WorkSpace ONE for mobile device management


Workplace mobility is becoming increasingly important for continued growth and innovation at Vanderbilt University Medical Center. However, the convenience and widespread use of personal devices present a number of issues for Medical Center security. 

The next big step toward securing VUMC data is assuring that any device (including personal devices) used to access VUMC data is encrypted and secured. The security of these devices is in keeping with the VUMC policy on the Use of Personal Devices to Conduct VUMC Business. A mobile device management initiative is crucial in reaching that goal. 

How can I get it?

Assistance and Support 

  • Get a new smartphone, tablet or other personal device? Visit the Enterprise Cybersecurity BYOD page and look for REPLACEMENT PHONES AND DEVICES.
  • If you have questions or an issue with WorkSpace ONE installation, submit a Pegasus Ticket, or contact the Help Desk at 3-4357/615-343-HELP.


  • Enterprise Cybersecurity has chosen the WorkSpace ONE platform as the mobile device management tool for the enterprise. When users download the WorkSpace ONE application to their phone, it creates a container on the device, encrypts it, installs a VUMC email configuration, and requires a passcode to access the device.

    Enrolling in WorkSpace ONE ensures that personal mobile devices are safe to access VUMC data in the same way our workstations are.

  • WorkSpace ONE is not used by Vanderbilt University Medical Center as a data collector or a location tracker.

    When you download WorkSpace ONE on your personal device, most of the management, monitoring, and collection options are are asked to 'accept' or 'allow' are disabled by Enterprise Cybersecurity. Configuration profiles are then sent to the devices to assume the management of certain functions. WSO also collects basic data on each user, based only on the WSO platform. 

    What is sent to your device

    As with the download of any app, a user profile is sent sent to your device upon enrollment. With WSO, two profiles may be sent, depending on your device: 1) Passcode requirements, and 2) Office 365 E-mail configurations.  (Android users will only receive the passcode requirement profile and not the E-mail configuration profile.) 

    1.    Passcode Requirement Profile: This configuration is sent to the device to ensure it meets passcode requirements (to make sure your phone is password protected), and Vanderbilt data remains secure. The passcode must be at least a 4-digit pin and has up to a 10-minute time out for the device.

    2.    Office 365 E-mail Profile:  This profile is sent to your device to receive e-mail from the VUMC Outlook e-mail account.

    Also, you will receive a new App Catalog on your device that will have all of the apps that VUMC provides to its users.

    Data Collected by WSO

    After enrollment is complete, you should see a “Privacy” icon on your device. This icon provides information about the data collected by WSO, including: 
    1.    User details: User information is collected to identify who the device belongs to, and how they can be contacted. Data collected includes name, work phone number, and work e-mail address.
    2.    Work App information:  App name, version, and installation status of all VUMC work apps delivered via WSO for reporting purposes. 
    3.    Device information: Device name, type, model, OS version, and security patch levels.
    4.    Diagnostics: Crash logs and network errors.  

    Data NOT Collected by WSO

    1.    Personal device phone number
    2.    Text messages
    3.    Personal E-mail
    4.    Photos
    5.    GPS tracking location
    6.    Personal apps