Workspace ONE UEM Product Provisioning for Android - Troubleshooting via Job Log Level

Product provisioning in Workspace ONE UEM is an incredibly useful feature. We are often able to deliver resources or manage a device without the use of product provisioning, but there will be use cases that require additional capabilities.

Product provisioning allows for actions to be defined in a product manifest, with actions being completed in a sequential order. These actions can be placed in the correct order to achieve the required outcome. If there is a failure in a step, the delivery will stop at the step that failed. The success or failure of each action can be logged for auditing or troubleshooting. Optionally, debug mode can be used to identify root causes remotely. Debug mode level can be turned on by organization group, allowing large groups of devices to have results recorded, or on individual endpoints. 

One action that I have become very familiar with is remotely delivering an intent to an activity in my Android application. The ability to review failures remotely with debug mode would be a huge help in this use case, as I could verify testing was completed with the updated version of the action. To achieve the successful delivery, I would modify each action as necessary and iteratively validate the actions success. Running the intent would remotely initiate startActivity with the action, package and class specified in Workspace ONE UEM. This would occur after APK installation is complete, and would allow for my use case to communicate with a service hosted in a virtual private cloud. Following this, my use case would rely on pub/sub messaging (Google FCM high priority message) to communicate. All of this was possible only after eliminating race conditions, applying appropriate managed configuration and permissions.

Workspace ONE UEM has made it easy to troubleshoot product provisioning with the use of debug mode. Before we dive in to product provisioning further, we will review methods to override debug mode.

Individual Device:
1. In the Workspace ONE UEM console, navigate to:
Devices -> List View
2. Locate your device, and click on the device to review the device details
3. In the upper right corner, click 'More Actions', followed by 'Override Job Log Level'
4. In the window that appears, at the top there is a drop-down. I will use 'Verbose', in order to capture as much detail as possible. Enter your PIN to proceed

5. Activate the product. Let the delivery occur.
6. Once delivery has completed, in the device details, click 'More' followed by 'Products'

6. In the next window that opens, click magnifying glass to review the job history

7. Click the magnifying glass to review the debug logs remotely

8. Verbose logs are displayed. At this time you are able to validate the version of each action delivered, and failure that would occur
Example: Successful deployment with verbose mode enabled
Example: Successful deployment with log level left at default. Note the lack of ability to review logs or click the magnifying glass.

To modify the Job Log Level for all devices in an organization group; navigate in the Workspace ONE UEM console to Intelligent Hub Settings and select the appropriate logging level. To access Intelligent Hub Settings, navigate to:
Groups & Settings -> Devices & Users -> Android -> Intelligent Hub Settings

If you have access to the device itself, you can open Hub and review the product delivery. The video below captures the device receiving the product. You can see when the activity is started in the video, as the activity tries to appear in the foreground, while VMware Launcher is in the foreground. VMware Launcher in this use case remains in the foreground, with the activity starting services required to operate in the background.

Ryan Pringnitz

Android Developers - Common Intents
VMware Workspace ONE UEM 1903 - Product Provisioning for Android


Popular posts from this blog

How to use Fiddler Everywhere to inspect Android network traffic to troubleshoot SAML authentication issues

Clean up duplicate identities and users from Workspace ONE using REST API's and PowerShell

Workspace ONE Intelligence and Zimperium Mobile Threat Detection Integration