AirWatch Group Best Practices

The number 1 key item for AirWatch groups is remembering what to use the different grouping structures: Organization Groups, User Groups and Smart Groups for.

Organization Groups, which are configured in Groups & Settings à Groups à Organization Groups à Organization Groups Detail are best used for creating sandboxed groups for testing. They provide you the advantage of tying admin accounts to specific groups, which can allow you to provide administrators their own sandbox for testing without the danger of impacting your production group.

By having separate Production and Testing Organization groups you also provide your enterprise the ability to create a recovery point in the event you need to completely start your deployment over due to a shift in project requirements.

They are also useful for the following:
· Providing separate IT departments access to their individual rollouts
· Providing separation between use cases (only if they are managed by different admins)
· Providing developers their own sandbox

The biggest caution we have concerning Organization Groups is to not create too complex of a structure. We realize that some use cases may need this but most should never go further than 3 or 4 levels deep. Most will only require 2 (root, then production and test).

Another major warning: Try to create all your users at the top level. Likewise having your Directory Integration configured at the top level is standard. Because the Directory Integration supports multiple domains you should be able to configure them from a single group. If you need to test changes to your Directory Integration simply create a separate Directory Integration Test group specifically for that purpose, then override the settings at that level.

User Groups are the best way to manage separation of use case or business cases. This is especially true if they are going to be managed by the same set of administrators. Because they integrate with AD (and other LDAP solutions) and automatically sync their status (more below) they are very powerful for companies who already store much of their corporate directory information in AD. 

User groups allow for so much flexibility because they offer so many different ways to use the infrastructure you’ve already invested in.

You can manage your User and Admin User Groups under Users à User Groups à List View or Users à Administrators à Admin Groups.

There are several types of User Groups:
· AD Security Groups (CN groups)
· OU Groups
· Local AirWatch Groups (Custom Groups in the console)
· Custom AD Query Groups

Smart Groups are the structure that ties OGs and User Groups together. Most* device side configurations and content can be assigned based off of smart groups. In the console they are sometimes called Assignment Groups. You configure these in Groups & Settings à Groups à Assignment Groups.

Note: The Assignment Groups page will show User and Organization Group on the page but does not let you configure them.

They allow you flexibility because you can change group dynamically without having to constantly update all your assignments. You can select the following types of groupings for Smart Groups and more importantly – use a combination of the following options to create custom selections:

· By Organization Group
· By User Group
· By Tags
· By OS and Platform
· By Model
· By Samsung OEM
· By individual devices and users

This gives you a lot of customization and flexibility for testing and creating different scenarios.

This also is a great way for those of you interested in migrating to having separate Production and Test Organization groups. Basically you just need to assign your profiles to Smart Groups that are assigned to all OGs (in this example Root, Production and Test). Move your devices from the top OG to the Production OG using the multi-select function on the Device List View, and then once your devices are migrated, change your Smart Group to only have the Production OG selected. If you did everything correctly your devices will not be affected.

If you have any questions, please call your local AirWatch support line or submit a Support Request via myAirWatch

Have more questions? Submit a request


Article is closed for comments.