Guides
ProductDeveloperPartnerPersonal
Guides
ProductDeveloperPartnerPersonal

VMware Workspace ONE

Suggest Edits

This section explains how to deploy the Umbrella module on Android devices using zero-touch deployment. This method ensures seamless protection by enabling Always On VPN through the Mobile Device Manager (MDM) Workspace One, without manual intervention.

The Umbrella module in Cisco Secure Client provides robust protection against threats by securing both applications and internet-based traffic at the DNS layer on Android devices.

📘

Workspace ONE Details

For more information about using the Cisco Umbrella Anyconnect module with the Workspace ONE MDM, refer to the Workspace ONE documentation available online on VMWare's documentation website.

🚧

Important

Install the Cisco Secure Client only after you have published and installed the Always On VPN profile in Workspace One Intelligent Hub.

Table of Contents

Prerequisites

  • Complete the Android EMM (Enterprise Mobility Management) registration, device enrollment, and a work profile creation.
  • Ensure that the MDM app Hub is visible within the work profile.

Procedure for Deployment

Create Always On VPN Profile

  1. In the the Workspace ONE UEM console, navigate to Resources > Profiles & Baselines > Profiles.
  2. Click Add and choose Add Profile from the drop-down list.
  1. Select Android as the platform.
  1. Choose CUSTOM DPC or ANDROID MANAGEMENT API as the Management Type and click Next.
  1. Enter a name for your profile. For example, Always On VPN.
  1. Navigate to the VPN section and click Add.
  1. In the VPN setting configuration section, complete the fields, including the following:
  • From the Connection Type drop-down list, choose Cisco AnyConnect .
  • In the Server field, enter cisco://local.
  • In the Connection Name, enter the name.
  • Enable the Always on VPN button.
  • Enable the Set Active button.
  • Enable the Per-App VPN Rules button.
  1. Click Next.
  1. Search or navigate to the Credentials section, and click Add.
  1. In the Credential section, do the following:
  • From the Credential Source drop-down list, choose Upload.
  • Click Choose File to browse and select the Cisco_Umbrella_Root_CA Certificate downloaded from Umbrella.

Note: In Umbrella, navigate to Deployments > Configuration > Root Certificate, expand Cisco Root Certificate Authority, and download the Cisco Umbrella root certificate, see Push the Umbrella Certificate to Managed Devices.

  • Click ATTACH CERTIFICATE.
  1. After successful upload of the certificate, the Credential Name would be added automatically and then click Next.
  1. In the Assignment and Deployment profile settings screen, complete the fields, including the following:
  • In the Smart Group field, choose the group of devices to which the Always On VPN profile is to be assigned.
  • Select the appropriate deployment values. Choose Auto from the Assignment Type drop-down list, to deploy the profile to all device automatically.
  1. Click Save & Publish.

Add and Publish the Cisco Secure Client Application

  1. In the Workspace ONE UEM console, navigate to Resources > Native > Public.
  1. Click Add Application.
  1. To add the Cisco Secure Client application, add the following details:
    1. Enter Managed By field, choose the Organization Group that you set up to manage applications.
    2. From the Platform drop-down list, choose Android.
    3. In the Source field, select SEARCH APP STORE to search for the application in the app store.
    4. In the Name field, enter Cisco Secure Client and click Next. Google Play launches within
      the console.
  1. In the Google Play store, click the Cisco Secure Client AnyConnect application.
  1. Click Approve to accept the permission for all versions of the application.
  1. Click Done to handle the new app permission requests.
  1. Now, click Save & Assign.

The Cisco Secure Client-AnyConnect Assignment Wizard appears:

  1. On the Distribution page, enter the necessary details to define how the application will be distributed. Click Restrictions.
  1. On the Restrictions page, enable the Managed Access button to allow only EMM managed devices to install the application. Click Tunnel.
  1. On the Tunnel page, from the Android (Custom DPC) drop-down list, choose the Always On VPN profile created in the Create Always On VPN Profile section. This enables the Always On VPN profile for the managed devices. Click Application Configuration.

The Application Configuration page appears.

  1. On the Application Configuration page, complete the fields, including the following:
  • Leave the Host field empty, as the server details are taken from the profile.
  • From the Accept SEULA For Users drop-down list, choose Enable to prevent users from manually accepting the SEULA banner.
  • From the Enable Always On VPN Mode for Umbrella Protection Only drop-down list, choose Enable to allow the Cisco Secure Client application to automatically manage Umbrella protection and seamlessly accept VPN connection requests when Umbrella protection is activated.
  • From the Block users from creating new VPN connections drop-down list, choose Enable.
  • Enter the application configuration details, such as, Umbrella Organization Id and Umbrella Registration Token, by referring the Android Config File downloaded from the Umbrella dashboard. For more information on how to download Android Config File, see Android Configuration Download.
  1. Click Components Profile Configuration.
  2. Click Create.

The Cisco Secure Client-AnyConnect app assignment is created.

  1. Click Save.
  1. Click Publish to publish the Cisco Secure Client Application.

As the app delivery method is set to auto on the Distribution page the application gets installed automatically on the device and is displayed in both the console and your device.

MobileIron MDM < VMware Workspace ONE > Microsoft Intune MDM

Updated 8 days ago