From the time, VMware acquired this product and bundled with Horizon, UEM has really given life to Virtual Desktop infrastructure and is being widely accepted product. In the end, we are not just selling Virtual desktop with all security implementations, we are also focused on how end user feels when he/she uses the VDI.
UEM is a wonderful product with no defined boundary for what it can achieve until or unless it lies in HKCU and thought process of admin to do scripting, defining registries and various other operations available in UEM. Till now, we have seen so much on UEM use cases and what to achieve and how to achieve in term on features. I am going to explain here one more crucial thing i.e. condition and condition sets.
Condition is basically one or more rules which you define for a any configuration to be applied or not for various types of entities based on AD objects or network parameter, Windows attributes etc. Condition are defined for each configuration independently.
Condition Sets is basically a collection of one or more conditions or rules or condition sets which are defined once in UEM and can be used for multiple applications/windows configurations.
- Let’s talk about defining condition in UEM. Launch UEM Management Console and click on Condition Sets. you can see there are multiple condition sets already available. These are populated on EasyStart. Click on Create
- Provide a suitable name to your condition and click on Add button which will list out all the available options to you which you can define.
- Suppose, you selected Operating System as Windows 10 and click on Ok and Save Till now it is all simple.
- What if you want this configuration to be applied to all the Operating systems except Windows 7. You can do so by adding multiple conditions but easiest way is to define condition which should avoid applying configuration on Windows 7 OS.
- Create a Condition again with Windows 7 selected.
- Right click on condition and select NOT
- You will see that condition changes to negation of Windows 7. Now any operating system other than Windows 7 will get this config applied.
- Lets take an example, you being an admin required to provide share drive to sales and marketing groups . In this case, if you define condition as shown below, it won’t work.
- Above condition will fail as it is going to check for user belonging to both group. So you have to tweek this condition a bit by defining OR condition here and its simple. Right click on AND and select OR as shown below:
- In above screenshot, you have seen there are other options also available. you can also leverage on such condition. its simple mathematics of boolean algebra. 🙂
- Lets further add one more condition to Example 2. Now you want to provide share drive access to sales and marketing group but from internal network only. If you define any condition other than shown below, your config wont work. Here, I have created two groups first. In one group, we have our user groups and in other we have corporate IP range and these two groups are configured with AND operation. Hence both the condition will be checked to be true.
Like this we can have n number of condition sets which can be defined in UEM to utilize it in a better way.
Thanks for reading.