Workspace ONE UEM Product Provisioning for Android - Troubleshooting via Job Log Level



-->
Product provisioning in Workspace ONE UEM is an incredibly useful feature. We are often able to deliver resources or manage a device without the use of product provisioning, but there will be use cases that require additional capabilities.

Product provisioning allows for actions to be defined in a product manifest, with actions being completed in a sequential order. These actions can be placed in the correct order to achieve the required outcome. If there is a failure in a step, the delivery will stop at the step that failed. The success or failure of each action can be logged for auditing or troubleshooting. Optionally, debug mode can be used to identify root causes remotely. Debug mode level can be turned on by organization group, allowing large groups of devices to have results recorded, or on individual endpoints. 

One action that I have become very familiar with is remotely delivering an intent to an activity in my Android application. The ability to review failures remotely with debug mode would be a huge help in this use case, as I could verify testing was completed with the updated version of the action. To achieve the successful delivery, I would modify each action as necessary and iteratively validate the actions success. Running the intent would remotely initiate startActivity with the action, package and class specified in Workspace ONE UEM. This would occur after APK installation is complete, and would allow for my use case to communicate with a service hosted in a virtual private cloud. Following this, my use case would rely on pub/sub messaging (Google FCM high priority message) to communicate. All of this was possible only after eliminating race conditions, applying appropriate managed configuration and permissions.

Workspace ONE UEM has made it easy to troubleshoot product provisioning with the use of debug mode. Before we dive in to product provisioning further, we will review methods to override debug mode.

Individual Device:
1. In the Workspace ONE UEM console, navigate to:
Devices -> List View
2. Locate your device, and click on the device to review the device details
3. In the upper right corner, click 'More Actions', followed by 'Override Job Log Level'
4. In the window that appears, at the top there is a drop-down. I will use 'Verbose', in order to capture as much detail as possible. Enter your PIN to proceed


5. Activate the product. Let the delivery occur.
6. Once delivery has completed, in the device details, click 'More' followed by 'Products'

6. In the next window that opens, click magnifying glass to review the job history



7. Click the magnifying glass to review the debug logs remotely
 

8. Verbose logs are displayed. At this time you are able to validate the version of each action delivered, and failure that would occur
Example: Successful deployment with verbose mode enabled
 
Example: Successful deployment with log level left at default. Note the lack of ability to review logs or click the magnifying glass.


To modify the Job Log Level for all devices in an organization group; navigate in the Workspace ONE UEM console to Intelligent Hub Settings and select the appropriate logging level. To access Intelligent Hub Settings, navigate to:
Groups & Settings -> Devices & Users -> Android -> Intelligent Hub Settings




If you have access to the device itself, you can open Hub and review the product delivery. The video below captures the device receiving the product. You can see when the activity is started in the video, as the activity tries to appear in the foreground, while VMware Launcher is in the foreground. VMware Launcher in this use case remains in the foreground, with the activity starting services required to operate in the background.


Mahalo,
Ryan Pringnitz


References:
Android Developers - Common Intents
VMware Workspace ONE UEM 1903 - Product Provisioning for Android
Location: Hanalei, HI, USA

Comments

Post a Comment

Popular posts from this blog

Delivering Managed Configurations (key/value pairs) to Android applications with Workspace ONE UEM profiles

Image
Applications often have secrets that should not be hardcoded in the source code. This poses a challenge for developers, as ProGuard can change classes and method names, it won't help with secrets. Examples of secrets that can be removed from application source code include an API key or a OAuth refresh token. Another capability is for the MDM to dynamically deliver values to the application, such as the current logged in user, device serial number, or organization group. Google has made it more challenging to access non-resettable device identifiers like the serial number in recent years, and this remains a viable solution to provide non-resettable device identifiers (and other values) to applications running on the device. So how do we do it? Workspace ONE UEM can deliver profiles to devices. Profiles can configure a number of settings, in addition to delivering key/value pairs to your applications.  Google refers to these key/value pairs as Managed Configurations, aka application
Read more

How to use Square's OkHttp Java library to access Workspace ONE UEM API's

Image
Digital workspace solutions often require consuming other services. When doing so, you may work with things like; REST API endpoints, Webhooks, gRPC, GraphQL - the list goes on. You can interact with these in a number of ways, but one way I've come to appreciate is with Java. It has been especially helpful when I've wanted to work with libraries like Appium, Selenium, OKHttp, or the Workspace ONE UEM SDK in a workflow. With that, I thought it would be helpful to share how to work with Workspace ONE UEM API's using Java. In this blog post, we will cover; Basics of JetBrain's IntelliJ IDE, touching on Apache Maven Using  Square's OkHttp   library  to call Workspace ONE UEM API's Why Java? Java is used by many and supported by most (Docker, Kubernetes, static code analysis tools, cloud service providers, Android, Windows, macOS, Tanzu Application Service, etc). Many languages compile to j ava
Read more

How to use Powershell with the Workspace ONE UEM API to search for users

Image
Using API's has been infinitely helpful in integrating Workspace ONE UEM with other enterprise services and applications. A question was asked recently about forming the correct HTTP header using Powershell, and returning the users in the users. Below is an example Powershell script I was able to create for this example. Make sure to include base64 encoded credentials in a folder (c:\creds\b64.txt in the example), and to update the $apiKey variable with an API key. #Workspace ONE UEM Environment Address / Authentication  $addy   =   "https://ws1.molokaibank.com" $b64   =   Get-Content   -Path   "c:\creds\b64.txt" $apiKey   =   "apikey" $b64EncodedAuth   =   " $b64 " # Header $content   =   "application/json"   $authHeader   =   "Basic "   +   $b64EncodedAuth $header   =  @{ "Authorization"   =   $authHeader ;  "aw-tenant-code"   =   $apiKey ;  "Accept"   =   $content ; 
Read more