Workspace ONE Policy Analyzer for Windows

Workspace ONE

Workspace ONE Policy Analyzer is a Microsoft Windows command line tool that does not require installation. Once the package is extracted at a desired location it can be run in a command window.

The tool has two commands:

• analyze – analyses a given device’s policy.
• list-devices - lists devices in the system for a given user. The output is printed on the screen as a tab separated list.

There are various options that can be passed into the tool.

Work on any command

• -a, --api-url (REQUIRED). The url to the UEM environment’s rest API. Must be the API url, this is usually <uem-base-url>/api
• -k, --api-key (REQUIRED). The API key to authenticate into the UEM environment's rest API.
• -u, --api-username (REQUIRED). The API username to login to the UEM environment.
• -p, --api-password (REQUIRED). Password for the preceding user.

Analyze command

• --device-udid (REQUIRED). The UDID of the device to generate the report for. This can be discovered in the device details page in UEM console.
• --report-dir (OPTIONAL). The directory where the reports will be saved into. If not specified, defaults to the current directory.

List devices command

• --device-username (OPTIONAL). Username filter to filter devices to.
• --json (OPTIONAL). Convert the output to JSON format rather than a TSV.
• --max-devices (OPTIONAL). The maximum number of devices to fetch. If not specified, this defaults to 10.

UEM minimum permissions

The user given to the above commands needs the following set of permissions in Workspace ONE UEM:

• API/Devices/REST API Devices Read
• API/Groups/REST API Groups Read
• API/Profiles/Updates Policy Read access
• API/Profiles/Rest API Profiles Read
• Device Management/Baselines/View Baselines
• Groups/View/Organization Group
• Groups/View/Organization Group List View

for convenience, there's an importable role .xml file in this fling's download section that you can verify and import into Workspace ONE UEM if you wish.