Full List of Services

Thank you for your interest in Tech Orchard and the services we provide to help your organization implement and maintain a current, secure modern management posture as a foundational requirement for mobile technology success. Below is a summary of our most popular offerings utilizing Workspace ONE UEM platform.

Keep in mind that the services shown are off-the-shelf packages. We know that no two organizations have identical technology frameworks or support needs, so we are happy to schedule a time to establish a personalized plan that delivers the most value to your stakeholders and ROI to your bottom line. Pricing is available upon request.

Please email Phil Poje, CEO, or Kyle McKee, VP of Sales, with questions.

Tech Orchard will survey the CIO, Director of IT and key stakeholders (from departments such as IT, HR, Account Management, etc.) as a basis for development and review of current Mobile Device Usage Policy (MDUP) for both corporate-owned and BYOD assets. Interviews will also address areas of mobility including mobile strategy, security, device management, email management, app management, content management and BYOD accessibility.

Tech Orchard will review any existing Customer’s device usage policies and recommend edits or develop new policy as needed for company-owned and employee-owned devices. We will also provide MDUP rough drafts to management and assist with edits in moving toward finalized documents.

Design and Deploy tasks are estimated based on Customer’s success criteria.

Deployment Pre-Requisites:

Customer will be responsible for the following:

  • Provide Tech Orchard access to VMware portal for downloading install packages as required
  • Assign appropriate technical resources to participate on daily calls as necessary to address Customer network, server, active directory, email and security requirements
  • Provide Workspace ONE UEM console access for Tech Orchard as needed to assist with Workspace ONE UEM configuration, testing and deployment

Workspace ONE UEM Install and Console Configuration:

Working in conjunction with the Customer IT team, Tech Orchard will provide technical and project management services based on the following success criteria:

  • Participate in meetings with Customer, VMware and Tech Orchard technical teams including appropriate stakeholders as indicated
  • Provide pre-install checklist with source/destination network requirements
  • Configure, test and prepare new Workspace ONE UEM console
  • Deploy Workspace ONE UEM Cloud Connector and configuring AD integration
  • Service integrations (Apple DEP\VPP, Android Enterprise)
  • Create/modify/update Workspace ONE UEM profiles and compliance policies based on MDUP interviews and existing Customer security policies
  • Secure access to corporate email and files with the ability to enterprise wipe a device without impacting personal data or apps on Corporate-Owned Personally Enabled (COPE) and BYO devices
  • Configure Workspace ONE UEM profiles and compliance policies to support BYO and employee-owned devices (iOS, Android)
  • Enforce Conditional Access to applications and data based on the compliance and security posture of the user and device
  • Configure device encryption as required by corporate policy
  • Review email security posturing requirements and implement SEG or PowerShell Direct integration to restrict access and enforce DLP to corporate email in Exchange and O365
  • Review best practices, enforcement options and security benefits with VMware Boxer, native and third-party mobile email clients
  • Secure access to cloud-based corporate file shares and applications
  • Create and test app packages for up to five (5) key customer mobile apps (iOS, Android)*
  • Track project progress with periodic reports to the team and executive stakeholders
  • Provide console training, best practices and knowledge transfer for administrative support transition

*Does not include Workspace ONE Add-On SKUs for VMware Tunnel or Identity Manager

Pilot Readiness & Deployment

  • Define enrollment and registration strategy for new devices
  • Identify suitable user group for pilot and UAT
  • Assist with developing communication to production user groups
  • Support the transition

Design and Deploy tasks are estimated based on Customer’s success criteria.

Deployment Pre-Requisites:

Customer will be responsible for the following:

  • Provide Tech Orchard access to VMware portal for downloading install packages as required
  • Assign appropriate technical resources to participate on daily calls as necessary to address Customer network, server, active directory, email and security requirements
  • Provide Workspace ONE UEM Console access for Tech Orchard as needed to assist with Workspace ONE UEM configuration, testing and deployment

Workspace ONE UEM Install and Console Configuration:

Working in conjunction with the Customer IT team, Tech Orchard will provide technical and project management services based on the following success criteria:

  • Participate in meetings with Customer, VMware and Tech Orchard technical teams including appropriate stakeholders as indicated
  • Provide pre-install checklist with source/destination network requirements
  • Configure, test and prepare new Workspace ONE UEM console.
  • Deploy Workspace ONE UEM Cloud Connector and configuring AD integration for each region
  • Service integrations (Apple DEP/VPP, Android Enterprise, MS Business Store)
  • Create/modify/update Workspace ONE UEM profiles and compliance policies based on MDUP interviews and existing Customer security policies
  • Secure access to corporate email and files with the ability to enterprise wipe a device without impacting data or apps on Corporate-Owned Personally Enabled (COPE) and BYO devices
  • Enforce Data Loss Prevention (DLP) controls with O365 email and productivity apps natively in Workspace ONE UEM/Workspace ONE console to control (cut, copy and paste) user access to corporate data*
  • Implement self-service password resets and passcode enforcement
  • Configure Workspace ONE UEM profiles and compliance policies to support BYO and employee-owned devices (iOS, Android, Win10, MacOS)
  • Enforce Conditional Access to applications and data based on the compliance and security posture of the user and device
  • Configure device encryption as required by corporate policy
  • Review email security posturing requirements and implement SEG or PowerShell Direct integration to restrict access and enforce DLP to corporate email in Exchange and O365
  • Review best practices, enforcement options and security benefits with VMware Boxer, native and third-party mobile email clients
  • Secure access to cloud-based corporate file shares, applications, OneDrive and Teams
  • Create and test app packages for up to five (5) key customer mobile apps (iOS, Android)**
  • Track project progress with periodic reports to the team and executive stakeholders
  • Provide console training, best practices and knowledge transfer for administrative support transition
  • Install and configure Mobile Email Management for Workspace ONE UEM

*Requires Microsoft EMS E3 license
**Does not include Workspace ONE Add-On SKUs for VMware Identity Manager and VMware Tunnel

Win10 Modern Management Configurations:

  • Configure device enrollment, Azure AD enrollment (including Out Of the Box Experience (OOBE) & Autopilot) and agent enrollment
  • Configure up to two (2) enrollment methods
  • Configure Dell Factory Provisioning Service for 1 image only (if applicable)
  • Configure Airlift for up to five (5) applications (if applicable)
  • Configure Airlift for up to five (5) Domain Policies
  • Package up to five (5) applications (MSI, EXE, or Zip)
  • Configure up to three (3) CIS or Windows Baselines
  • Configure Bitlocker for Encryption and key storage profiles (if applicable)
  • Configure Dell OEM Updates and BIOS Configurations (if applicable)
  • Configure Windows patch management
  • Configure Windows Defender and Windows Firewall
  • Configure Wi-Fi
  • Configure Device Restrictions profile

MacOS Management:

  • Configure Hub
  • Configure two (2) enrollment methods
  • Configure Apple
  • Configure application distribution for up to five (5) applications with Workspace ONE Admin Assistant
  • Distribute up to three (3) custom scripts (Note: Customer owns writing and supporting scripts. Tech Orchard will help publish.)
  • Configure full disk encryption with File Vault
  • Configure Privacy Preferences profile for up to three (3) applications
  • Configure Software Update Control
  • Configure Wi-Fi
  • Configure Device Restrictions profile

Pilot Readiness & Deployment:

  • Define enrollment and registration strategy for new devices
  • Identify suitable user group for pilot and UAT
  • Assist with developing communication to production user groups
  • Support transition

VMware Tunnel for Per App VPN & Content Gateway:

  • Install VMware Tunnel for Per App VPN
  • Configure DLP policies
  • Configure content repository
  • Configure content editing and annotation
  • Configure personal content
  • Assist with testing up to five (5) devices
  • Install and configure Workspace ONE UEM Mobile Content Management
  • Support transition

VMware Identity Manager for SSO and Unified App Catalog:

  • Assist with SAML integration for Workspace ONE UEM Admin Authentication
  • Assist with SAML integration for Workspace ONE UEM User Authentication
  • Assist with SAML integration for one standard SAML application
  • Assist with VDI integration for Horizon View, Horizon Cloud Hosted and Horizon Cloud on Azure
  • Set up one (1) network range for Authentication Policy
  • Set up one (1) application specific custom Authentication Policy
  • Deploy Unified App Catalog (if applicable)
  • Configure Hub Services (if applicable)
  • Configure Enrollment Authentication to use Access (if applicable)
  • Support transition
  • Federate with existing IDP and configure VMware as Identity Service Provider

Workspace ONE Modern Management Windows 10 Features:

  • Configure device enrollment, Azure AD enrollment (including Out Of the Box Experience (OOBE) & Autopilot) and agent enrollment
  • Configure up to two (2) enrollment methods
  • Configure Dell Factory Provisioning Service for one (1) image only (if applicable)
  • Configure Airlift for up to five (5) applications (if applicable)
  • Configure Airlift for up to five (5) Domain Policies
  • Package up to five (5) applications (MSI, EXE, or Zip)
  • Configure up to three (3) CIS or Windows Baselines
  • Configure Bitlocker for Encryption and key storage profiles (if applicable)
  • Configure Dell OEM Updates and BIOS Configurations (if applicable)
  • Configure Windows patch management
  • Configure Windows Defender and Windows Firewall
  • Configure Wi-Fi
  • Configure Device Restrictions profile

Pilot Readiness & Deployment:

  • Define enrollment and registration strategy for new devices
  • Identify suitable user group for pilot and UAT
  • Assist with developing communication to production user groups
  • Support transition

Workspace ONE Modern Management Windows 10 Features:

  • Configure device enrollment, Azure AD enrollment (including Out Of the Box Experience (OOBE) & Autopilot) and agent enrollment
  • Configure up to two (2) enrollment methods
  • Configure Dell Factory Provisioning Service for one (1) image only (if applicable)
  • Configure Airlift for up to five (5) application (if applicable)
  • Configure Airlift for up to five (5) Domain Policies
  • Package up to five (5) applications (MSI, EXE, or Zip)
  • Configure up to three (3) CIS or Windows Baselines
  • Configure Bitlocker for Encryption and key storage profiles (if applicable)
  • Configure Dell OEM Updates and BIOS Configurations (if applicable)
  • Configure Windows patch management
  • Configure Windows Defender and Windows Firewall
  • Configure Wi-Fi
  • Configure Device Restrictions profile

Workspace ONE MacOS Features:

  • Configure Hub
  • Configure two (2) enrollment methods
  • Configure Apple Business
  • Configure application distribution for up to five (5) applications with Workspace ONE Admin Assistant
  • Distribute up to three (3) custom scripts (Note: Customer owns writing and supporting scripts. Tech Orchard will help publish.)
  • Configure full disk encryption with File Vault
  • Configure Privacy Preferences profile for up to three (3) applications
  • Configure Software Update Control
  • Configure Wi-Fi
  • Configure Device Restrictions profile

Pilot Readiness & Deployment:

  • Define enrollment and registration strategy for new devices
  • Identify suitable user group for pilot and UAT
  • Assist with developing communication to production user groups
  • Support transition

Tech Orchard will work with Customer to establish a baseline for ensuring corporate policies around mobile strategy, security, device management, email management, app management, content management, end-user experience and privacy are implemented within the Workspace ONE console. Specific assessment criteria include:

  • Review current license versions for best value based on current user consumption and recommend appropriate licenses as necessary
  • Review and document current Workspace ONE system architecture
  • Review current use cases for mobile devices and endpoints being managed by Workspace ONE and determine gaps
  • Review and discuss Workspace ONE console best practices
  • Review existing MDM deployment practices (security, apps, email and content)
  • Review organizational hierarchy for defining appropriate assignment and enrollment groups
  • Review current provisioning methods and refine enrollment process as needed
  • Review required apps and deployment methods
  • Review role-based access and admin accounts
  • Review and security posturing for last seen, jail broken or rooted devices
  • Review critical policies (passcode, max attempts, encryption)
  • Review DLP policies around email and content
  • Review whitelisted/blacklisted apps

Remediation Plan:

A Tech Orchard Expert Certified Engineer will develop a formal assessment outlining a description of the problem and recommended remediation steps.

  • Develop offline a formal documented assessment, recommendations and remediation plan
  • Deliver draft proposal and work with Customer on final edits
  • Workshop with key stakeholders to deliver results

  • Track project progress with periodic reports to the team and executive stakeholders
  • Schedule working session to prepare upgrade plan and stage files
  • Provide remote assistance with the deployment, upgrade configuration and testing of all Workspace ONE components
  • Review UAG versions and compatibility (upgrade if necessary)
  • Provide recommendations and assistance with ensuring upgrade does not impact currently deployed profiles and apps
  • Conduct a post-upgrade review of test criteria to verify functionality
  • Review new features in latest version

White Glove Annual Support

  • Supported UEM platforms (Workspace ONE, Intune, Jamf)
  • Unlimited support requests (operational support only; does not include project work)
  • Based on the number of enrolled devices

Ad Hoc Annual Support

  • Supported UEM platforms (Workspace ONE, Intune, Jamf)
  • Pre-paid bucket of hours can be used for proactive project work and operational support requests for up to 1 year
  • 1x burn rate for standard business hours 8-5, M-F
  • 1.5x burn rate for pre-scheduled hours outside of normal business hours
  • Roll over unused hours upon purchase of renewal agreement annually
  • Customer support portal for submitting tickets, tracking project milestones, and viewing retainer balances and renewal dates

Unlimited (Gold) Support ­

  • Supported UEM platforms (Workspace ONE, Intune, Jamf)
  • Fixed fee “unlimited” support for existing UEM deployments (Workspace ONE, Intune, Jamf)
  • Can be used for proactive project work and operational support requests for up to 1 year
  • Limited to 2 on-prem upgrades per year (all components)
  • Standard business hours only
  • No rollover necessary — no cap in hours
  • Customer support portal for submitting tickets, tracking project milestones, and viewing retainer renewal dates

Unlimited (Platinum) Support

  • Supported UEM platforms (Workspace ONE, Intune, Jamf)
  • Fixed fee “unlimited” support for existing UEM deployments (Workspace ONE, Intune, Jamf)
  • Can be used for proactive project work and operational support requests for up to 1 year
  • No limit on the number of on-prem upgrades (all components)
  • Project work can be scheduled for after-hours maintenance windows
  • No rollover necessary — no cap on hours
  • 24×7 support for break-fix issues
  • Customer support portal for submitting tickets, tracking project milestones, and viewing retainer renewal dates