Featured

Welcome to the Anywhere Workspace

Photo by Pixabay on Pexels.com

Thank you for navigating to my Blog. You’ll find here news and updates around VMware Workspace ONE. The content in this blog doesn’t necessarily represent VMware’s positions, strategies or opinions. While Best Practices or Product related information are described in some post on this blog, they may not apply to your individual customer setup or be error free. In case of doubt, always engage your VMware contact.

Featured and latest Posts:
Service – Week 20-2022 Enduser Computing Updates
Service – Week 19-2022 Enduser Computing Updates
Service – Week 18-2022 Enduser Computing Updates
Workspace ONE XR Hub – The Future of Work?(German Version)
A First look at: Apple 2021 Updates(German Version)
A First look at: Android 12(German Version)
Looking Forward to 2021 – A small Outlook(German Version)
VMware Workspace ONE – 2020 A Year in Review — (German Version)
VMware Boxer – Delegated, Shared and Multiple Managed Mailboxes
End User Computing News of Week 46 — (German Version)
Reporting: The Workspace ONE Excel Add-In — (German Version)
Workspace ONE Device Management Modes — (German Version)
Workspace ONE – Techzone, KB, Docs – When do I use what? — (German Version)
What is the „Freestyle Orchestrator“? — (German Version)
Changes with Android 11 and Workspace ONE — (German Version)

Archive: WEEKLY UPDATES

I hope you’ll enjoy the posts and that they have some useful content for you. Feel free to reach out to me on LinkedIn or comment the post.
Thanks!

Service – Week 20-2022 VMware Enduser Computing Updates

Important KB Articles and Release Updates

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com

  • Life of a ServiceDesk Admin + Workshop Signup
  • The VMware EUC Research Team wants to better understand the ins and outs of the life of an IT pro in the Support/ServiceDesk space, so we can anticipate your needs and provide solutions that make your job easier. In this survey, you’ll get to tell us about your top Helpdesk requests, challenges, and what metrics are important to you.
  • At the end, you’ll also have the opportunity to sign up for a virtual Workshop with fellow IT pros in the upcoming weeks where you’ll get to help design!
  • This can take up to 10 minutes of your time.
  • TAKE SURVEY 
  • Generate Installation Token in Certificate Signing Portal (88462)
  • New Workspace ONE (WS1) customers with an on premise deployment (perpetual licenses) must generate an installation token within the certificate signing portal (found within the My Workspace ONE portal) as part of their initial Workspace ONE UEM install.This token allows them to manually install WS1 UEM on their server.
  • To go into further detail, the certificate signing portal allows customers to sign a public SSL certificate from their vendor with VMware’s unique security key to ensure secure communication between their organization’s devices and Workspace ONE UEM during device enrollment.
  • KB: https://kb.vmware.com/s/article/88462?lang=en_US&source=email
  • Apple Business Manager now supports Google Workspace
  • Apple Business Manager organizations that use Google Workspace can now take advantage of directory sync and federated authentication. With directory sync, user records and Managed Apple IDs are created automatically, saving IT admins both time and effort. And with federated authentication, end users can sign in to their Managed Apple ID with their Google Workspace account, making for a seamless login experience to apps like Pages, Numbers, Keynote, Apple Business Essentials, iCloud Drive, and more.
  • For more information, refer to the Apple Business Manager User Guide.
  • VMware Tunnel Client Update – Support for Standalone enrollment (88311)
  • We are excited to share a major update to our VMware Tunnel solution. The Workspace ONE Tunnel clients on Windows and macOS platforms now support Standalone enrollment without Workspace ONE Intelligent Hub or any device management.
    As a result, there are two Tunnel clients available on macOS and Windows, one for supporting Standalone enrollment and one for existing Hub and MDM workflows. Please read ahead to understand these changes.
  • macOS Tunnel Client:
    • The VMware macOS Tunnel application 22.05 delivered through the Workspace ONE Resources Portal supports Standalone enrollment. Note that this client does not support existing MDM workflows or installation on a Workspace ONE managed device. Therefore, the 21.08 client is still available through Apple’s App Store. Please continue using the macOS Tunnel client delivered through the App Store for all MDM and Per-App use-cases/workflows.
  • Windows Tunnel Client:
    • There are now two versions of the Windows Tunnel client available on the Workspace ONE Resources portal. The current GA version (2.1.6) supports all existing workflows excluding Standalone enrollment. Client version 3.0 supports Standalone Enrollment and both full device and per-app Tunnel mode.
      Note that client version 3.0 does not support existing MDM workflows or installation on a Workspace ONE managed device.
  • Next Steps:
    • Enabling both the MDM and Standalone enrollment workflows into a single Tunnel client will be provided in an upcoming release version.
    • Please refer to this KB for information on configuring the new Standalone enrollment feature. The official documentation will be updated shortly with the next UEM release.
  • KB-Reference: https://kb.vmware.com/s/article/88311?lang=en_US&source=email
  • Configuring VMware Tunnel Client for Standalone enrollment (88457)
  • This KB article outlines the the steps required for configuring the macOS and Windows Tunnel clients for Standalone enrollment and corresponding administrator actions to manage Tunnel access.
  • Please review https://kb.vmware.com/s/article/88457?lang=en_US&source=email for more details.
  • AAGNT-194622 – Managed App Config for Internal Apps not working on Android 11+ (88463)
  • Workspace ONE UEM 2204 introduces support for pushing managed application configurations for Internal Applications uploaded through the Apps & Books section of the Console. On Android 11 and 12 devices that are enrolled using Intelligent Hub 22.04.0.30, UEM fails to apply these managed configurations to Internal Applications. This does not affect Android 11 and 12 devices that upgrade from previous versions of the Intelligent Hub application.
  • Our product team has been engaged and is actively working to resolve the issue.
  • KB-Reference: https://kb.vmware.com/s/article/88463?lang=en_US&source=email
  • Unable to use the external mouse support feature after upgrading to iPadOS14 (83205)
  • Cannot use the external mouse support feature after upgrade to iPadOS14 and enabled “Perform Touch Gestures”. Host cursor cannot be hidden, left-click works like finger tap, etc.
  • This issue started with iPadOS 14. Enable “Perform Touch Gestures” will convert the events from the pointer devices into which triggered by fingers. Then it will make the external mouse/trackpad not work properly on the remote desktop, but the finger operations are still the same as before without any problems.
  • Therefore, we recommend that you turn off this option when using an external pointer device.
  • Turn off the option “Perform Touch Gestures” in system settings while using an external pointer device on a remote desktop. 
    • Settings > Accessibility > Touch > AssistiveTouch > Perform Touch Gestures.
  • KB-Reference: https://kb.vmware.com/s/article/83205?lang=en_US&source=email
  • Week 20 Software Updates
  • Component: Unified Acces Gateway
  • New Release: 2203.1
  • Changes:
    • Added support in Content Gateway (CG) edge service for the V4 API introduced in Workspace ONE UEM version 2204.
    • Updates to Photon OS package versions and Java component versions.
  • Release Date: 17.05.22
  • Release Notes
  • Component: Workspace ONE Access SaaS
  • New Release: May 2022
  • Changes:
  • Authenticator App for Multi-Factor Authentication
  • Authenticator App is a new authentication method available for multi-factor authentication (MFA) that is supported directly by Workspace ONE Access. This MFA is ideal for users with unmanaged devices and requires no collection of personal identifying information (PII). Users can leverage any authenticator app of their choice–such as Google Authenticator, Microsoft Authenticator, Okta Verify, Authy, 1Password–that follows the time-based one-time passcode (TOTP) as defined in RFC 6238 on their own device. TOTP client support will be available on the Intelligent Hub iOS and Android App later this year in Q3.
  • Continue-on-Failure Authentication Policy
  • In this release, a new access policy configuration is introduced to control the rule policy execution. You can now create an access policy with rules that let the user authentication progress to the next rule if the authentication fails on the present rule. In the Workspace ONE Access service, regular policy execution terminates when the conditions in the first matching rule are executed. The new rule progression option allows you to progress rule execution to the next matching rule in the policy if the authentication fails on the present rule. A common use of this configuration includes password less authentication policy and alternative authentication rules for different sets of users.
  • Refreshed Custom Branding Page
  • When you choose to use the new navigation and the re-designed look of the Workspace ONE Access console, you will see a refreshed Branding page under Settings > Branding. The setting to change Favicon is no longer available in the re-designed console. The settings to customize branding for the VMware Verify application is now available on the Branding page. 
  • Removed Settings Due to the End-of-Support-Life for the Workspace ONE application
  • Several configuration and branding settings have been removed from user interface in the Workspace ONE Access console because of the end-of-support-life for the Workspace ONE application. Please refer to the End of Support Life for the VMware Workspace ONE Application KB article (80208) for more information on the End of Support Life for the Workspace ONE Application.
  • Connector Support for Horizon Cloud Service on Microsoft Azure with Single-Pod Broker (Cloud only)
  • The 22.05 release of the Workspace ONE Access Connector will include support for integrating with Horizon Cloud Service on Microsoft Azure with Single-Pod Broker and Horizon Cloud Service on IBM Cloud. This will allow for the legacy connectors that are used for virtual apps to be migrated from version 19.03 or 19.03.0.1 to version 22.05 connector. Both directories and virtual apps collections must be migrated together during this one-time process.
  • FIPS Mode Support for the Connector (Cloud only)
  • The 22.05 Workspace ONE Access Connector will have an option to enable FIPS mode during installation. FIPS mode will set the connector to run with data and encryption that is secure at a level of compliance encouraged by the United States government. The algorithms used are FIPS 140-2 compliant algorithms.
  • Workspace ONE Access Connectors with FIPS mode enabled will not support integrating with Citrix, Horizon, Horizon Cloud Service on Microsoft Azure with Single-Pod Broker, or Horizon Cloud Service on IBM Cloud. A Workspace ONE Access Connector with FIPS mode enabled will support integrating virtual apps that are running in Horizon Cloud Service on Microsoft Azure with Universal Broker.
  • Note:
  • The FIPS mode option is not available when you upgrade to a 22.05 connector. The option to enable FIPS mode is supported only in new connector installations.
  • If you enable FIPS mode in the connector, to disable FIPS mode, you must reinstall the connector.
  • Release Date: 19.05.22
  • Release Notes
  • Component: Workspace ONE Hub Services
  • New Release: May 2022
  • Changes:
  • Removing the 3-Character Limit for People Search
  • People Search (on Hub Web) will now allow searching with just one or two characters instead of the usual 3-character search. This enables support for searching names in logographic languages like Chinese, Japanese, etc.
  • Workflows Error Handling – Email Alerts upon failures
  • Workspace ONE Experience Workflows error handling has been improved to send email alerts directly to Administrators when a scheduled process fails to run successfully for any reason. All integration packs will now have an additional configuration parameter to include an email address to receive these notifications.
  • Saviynt Access Request Integration Pack for Workspace ONE Experience Workflows
  • Hub Services customers with Workspace ONE Experience Workflows enabled can configure an integration with Saviynt to notify approvers when a task is pending. Approvers will be able to view the request and take action on the task, such as Approve or Reject, from within the Workspace ONE Intelligent Hub app.
  • BMC Helix Change Request Integration Pack for Workspace ONE Experience Workflows (Beta)
  • Hub Services customers with Workspace ONE Experience Workflows enabled can configure an integration with BMC Helix to notify approvers when a Change Request is pending. Approvers will be able to view the request and take action on the change request, such as Approve or Reject, from within the Workspace ONE Intelligent Hub app.
  • Release Date: 12.05.22
  • Release Notes
  • Component: Workspace ONE Web for Android
  • New Release: 22.05
  • Changes:
    • ABRW-173842: Allow upload of files from Workspace ONE Content repositories
    • Users will now be able to upload files/documents present in WS1 Content repositories or local storage to web applications opened in the Workspace ONE Web browser
  • Bug fixes & stability improvements
  • Release Date: 17.05.22
  • Release Notes
  • Component: Workspace ONE Web for iOS
  • New Release: 22.05
  • Changes:
    • IBRW-173496: Support WS1 Web URL authentication use case via PIV-D using Yubike – This enables the end users to authenticate into the web applications opened in Workspace ONE Web browser using a Yubikey accessory via PIV-D Manager application.
    • IBRW-174091 – Ability to fetch iOS Web app logs from UEM console without requiring app relaunch
    • IBRW-174293: Support download with HTTP POST request
  • Release Date: 17.05.22
  • Release Notes
  • Component: Workspace ONE Content for iOS
  • New Release: 22.04.1
  • Changes:
    • Bug fixes and improvements
  • Release Date: 16.05.22
  • Release Notes
  • Component: Workspace ONE Piv-D Manager for iOS
  • New Release: 22.04
  • Changes:
    • Support historical S/MIME certificates for DISA Purebred.
    • SCEP support with native sharing.
    • Persistent Device Token extension, aka CTK Provider, with YubiKey support.
    • Bug fixes and stability improvements.
  • Release Date: 16.05.22
  • Release Notes
  • Component: Workspace ONE Tunnel for Windows 10
  • New Release: 3.0
  • Changes:
    • We are excited to share a major update to our VMware Tunnel solution. The Workspace ONE Tunnel client on Windows platform now supports Standalone enrollment without Workspace ONE Intelligent Hub or any device management.
    • Note that this client does not support existing MDM workflows or installation on a Workspace ONE managed device. Therefore, the 2.1.6 client is still available. Enabling both the MDM and Standalone enrollment workflows into a single Tunnel client will be provided in an upcoming release version.
    • Please refer to this KB for information on configuring the new Standalone enrollment feature.
    • The official documentation will be updated shortly with the next UEM release.
  • Release Date: 14.05.22
  • Release Notes
  • Component: Workspace ONE Tunnel for macOS
  • New Release: 22.05
  • Changes:
    • We are excited to share a major update to our VMware Tunnel solution. The Workspace ONE Tunnel client on macOS platform now supports Standalone Enrollment without Workspace ONE Intelligent Hub or any device management. 
    • Note that this client does not support existing MDM workflows or installation on a Workspace ONE managed device. Therefore, the 21.08 client is still available through Apple’s App Store. Enabling both the MDM and Standalone enrollment workflows into a single Tunnel client will be provided in an upcoming release version.
    • The new macOS Tunnel 22.05 application is delivered through the Workspace ONE Resources Portal and supports Standalone enrollment and full device Tunnel mode. Please continue using the macOS Tunnel client delivered through the App Store for existing MDM and per-app Tunnel features.
    • Please refer to this KB for information on configuring the new Standalone enrollment feature.
    • The official documentation will be updated shortly with the next UEM release.
  • Release Date: 14.05.22
  • Release Notes
  • Component: Android Relay for Android
  • New Release: 5.17
  • Changes:
    • Updated app version to support Workspace ONE Intelligent Hub 22.04.0.30
  • Release Date: 19.05.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 22.3.0.6
  • Changes:
    • CMEM-186613: Delay in adding the device to the allow list from email list view.
    • AMST-35969: Dropship Provisioning-Device Registrations never make it to through the Bulk Importer Service.
    • AAPP-13822: VPP licenses are not getting disassociated.
    • CRSVC-27265: Message Template notification type is not considered while sending token related email.
  • Release Date: 17.05.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.11.0.30
  • Changes:
  • AMST-35970: Dropship Provisioning-Device registrations never make it to through the Bulk Importer Service.
  • AGGL-11879: Android DDUI Launcher profile ‘Lock Orientation’ checkbox gets disabled upon save.
  • AAPP-13878: MDM profile errors ‘Decryption key for the profile is not installed’.
  • Release Date: 17.05.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.9.0.33
  • Changes:
  • CRSVC-29040: Unable to install S/MIME profile due to “Certificate is used more than once” error.
  • INTEL-38427: Intelligence – Recovery Key Escrowed value not matching UEM.
  • CRSVC-28590:  GSX Cert save failed with password invalid.
  • Release Date: 17.05.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.5.0.56
  • Changes:
  • FCA-202609: MDM profile is not removed from iOS device(device switched off and turned on later) when admin delete the device from UEM console.
  • CRSVC-29041: Unable to install S/MIME profile due to “Certificate is used more than once” error.
  • CMCM-189752: Removing the ContentLockerSDKLibraryKey system code causes an override.
  • Release Date: 17.05.22
  • Release Notes

Service – Week 19-2022 VMware Enduser Computing Updates

Important KB Articles and Release Updates

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com

  • HUBM-5175: On macOS Monterey for Intel devices, the “Force Reboot” functionality in the Software Update profile does not function correctly (88416)
  • For Intel-based macOS devices on macOS 12.0 or higher, the “Force Reboot” functionality in the Software Update payload does not function correctly. If the Workspace ONE Intelligent Hub identifies that an update is available, the user will receive a notification that the update is available and, depending on the configured settings, an option to defer or begin the install. Ultimately, if the user chooses to begin the install, the softwareupdated process will be initiated, but the device will not actually install the OS update.
  • The Workspace ONE team is currently investigating the issue with Apple.
  • Workaround and more info in https://kb.vmware.com/s/article/88416?lang=en_US&source=email
  • Workspace ONE UEM Windows SCEP Profile certificate request fails when using Certificate Authority with Static Challenge (85956)
  • The Windows SCEP Profile payload fails to successfully install a certificate when using a Certificate Authority that is either:
    1. Configured to use Static Challenge
    2. Configured to use Dynamic Challenge with a Request Template that is missing EKU Attributes
  • Workspace ONE UEM 21.09 and older
  • When using a Certificate Authority with Static Challenge, the certificate payload must contain the CA Thumbprint. Unfortunately, the Certificate Authority configuration does not include a field to add a Root Certificate. This will be addressed with AMST-27570.
  • Windows SCEP profiles also require the configuration of EKU attributes in the Certificate Request Template. The Windows SCEP profile does not validate the Request Template configuration in the profile UI. This will be addressed with AMST-27570.
  • To deploy a Windows SCEP profile, you must create a Certificate Authority configured to use Dynamic Challenge and a Request Template that contains EKU Attributes.
  • The Workspace ONE team is currently working to implement the required changes to support the use of SCEP profiles for Windows
  • As a workaround, you can use the Dynamic Challenge configuration for Certificate Authorities, making certain to add the relevant EKU attributes in the Request Template as required by Windows.
  • KB-Reference: https://kb.vmware.com/s/article/85956?lang=en_US&source=email
  • Generate Installation Token in Certificate Signing Portal (88462)
  • New Workspace ONE (WS1) customers with an on premise deployment (perpetual licenses) must generate an installation token within the certificate signing portal (found within the My Workspace ONE portal) as part of their initial Workspace ONE UEM install. This token allows them to manually install WS1 UEM on their server.
  • To go into further detail, the certificate signing portal allows customers to sign a public SSL certificate from their vendor with VMware’s unique security key to ensure secure communication between their organization’s devices and Workspace ONE UEM during device enrollment.
  • Please follow the provided instructions in https://kb.vmware.com/s/article/88462?lang=en_US&source=email
  • Configuring VMware Tunnel Client for Standalone enrollment (88457)
  • This KB article outlines the the steps required for configuring the macOS and Windows Tunnel clients for Standalone enrollment.
  • Please review https://kb.vmware.com/s/article/88457?lang=en_US&source=email for instructions on Windows and macOS clients.
  • Best practices for re-enrolling Windows Desktop devices in Workspace ONE UEM (84350)
  • The following are the best practices for re-enrolling a Windows Desktop device into Workspace ONE UEM. 
  • There are three different clients on Windows Desktop devices.
    • Native Device Management Client. (OMA-DM Client)
    • VMware Software Distribution Agent (VMware SfdAgent)
    • Workspace ONE Intelligent HubEach of the aforementioned client handles different mobile device management (MDM) tasks. You need to make sure associated records are removed for a clean re-enrollment.
  • Please review https://kb.vmware.com/s/article/84350?lang=en_US&source=email for more information
  • HW-145794: How to deploy the VMware Identity Manager Connector in Legacy Mode (88033)
  • This article explains how to deploy the connector virtual appliance in legacy mode. Legacy mode requires allowing inbound connections to the connector appliance installed on-premises.
  • VMware Identity Manager Connector for Windows 19.03.0.1
  • The VMware Identity Manager connector is an on-premises component of VMware Identity Manager that provides directory integration, user authentication, and integration with resources such as Horizon 7. The connector is delivered as a virtual appliance that is deployed on site and integrates with your enterprise directory to sync users and groups to the VMware Identity Manager service and to provide authentication.
  • More info in KB https://kb.vmware.com/s/article/88033?lang=en_US&source=email.
  • Connection Server fails to send machine identifiers information to Horizon Agent and it becomes unreachable. (88439)
  • Connection server debug logs have log lines similar to:
    DEBUG (18D4-1CB4) <HARequestMsgThread> [PendingOperationSet] com.vmware.vdi.desktopcontroller.VirtualCenterDriver@2a4cbc2 Rejecting Prepare from ConnectionServer03 for DeletingNGVC on /DEVDI/vm/InstantCloneTest/SSDS-Pool2/ssds2-8(/DEVDI/vm/InstantCloneTest/SSDS-Pool2/ssds2-8) as operation underway (collision)
    DEBUG (18D4-1CB4) <HARequestMsgThread> [PendingOperationSet] com.vmware.vdi.desktopcontroller.VirtualCenterDriver@2a4cbc2 Rejecting Prepare from ConnectionServer03 for Configuring on /DEVDI/vm/ManualDesktops/GPU/display-gpu-02(vm-11881) as operation underway (collision)
    DEBUG (18D4-1CB4) <HARequestMsgThread> [PendingOperationSet] com.vmware.vdi.desktopcontroller.VirtualCenterDriver@2a4cbc2 Rejecting Prepare from ConnectionServer03 for RecomputeDigests on /DEVDI/vm/ManualDesktops/NavySW/NavySW-Rhap01(vm-17591) as operation underway (collision
  • Pending Operations on connection server has become unstable and paticipating connection server nodes started rejecting the operations.
  • One of the cause is network related issues which were present intermittently leading to this type of issue. Failing to send the Configure Pending Operation to persist the machine information in VMX settings marks the agent as unreachable.
  • A cleaner way to restore the environment is to shutdown all the connection servers and perform a rolling reboot operation.
  • KB-Reference: https://kb.vmware.com/s/article/88439?lang=en_US&source=email
  • End of Availability for VMware Horizon Standard Subscription (88256)
  • VMware is announcing the End of Availability (EOA) of the VMware Horizon Standard Subscription edition, effective April 30th, 2022. After this date, Horizon Standard Subscription will no longer be available for purchase. The EOA will not impact existing entitlements to functionality delivered for existing Horizon Standard Subscription customers through the term of their existing subscription.
  • We are excited to announce that existing Horizon Standard Subscription customers can renew on Horizon Standard Plus Subscription upon their existing term renewal. Horizon Standard Plus Subscription entitles customers to deploy VDI and apps on a single private or public vSphere-based cloud while consuming new SaaS services built for TCO reduction of Horizon environments.
  • Customers may also choose to upgrade to Horizon Enterprise Plus Subscription, which provides enhanced functionality over Horizon Standard Plus Subscription. Additionally, customers may also upgrade to Horizon Universal Subscription if they are consuming multi-cloud SaaS services and/or deploying desktop and apps through Horizon Cloud on Microsoft Azure. For more information on Horizon Standard Plus Subscription, Horizon Enterprise Plus Subscription, and Horizon Universal Subscription, visit http://vmware.com/go/horizon.
  • KB-Reference: https://kb.vmware.com/s/article/88256?lang=en_US
  • VMware Workspace ONE Mobile Flows End of Life Announcement (85939)
  • We are announcing end of availability for new sales of the VMware Workspace ONE mobile flows service. Mobile flows will reach end of general support on August 30, 2022.
  • This means that any out-of-the-box or custom integrations that have been set up for Workspace ONE Intelligent Hub or Workspace ONE Boxer with mobile flows will no longer be supported after August 30, 2022.
  • The Experience Workflows product will be the replacement for 3rd party system integration for micro-apps in Intelligent Hub. You will need to purchase the add-on for the upcoming product release, Experience Workflows for Workspace ONE.
  • You can also request a beta of Experience Workflows through the EUC Beta Portal or through your VMware account representative.
  • KB-Reference: https://kb.vmware.com/s/article/85939?lang=en_US&source=email
  • Week 19 Software Updates
  • Component: Workspace ONE Intelligent Hub for Windows
  • New Release: 22.03.3
  • Changes:
    • HUBW-7182: Bitlocker recovery key is getting logged to taskscheduler.log when Bitlocker is suspended
    • HUBW-7223: Hub UI stuck on hang on screen if user tries to launch hub UI before registration
    • HUBW-7220, HUBW-7221, HUBW-7222: Hub Log size getting larger
    • HUBW-7187: BitLocker password for the system drive is lost on the device
    • HUBW-7148: PC Refresh – Enterprise reset not working as expected
    • HUBW-7224: Set the logging to “Info” by default
    • HUBW-7184: Unable to enroll Win 10 devices using Intelligent Hub, it gets hung at hang on please wait screen
  • Release Date: 12.05.22
  • Release Notes
  • Component: Workspace ONE Intelligent Hub for Android
  • New Release: 22.04
  • Changes:
    • Introducing support for Workspace ONE Mobile Threat Defense which protects your devices from application, malware, device, and network threats.
    • Apply Managed Configurations to Internal Applications
      • In Workspace ONE UEM Console 2109 through 2203, AndroidInternalAppManagedConfigurationFeatureFlag feature flag must be enabled.
      • Feature flag automatically enabled in Workspace ONE UEM 2204
    • Wipe the Work Profile only for Android 11+ COPE devices
      • Enterprise Wipe will now only remove the Work Profile and corporate resources from Android 11+ devices enrolled in COPE mode.
      • Changes require Workspace ONE UEM Console 2204
    • Automated Device Wipe for Offline Devices
      • Intelligent Hub now supports automatically wiping offline devices through Event/Actions. 
      • Requires Workspace ONE UEM Console 2204
    • Battery Threshold Condition in Products
    • Bug Fixes
  • Release Date: 12.05.22
  • Release Notes
  • Component: Workspace ONE Assist
  • New Release: 22.04
  • Changes:
    • Introducing Support for Workspace ONE Assist on Workspace ONE UEM Registered Android and iOS devices
    • Introducing key-board shortcuts along with on-screen instructions to copy/paste within Remote Shell tool
    • Remotely View the entire device screen on Samsung COPE
    • Streamlined User Experience for accepting Permissions prompts on Android attended mode
    • Simplifying provisioning of Unattended Samsung devices by allowing the Knox EULA permission to be accepted during Assist app installation
    • Bug Fixes and Security Enhancements
  • Release Date: 09.05.22
  • Release Notes
  • Component: Workspace ONE Assist for Android
  • New Release: 22.04
  • Changes:
    • Introducing Support for Workspace ONE Assist on Workspace ONE UEM Registered devices
    • Remotely View the entire device screen on Samsung COPE
    • Streamlined User Experience for accepting Permissions prompts on Android attended mode
    • Introducing key-board shortcuts along with on-screen instructions to copy/paste within Remote Shell tool
    • Simplifying provisioning of Unattended Samsung devices by allowing the Knox EULA permission to be accepted during Assist app installation
    • Bug Fixes and Security Enhancements
  • Release Date: 09.05.22
  • Release Notes
  • Component: Workspace ONE Assist for Windows
  • New Release: 22.04
  • Changes:
    • Bug Fixes Only
  • Release Date: 09.05.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 22.3.0.5
  • Changes:
    • UM-7449 Admin Groups not updating after Automatic or Manual Sync
    • FCA-202719    Unable to delete devices from console
    • CRSVC-29031  UEM Unenrollment Does Not Send Re-Authentication to User’s Other Devices
    • CRSVC-28588  GSX Cert Save Failed Password Invalid
    • CMSVC-16129 Tags Update API fails when organization group id is not passed.
    • AMST-35971   Unable to update internal app assignments for some Windows applications
    • AMST-35916   Blobs being served by DS even when they are present in the CDN and StorageType set to 1
    • AMST-35879   Windows Application Deployment Commands are only cleared after a manual Query or App Sample Query from UEM Console
    • AMST-35867   Seed v2203.3 patch Hub to UEM
  • Release Date: 10.05.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.11.0.28
  • Changes:
    • CMEM-186612: Delay in adding the device to the allowlist from email list view.
    • UM-7450: Admin Groups not updating after Automatic or Manual sync.
    • CRSVC-28589: GSX certification save failed with password invalid.
  • Release Date: 10.05.22
  • Release Notes

Service – Week 18-2022 VMware Enduser Computing Updates

Important KB Articles and Release Updates

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com

  • Getting Ready for Android 13 (88379)
  • As of April 26th, 2022, the Android 13 public beta 1 is available for users on Pixel devices.
  • What’s new in Android 13 
    To review new Android Enterprise features on Android 13, clickhere
    For Android app developers, please review behavior changes that may affect your apps: 
    • Changes affecting all apps can be reviewedhere
    • Changes affecting apps that target Android 13 can be reviewed here
    • Updates to non-SDK interface restrictions can be reviewed here
  • Behavior Changes in Workspace ONE UEM on Android 13
    • Android 13 introduces a new runtime permission to send notifications.
      • In order to ensure that users maintain the same experience after upgrading to Android 13, it is recommended to use the Android Permissions profile to grant this permission to any apps that need to send notifications.
    • More details will be added as testing continues for Workspace ONE applications.
  • Known Issues for Android 13
    • No issues yet identified
  • VMware application support for Android 13 
    • Please review in the KB directly.
  • Please follow: https://kb.vmware.com/s/article/88379?lang=en_US
  • Digital Workspace Office Hours – Virtual Customer Event
  • Our mission is to ensure you get the most out of your Workspace ONE and Horizon investments. These office hours provide you direct access to VMware experts and enable you to leverage all of the capabilities of VMware’s Digital Workspace solutions.
  • During 60-minute, interactive sessions, you’ll engage with VMware experts and explore:
    • Common pitfalls
    • Frequently asked questions
    • Best available resources
  • Register for future sessions or view previous ones on-demand to get onboarding and optimizing tips from VMware Workspace ONE and Horizon experts.
  • Next Session: May 12th, 17:00 CET → Automate the deployment of Applications and Configurations with Workspace ONE UEM Freestyle Orchestrator
    • Hosted by Patrick Zöller and Grischa Ernst
  • Join this webinar session to learn the latest from our Expert Customer Success Architects on the following:
    • Learn how you can use Freestyle to take your Deployment of Applications, Profiles and Scripts to the next Level 
    • See how you can effectively leverage Sensors and Device Attributes and Time Window in Workflows. 
    • Best Practices for using Freestyle Orchestrator for Windows and macOS. Introduction of Freestyle for mobile.
  • Register here: https://www.vmware.com/learn/1332050_REG.html?src=so_6273f866a37bd&cid=7012H000001Kbbp
  • Workspace ONE UEM – Device Friendly Name and Enrollment User hyperlinks are disabled on the Device Events page (88380)
  • Hyperlinks in the Device Friendly Name and Enrollment User columns are disabled on the Device Events page in the Workspace ONE UEM console. Administrators will not be able to redirect to the Device Details or User Details pages directly from the Device Events page.
  • Admins will not be able to redirect to the Device Details or User Details pages directly from the Device Events page.
  • Our product team has been engaged and will be working to resolve this issue as soon as possible.
  • Workaround: Admins can view and copy the Device Friendly Name and/or Enrollment User from the Device Events page then manually navigate to the Device List View or Users List View pages and perform a search to view the details.
  • KB-Reference: https://kb.vmware.com/s/article/88380?lang=en_US
  • HUBW-6320 – Workspace One UEM – Windows Baselines show as failed in the console for devices with Windows Hub 21.07.x (88377)
  • New or updated baselines may fail to apply when pushed to windows devices that have Windows Hub version 21.07.x installed.
  • From the Workspace ONE UEM Console, Windows baselines may show a status of failed.
  • Task Scheduler and Baselines logs from the device hub logs will show an error similar to the one below.”@mt”:”Failed to reapply the baseline {Exception}”,”@l”:”Error”,”Exception”:”Newtonsoft.Json.JsonSerializationException: Error convertin
  • Workspace ONE UEM Windows Hub 21.07.x
  • This issue has been addressed in Workspace ONE UEM 2203. The fix has also been backported to Workspace ONE UEM Windows Hub 21.07.9
  • KB-Reference: https://kb.vmware.com/s/article/88377?lang=en_US
  • Teams optimization becomes unavailable after network interruption on HTML Access and Chrome client (85761)
  • When use Teams in VDI/RDSH by HTML Access and Chrome Client with Teams optimization ON, client has short network interruption, teams optimization becomes unavailable even horizon session has recovered. User cannot make video/audio call or join meeting at that time.
  • When there is short-time network break(similarly as refresh), the VDI session(based on blast) will use the old token to reconnect and both side will consider this VDI session continuous.
  • But at the same time, the VVC channel through which the Html5MMRServer and the Html5MMRClient communicate with each other will be broken down and to reconnect as brand new one. So the old WebRTC instance will destroy and pending for the new one to be created.
  • The WebRTC instance(consider as the initialization of all WebRTC Redirection) will only be created by the command from MS Teams client. Since MS Teams client only listen to the event of VDI session, it will treat this situation as session continuously connected and won’t trigger a new command to create new WebRTC instance.
  • Since the root cause is that MS Teams client and Html5MMRServer are out-of-sync of the WebRTC Redirection status at this case.
  • We need to work with MS to figure out some way to let Html5MMRServer tell MS Teams client that “WebRTC Redirection session was broken, and there is a new session just connected. You could send a new command to create new WebRTC Instance.”
  • Workaround:
    • Option1: Quit and relaunch MS teams app.
    • Option2: Disconnect/logoff current session then reconnect it.
  • KB-Reference: https://kb.vmware.com/s/article/85761?lang=en_US
  • Error “Session Handle null, Hence we are initiating to disconnect” occurs when attempting to remotely access device (84128)
  • When attempting to remotely access a device, the following error message appears: “Session Handle null, Hence we are initiating to disconnect.”
  • The Assist Agent prints this error when it checks in with the ARM server to verify if there is an active session, and the ARM servers say “no”. Even in successful attempts to start a remote management session, this error may be viewed several times before the ARM servers say “yes” and return a handle for the session.
  • To resolve, please restart the AetherPal services in the following order and check that they are functioning as expected:
    • Service coordinator
    • DataTierProxy
    • Management entity
    • MessagingEntity
    • AetherPalToolController
    • ConnectionProctor
  • Additional information: https://kb.vmware.com/s/article/84128?lang=en_US
  • Week 18 Software Updates
  • Component: Workspace ONE SDK for Android
  • New Release: 22.4
  • Changes:
    • ASDK-173031 : SDK tracks passcode expiration and provides preemptive notification to apps
    • ASDK-173346 : User friendly Error message will be displayed when HUB app is removed and customer SDK app is launched on Android devices ” If you have uninstalled Workspace ONE Hub, reinstall it. Then reinstall Application through Hub, and try launching it “
  • Release Date: 01.05.22
  • Release Notes
  • Component: Workspace ONE DEEM for macOS
  • New Release: 22.04
  • Changes:
    • We are very excited to expand the capabilities of our experience management offering for the macOS platform. Leveraging Workspace ONE beyond device management for hybrid desktop communities is a focus and priority for customers and the team behind this offering. This release adds official support for Apple silicon and M-based mac hardware as well as optimizing resource consumption of the telemetry component.
  • Release Date: 02.05.22
  • Release Notes
  • Component: Workspace ONE Intelligent Hub for macOS
  • New Release: 22.04
  • Changes:
    • Introducing support for Workspace ONE Mobile Threat Defense which protects your devices from application, malware, device, and network threats.
    • Apply Managed Configurations to Internal ApplicationsIn Workspace ONE UEM Console 2109 through 2203, AndroidInternalAppManagedConfigurationFeatureFlag feature flag must be enabled.
    • Feature flag automatically enabled in Workspace ONE UEM 2204
    • Wipe the Work Profile only for Android 11+ COPE devicesEnterprise Wipe will now only remove the Work Profile and corporate resources from Android 11+ devices enrolled in COPE mode.
    • Changes require Workspace ONE UEM Console 2204
    • Automated Device Wipe for Offline DevicesIntelligent Hub now supports automatically wiping offline devices through Event/Actions. 
    • Requires Workspace ONE UEM Console 2204
    • Battery Threshold Condition in Products
  • Release Date: 04.05.22 (staged)
  • Release Notes
  • Component: Workspace ONE Intelligent Hub for iOS
  • New Release: 22.04
  • Changes:
    • Introduces support for Workspace ONE Mobile Threat Defense
      • Workspace ONE Mobile Threat Defense protects your devices from application, malware, device and network threats. Contact sales to learn more!
  • Release Date: 04.05.22
  • Release Notes
  • Component: Workspace ONE Intelligent Hub for Android
  • New Release: 22.04
  • Changes:
    • Troubleshooting enhancements: Workspace ONE Hub now provides logged in Username to the DEEM agent.
    • Bug Fixes
  • Release Date: 03.05.22
  • Release Notes
  • Component: Workspace ONE Tunnel for Android
  • New Release: 22.03
  • Changes:
  • Introducing Container-wide Tunnel for Android Enterprise
  • Introducing application exemption list while in Full Device mode
    • Please refer to the Application Configurations section in the VMware Tunnel guide for details.
  • Technical Preview Features:
  • 1) Introducing improved mechanism for Device Traffic Rule Sync
  • Decoupling certificate regeneration when updating DTRs.
    • No certificate regeneration when updating DTRs
  • No requirement to save or publish Tunnel profile
  • DTR updates are now processed independent of the VPN profile
  • Periodic check-in interval with Workspace ONE APIs
    • Every 4 hours and on App launch
    • Ability to manage check-in interval with API through KVP
  • Please refer to the Application Configurations section in the VMware Tunnel guide for details.
  • Minimum requirements:
  • Workspace ONE UEM 2203
  • Requires enabling FeatureFlag: DeviceEndpointToGetDtrPayloadFeatureFlag
  • 2) Introducing ability to toggle Tunnel connection via the Tunnel client UI
  • Please refer to the Application Configurations section in the VMware Tunnel guide for details
  • Technical Requirements:
  • VMware Tunnel client in Full Device mode
  • VPN Lockdown should be disabled
  • Release Date: 03.05.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 22.3.0.4
  • Changes:
    • MACOS-2701: Add patch.sql to execute DeviceQueue_MigrateSeededMacOsProfileMacOs2629
    • CRSVC-28931: Unable to install smime profile due to certificate is used more than once error
    • CRSVC-28397: Migration of few devices failing due to missing compliance_status value
    • CRSVC-28385: Page fail for ADCS CA in aaCMCM-189749: Remove ContentLockerSDKLibraryKey system code and its overrides
    • AMST-35882: Unable to run Selective App list API call on the certain enrolled Win 10 devices
    • AMST-35837: Purge hardcoded keys from config files
    • AMST-35753: Windows OS build version shows different in Device list view and Device summary page
    • AGGL-11680: DDUI is broken by a certificate date format in Android profiles
    • AAPP-13787: Privacy Preferences Bugs Audit
  • Release Date: 03.05.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.5.0.55
  • Changes:
    • UM-7437         Automatic LDAP group sync skipped for customer intermittently
    • CMSVC-16057 Evaluate and Improve Scheduler Job resiliency in the event of DB connectivity issue
    • ARES-21981    Device preview page should show exclusions from the current edit only
    • AGGL-11714    Android 11: Work Profile devices are getting Android Legacy Profiles
    • AGGL-11710    CN1919 – xxx – Post OP2S migration, Android Devices are consuming commands slowly
    • AGGL-11668    Chrome URLWhitelist/URLBlacklist does not work on the latest Chrome Versions.
  • Release Date: 03.05.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.9.0.32
  • Changes:
    • CMEM-186609: Email profile is republished after upgrading iOS devices to iOS 14.8 and iOS 15 (with compliance policy).
    • CMCM-189751: Removing the Content Locker SDK Library Key system code causes an override.
    • AMST-35881: Unable to modify Version field when using File Exists criteria for Windows Desktop applications.
    • AMST-35815: Blobs being served by Directory Services even when they are present in the CDN and Storage Type set to 1.
  • Release Date: 03.05.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.11.0.27
  • Changes:
    • RUGG-10851   Provisioning/PoliciesViewDevices grid ‘Last Seen’ shows time 5 hours behind expected Admin time zone
    • LUEM-472       Web Enrollment – intermittent failure with hub package download
    • FCA-202433    UEM console crash while navigating to Devices > Compliance Policies > Event Log
    • CRSVC-28932  Unable to install smime profile due to certificate is used more than once error
    • CRSVC-28398  [Device State] Migration of few devices failing due to missing compliance_status value
    • CRSVC-28308  Async email notifications cause thread pool exhaustion and suspends compliance evaluation
    • CMSVC-16076 Tags Update API fails when organization group id is not passed.
    • CMCM-189750           Remove ContentLockerSDKLibraryKey system code and its overrides
    • ATL-15995       version updates for 21.11.0.27 package
    • AMST-35938   Seed v2107.9 patch version of Hub to UEM
    • AMST-35880   Windows Application Deployment Commands are only cleared after a manual Query or App Sample Query from UEM Console
    • AMST-35816   Blobs being served by DS even when they are present in the CDN and StorageType set to 1
    • AGGL-11679    DDUI is broken by a certificate date format in Android profiles
    • AAPP-13760    iOS Device Updates page timeout issue
    • AAPP-13759    VPP licenses are not getting disassociated
  • Release Date: 03.05.22
  • Release Notes

Service – Week 17-2022 VMware Enduser Computing Updates

Important KB Articles and Release Updates

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com

  • The automated DEP enrollment of Mac Studio into Workspace ONE MDM fails (88315)
  • You see the error similar to:
    Enrolling with management server failed. Unexpected error (MDMResponseStatus:500)
  • This issue occurs because the Mac Studio devices represent a new Apple Device Model Family, and the normal device model seeding process cannot be used to enable support.
  • This is a known issue affecting automated DEP MDM enrollments involving Apple MAC Studio hardware. Currently, there is no user-based resolution.
  • VMware’s Development team is working to add these designations to UEM, and will be addressing this in future releases.
  • To work around this issue, manually enroll the Apple MAC Studio hardware machine into Workspace ONE UEM.
  • More information: https://kb.vmware.com/s/article/88315?lang=en_US
  • [AAGNT-194517] Some Samsung COPE devices unexpectedly unenroll (88267)
  • Some Samsung devices enrolled in Corporate-Owned Personally Enabled (COPE) mode and running Android 11+ may unexpectedly unenroll from Workspace ONE UEM. When this occurs, a “Break MDM” event is seen in the UEM Console for the affected device.
  • This issue should be resolved in Android Intelligent Hub 22.03.0.14. If you continue to experience unexpected device un-enrollments, please contact Workspace ONE Support.
  • KB-Reference: https://kb.vmware.com/s/article/88267?lang=en_US
  • Email Notification Service 2 for on-premises v1.11 and older support notice (86338)
  • All customers of Email Notification Service 2 (ENS2) for on-premises v1.11 and older are advised to migrate to a more recent versions before October 2022. Per VMware Workspace ONE UEM support release policy, on-premises releases are supported for 18 months after general availability.
  • Older versions of ENS2 on-premises distributions rely on the older VMware Workspace ONE Cloud Notification Service and should be upgraded at the earliest convenience to take advantage of the more robust notification framework afforded by VMware Workspace ONE Cloud Notification Service 2, available starting in ENS2 v21.04.
  • Customers using on-premises ENS2 have several upgrade options:
    • Customers preferring to stay with an on-premises ENS2 deployment can upgrade to the latest version of ENS2 on-premises.
    • Customers may also select to migrate to a SaaS-hosted version of ENS2 at no extra charge.
    • High security US Federal Government customers now have an option of SaaS-hosted ENS2 deployed in a FedRAMP High environment.
  • KB-Reference: https://kb.vmware.com/s/article/86338?lang=en_US
  • Access Denied when authenticating via 3rd party IDP via SAML with HTML5 (83160)
  • To outline a scenario when logging in via unified access gateway (UAG) with a 3rd party IDP .
    • Access Denied when attempting access over HTML5 with SAML based Authentication configured.
    • Access is granted when a thick client is used to connect.
    • A disclaimer is configured on the connection server.
  • With SAML, a disclaimer should be part of the 3rd party SAML IDP login and not on the Connection Server.
    • Note, if configured on the connection server, The disclaimer from the connection server will be cached on the  UAG. Please see documentation on this connection server option .
    • When implementing SAML with a 3rd party IDP and an existing UAG , A  restart of the  UAG will make sure the disclaimer cache is cleared after migrating the disclaimer prompt from the broker to the IDP.
  • KB-Reference: https://kb.vmware.com/s/article/83160?lang=en_US
  • CRSVC-28928: How to replace the Workspace ONE UEM static master key (88323)
  • The purpose of this knowledge base article is to document the instructions to remove the static master key referred to in the VMware security blog post found here .  
    The patches listed in the KB will implement a new Scheduler job which can be used to replace the static master key with an instance-specific key and use it to re-encrypt information stored in Workspace ONE UEM.
  • Action Required:
    • Shared SaaS:  None. This change is being deployed by VMware Cloud Operations with zero downtime. 
    • Dedicated Latest:  None. These changes are being deployed by VMware Cloud Operations with zero downtime. If you wish to have this change deployed to your environment at a specific date/time, please contact Workspace ONE Support.
    • Dedicated SaaS customers: If you wish to have this change deployed to your environment, please contact Workspace ONE Support and specify a date/time. This is a zero-downtime change.
    • On-Premise customers: Please refer to the Resolution section for steps to deploy this change to your environment
  • Additional instructions in KB.
  • KB-Reference: https://kb.vmware.com/s/article/88323?lang=en_US
  • Accelerated EOL of Legacy Workspace ONE Experiences (Workspace ONE App and Web Portal EOL) on May 15, 2022
  • For several reasons listed in https://kb.vmware.com/s/article/87908, we are accelerating the EOL of these legacy experiences to May 15, 2022, which includes removing the Workspace ONE app from the App Store and Play Store. Customers who have the Workspace ONE Apps deployed should migrate immediately to the Workspace ONE Intelligent Hub app.
  • When the Workspace ONE app is EOL, new user enrollments for the Workspace ONE app will be blocked. Additionally, all login attempts to the Workspace ONE app will be detected and might be blocked as part of access policy rules with the Device Enrollment device type.
  • Workspace ONE Access Services updates include
  • Introducing the Redesigned Workspace ONE Access Navigation
  • The redesigned Workspace ONE Access admin console improves your ability to navigate and edit key settings, helping you achieve your business goals. A new toggle at the header in the console will help you switch to the redesigned console and you can switch back for easy comparison. Pages are grouped under five tabs – Monitor, Accounts, Resources, Integrations, and Settings, with menus located on the left side panel. The former Manage and Setup buttons were removed to simplify the configuration process.   
  • Doc-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-Access/services/ws1_access_service_administration_cloud/GUID-82FE0AD9-7124-4614-A1CA-9239EB7094B4.html
  • Hub Services Notification Admin Console UX Improvements
  • We made the following enhancements to the Notifications tab in the Hub Services console.
  • The notification preview in the notification builder is now sticky. As you configure notification elements, the preview will always remain in view to easily see how they reflect on the notification card.
  • The time zone expiration field for Return-to-Work notifications supports a combo-box option to allow you to search and select your desired time zone
  • Doc-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE/services/rn/hub-services-release-notes/index.html
  • Week 17 Software Updates
  • Component: Workspace ONE Boxer for iOS
  • New Release: 22.04
  • Changes:
    • Integration with Workspace ONE Notebook
    • Remove highlighted, quoted text with user setting
  • Release Date: 27.04.22
  • Release Notes
  • Component: Email Notification Service v2
  • New Release: 22.04
  • Changes:
    • ENS uses CNS v3 as push notification gateway by default.
  • Release Date: 27.04.22
  • Release Notes
  • Component: Workspace ONE Content for Android
  • New Release: 22.04.1
  • Changes:
    • Bug Fixes
  • Release Date: 29.04.22 (staged)
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 22.03
  • Changes:
    • Get notified when your Apple Business Manager tokens are about to expire.
    • Override the default device reboot behavior for your win32 apps during installation.
    • We’ve added support for macOS Recovery Lock
    • Product delivery to devices in a SaaS environment just got easier!
    • Bug Fixes
  • Release Date: 29.04.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 20.11.0.44
  • Changes:
    • CRSVC-28747: Migrate UEM database table BlobMaster that were encrypted using kv0
    • CRSVC-28486: Update PasswordMigrationMetadata.json file to include Patch-2 tables and column details for migration
    • CMSVC-16084: UEM discloses smart group details from other tenants
  • Release Date: 26.04.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.2.0.35
  • Changes:
    • CRSVC-28747: Migrate UEM database table BlobMaster that were encrypted using kv0
    • CRSVC-28486: Update PasswordMigrationMetadata.json file to include Patch-2 tables and column details for migration
    • CMSVC-16084: UEM discloses smart group details from other tenants
  • Release Date: 26.04.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.5.0.54
  • Changes:
    • CRSVC-28747: Migrate UEM database table BlobMaster that were encrypted using kv0
    • CRSVC-28486: Update PasswordMigrationMetadata.json file to include Patch-2 tables and column details for migration
    • CMSVC-16084: UEM discloses smart group details from other tenants
  • Release Date: 26.04.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.9.0.31
  • Changes:
    • CRSVC-28747: Migrate UEM database table BlobMaster that were encrypted using kv0
    • CRSVC-28486: Update PasswordMigrationMetadata.json file to include Patch-2 tables and column details for migration
    • CMSVC-16084: UEM discloses smart group details from other tenants
  • Release Date: 26.04.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.11.0.26
  • Changes:
    • CRSVC-28747: Migrate UEM database table BlobMaster that were encrypted using kv0
    • CRSVC-28486: Update PasswordMigrationMetadata.json file to include Patch-2 tables and column details for migration
    • CMSVC-16084: UEM discloses smart group details from other tenants
  • Release Date: 26.04.22
  • Release Notes

Workspace ONE XR Hub – The Future of Work?

At the last VMworld (2021), VMware announced that it would support a range of VR/AR glasses in the future. A few days ago I had the opportunity to test HTC Vive Focus 3 VR glasses. At this point, thanks to HTC for providing the test unit.

First of all, the difference between VR and AR glasses should be briefly explained again. VR stands for ‘Virtual Reality’ and completely covers the field of vision for a 360° experience. The user dives almost completely into the virtual environment. Augmented Reality, on the other hand, still enables the user to see the actual world, so it is only an overlay in which information about the actual field of view is displayed or supplemented.

The areas of application therefore differ significantly. VR can be used, for example, in the area of ​​training and collaboration for virtual interaction – completely virtual worlds are created, as are then also planned in the consumer area with the ‘Metaverse’ in the future. AR, on the other hand, can be used more in practical production, for example in factories where the user works on an assembly line or a production site and is shown additional information with help of the glasses. In the private sector, the best-known example of AR use would be Google Glass glasses.

Reference: https://www.cablematters.com/blog/Virtual-Reality/vr-vs-ar

In the corporate sector, in areas where AR/VR glasses are already being used, there are typically challenges with general administration, the installation of apps and content, security and, above all, initial provisioning.

The Workspace ONE XR Hub is currently available in beta for the following models:

  • HTC VIVE Focus Plus™
  • HTC VIVE Focus 3
  • Pico Neo 2
  • Pico Neo 2 Eye
  • Pico Neo 3
  • Pico G2 4k
  • Oculus Quest 2

Please check the documentation in advance and get in touch with the VMware contact person if necessary.

The technical approach:
In practice, I only tested the HTC Vive Focus 3, but it can be used for other Android-based glasses. The basic concept of how the glasses are managed is the same.
VMware offers the Workspace ONE XR Hub for VR/AR glasses – currently still available as a beta version at https://beta-ea.vmware.com. However, the XR Hub does not replace the classic Workspace ONE Intelligent Hub. The breakdown is as follows:

The Workspace ONE Intelligent Hub is the classic device agent as a 2D app, just like on all other (frontline) Android devices, including the well-known user interface with the well-known Hub Services Notifications, For You Tab, Support and of course the App Catalog.

The Workspace ONE XR Hub can be seen as the portal for enterprise applications. THE XR Hub is designed for VR applications and thus offers the 360° view. The apps and services I make available here are based on the App Catalog in Workspace ONE Access.

The device is generally managed via the Intelligent Hub, while the XR Hub takes over the visual representation of the virtual working environment.

The combination of the following components is therefore recommended for managing the VR glasses:

  • Workspace ONE UEM >>> Management of devices
  • Workspace ONE Access >>> Authentification, App-Catalog, SSO
  • Workspace ONE Intelligent Hub >>> Device Agent
  • Workspace ONE XR Hub >>> VR Business Portal for Enterprise-Apps
  • Optional: Workspace ONE Assist >>>Remote-Control and Support
  • Optional: Workspace ONE Tunnel with Unified Access Gateway >>> Zugriff to internal resources
  • Optional: VMware Horizon for publishing virtual Apps or VDIs

In general, the XR Hub and Workspace ONE Access are also optional if I only want to manage devices and do not want to rely on AR/VR content and applications.

Enabling the HTC Vive Focus 3
How the individual devices are provisioned is explained in the documentation in the beta portal and I do not need to repeat it in detail. Where the individual glasses from the manufacturers differ is how the basic setup works. In other words: How do I put the respective glasses into Enterprise mode and how do I bring the Workspace ONE Intelligent Hub to the device (the Play Store is not available) to start the actual enrollment. With the Focus 3, this is done via a batch file, which I provision, including a key, via HTC’s enterprise business portal (https://business.vive.com) and afterwards downloaded to your PC. This batch file contains my basic configuration and the Workspace ONE Intelligent Hub, as well as other applications that I would like to include directly with the initial staging. However, I can, or maybe I should, roll out my enterprise applications apart from the Intelligent Hub via Workspace ONE, since I can then preconfigure and update them via App Config. I copy the downloaded batch file and the key to a micro SD card that is inserted into the glasses and after a factory reset the batch file takes effect accordingly and puts the glasses in Enterprise mode and installs the Workspace ONE Intelligent Hub . The Workspace ONE XR Hub is not yet installed at this point.

I now start the classic device enrollment via the Workspace ONE Intelligent Hub, which initially does not work any differently than on other Android Enterprise devices.

From this point on, I can basically manage the VR glasses like any other Android frontline or rugged device:

In the next step, however, I still want to get the benefits of the Workspace ONE XR Hub. The basic procedure for this is as follows, although there are certainly variations:

  • Upload the XR Hub .apk to Workspace ONE as an enterprise app and push to the device
  • Adjust settings in Workspace ONE Access to enable authentication and recognize the XR Hub as a trusted client.
  • Customize the JSON configuration file for the XR Hub. The XRHubClientConfig.json can be used to customize the appearance and behavior of the XR Hub for the needs of each company or application area.
  • Creating a provisioning product that pushes the JSON configuration file to the correct location on the device.
  • Provision of content in the WS1 Access or Workspace ONE UEM Catalog – Enterprise .apks and web apps.

Details on the required steps are available in the documentation on the Beta Portal (https://beta-ea.vmware.com/). Customizing the JSON file requires a bit of practice or background knowledge. In general, the options are well explained in the documentation. It is only important to mention that the URL of the Workspace ONE Access Tenant must be specified under “Workspace ONE URL”:

Once the XR Hub and the product for the .json configuration file are installed, the XR Hub can be launched. In my case, for the first start of the XR Hub, I stored in the config file that an info video should be played, which I also pushed onto the glasses via a product:

After the video, the XR Hub including the preconfigured content is available:

Personal Conclusion and opinion:

AR/VR is with a very high degree of certainty part of the future of work and is already finding its way into some areas. From conversations with my customers, however, I can say that it is still mostly limited to research, innovation or niche areas. However, the possibilities that AR/VR use cases offer are almost unlimited and could change the way we work in the future. It is not yet enough for a classic breakthrough and application in the masses. This is due to various points, which in most cases are related to the hardware and the fact that each provider of the glasses currently still relies on its own ecosystem of accounts and provisioning solution. In the enterprise environment, for example, it is a deterrent if, as with the Oculus Meta glasses, a Facebook account is required to even put the device into operation.

Another issue is application availability. I can certainly run practically any Android app on the VR glasses. However, the user experience is limited when I simply use a 2D app on VR glasses. VR requires a 360° view and an application must be adapted to this in order to enable the spatial user experience. The development of apps in this direction is currently still complex and implemented by only a few providers, so there is a lack of availability of corresponding applications. At this point it should be said that no apps can be installed directly from the Play Store, since the VR glasses are the AOSP version of Android (Android Open Source), so the classic Google Managed Services are missing (GMS), which excludes the Play Store. The Android OS has been too much customized by the manufacturers, so it cannot get certification for the GMS. So, as a company, I have to have the .apk files of the relevant apps that I want to use on the VR glasses. It is therefore not possible to use common communication and collaboration solutions such as Microsoft Teams, WebEx or Zoom – here you have to resort to offers from the manufacturers of the glasses. For a not too small number of customers, this is a knockout criterion.

From a management perspective, the combination of Workspace ONE Intelligent Hub and Workspace ONE XR Hub already offers a high level of possibilities, as has been known from the management of Android devices for years. The supported devices are primarily an Android frontline device, of the kind known from Zebra and Honeywell – the management then works accordingly. The XR Hub then offers ‘on top’ a visually and functionally successful portal for access to the collected enterprise applications.

In conclusion, it can be said that the experience of VR glasses in general and with the XR Hub in particular is very impressive and fun. The 360° view conveys a new type of spatial perception and potentially puts me back in a shared space with my colleagues when working remotely. The breakthrough for mass use cases is still a long way off, but it seems likely that solutions of this type will have a strong impact on the way we work in the future. The Workspace ONE XR Hub can be seen a bit as the ‘Next Level Anywhere Workspace’ at this point.

Additional Informationen:
Techzone Announcement:
https://techzone.vmware.com/blog/vmware-workspace-one-xr-hub-beta-announced
Techzone Podcast:
https://techzone.vmware.com/?share=podcast4100&title=workspace-one-xr-hub
Beta Portal:
https://beta-ea.vmware.com/enter/
Techzone Article Head Mounted Wearables_
https://techzone.vmware.com/resource/enrolling-head-mounted-wearables-vmware-workspace-one-uem