VMware Inc. announced a broad series of enhancements to its mobility support platforms, including new features in its Workspace ONE enterprise mobility management platform that simplify remote management and upgrades and a partnership with Tanium Inc. that helps administrators more easily find and secure endpoint devices.

The new VMware TrustPoint service combines Tanium’s endpoint security platform with VMware’s layered OS migration technology for improved endpoint management and security. TrustPoint provides visibility and control of every endpoint across a global network with sub-15-second response times, as well as threat detection and remediation, endpoint and application management and automated Windows image migration and management.

The product uses agent technology and a search-engine-like query interface to enable administrators to quickly discover and points they didn’t know about. “We push our agents out to the end points, which can be laptops, servers, virtual machines or containers,” said Curt Aubley, vice president of global strategic alliances and technology at Tanium. “The agents self-form small networks in a link-chain architecture fashion, which lets us talk to them on a big scale.”

TrustPoint builds upon the Tanium technology to quickly gain visibility into all information and behaviors on endpoints across a global network. Natural-language search can quickly retrieve data about their computing environments. Devices containing  TrustPoint agents can find neighbors that don’t have agents and alert administrators. In the case of on managed devices, “you can point and click and say don’t let them get to the Internet,” Aubley said. “For endpoints that are managed, you can grab inventory information and update them.”

VMware said the service enables a single technician to concurrently handle 100 or more migrations from a central management console. in addition to performing remote patching and upgrades, the product can be used to complete full migrations to Windows 10 on PCs.

VMware TrustPoint is available immediately in the U.S. and is expected to be available in additional regions later this year. It’s priced at $75 per device for a perpetual license.

Improved remote management in Workspace ONE

Updates to Workspace ONE are intended to simplify the process of installing, patching and upgrading remote devices from a central point, leveraging new security features in Windows 10 that reduce the need for layered management software. The new features protect data inside applications without requiring device management, VMware said. Administrators can enable two-factor authentication in endpoint devices to enable personal smart phones and tables to act as tokens. When logging into corporate applications from any device, users can simply tap the “verify” notification on their device for immediate authentication.

For unmanaged devices, VMware Workspace ONE uses native operating system-level data protection rather than mobile device management (MDM) profiles. Users can download Workspace ONE and enter a corporate email address to get single sign-on access to any corporate web, native, mobile or Windows application.

For sensitive applications, Workspace Services” unlock native operating system-level data protection in Windows 10. Taken together, the enhancements enable enterprises “to shift away from domain-based image management to an enterprise mobility management (EMM) model that is simpler, more secure and cost-effective,” VMware said.

“This unlocks OS level MDM to use apps without having to wrap them with additional technologies,” explained Blake Brannon, vice president of product marketing and end-user computing at VMware. Current solutions use wrapping or a software development kit to manage local applications. VMware’s approach is to hook into data leakage technologies built into the operating system so that the device can be managed without administrative access.

The new release also features improved integration with the Windows 10 Business Store Portal to enable customers to set up enterprise application stores that can be deployed over the air to any device. The feature set is rich enough to even enable remote upgrades from Windows Home to Windows Enterprise as well as to add devices to the corporate domain. “We can do full management of everything from setting up email, configuring the firewall, setting up applications and controlling the VPN,” Brannon said. “Everything that used to required you to join a domain can be done over the air.”

The updates are provided at no charge to existing Workspace ONE customers. Workspace ONE comes in standard, advanced and enterprise editions with prices starting at $8 per user per month for cloud subscriptions and $150 per user for on-premises perpetual licenses.

VMware also said cloud access security broker firms Blue Coat Systems Inc., CloudLock Inc., Netskope Inc., Palo Alto Networks Inc. and Skyhigh Networks Inc. have joined the company’s Mobile Security Alliance. The company will work to integrate their products with VMware AirWatch and Workspace ONE to simplify customer installation and configuration.