Posts

Showing posts with the label rest api

Remove sensitive information from data at rest when authenticating to Workspace ONE API's by entering credentials at runtime (part 2)

Image
When it comes to accessing API's and securing your digital workspace, we have options. When accessing Workspace ONE API's, we have options when securely interacting with them; like using base64 encoded credentials, or  OAuth  access tokens (versions 2001 and newer). In a previous blog post, we covered how to store sensitive credentials used to access Workspace ONE API's with a config.ini file. This approach works, and while ACL's can limit accounts that can read data at rest; organizations may still prefer to not store credentials in something like json or a old school ini file.  Today, we'll provide you with your daily dose of uplifting imagery from Hawaii, code to retrieve credentials at runtime, store base64 encoded credentials in memory during execution, and access Workspace ONE API's with the credentials. This way, you can simply hand your code off to operations, sit by the beach, hop on a trail, and enjoy your time in Hawaii. Waimea Canyon, the G

Force Android applications like Google Chrome to update in a zero-day/bug-fix/new-feature scenario with Workspace ONE

Image
There is a real and immediate need for every organization to be able to quickly react to zero-day vulnerabilities or new application releases with features requiring immediate and precise cut-overs. The threat landscape is wider than ever, while the frequency of new application builds in a world of CI/CD pipelines decreases from days to hours; and everything supporting the business has exacting requirements that need to be met.  Workspace ONE and the EUC product line-up is really well equipped to handle any digital workspace use case on any major platform. When you offer all that with API's to manage identity, access management and secure edge services; you have API's for everything to provide secure remote access to resources.  What has been interesting to watch over the years is the utility, broad-appeal, varied-price points and proven capabilities of the Android OS. As the OS has matured from the era of Jelly Bean, KitKat and Lollipop; the number of use cases supported b

Submitting HTTP Requests to REST API endpoints in Workspace ONE UEM to retrieve devices

Image
Usage and adoption of REST API's continues to increase, as the need to integrate services over the web is greater than it has ever been. One of the most frequently used API endpoints in Workspace ONE UEM is  /API/mdm/devices. This API endpoint accepts a variety of parameters that help filter your result set to only include what is necessary, and reduce the payload size returned in the HTTP response. We will take a look at a quick example of how to perform this HTTP Request with Powershell and invoke-restmethod. Below is a simple Powershell script I was able to create for this example. Make sure to include base64 encoded credentials in a folder (c:\creds\b64.txt in the example), and to update the $apiKey object with an API key. When reviewing the results from the object with $getDevices.Devices, the following is stored in the variable: This API really gives you quite a bit to work with, and VMware is really good about offering developers an assortment of APIs to report

Zimperium Delivery and Activation on Android Enterprise with Workspace ONE UEM Product Provisioning

Image
A use case I am involved in required remotely delivering Zimperium zIPS, a mobile threat detection and response security product, to Android Enterprise devices with Workspace ONE UEM. Zimperium is an incredible mobile security product, which I will discuss more in upcoming blog posts. The way Workspace ONE and Zimperium compliment each other is ideal for securing devices running (Android and iOS supported). First we need to deliver zIPS; and this will cover the delivery and activation of zIPS on an Android Work Managed device with Workspace ONE UEM Product Provisioning. For zIPS to secure a device, report threats back to Zimperium's zConsole and eventually Workspace ONE Intelligence; zIPS requires activation on each device. It sounds daunting, especially because it isn't just delivering an apk file and managed configuration. If you have a fleet of 15,000 or 150,000 devices; you wouldn't want to visit each point-of-sale kiosk, in-flight entertainment system, medical devic