Jump to content

Sascha Warno

Employee
  • Posts

    66
  • Joined

  • Last visited

  • Days Won

    1

7 Followers

About Sascha Warno

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Sascha Warno's Achievements

  1. What environment are you on? And what version of Hub are you using? Multi User support came with Hub version 24.04., you can try with earlier versions. Multi User in console is only active after an upgrade to 24.06 and activation of Modern SaaS.
  2. what is the enrollment type for the machine? Company owned or employee owned?
  3. I guess you installed tcpdump on the old nodes before for troubleshooting, as this is an offline upgrade and also upgrades the OS to version 4 of PhotonOS and we did not include the version of tcpdump and libdnet for that it fails. Remove tcpdump and libdnet on the nodes and try again. rpm -e libdnet rpm -e tcpdump and then try the upgrade again.
  4. Can you get do a GET on the address minus the lostmode/true but with tags instead to check if the device uuid is correct. So as example GET https://{{hostAW}}/api/mdm/devices/eexxxxxx-1221-49a6-982e-247d33876cdf/tags This should give at least a 204 code in return. The 404 on the PUT usually means device not found.
  5. The new setting is for silent checkout of the device to the logged in user. What version of UEM are you on? This seems to do be checkout in which the user needs to sign into Hub to check the device out. Possibly because the authentication times out it fails. So one reason could be a network issue during auth, are you sure the devices can reach UEM, Access and Google to go through the authentication flow? Any proxy or firewall that could block any of the required connections? Second could be timeout of the authentication session itself at either Google or Access and failed auth because of that. I would check the local Hub logs, the Access audit logs for the time and user(might not show as no succesful auth) and Google sign in logs. If there is a timeout in authentication there should be failed attempts in the Access audit logs, potentially in the backend logs if it couldn't correlate the authentication request send to Google and the late return of the authentication.
  6. This Techzone guide goes through setting up windows updates in WS1. https://techzone.omnissa.com/managing-updates-windows-devices-workspace-one-operational-tutorial#overview What we do is configure the update profile to manage which update types should be installed.
  7. So yes H4B PIN setup requires MFA. In the old federation settings that happened if you set SupportsMfa to $True, so it would try to do MFA with the IDP instead and redirect until it receives a custom attribute with authnmethodsreferences set to http://schemas.microsoft.com/claims/multipleauthn With the newer Graph based ones that can happen if FederatedIdpMfaBehavior is set to enforceMfaByFederatedIdp, it should usually be set to either rejectMfaByFederatedIdp or acceptIfMfaDoneByFederatedIdp. Check the current value through powershell with the Graph module using Get-MgDomainFederationConfiguration -DomainId 'yourdomain.com'
  8. You can only do exact matches with "matches" or check for the first part of a string with "starts with". I also wished there was a more flexible "contains" option, but that is not available and makes it quite difficult to create "smart" custom group rules.
  9. Hub is showing as installed in the UEM console or is the device in the pending install of hub state?
  10. It also depends how you set up you detection rules. For an app we first send down the manifest which includes the detection rules and run the detection rules to see if the app is already installed. Only after that and if required the content will be downloaded. So if the app is already on the device with the desired version we would not download the installer files.
  11. As Michael stated, the integration adds compliance information to the authorization by providing a MDM device identifier during the authentication with certificates. The integration only gathers basic device information from the MDM service that could be used (https://docs.ansible.com/ansible/latest/collections/cisco/ise/endpoint_module.html#parameter-mdmAttributes that listing is missing MDMUdid) but seem not usable in your specific use case. My understanding is you want to organize the devices inside Cisco ISE?! There is no easy way for an API based automation as the listing of networkdevices on the ISE side only gives basic info on and you would need to drill down into every device returned to find its associated MDMUdid which you could use to find extra info using the UEM APIs.
  12. Correct Access as SaaS service has 0 downtime. New features are constantly checked in and made available during monthly releases.
  13. Sadly that is one of the main drawbacks of Workspace ONE Access in its current architecture On-Premises.
  14. the apiUrl parameter is missing system $apiUrl = "https://APICONSOLEURL/api/system"
  15. Else you can use the application configuration for Chrome, activate send configuration and configure the Block Access and Allow Access values.
×
×
  • Create New...