University of Wisconsin–Madison
Personal device icons with security icons

Endpoint Management Project Roadmap

Endpoint protection is critical to reduce threats to university networks.

An endpoint is a computing device that communicates back and forth with a network, including but not limited to desktops, laptops, servers, and smartphones. The protection of UW–Madison endpoints that access University data is essential to reducing the overall security risk to the data these devices encounter. 

This project will curate and deliver a set of flexible endpoint management and security tools, supported by core campus IT organizations and used by distributed IT organizations, to manage and secure campus endpoints.

More information can be found at Endpoint Management Project page. Please contact us with questions at doit-seam-support@doit.wisc.edu

Previous updates: Aug26 | Aug 11 | Jul 29 | Jul 12Jun 30 | Jun 16 | Jun 2May 19 | May 5 | Apr 21 | Apr 7 | Mar 16 | Feb 25 | Feb 10


September 15 updates

Complete – these activities and features were completed since the last roadmap was published:

The data on the chart represents the number of endpoints managed in each system after duplicates have been removed. Duplicates may occur if an endpoint was re-imaged. They also occur when the same endpoint is in both systems.
The data on the chart represents the number of endpoints managed in each system after duplicates have been removed.
Duplicates may occur if an endpoint was re-imaged. They also occur when the same endpoint is in both systems.

Now – these are the activities and features we are working on now:

  • Create Workspace ONE content recommended naming conventions KB.
  • Implement directory-based groups for Workspace ONE administrative console access.
  • Investigate Android management capabilities.
  • Optimize EPM Knowledge Base site and overview documents. 

Next – these are the activities and features we plan to work on next:

  • Investigate AutoDiscovery enrollment options to allow an email-based autodiscovery system to enroll devices to environments and organization groups.

Later – these are activities, features, and requests that are being explored and are potential candidates for working on next:

  • Integrate Endpoint Management tools with CSOC SIEM.
  • Investigate Workspace ONE Access.
  • Investigate Azure AD integration.

August 26 updates

Complete – these activities and features were completed since the last roadmap was published:

The data on the chart represents the number of endpoints managed in each system after duplicates have been removed. Duplicates may occur if an endpoint was re-imaged. They also occur when the same endpoint is in both systems.
The data on the chart represents the number of endpoints managed in each system after duplicates have been removed.
Duplicates may occur if an endpoint was re-imaged. They also occur when the same endpoint is in both systems.

Now – these are the activities and features we are working on now:

  • Create Workspace ONE content recommended naming conventions KB.
  • Implement directory-based groups for Workspace ONE administrative console access.
  • Add additional application deployment content to BigFix shared repository. 
  • Create documentation about migrating Group Policy Objects to Workspace ONE profiles 
  • Investigate Android management capabilities. 

Next – these are the activities and features we plan to work on next:

  • Investigate AutoDiscovery enrollment options to allow an email-based autodiscovery system to enroll devices to environments and organization groups. 

Later – these are activities, features, and requests that are being explored and are potential candidates for working on next:

  • Integrate Endpoint Management tools with CSOC SIEM.
  • Investigate Workspace ONE Access.
  • Investigate Azure AD integration.

August 11 updates

Complete – these activities and features were completed since the last roadmap was published:

  • Standardize Workspace ONE service upgrade procedures.
Graph showing endpoint management adoption over time.
The data on the chart represents the number of endpoints managed in each system after duplicates have been removed.
Duplicates may occur if an endpoint was re-imaged. They also occur when the same endpoint is in both systems.

Now – these are the activities and features we are working on now:

  • Create Workspace ONE content recommended naming conventions KB.
  • Implement directory-based groups for Workspace ONE administrative console access.
  • Add additional application deployment content to BigFix shared repository. 
  • Create documentation for packaging and deploying enterprise software titles via Workspace ONE. 
  • Create documentation about migrating Group Policy Objects to Workspace ONE profiles.
  • Analyze data from different campus security and endpoint management tools (AMP, Qualys, BigFix, and Workspace ONE) to identify gaps in endpoint visibility. 
  • Investigate Android management capabilities. 

Next – these are the activities and features we plan to work on next:

  • Investigate AutoDiscovery enrollment options to allow an email-based auto-discovery system to enroll devices to environments and organization groups. 

Later – these are activities, features, and requests that are being explored and are potential candidates for working on next:

  • Integrate Endpoint Management tools with CSOC SIEM.
  • Investigate Workspace ONE Access.
  • Investigate Azure AD integration.
  • Develop a culture socialization plan for campus partners.

July 29 update

Complete – these activities and features were completed since the last roadmap was published:

The data on the chart represents the number of endpoints managed in each system after duplicates have been removed. Duplicates may occur if an endpoint was re-imaged. They also occur when the same endpoint is in both systems.
The data on the chart represents the number of endpoints managed in each system after duplicates have been removed.
Duplicates may occur if an endpoint was re-imaged. They also occur when the same endpoint is in both systems.

Now- these are the activities and features we are working on now:

  • Create Workspace ONE content recommended naming conventions KB. 
  • Standardize Workspace ONE service upgrade procedures. 
  • Implement directory-based groups for Workspace ONE administrative console access. 
  • Add additional application deployment content to BigFix shared repository. 
  • Investigate AutoDiscovery enrollment options to allow an email-based autodiscovery system to enroll devices to environments and organization groups. 
  • Create documentation for packaging and deploying enterprise software titles via Workspace ONE.
  • Create documentation about migrating Group Policy Objects to Workspace ONE profiles. 

Next – these are the activities and features we plan to work on next:

  • Analyze data from different campus security and endpoint management tools (AMP, Qualys, BigFix, and Workspace ONE) to identify gaps in endpoint visibility.

Later – these are activities, features, and requests that are being explored and are potential candidates for working on next:

  • Integrate Endpoint Management tools with CSOC SIEM.
  • Investigate Workspace ONE Access.
  • Investigate Azure AD integration.
  • Investigate Android management capabilities.
  • Develop a culture socialization plan for campus partners.

July 12 update

Complete – these activities and features were completed since the last roadmap was published:

  • Tested Workspace ONE Freestyle Orchestrator features in dev environment.
  • There are some features that fill existing gaps which are being evaluated.
  • Provides the ability to create custom workflows, target systems more granularly, and push scripts in various languages (Powershell, Bash, Python, etc.).
  • Tested Active Directory Certificate Services certificate enrollment workflows.
The data on the chart represents the number of endpoints managed in each system after duplicates have been removed.  													 Duplicates may occur if an endpoint was re-imaged.  They also occur when the same endpoint is in both systems.
The data on the chart represents the number of endpoints managed in each system after duplicates have been removed.
Duplicates may occur if an endpoint was re-imaged. They also occur when the same endpoint is in both systems.

Now- these are the activities and features we are working on now:

  • Create Workspace ONE content recommended naming conventions KB.
  • Standardize Workspace ONE service upgrade procedures.
  • Implement directory-based groups for Workspace ONE administrative console access.
  • Add additional application deployment content to BigFix shared repository.
  • Investigate AutoDiscovery enrollment options to allow an email-based autodiscovery system to enroll devices to environments and organization groups.
  • Investigate how to provide shared app content for Workspace ONE enterprise software titles.
  • Create additional EPM service documentation based on Community of Practice office hours feedback.
  • Create documentation for ADCS enrollment workflows.

Next – these are the activities and features we plan to work on next:

  • Analyze data from different campus security and endpoint management tools (AMP, Qualys, BigFix, and Workspace ONE) to identify gaps in endpoint visibility.

Later – these are activities, features, and requests that are being explored and are potential candidates for working on next:

  • Integrate Endpoint Management tools with CSOC SIEM.
  • Investigate Workspace ONE Access.
  • Investigate Azure AD integration.
  • Investigate Android management capabilities.
  • Develop a culture socialization plan for campus partners.

June 30 update

Complete – these activities and features were completed since the last roadmap was published:

  • Held an office hours session to get feedback on our documentation and Canvas course 
Image showing adoption of EPM over time
The data on the chart represents the number of endpoints managed in each system after duplicates have been removed. Duplicates may occur if an endpoint was re-imaged. They also occur when the same endpoint is in both systems.

Now- these are the activities and features we are working on now:

  • Our CoP has grown to over 115 people. If you are responsible for endpoint management in your unit and would like to join our community on MS Teams, let us know.
  • Create Workspace ONE “recommended naming conventions” KB for user created content.
  • Add additional application deployment content to BigFix shared repository.
  • Standardize Workspace ONE service upgrade procedures.
  • Implement directory-based groups for Workspace ONE administrative console access.
  • Testing Workspace ONE Freestyle Orchestrator features in dev environment.
  • Investigate how to provide shared app content for Workspace ONE enterprise software titles
  • Investigate AutoDiscovery enrollment options to allow an email-based autodiscovery system to enroll devices to environments and organization groups.

Next – these are the activities and features we plan to work on next:

  • Create additional EPM service documentation based on Community of Practice office hours feedback
  • Integrate Workspace ONE with Active Directory Certificate Services.
  • Create Active Directory Certificate Services certificate enrollment workflows.
  • Analyze data from different campus security and endpoint management tools (AMP, Qualys, BigFix, and Workspace ONE) to identify gaps in endpoint visibility.

Later – these are activities, features, and requests that are being explored and are potential candidates for working on next:

  • Integrate Endpoint Management tools with CSOC SIEM.
  • Investigate Workspace ONE Access.
  • Investigate Azure AD integration.
  • Investigate Android management capabilities.

June 16 update

Complete – these activities and features were completed since the last roadmap was published:

  • Created a shared repository in BigFix to allow BigFix operators to deploy DoIT packaged content.
  • Created support framework for Apple School Manager (ASM) administration and transitioned ASM support from DoIT Product Management to the Endpoint Management Project team.
  • Confirmed integration of Workspace ONE with Active Directory Certificate Services is possible.
  • Completed Dell Quick Start engagement and received information for how to configure Workspace ONE to take advantage of Dell Factory Provisioning options.
The data on the chart represents the number of endpoints managed in each system after duplicates have been removed. Duplicates may occur if an endpoint was re-imaged.  They also occur when the same endpoint is in both systems.
The data on the chart represents the number of endpoints managed in each system after duplicates have been removed. Duplicates may occur if an endpoint was re-imaged. They also occur when the same endpoint is in both systems.

Now- these are the activities and features we are working on now:

  • Our CoP has grown to over 113 people. If you are responsible for endpoint management in your unit and would like to join our community on MS Teams, let us know.
  • Create Workspace ONE content recommended naming conventions KB.

Next – these are the activities and features we plan to work on next:

  • We are planning upcoming Community of Practice meetings. If you would like to contribute to a future meeting, please contact Pat Daley.
  • Integrate Workspace ONE with asset reporting database to comply with UW System Policy.
  • Hold an office hours session to get feedback on our documentation and Canvas course.

Later – these are activities, features, and requests that are being explored and are potential candidates for working on next:

  • Integrate Workspace ONE with Active Directory Certificate Services.
  • Integrate Endpoint Management tools with CSOC SIEM.
  • Investigate Workspace ONE Access.
  • Investigate Azure AD integration.
  • Investigate Android management capabilities.

June 2 update

Complete – these activities and features were completed since the last roadmap was published:

  • Enabled the Workspace ONE Hub catalog. This allows end users to install and launch apps assigned to them by an administrator directly from VMware’s Intelligent Hub app.
The data on the chart represents the number of endpoints managed in each system after duplicates have been removed.
The data on the chart represents the number of endpoints managed in each system after duplicates have been removed. Duplicates may occur if an endpoint was re-imaged. They also occur when the same endpoint is in both systems.

Now- these are the activities and features we are working on now:

  • Our CoP has grown to over 112 people. If you are responsible for endpoint management in your unit and would like to join our community on MS Teams, let us know.
  • The project team continues work with Dell/VMware and campus partners to configure the production environment, plan for delegated administration, and evaluate onboarding strategies.
  • Develop a mechanism for Workspace ONE profile sharing.
  • Integrate Workspace ONE with Active Directory Certificate Services.
  • Create the support framework for Apple School Manager.
  • Created a shared repository in BigFix to allow BigFix operators to deploy DoIT packaged content.

Next – these are the activities and features we plan to work on next:

  • Integrate Workspace ONE with CMDB to meet asset reporting requirements. 

Later – these are activities, features, and requests that are being explored and are potential candidates for working on next:

  • Integrate Endpoint Management tools with CSOC SIEM.
  • Investigate Workspace ONE Access.
  • Investigate Azure AD integration.
  • Investigate Android management capabilities.

May 19 update

Complete – these activities and features were completed since the last roadmap was published:

Now- these are the activities and features we are working on now:

  • Our CoP has grown to >106 people. If you are responsible for endpoint management in your unit and would like to join our community on MS Teams, let us know.
  • The project team continues work with Dell/VMware and campus partners to configure the production environment, plan for delegated administration, and evaluate onboarding strategies.
  • Enable Workspace ONE Hub catalog.
  • Develop a mechanism for Workspace ONE profile sharing.
  • Integrate Workspace ONE with Active Directory Certificate Services.
  • Create support framework for Apple School Manager.
Total number of managed endpoints as of May 13, 2021.
Total managed endpoints as of May 13, 2021.

Next – these are the activities and features we plan to work on next:

  • Integrate Workspace ONE with CMDB to meet asset reporting requirements.

Later – these are activities, features, and requests that are being explored and are potential candidates for working on next:

  • Integrating Endpoint Management tools with CSOC SIEM.
  • Investigate Workspace ONE Access.
  • Investigate Azure AD integration.
  • Investigate Android management capabilities.

May 5 update

Complete – these activities and features were completed since the last roadmap was published:

  • Enabled Filevault recovery key access in the self-service portal.
  • Keith Mountin from Apple provided campus partners a two day workshop on managing Apple devices using Workspace ONE.

Now- these are the activities and features we are working on now:

  • Our CoP has grown to over 106 people. If you are responsible for endpoint management in your unit and would like to join our community on MS Teams, let us know.
  • The project team continues work with Dell/VMware and campus partners to configure the production environment, plan for delegated administration, and evaluate onboarding strategies.
  • Investigating creation of an additional shared content repository for Workspace ONE.
  • Enabling Workspace ONE Hub catalog and Enterprise App Repository.
  • Creating a shared repository in BigFix to allow BigFix operators to deploy DoIT packaged content.

Adoption of Workspace ONE over time.

This chart illustrates the adoption of Workspace ONE over time. The blue lines represent the currently enrolled endpoints through April 2021. The red lines show the projected enrollment totals based on information provided from campus units to Departmental Support.

Next – these are the activities and features we plan to work on next:

  • Develop a mechanism for Workspace ONE profile sharing
  • Integrate Workspace ONE with Active Directory Certificate Services
  • Develop support framework for Apple School Manager

Later – these are activities, features, and requests that are being explored and are potential candidates for working on next:

  • Integrating Endpoint Management tools with CSOC SIEM.
  • Investigate Workspace ONE Access

Apr 21 update

Complete – these activities and features were completed since the last roadmap was published:

  • The Endpoint Management Project (EPM) team sponsored our first Endpoint Management Community of Practice (CoP) learning session Thursday 4/15.  Matt Schultz from SMPH shared his experiences using Workspace ONE to manage Macs to an engaged audience of 57 CoP members.

Now- these are the activities and features we are working on now:

  • Our CoP has grown to over 90 people. If you are responsible for endpoint management in your unit and would like to join our community on MS Teams, let us know.
  • The project team continues work with Dell/VMware and campus partners to configure the production environment, plan for delegated administration, and evaluate onboarding strategies.
  • Enable Workspace ONE Hub catalog.

Next – these are the activities and features we plan to work on next:

  • Work with Apple and DoIT Product Management to update Apple School Manager support workflows.
  • Create a shared repository in BigFix to allow BigFix operators to deploy DoIT packaged content.

Later – these are activities, features, and requests that are being explored and are potential candidates for working on next:

  • Integrating Endpoint Management tools with CSOC SIEM.
  • Investigate creating an additional shared content repository for Workspace ONE.

Apr 7 update

Complete – these activities and features were completed since the last roadmap was published:

  • Completed the BigFix upgrade to version 10.0.2.
  • Created a public facing FAQ with information about common problems and current known issues. We will continue to update these documents over time.
    Endpoint Management Project FAQ
    Workspace ONE Known issues
  • Documented roles and responsibilities for service owners, delegated administrators, and basic service consumers in our Delegated Support Model KB.
  • Launched a new project website with enhanced UX.
  • Hosted 59 attendees at our last Lunch & Learn on March 26, with presentations by our vendor partners.

Now- these are the activities and features we are working on now:

  • Our community of practice has grown to over 80 people. If you are responsible for endpoint management in your unit and would like to join our community of practice on MS Teams, let us know.
  • The project team continues work with Dell/VMware and campus partners to configure the production environment, plan for delegated administration, and evaluate onboarding strategies.
  • Developing self-paced training courses for campus administrators.
  • Enabling Workspace ONE Hub catalog.

Next – these are the activities and features we plan to work on next:

  • Work with Apple and DoIT Product Management to update Apple School Manager support workflows.
  • Create a shared repository in BigFix to allow BigFix operators to deploy DoIT packaged content.

Later – these are activities, features, and requests that are being explored and are potential candidates for working on next:

  • Integrating Endpoint Management tools with CSOC SIEM.
  • Investigate creating an additional shared content repository for Workspace ONE.

Mar 16 update

The Endpoint Management Project kicked off the first Lunch & Learn session on February 24th. The team continues on training, documentation, configuration testing of Workspace ONE.

Complete:

  • Created an MS Teams team to serve as a resource for a new Endpoint Management Community of Practice. 
  • Created a consolidated intake process for campus partners

Now:

  • Gathering data from campus partners to build a more comprehensive implementation plan for campus rollout
  • Documenting roles and responsibilities for service owners, delegated administrators, and basic service consumers
  • Creating a public facing FAQ with information about common problems and current known issues
  • Developing self paced training course for campus administrators
  • Continuing work with Dell/VMware and campus partners to configure the production environment, plan for delegated administration, and evaluate onboarding strategies

Next:

  • Work with Apple and DoIT Product Management to update Apple School Manager support workflows
  • Next Lunch & Learn scheduled for March 25th 1-2pm 
  • BigFix upgrade to version 10.0.2

Feb 25 update

The Endpoint Management Project continues moving forward. We have spent the time planning communications, consolidating documentation, setting up a community of practice, upgrading the WS1 console, and finishing up the Dell WS1 Quick Start engagement.      

Complete:

  • On February 16th, DoIT Departmental Support worked with VMware to upgrade the Workspace ONE console from version 2005 to 2101.
  • On February 24th, we held our first Lunch & Learn session, covering our service vision, current state of project, community of practice, and our documentation & intake process. We had 82 registrants and 73 people in attendance.
  • The Endpoint Management KnowledgeBase site (internal) is now live and consolidates all previous BigFix and Workspace ONE documentation into a single space.

Now:

  • The project team is creating an MS Teams team to serve as a resource for a new Endpoint Management Community of Practice
  • The project team continues work with Dell/VMware and campus partners to configure the production environment, plan for delegated administration, and evaluate onboarding strategies.
  • Developing a communication plan for continued engagement on the need for and implementation of unified endpoint management on campus.
  • Creating a repeatable engagement and onboarding strategy for campus partners.

Next:

  • Gathering data from campus partners to build a more comprehensive implementation plan for campus rollout.
  • Define roles and responsibilities for service owners, delegated administrators, and basic service consumers.
  • Develop migration strategies for campus partners currently running endpoint management services and for campus partners with no existing endpoint management strategy.

Feb 10 update

The revised endpoint management budget was approved. Campus is funding the core infrastructure and service offering, as well as licenses for campus endpoints in both the BigFix and Workspace One environments.

From the Madison Budget Office: “Endpoint Management has been funded by campus with one-time funds to begin the campus wide implementation process. We estimate this one-time campus funding will carry the Endpoint Management project into FY23. Starting in FY23, Endpoint Management will be partially funded by the IT Campus Assessment and by FY24 will be fully funded by the IT Campus Assessment.”

Complete:

  • On January 15, the project team migrated from our on-prem environment to the VMware Workspace One SaaS production environment.

Now:

  • The project team is engaged with the Safer Badgers project and AIMS to manage hundreds of endpoints used in the program including the Badger Ambassador devices, check-in devices at testing sites, and the loaner devices being distributed to faculty, staff, and students.
  • On January 25, the project team kicked off a three-week engagement with Dell/VMware and campus partners to configure the production environment, plan for delegated administration, and evaluate onboarding strategies.
  • On February 16th, DoIT Departmental Support will work with VMware to upgrade the Workspace ONE console from version 2005 to 2101.

Next:

Implementation roadmap 

  • Develop an implementation plan for campus rollout.
  • Align with the UW System and the UW-Madison Asset Inventory policies and procedures.
  • Create a repeatable engagement and onboarding strategy for campus partners.
  • Develop a communication plan for continued engagement on the need for and implementation of unified endpoint management on campus.
  • Develop migration strategies for campus partners currently running endpoint management services and for campus partners with no existing endpoint management strategy.

Service Development

  • Create a license purchasing and management process.
  • Define roles and responsibilities for service owners, delegated administrators, and basic service consumers.
  • Create ongoing training opportunities, centralized documentation, and onboarding options.

Community of Practice / Lunch & Learn

  • Create a user-group community to engage with and validate the success and the features of the solution.
  • Hold lunch & learn sessions that offer basic troubleshooting and support.

For more information, please see the Endpoint Management Project or contact us with questions at doit-seam-support@doit.wisc.edu