|
|
|
Supported Mobile Devices |
|
|
Supported Mobile platforms
Details
|
Supported
Supports Android 4+, iOS 7+, Windows Phone 8/8.1, Windows 10 Mobile
|
Supported
Supports Android 4+, iOS 8+, Windows Phone 8/8.1, Windows 10 Mobile
|
Supported
Supports Android 4.4+, Android for work, iOS 9+, Windows 10 Mobile, Windows phone 8.1
|
|
|
|
Supported Rugged Devices |
|
|
Windows Rugged devices support
Details
|
Supported
Supports Windows Rugged (Mobile 5/6 and Windows CE 4/5/6)
|
Not Available
It still support Android rugged devices version 2.2
|
Not Supported
Rugged devices not supported.
|
|
|
|
Supported IoT Devices |
|
|
Iot devices support
Details
|
|
|
|
|
|
|
Supported Browsers |
|
|
Supported Internet browser
Details
|
Supported
NEW
Chrome, Firefox, Safari, Internet Explorer 11, Microsoft Edge
|
Supported
NEW
Microsoft Edge,Safari, Chrome. Mozilla
|
Supported
Chrome, Safari, Internet Explorer 11, Microsoft Edge, Mozilla Firefox with Silverlight enabled
|
|
|
|
General MDM |
|
|
Support for Single Sign-on
Details
|
Supported
NEW
Advanced single sign on via VMware Identity Manager
|
Supported
With the Integration of IBM hosted Identity service that allows end users to single sign-on (SSO) to applications while ensuring only MaaS360 managed and compliant devices can access corporate resources. MaaS360 also allows other 3rd part tools like okta etc for SSO integration.
|
Supported
Is available via Azure AD Premium / Azure MFA
|
|
VPN Profile Management
Details
|
Supported
VMware enables IT administrators to push VPN profiles automatically or on-demand and assign based on user group, location or time of day.
|
Supported
Other than adding VPN profiles, MaaS360 comes with a VPN module that allows users to access their corporate network from an iOS or an Android device.
|
Supported
Intune enables to configure and push VPN profiles with every Intune enrollment. Users can then with supported VPN clients, can connect to corporate network.
|
|
App-level tunneling or Micro VPN
Details
|
Supported
VMware AirWatch Tunnel provides a secure method for organizations to allow both internally built and public applications to access corporate resources residing in your secure enterprise network on a per-app basis.
|
Supported
All enterprise application goes via Enterprise Gateway. App-level tunneling for secure access to corporate data
without requiring a device VPN
|
Supported
https://cloudblogs.microsoft.com/enterprisemobility/2015/02/03/how-to-set-up-per-app-vpn-using-microsoft-intune/
|
|
Wi-Fi Configuration
Details
|
Supported
VMware Workspace ONE allows customers to configure Wi-Fi profiles to download automatically or on-demand to user devices. Wi-Fi profiles can be assigned based on user group, location within a defined geo-fence or time of day. For example, if employees should only be accessing Wi-Fi during defined business hours, VMware enables IT administrators to set that restriction.
|
Supported
Admins can configure WiFi profiles with required security type and certificate and push it to devices. These profiles can be pushed to users groups.
|
Supported
Intune enables to configure and push corporate WiFi profiles with every Intune enrollment. Users can then can connect to corporate network.
|
|
Device Location/tracking
Details
|
Supported
Admins can track device status information, including GPS coordinates, compliance status, last device check-in, roaming status, connection information, power status, etc.
- Locate, lock, or wipe lost or stolen devices for complete DLP
-- Locate devices using real-time GPS and cell tower tracking, and breadcrumb history
-- Identify potentially lost or stolen devices that have not checked in for a pre-set period of time through automated compliance rules
-- View mapped location within the web console
-- Activate signal sound to locate devices
-- Use privacy controls to protect personal (and potentially sensitive) information, such as GPS, data for BYOD programs
- Profile deployment/removal: Enable geofencing to automatically force the installation/removal of profiles based on location
- Apps: Leverage advanced security tools, such as geofencing and GPS location tracking, with VMware App Wrapping and the VMware AirWatch Software Development Kit
- Content: Restrict document access to a specific location through geofencing with the VMware AirWatch Content Locker
|
Supported
Locate, lock, buzz and reset a passcode on a device
|
Partial
This feature is currently only available for iOS devices.
|
|
Device Hardware Inventory
Details
|
Supported
IT administrators have a complete view of their device fleet in the administrative console.
|
Supported
Basic details around enrolled device can be found inside the Device dashboard. Dashboard categorize devices by platform, last enrolled, compliance status etc.
|
Supported
Intune allows to fetch basic information about enrolled devices, like the operating system, make and model, storage details, device name etc.
|
|
Application Inventory
Details
|
Supported
IT administrators can deploy apps to all or select groups of users through the administrative console and track usage via the dashboard.
|
Supported
Track provisioning, manage licenses and monitor compliance.
|
Supported
Intune allows to report all installed managed application on the device, but theres no option for admins to view all other non-managed apps on devices.
|
|
|
Supported
Administrators can enable kiosk mode to disable navigation and browsing capability. In kiosk mode, users can only navigate through a single site. Administrators can also set inactivity time limits.
|
Supported
Kiosk Mode available for iOS and Android.
|
Supported
Administrators can enable kiosk mode to Android (Samsung Knox devices), iOS (supervised device only) and Windows 10 devices (currently in Preview mode).
|
|
|
|
Security |
|
|
Enforce Device Encryption
Details
|
Supported
Administrators can deliver encryption to the device, app, content and email level.
|
Supported
Available for Android and Windows Phones
|
Supported
Allows device encryption on supported Models of Android. Also, supports SD card encryption.
|
|
Jailbreak and root detection
Details
|
Supported
Administrators can set automatic remediation actions if jailbroken or rooted devices are detected.
|
Supported
The available dynamic actions to enforce are selective wipe, change policy, wipe, remove control, and hide device in addition to send notification to the end user and mark the device as non-compliant.
|
Supported
Prevents Rooted / Jailbroken devices from enrollment.
|
|
Device Passcode & Remote Lock
Details
|
Supported
Administrators can set passcodes that meet requirements based on length and complexity. Admins can also lock devices remotely, and users can lock their own devices remotely through the Self-Service Portal.
|
Supported
With MaaS360, admins can push remote commands like lock device, wipe etc and also apply passcode and encryption enforcements.
|
Supported
|
|
Full Remote & Selective Wipe
Details
|
Supported
Administrators or users through the Self-Service Portal can remotely wipe just enterprise data (BYOD and enterprise-owned) or all data from the device (enterprise-owned only).
|
Supported
Instant action through automation or manual intervention to block email access, restrict network resources (e.g., no VPN) & perform a remote wipe
|
Supported
|
|
|
Supported
VMware Boxer is a secure, encrypted and user-friendly email client for Mobile devices included in VMware Workspace ONE and can be implement with Secure Email Gateway which encrypts email traffic.
|
Supported
Use FIPS 140-2 compliant, AES-256 encryption
|
Supported
Use Secure Sockets Layer (SSL) communication when sending emails, receiving emails, and communicating with the Exchange server
|
|
Multifactor Authentication
Details
|
Supported
Airwatch can be integrated with Vmware Identity Managemer or Workspace One for 2nd factor or can utilize any 3rd party identity provider for the Multi factor Authentication.
|
Supported with IBM Security Access Manager
Enrollments may be triggered by a one-time request code, automated based on enterprise directory user activation
|
Supported
Intune can be used with Azure MFA for providing second factor authentication for O365 and other 3rd party applications.
|
|
|
Supported
Airwatch allows to setup and assign EULA for user acceptance during enrollment.
|
Supported
End users are promted to accept corporate Mobile device usage policy at the time of device enrollment.
|
Supported
Intune allows to configure and assign End User legal terms of use for end users to accept during the time of enrollment. Users can go through the Corporate Mobile device usage policy and abide by it accordingly.
|
|
Role Based Admins
Details
|
Supported
VMware Workspace ONE features role-based access and authentication capabilities that allow organizations to delegate administrative roles based on relevance to end user job function. Role-based access permits 2,000 unique security permissions to define custom roles, including the option to assign multiple roles to a particular administrator. Role-based access functionality allows automatic assignment of roles to individual users or groups with LDAP integration as well as automatic syncs of any changes, all from a single console.
|
Supported
MaaS 360 provides in-built and custom admin roles options with large number of factors.
|
Supported
Intunes provide options with default in-built admin roles, and it also gives option to create custom admin roles.
|
|
|
|
Device Enrolment |
|
|
Self Service Web Portal and Enrolment
Details
|
Supported
All users get access to a Self-Service Portal to manage their own devices. Users can also install VMware Workspace ONE on their devices simply through a custom URL or downloading the app and entering their corporate email and password.
|
Supported
MaaS 360 enables self service web portal for end users.
|
Supported
Ability to register, enroll, and manage their devices as well as install corporate applications from the self-service Company Portal
|
|
Device Ownership selection
Details
|
Supported
NEW
Ability to specify ownership of device user Or Company
|
Supported
NEW
Employee Owned, Corporate Owned and Shared are the categories available with MaaS 360. Users have to select one of this ownership category at the time of enrollment.
|
Supported
NEW
Intune shows 2 ownership categories, first one is Device Ownsership type, which assigns Personal by default for all device enrolled except if the device falls in other type which is Corporate that is assigned to devices those are added as managed device like via DEP and second category is Device Category option which is Admin created categories and is promted during the time of Enrollment.
|