Workspace ONE Policy Analyzer for Windows
Release Date: October 01, 2021
Workspace ONE Policy Analyzer for Windows aids in the management of profiles and baselines for Windows 10 devices. Policy Analyzer uses the Workspace ONE UEM API to review the status of profiles and baselines assigned to a specified Windows 10 device. The resultant HTML report displays all the assigned policies and baselines as well as highlighting potential conflicts between any profiles and/or baselines on the device. The reports also displays all profiles and baselines without potential conflicts. The administrator can then use the Workspace ONE UEM Console to resolve any issues identified.
Workspace ONE Policy Analyzer is a Microsoft Windows command line tool that does not require installation. Once the package is extracted at a desired location it can be run in a command window.
The tool has two commands:
- analyze – analyses a given device’s policy.
- list-devices - lists devices in the system for a given user. The output is printed on the screen as a tab separated list.
Work on any command
- -a, --api-url (REQUIRED). The url to the UEM environment’s rest API. Must be the API url, this is usually <uem-base-url>/api
- -k, --api-key (REQUIRED). The API key to authenticate into the UEM environment's rest API.
- -u, --api-username (REQUIRED). The API username to login to the UEM environment.
- -p, --api-password (REQUIRED). Password for the preceding user.
- --device-udid (REQUIRED). The UDID of the device to generate the report for. This can be discovered in the device details page in UEM console.
- --report-dir (OPTIONAL). The directory where the reports will be saved into. If not specified, defaults to the current directory.
- --device-username (OPTIONAL). Username filter to filter devices to.
- --json (OPTIONAL). Convert the output to JSON format rather than a TSV.
- --max-devices (OPTIONAL). The maximum number of devices to fetch. If not specified, this defaults to 10.
UEM minimum permissions
The user given to the above commands needs the following set of permissions in Workspace ONE UEM:
- API/Devices/REST API Devices Read
- API/Groups/REST API Groups Read
- API/Profiles/Updates Policy Read access
- API/Profiles/Rest API Profiles Read
- Device Management/Baselines/View Baselines
- Groups/View/Organization Group
- Groups/View/Organization Group List View
Forklift for Workspace ONE UEM
The Forklift for Workspace ONE UEM Fling allows migration of Workspace ONE UEM Resources between different Workspace One UEM environments. Rapid deployment of resources bundled as a "Deployment Template". Lastly the creation of a Continuous Delivery Pipeline for resources.
Workspace ONE App Analyzer for macOS
The Workspace ONE macOS App Analyzer will determine any Privacy Permissions, Kernel Extensions, or System Extensions needed by an installed macOS application, and can be used to automatically create profiles in Workspace ONE UEM to whitelist those same settings when deploying apps to managed devices.To connect to your
Workspace ONE UEM environment: