Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
This article provides an overview of using the Location (GPS) option within Workspace ONE (formerly known as AirWatch).
Listed here below are the outlined sections in this article. Introduction to Location Tracking on Workspace ONE iOS GPS Data RequirementsAndroid GPS Data RequirementsLocation Data for Windows Devices Lost DevicesGPS Reporting Vs. Last Scan Introduction to Location Tracking on Workspace ONE The GPS option does not function similarly to traditional GPS apps (real-time data collection) within Workspace ONE. Information only updates when the device moves across cell towers or Wi-Fi hotspots. Additionally, GPS information is only updated when the Intelligent Hub sends a sample of info (which does not occur continually).All of this is done only to get an approximate location of the device rather than real-time tracking. The reason behind this is that GPS is a very battery intensive operation.The collection of GPS coordinates relates to privacy concerns in a fundamental way. While it is not appropriate to collect GPS data for employee-owned devices, the following notes apply to all devices enrolled in Workspace ONE UEM: Only the Workspace ONE Intelligent Hub relays device GPS location data back to the UEM console.GPS is typically used for lost or stolen devices. It is also used when knowing the location of a device is inherently part of the Workspace ONE UEM console function such as Geofencing.When GPS data is reported, Workspace ONE UEM defines a 1-kilometer region around this location. It then reports location information whenever the device moves outside the region or whenever the user opens a Workspace ONE UEM or internal application. No new GPS data is reported unless one of these actions occurs. iOS GPS Data Requirements GPS data can be detected when an application using the VMware Workspace ONE SDK is manually opened and made active. However, only Workspace ONE Intelligent Hub App reports the GPS data back to the console. Other apps that use the Workspace ONE SDK such as VMware Browser, Content Locker, Boxer does not report GPS data back to the UEM console but detects the GPS info. Based on privacy policies on iOS, MDM providers cannot enforce that an end-user shares location info. The end-user always has the option to turn off location access to Intelligent Hub in which case no information will be reported.Additionally, GPS data can be detected when you make a significant location change as long as the device has access to a cellular network, location services are enabled for an application using the Workspace ONE SDK, even if the application is in the background. Note: The distance required for a significant location change is defined by iOS. If no applications using the Workspace ONE SDK are active in the foreground or background, no GPS data will be detected. Android GPS Data Requirements GPS Data can be collected based on the interval set for GPS Time Poll Interval under Devices & Users > Android > Intelligent Hub Settings, and then it is reported to the server based on the Data Transmit Interval setting. If the device is stationary, duplicate GPS data can be discarded.For most Android devices, GPS data can be enabled by navigating the Workspace ONE UEM Console to Settings > Devices & Users > Android > Intelligent Hub Settings > Force GPS On. Location Data for Windows Devices While some Windows devices are not enabled for GPS data, Windows devices with Wi-Fi networks can use the network to track the location of the device when the ability to collect location data is enabled in Workspace ONE Intelligent Hub settings within the Console (please reference the Enabling Location Services on the Device/Console section below for additional details). This is achieved by reporting the estimated IP location or, if connected to the internet through a hotspot, by a cell tower. However, if network connectivity is unavailable or the IP address is unknown (for example, when using VPN), location will not be available for these devices. Blocking or disabling location tracking on the Windows operating system itself will effectively prevent location tracking. Enabling Location Services on the Device/Console Location Services for the iOS device - can be enabled under Settings > Privacy > Location Services. This cannot be done from the console, even for a managed device, and it is part of the new Apple policy to protect end-user settings and ability from MDM vendor control.Location Services in the Workspace ONE UEM console - can be enabled under Devices & Users > Apple > Apple iOS > Intelligent Hub Settings > Collect Location Data. Enabling this and clicking Save will not force the device to immediately report GPS data. When you make the change to the settings in the console, they are updated immediately and the console will send out the commands. However, not all devices will receive it immediately. If a device is off, locked, or has not checked in to the console, it will not receive this command. It will receive these settings the next time they open the agent on their device and the device checks in. Workspace ONE UEM does not have a way to mass report if a certain console setting has been applied to each device other than viewing Device Events. You could run the GPS Log report to see the data that is reported, or you could view the GPS tab of each device details to see if it is reporting GPS locations, but there is no option for you to see which devices have not installed the settings that you changed in Apple iOS > Intelligent Hub Settings.In addition, under Settings > Devices & Users > General > Privacy in the Workspace ONE Console, GPS Data must be set to Collect and Display for required device Ownership type. Lost Devices You can still track GPS while the MDM agent application is running on the device, and the GPS coordinates will provide a last-known location on the console.If the iPad is found by someone who does not know the passcode, the passcode can be cleared from the console in order to allow access into the device, or also can be changed.You can also send a Request Device Check-In command from the console to request that the end-user open the Workspace ONE SDK enabled app and allow a compliance check command to be sent back, which will register it as active on the console as well as collect GPS data while the app is running. GPS data reporting vs. Last Scan GPS data reporting and Last Scan are not the same. Last Scan is based on compliance whereas GPS data is reported based on what is mentioned above.
For more information on personal device location data click here Privacy for BYOD Deployments.