Custom email notifications in Workspace ONE UEM
Your Workspace ONE UEM environment is functioning great. Non-compliant devices are dealt with without compassion. The security team is happy! But somehow when an employee receives a message from Workspace ONE saying that their device is not compliant, they haven’t got a clue to what the message means. The default message templates that Workspace ONE UEM provides aren’t completely user friendly in my opinion. In this blog post we’re going to cover this topic and see how we might improve upon them!
What’s wrong with the default templates?
In order to understand why we would need custom templates, we first need to get a better view on the situation. Let’s take a look at the default template. In this case we’ve setup a compliancy policy that checks if a device is compromised. Our test user has an iPad which was jailbroken. So right when the next compliancy samples are being evaluated, a notification will be sent with the default template. Let’s take a look at the message.
Us tech savvy people understand this email message. But I imagine some of my colleagues from the Finance department don’t have any clue what’s going on. I think there’s two parts to that.
The first being the branding. I believe that most people in an organization have never heard of VMware. So I speak from experience when I say that most people I worked with, believed that these email messages are spam or phishing of some sort. They simply don’t know VMware is the vendor of the software that’s managing their device!
Second, the highly technical choice of words in the message. Most people I worked with simply don’t understand what a non compliant device means. It’s quite overwhelming I must say, and not very customer friendly.
Let’s try a different approach
We will take these points of improvement and implement it using some basic HTML coding to create a custom Message Template.
Now we’re coming to the meat of the story! Let’s start with logging into the Workspace ONE UEM console, going to All Settings > Devices & Users > General > Message Templates and clicking the +ADD button.
Press the <> icon in the editor to switch modes from WYSIWYG to HTML mode. I have prepared a nice EUC Tech Topics branded HTML message with some playful choice of words. You can download the template from https://github.com/EUCTechTopics/WS1-Email-Templates/. Just copy and paste the HTML code in the editor give the message template name you find suitable, and make sure the type is set to Compliance Violation User Notification. Oh, and don’t forget to press SAVE!
(This is where you would tweak the template to match your corporate identity, this does require some basic HTML coding)
Now with our custom message template all ready and set up, go back to your compliance policy and press edit. On the actions tab, deselect the checkbox where it says Default Template, and from the dropdown choose your newly created custom template.
Let’s try this shall we?! For demonstration purposes I have enrolled an iPad which does not comply to the set policy. Right after the compliancy sample was evaluated on my device, I received an email explaining in a very friendly way that I should take action! As a non-IT employee I would immediately recognise the companies branding. And also; the choice of words is similar to what I would expect from official corporate communications. There’s even a short list of things to check, so the employee has a place to start
If you take security serious, you know it’s all about awareness. By customising the Workspace ONE UEM email templates to make them fitting for your organisation, you make sure they have the right effect. A message saying they have violated a compliance policy in Workspace ONE UEM, has a vastly different effect than a message explaining them in clear terms something should be fixed.
Of course you could create a second and third warning that you can incorporate in your compliance policies to step up the language a bit. For example, in the second message you can inform about possible consequences when not bringing back the device in compliancy.
If you would like to learn more about compliance policies, Adam Matthews from VMware has posted a great article on this topic over at https://blog.eucse.com/how-mobility-teams-can-deal-with-the-new-ios-jailbreak-unc0ver/. It covers the latest Unc0ver jailbreak and how Workspace ONE UEM can help remediate!