Thank you for navigating to my Blog. You’ll find here news and updates around VMware Workspace ONE. The content in this blog doesn’t necessarily represent VMware’s positions, strategies or opinions. While Best Practices or Product related information are described in some post on this blog, they may not apply to your individual customer setup or be error free. In case of doubt, always engage your VMware contact.
VMware Horizon 7.13.3 includes bug fixes and hot patch rollups
2784578 : Users could no longer log in using UPN. They could only log in with Domain\UserName.
2872296: The VDI ends up in an agent unreachable state. Review of the logs shows that the agent is unable to initialize the Java Virtual Machine.
2876932: End user requests from the client take a long time to display Global assignments on the Horizon Client in a larger environment.
2895550: Problem with domain enumeration. Certain domains keep ‘dropping’ off the list of available domains.
2900002: Unable to install agent from an ISO image as part of the software installation method.
2916762: Generic users without a password cannot log in from the HTML client.
2916826: Full clone machines were unexpectedly deleted from automated pool. VM still shows in ADAM and vCenter but not in Horizon Console.
……
Heads-UP: VMware doesn´t support “Back-in-time” upgrades. So Horizon 7.13.3 can only be upgraded to Horizon 8.x versions that are released after Horizon 7.13.3. Please refer to the documentation
Diminished functionality of unsupported VMware Identity Manager Connectors
In the March release of Workspace ONE Access Cloud, any environment that is using unsupported Connectors will no longer be able to create, edit, or delete directories. To continue the functionality of all features, a supported version of the Workspace ONE Access Connector must be in use. Every customer is strongly encouraged to migrate to the latest Connector as soon as possible.
The ability to synchronize pre-existing directories will continue to function for both scheduled and on-demand syncs. More information can be found at https://kb.vmware.com/s/article/90808.
Refreshed Workspace ONE Access Navigation Pages
We are adding new navigation pages to the Workspace ONE Access console that were refreshed with an up-to-date design. The following pages have a fresh look and feel.
UEM Integration page
Directory page
Identity Provider page
The Auto Discovery and Terms of Use pages were removed as they are related to the Workspace ONE App that reached EOL. Information about the Workspace ONE App EOL can be found in the April 2022 release notes.
Introducing Roles Based Access Control with Notification Target Audience PermissionsIn the Admin Roles tab of the Hub Services console, super admins can now define and restrict the target audiences that admins can send notifications to. Super admins can choose whether to grant admins full or custom access to Organization groups, Smart groups, Workspace ONE Access groups, and platform target audience types. Admins who are granted limited target audience permissions will be able to only view, take action on, and send notifications to those target audiences. This allows super admins to limit admin permissions and ensure that admins are only able to send communications to groups that are relevant to their division, role, or region.End of Life of Digital Badge (formerly Passport) on March 30th, 2023Digital Badge (formerly Passport) has reached its end of life on March 30th, 2023. For more information, please refer to this KB article.
In June 2022, VMware updated its description of the Workspace ONE Unified Endpoint Management (UEM) cloud service offering, as set forth in the VMware Cloud Services Guide. Latest version of the VMware Cloud Services Guide is available here: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/agreements/vmware-cloud-services-guide.pdf. Going forward, VMware plans to simplify and improve our newest cloud services by consolidating them into a modernized design. As part of this effort, the isolation of service communications and data storage of newly modernized services will be handled within the Workspace ONE application layer instead of the current model where isolation is the primary construct of the infrastructure layer. Additional context on this design change is provided in the Data Security section below.
This article is intended to be a notice for an upcoming change that will discontinue the functionality of all unsupported VMware Identity Manager Connectors that are versions 19.03.0.1 and earlier. This will be a two phased approach. In the first phase, a change will take place on or immediately after March 15, 2023 in all Workspace ONE Access hosted tenants. When the first phase takes effect in March, Workspace ONE Access tenants with 19.03.0.1 and earlier Connectors no longer will be able to create, edit, or delete directories. The second phase will happen on or immediately after April 15, 2023 and this change will completely cease all functionality of legacy VMware Identity Manager Connectors.
High Priority KBs
[Action Needed] – Refresh Old Android Enrollment QR Codes VMware is making changes to enhance the security posture of cloud-based endpoints related to this enrollment method on March 1st, 2023. As a result of this change enrollment using some older QR codes may fail. As a resolution, new QR codes will need to be generated as replacements for affected QR codes.
VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243) Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
Support Access Policies for Customers with Expired SaaS EUC Licenses (89494) In alignment with VMware’s Corporate Standards and those of the industry as a whole, VMware customers who have purchased SaaS (Software-as-a-Service) licenses for EUC (End-User Computing) products can expect the behavior outlined in the KB regarding Support access when their subscription has a status of Active Pending Cancellation or Expired/Cancelled.
VMware Unified Access Gateway 2303 provides the following new features and enhancements:
Enhancements to the existing command line utilities for making configuration changes:
adminpwd command (used to reset password of admin and monitoring users) now supports an option to force the user to change the password on first login.
adminreset command (used to reset the admin interface settings back to the default settings for password authentication) now supports granular options to reset the individual configurations (like admin TLS certificate, admin SAML configuration, and TLS settings).
Added an option in VMware Per-App Tunnel Settings to control if automatic configuration updates from Workspace ONE UEM console are applied.
Added support to allow configuration of TLS settings used in communication with Workspace ONE UEM console for pulling initial configurations of VMware Per-App Tunnel, Content Gateway, and Secure Email Gateway edge services. Perpetual API communications for each service still require TLS setting configuration in their source configurations in Workspace ONE UEM.
Added support for deployment with PowerShell version 7.3 from an Ubuntu machine.
End of Support Life for VMware Tunnel Proxy. The VMware Per-App Tunnel component includes support for the same use cases as VMware Tunnel Proxy component. For more information, see the Knowledge Base (KB) article VMware Tunnel Proxy End of Support Life Announcement (87345).
Logging improvements and troubleshooting enhancements.
Updates to Photon OS package versions and Java component versions
VMware experienced a gold rush at the 2023 Cybersecurity Excellence Awards, taking home the top prize across ten categories and spotlighting a range of security solutions that help customers better secure multi-cloud workloads, modern applications, and the hybrid workforce – all while modernizing the Security Operations Center.
[…] We will include PCoIP as a protocol option in the Horizon Client and Horizon Agent through the end of 2025. At that point in three years, we will remove the PCoIP protocol option from all new Horizon releases. Note that all Horizon releases are supported for three years from ship date. This means that the client and agent that will ship in 2025 will be supported until the end of 2028.
As part of our ongoing journey to enhance the quality and security of the UEM SaaS offering, VMware is deploying AWS CloudFront as the ingress service for all UEM environments hosted in VMC on AWS. In keeping with recommendations outlined by Amazon, this change provides all customers with access to over 450 geographically distributed and secure Points of Presence (POPs).
VMware will implement this change for all UEM environments hosted in VMC on AWS. Dedicated SaaS environments will begin receiving this change starting on April 17, 2023. Shared SaaS environments will begin receiving this change starting on May 17, 2023.
List of exceptions in KB.
Customers who configure IP-based allow lists that restrict traffic from their corporate network to the UEM SaaS service will need to migrate away from these configurations (https://kb.vmware.com/s/article/2960995). VMware recommends that customers use DNS-based allow lists instead.
[…] Migration of a Horizon Cloud on Microsoft Azure deployment to the Horizon Cloud Service – next-gen environment involves taking the resources currently configured in the Horizon Cloud environment and making those resources available, in an equivalent manner, in the next-gen service environment.
High Priority KBs
[Action Needed] – Refresh Old Android Enrollment QR Codes VMware is making changes to enhance the security posture of cloud-based endpoints related to this enrollment method on March 1st, 2023. As a result of this change enrollment using some older QR codes may fail. As a resolution, new QR codes will need to be generated as replacements for affected QR codes.
VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243) Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
Support Access Policies for Customers with Expired SaaS EUC Licenses (89494) In alignment with VMware’s Corporate Standards and those of the industry as a whole, VMware customers who have purchased SaaS (Software-as-a-Service) licenses for EUC (End-User Computing) products can expect the behavior outlined in the KB regarding Support access when their subscription has a status of Active Pending Cancellation or Expired/Cancelled.
AMST-38337: Baseline compliance report generation on fully compliant devices refreshes the baseline policies and switches the status to Pending Install.
ARES-24702: Unable to view/edit Credential Profile in UEM.
AAPP-15387: Beacon sample should trigger Device Info sample but should not save OS data.
CRSVC-35245: AWCM Test Connection stops working after console runs for a few days.
MACOS-3613: DDUI – VPN payload “Provider Designated Requirement” field has a maximum character limit of 255.
AAPP-15425: Post Console Upgrade from 22.06 to 22.09 VPP Assignment is not working as expected.
FCA-204781: Console app pool is terminating with unhandled exception.
AMST-38342: Computer name field missing for Windows devices
Horizon Accelerator customers can now file support requests through the Support page in the left navigation menu.
Horizon Gateway Appliances
Administrators can now edit and retry a failed Unified Access Gateway deployment without the need to delete the deployment first.
Image Management
Additional detail and subtasks are displayed in the activity log for long running image service tasks, such as import, copy as new image, copy as new version, and publish.
1. Integration with UEM SYSLOG for logging, monitoring and reporting Assist events (Limited Availability: Requires UEM version 2302 which is expected to GA on March 22nd 2023)All the actions performed by an admin in a Remote Assist session are now logged for security and auditing purposes. In line with this need, we have implemented the Audit Log functionality where in any actions performed by the admin in the remote session will be recorded & sent to the UEM Event logger and can be exported to Syslog. Please note that Assist will not collect any PII information as part of the event logging.
2. Enhanced streaming performance with VP8 Encoding for Android devices.Workspace ONE Assist now supports VP8 encoding on Android devices to enhance streaming quality and performance during a screen share session across all supported browsers. With the support for VP8 encoding, Memory usage on the remote device will also see a reduced load. VP8 encoding is enabled by default and does not require any additional configurations.
3. Support for Remote Control in Motorola LEX 11 devices with Motorola APIsRemote Control is now supported in Motorola LEX 11 devices. The Assist agent will leverage Motorola provided APIs to support remote control functionality within Assist.All functionalities that exist within Assist including touch and key injection events will be now available through the Motorola remote management APIs.Supported LEX L11 Firmware version – Starting from Android 11 release R3.3 (R40.33.10)
4. Support for viewing and controlling external monitors connected to Zebra devices using the Workstation Connect Cradle or Connect HubZebra devices that are connected to external monitors through the Workstation Connect Cradle or Connect Hub can now be viewed and controlled through the remote session.The Multi-Monitor button appears in the admin console when the Zebra device has an external monitor connected. It allows the admin to switch between the displays they want to view or control. Please note that only one monitor may be viewed or controlled at any given time.
5. Improved reliability of Assist connections in Windows & MacOS platformsWhen an Assist session is started by an Admin from the UEM console, the connection is established with the remote device automatically. However, assist sessions sometimes end in request timeouts due to various factors. One of the common reasons for this is due to Hub not processing the Remote Management command in time to wake up the Assist agent on the device.
6. Support for Unattended Mode of Remote Session in MacOSWorkspace ONE Assist is introducing the ability to remotely connect to and control MacOS devices that are corporate owned, with no personal data or user expectation of privacy and that business needs to access without approval from a remote user.
7. Updated Privacy verbiage & Terms and Conditions verbiage on PIN entry screen in deviceWe have updated the verbiage displayed on our Privacy screen & the Terms and Conditions screen during the PIN entry process to be more relevant to the interaction between the Customer IT/Help Desk Org and the Employees of the customer.
Improved reliability of Assist connections in Windows platformWhen an Assist session is started by an Admin from the UEM console, the connection is established with the remote device automatically. However, assist sessions sometimes end in request timeouts due to various factors. Some of the common reasons for this is due to Hub not receiving the AWCM notification or processing the Remote Management command in time to wake up the Assist agent on the device.
Updated Privacy verbiage & Terms and Conditions verbiage on PIN entry screen in device.We have updated the verbiage displayed on our Privacy screen & the Terms and Conditions screen during the PIN entry process to be more relevant to the interaction between the Customer IT/Help Desk Org and the Employees of the customer.
Improved reliability of Assist connections in MacOS platformWhen an Assist session is started by an Admin from the UEM console, the connection is established with the remote device automatically. However, assist sessions sometimes end in request timeouts due to various factors. Some of the common reasons for this is due to Hub not receiving the AWCM notification or processing the Remote Management command in time to wake up the Assist agent on the device.
Support for Unattended Mode of Remote Session in MacOSWorkspace ONE Assist is introducing the ability to remotely connect to and control MacOS devices that are corporate owned, with no personal data or user expectation of privacy and that business needs to access without approval from a remote user.
Updated Privacy verbiage & Terms and Conditions verbiage on PIN entry screen in deviceWe have updated the verbiage displayed on our Privacy screen & the Terms and Conditions screen during the PIN entry process to be more relevant to the interaction between the Customer IT/Help Desk Org and the Employees of the customer.
Enhanced streaming performance with VP8 Encoding for Android devicesWorkspace ONE Assist now supports VP8 encoding on Android devices to enhance streaming quality and performance during a screen share session across all supported browsers. With the support for VP8 encoding, Memory usage on the remote device will also see a reduced load. VP8 encoding is enabled by default and does not require any additional configurations.
Support for Remote Control in Motorola LEX 11 devices with Motorola APIsRemote Control is now supported in Motorola LEX 11 devices. The Assist agent will leverage Motorola provided APIs to support remote control functionality within Assist.All functionalities that exist within Assist including touch and key injection events will be now available through the Motorola remote management APIs. Supported LEX L11 Firmware version – Starting from Android 11 release R3.3 (R40.33.10)
Support for viewing and controlling external monitors connected to Zebra devices using the Workstation Connect Cradle or Connect HubZebra devices that are connected to external monitors through the Workstation Connect Cradle or Connect Hub can now be viewed and controlled through the remote session.The Multi-Monitor button appears in the admin console when the Zebra device has an external monitor connected. It allows the admin to switch between the displays they want to view or control. Please note that only one monitor may be viewed or controlled at any given time.
Updated Privacy verbiage & Terms and Conditions verbiage on PIN entry screen in deviceWe have updated the verbiage displayed on our Privacy screen & the Terms and Conditions screen during the PIN entry process to be more relevant to the interaction between the Customer IT/Help Desk Org and the Employees of the customer.
To deliver additional value to VMware Horizon Cloud customers, VMware Workspace ONE Intelligence for Horizon is available for customers with VMware Horizon Universal, Horizon Apps Universal, and Horizon Apps Standard subscription licenses. Horizon Cloud customers are entitled to VMware Workspace ONE Intelligence for Horizon and gain many features & enhancements not available previously in the Horizon Universal console, including the ability to create & share custom dashboards & reports. With this change, historical dashboards and reports will be available through Workspace ONE Intelligence only, and no longer available in the Horizon Universal console starting May 1, 2023.
The following are the options for how to restrict or push end-users to remove an iOS application that you do not want on managed devices. Organizations may want to block certain applications from devices due to corporate policy or regulations. For iOS devices, UEM cannot prevent installations of specific applications from the App Store and apps that are installed manually by the end user (unmanaged applications) cannot be removed. However, there are options for organizations to take.
With iOS 16 and later, Apple changed name property, only a Generic device name returns by default.
The default value of name property varies according to iOS device’s operating system version number
High Priority KBs
[Action Needed] – Refresh Old Android Enrollment QR Codes VMware is making changes to enhance the security posture of cloud-based endpoints related to this enrollment method on March 1st, 2023. As a result of this change enrollment using some older QR codes may fail. As a resolution, new QR codes will need to be generated as replacements for affected QR codes.
VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243) Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
Support Access Policies for Customers with Expired SaaS EUC Licenses (89494) In alignment with VMware’s Corporate Standards and those of the industry as a whole, VMware customers who have purchased SaaS (Software-as-a-Service) licenses for EUC (End-User Computing) products can expect the behavior outlined in the KB regarding Support access when their subscription has a status of Active Pending Cancellation or Expired/Cancelled.
AMST-38334: Baseline compliance report generation on fully compliant devices refreshes the baseline policies and switches the status to Pending Install.
RUGG-11802: Jobs in devicePolicyJob table are not getting purged as expected
FCA-204796: On Devices List View-> Custom Layout, Email, Phone, Display Name, First and Last names are blank.
MACOS-3604: Spaceman error when loading Accounts > Users > List view.
UM-7872 AirWatch Purge expired Sample Data SQL job is failing
FCA-204890 [FCA] [Device list and details] Show success for change og of device even when it is prevented by tenancy restriction
ARES-24701 For internal iOS apps, unable to renew provisioning profile
ARES-24673 Internal app publish fails due to duplicate key inserted error
AMST-38335 Baseline compliance report generation on fully compliant devices refreshes the baseline policies and switches the status to Pending Install.
AAPP-15423 Post Console Upgrade from 22.06 to 22.09 VPP Assignment is not working as expected
AAPP-15386 Beacon sample should trigger Device Info sample but shouldn’t save OS data
AMST-38337: Baseline compliance report generation on fully compliant devices refreshes the baseline policies and switches the status to Pending Install.
ARES-24702: Unable to view/edit Credential Profile in UEM.
AAPP-15387: Beacon sample should trigger Device Info sample but should not save OS data.
CRSVC-35245: AWCM Test Connection stops working after console runs for a few days.
MACOS-3613: DDUI – VPN payload “Provider Designated Requirement” field has a maximum character limit of 255.
AAPP-15425: Post Console Upgrade from 22.06 to 22.09 VPP Assignment is not working as expected.
FCA-204781: Console app pool is terminating with unhandled exception.
AMST-38342: Computer name field missing for Windows devices
With this feature, VMware Workspace ONE Boxer for iOS can use the VMware Tunnel SDK functionalities in a BYOD environment using VMware Workspace ONE Hub.
To start the VMware Tunnel SDK for Workspace ONE Boxer, the administrator must set the custom SDK setting in Workspace ONE UEM console as follows: {“BoxerShouldStartTunnel” : true}
To use VMware Tunnel SDK for modern authentication, the administrator must set the account level KVP, UseUIWebViewforOAuth setting in the Workspace ONE Boxer Assignment page to true.
As part of our continued efforts to make Launcher customizable, we are introducing a new feature that will allow administrators to rename certain text fields on Launcher UI
We are introducing more changes to the Support tab to help users understand their device status better.
This release includes better clarity on the Device Details screen for a user’s current device with a new section called Connections.
Connections show the status of the connections to the services that make Intelligent Hub function properly. The wording has been made more concise for end users to understand what the services are for.
You can pull down to refresh the statuses for the Connection screen.
Adding deep link capabilities to “For You” and “Support”
Deep links for the For You tab and Support tab are here! Please use the below to deep link to these sections in the Hub app
If an organization is using HTTP connections, then the organization must replace the HTTP connections with secure connections as HTTP support is deprecated for Workspace ONE Boxer for Android.
For more information about deprecation of HTTP support, see this knowledge base article.
SDK version upgraded to 23.01
SDK 23.01 introduces a Share logs option when the user is not able to authenticate in the Workspace ONE Boxer Server URL/ GroupID screen and Username/Password screen.
Intelligence User Flows Improvements
Accessibility Improvements
Quality Improvements
Important KB Articles and Announcements
Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com
Customers make use of the Workspace ONE Tunnel solution for a number of use-cases spanning remote workers, access to internal applications and resources, as well as mobile SSO. Whether utilizing Tunnel for frontline workers using check-in / check-out or for users with persistent devices, there are a few recommendations for how to deploy Tunnel for Zero Touch setup. This article applies to the AndroidTunnel configuration for the MDM workflow. This article does not apply to the Standalone enrollment workflow.
Workspace ONE Productivity apps on iOS receive push notifications using APNs through Workspace ONE UEM. The certificates necessary to deliver these notifications need to be renewed every year that requires administrators of On-Premises environments to run a database script provided by VMware, before the expiry to avoid any disruption
Connecting to VDI desktops through Horizon Client on M1 MAC [Monterey] shows pixelated texts on VDI. This issue occurs only when users using non-native resolution on externally connected monitors. Issue does not happen when we use HTML access from same MAC client Issue can also occur while using RDP Client Application or RDP through Horizon Client Application.
High Priority KBs
[Action Needed] – Refresh Old Android Enrollment QR Codes VMware is making changes to enhance the security posture of cloud-based endpoints related to this enrollment method on March 1st, 2023. As a result of this change enrollment using some older QR codes may fail. As a resolution, new QR codes will need to be generated as replacements for affected QR codes.
VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243) Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
Support Access Policies for Customers with Expired SaaS EUC Licenses (89494) In alignment with VMware’s Corporate Standards and those of the industry as a whole, VMware customers who have purchased SaaS (Software-as-a-Service) licenses for EUC (End-User Computing) products can expect the behavior outlined in the KB regarding Support access when their subscription has a status of Active Pending Cancellation or Expired/Cancelled.
IBRW-174651: Enable shift-based access control This feature enables the admins to put shift based access on Web which restricts the end users to access Web application on their mobile devices if they are not in their shift hours.
ABRW-174651: Support Enable shift-based access control
This feature enables the admins to put shift-based access on the Web which restricts the end users to access Web applications on their mobile devices if they are not in their shift hours.
ABRW-174655: Ability to open and view PDF files in Kiosk mode
This feature allows users to open and view PDF files within Workspace ONE Web in Kiosk mode.
ABRW-174923: Modify Web user-agent to work with CWS
This feature allows the Web admin to use a new modified user agent for Workspace ONE Web which enables the VMware Cloud Web Security policies and restrictions to work within the Web.
Bug fixes
ABRW-174979: Share link action from another app to WS1 Web doesn’t load intended link
Add Access Point Name configurations to any Android 9+ Work Managed device
Workspace ONE Intelligent Hub 23.02 and onward supports adding Access Point Name configurations to any Work Managed devices on Android 9.0 and higher. Previously, this was only supported for Samsung Work Managed devices. This will be supported through Custom Settings Profiles as of Intelligent Hub 23.02. Future releases of the Workspace ONE UEM Console will support configuration of this Profile via a dedicated payload. Please see Android – Access Point Name Custom Settings Profile for more details.
Bug Fixes
Important KB Articles and Announcements
Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com
Microsoft has announced that the Microsoft Store for Busines will be end of life on March 31, 2023. Customers that are using the Microsoft Store for Business to deploy applications with VMware Workspace ONE will be impacted.
This EOL will only affect customers who are using the Microsoft Store for Business integration in VMware Workspace ONE. After March 31, 2023, customers will not be able to add new applications from Microsoft Store for Business in the Workspace ONE console. Workspace ONE will not enable the Microsoft Store for Business in any new environments. Current deployments might be affected if the applications are paid apps or line of business applications.
Customers that are using PS App Deployment Toolkit (PSADT), or similar products, to deploy applications to devices, may cause the user to be prompted by the UAC prompt.
This UAC prompt will block the application installation and will disrupt the end user.
Starting with Windows 11 22H2 Microsoft changed the default setting for the LSA “runasppl” to enable.
This setting will require administrator UAC login for the installation, if the application installation context is “User” and the Admin Privileges selection is “YES”.
In adoption of modern management and software distribution, the team has noticed an increase of size for in-house application/software, new sets of challenges are presented when trying to upload large application files to Workspace ONE UEM Console.
This article will discuss the settings/configs for SaaS Workspace ONE UEM console. Note: Large-size application upload experience is improved for Workspace ONE UEM 2210 and above. Console now uploads files to FileStorage (FS) and Content Delivery Network (CDN) in the background, decoupled from UI. Admin will not encounter any timeout errors. For detail, please refer to Workspace ONE UEM 2210 release notes .
It has been observed that some users who are on iOS 14 and iPadOS 14 are observing a crash on launch of Workspace ONE Web 23.02 when the Workspace ONE Web app is pushed as managed app from AppStore or deployed via VPP method.
A Restrictions Profile with Allow Location Service Configuration (Managed devices only) set to Allow No Location Access does not get enforced on the Android OS 11 and above devices.
The VMware Workspace ONE profile for Windows Update is, due to the changes that Microsoft did in the last years, outdated. This means, if the profile gets deployed to Windows 10 20H2 or higher, or Windows 11 devices, Windows Update and/or Delivery Optimization might not be configured correctly. It might also be possible that the profile installation will fail on those devices.
Customers that are using Windows Autopilot Hybrid Join to enroll the devices into VMware Workspace ONE might face issues after the device is enrolled. In the Device Troubleshooting event log the Event “Windows Device Check-in Mode” with the Event Data
Customers that are using PS App Deployment Toolkit (PSADT), or similar products, to deploy applications to devices, may cause the user to be prompted by the UAC prompt.
What is In-Product Feedback? In-Product Feedback is a form embedded in the Workspace ONE UEM Console that allows administrators to share feedback on their experience with Workspace ONE UEM Console.
What is changing? We are deprecating In-Product Feedback Forms with Workspace ONE UEM version 2302+.
High Priority KBs
[Action Needed] – Refresh Old Android Enrollment QR Codes VMware is making changes to enhance the security posture of cloud-based endpoints related to this enrollment method on March 1st, 2023. As a result of this change enrollment using some older QR codes may fail. As a resolution, new QR codes will need to be generated as replacements for affected QR codes.
VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243) Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
Support Access Policies for Customers with Expired SaaS EUC Licenses (89494) In alignment with VMware’s Corporate Standards and those of the industry as a whole, VMware customers who have purchased SaaS (Software-as-a-Service) licenses for EUC (End-User Computing) products can expect the behavior outlined in the KB regarding Support access when their subscription has a status of Active Pending Cancellation or Expired/Cancelled.
Julius Lienemann 