Add drop-down menu, select Add Profile.
4. Select Windows > Windows > Device Profile. The General page opens.
5. Configure the General settings.
   1. Enter Block Xbox in the Name text box.
   2. Click the Smart Group search box and select Windows Devices (Student####).
6. In the navigation pane on the left, select Application Control and click Configure.
7. Configure the Application Control settings.
   1. Select the Import Sample Device Configuration check box.
   2. Click Upload.
   3. Click Choose File.
8. Navigate to the Desktop > Software folder > Lab Activities

8. Click the BlockXbox.xml file.
9. Select Open.
10. Click Save.
11. Click Save and Publish.
12. Click Publish.

You configure the compromised status definitions for Windows Desktop devices.

1. In the Workspace ONE UEM console, select GROUPS & SETTINGS > All Settings > Devices & Users > Microsoft > Windows > Windows Health Attestation in the navigation pane on the left.
2. Next to Current Setting, click Override.
3. Select the Early Launch Anti-Malware Disabled check box.
   • You leave the default values for all other health attestation options.
4. Click Save.
5. Close the Settings dialog box.

You review the profile management settings available to UEM administrators.

1. On the Workspace ONE UEM console menu bar, verify that Student{labid} is selected from the Organization Group drop-down menu
2. In the navigation pane on the left, select RESOURCES > under the Profiles & Baselines > Profiles.
3. Review the available settings and actions.
   • From the Add drop-down menu, you can upload a profile or batch-import profiles.
   • In the top-right corner of the Profiles page, you can perform a profile search, change the layout, refresh the data, or export the data in CSV or XLSX format.
   • You can use the Filters list to filter profiles based on Status, Platform, and Smart Group assignment.
   • Profiles can be deactivated by clicking the button to the left of the profile name and then selecting Deactivate from the More Actions drop-down menu.

When a profile is deactivated, it is removed from all devices.

4. Under Installed Status, click View in the row of one of the profiles.

You can see the number of devices that have a Not Installed, Installed, or Assigned status.

5. Click the button next to a profile name to show the profile task menu.
   • Devices: You can view the device assignment for a selected profile.
   • </> XML: You can view the XML code for the selected profile.
   • More Actions: You can copy, deactivate, or delete the selected profile.
6. Click an existing profile name to view and edit the profile details.
   • Add Version: You can modify the profile payload content.

• Save and Publish: You publish the updated profile content to all assigned devices.
• Cancel: You return to the Profiles page without making changes to the profile details.

7. Click Cancel.

You verify that the profiles are installed on the enrolled devices.

1. On the Workspace ONE UEM console menu bar, verify that Student{labid} is selected from the Organization Group drop-down menu
2. In the navigation pane on the left, select DEVICES > Devices.
3. In the General Info column, click the friendly name hyperlink of your enrolled Windows device.
   • The Details View page of the device appears.
4. To review the assigned profile configurations deployed to the device, click the Profiles tab.
5. The Status column shows a green checkmark if the profile successfully installed and configured itself on the device.

Your lab environment might not show a green checkmark. You can continue.

You can also attempt a manual installation of the profile by clicking the button to the left of the profile name. The Install and Remove options appear above the profile list.