Featured

Welcome to the Anywhere Workspace

Photo by Pixabay on Pexels.com

Thank you for navigating to my Blog. You’ll find here news and updates around VMware Workspace ONE. The content in this blog doesn’t necessarily represent VMware’s positions, strategies or opinions. While Best Practices or Product related information are described in some post on this blog, they may not apply to your individual customer setup or be error free. In case of doubt, always engage your VMware contact.

Featured and latest Posts:
Service – Week 38-2022 Enduser Computing Updates
Service – Week 37-2022 Enduser Computing Updates
Service – Week 36-2022 Enduser Computing Updates
*NEW* Demo Video: Workspace ONE Mobile Threat Defense – MITM Attack
The Workspace ONE VR Experience, Part3: Pico Neo3 Pro and XR Hub 0.75
Workspace ONE XR Management – Testing Oculus Quest 2 Enterprise Enablement (German Version)
Workspace ONE XR Hub – The Future of Work?(German Version)
A First look at: Apple 2021 Updates(German Version)
A First look at: Android 12(German Version)
Looking Forward to 2021 – A small Outlook(German Version)
VMware Workspace ONE – 2020 A Year in Review — (German Version)
VMware Boxer – Delegated, Shared and Multiple Managed Mailboxes
End User Computing News of Week 46 — (German Version)
Reporting: The Workspace ONE Excel Add-In — (German Version)
Workspace ONE Device Management Modes — (German Version)
Workspace ONE – Techzone, KB, Docs – When do I use what? — (German Version)
What is the „Freestyle Orchestrator“? — (German Version)
Changes with Android 11 and Workspace ONE — (German Version)

Archive: WEEKLY UPDATES

I hope you’ll enjoy the posts and that they have some useful content for you. Feel free to reach out to me on LinkedIn or comment the post.
Thanks!

Service – Week 38-2022 VMware Enduser Computing Updates

Important KB Articles and Release Updates

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com

Workspace ONE Access Services updates

  • Directory Sync Frequency Updates
    The interval between synchronization times has been made more flexible and will let administrators to choose between setting hourly synchronizations or synchronizations every 2, 6, or 12 hours. Administrators can also choose to set their sync frequency to be less often with daily or weekly intervals.
  • Shift-based conditional access policies in Workspace ONE Access to support Shift-based Access to Workspace ONE Digital Workspace
    Shift-based access control with Workspace ONE enables your company to deliver a digital workspace that is shift aware. Shift-based access control restricts the use of different product apps and features when a worker is not clocked-in for their shift.
    In the Workspace ONE Access console, you can configure Shift-based Auth as an authorization method to manage when workers can launch specific Workspace ONE Access federated applications based on whether the worker is on-shift or off-shift. The authorization is applied after workers are authenticated with a first factor authentication method based on your access policy rules.
  • UEM Token Device Enrollment Authentication Method
    The UEM Token authentication method allows customers to seamlessly change the source of authentication from Workspace ONE UEM to Workspace ONE Access for device enrollment of the Workspace ONE Intelligent Hub for iOS and Android. Devices that are on registered mode and Android devices, which do not have a Workspace ONE UEM certificate at time of enrollment, can be identified and authenticate with Workspace ONE Access. This feature addresses the previous problem of duplicate authentication and provides the most seamless transition for Workspace ONE UEM customers to Workspace ONE Access yet and does not impact existing enrolled devices.
  • Time-based One-Time Password (TOTP) Authentication Now Available in Workspace ONE Intelligent Hub iOS and Android
    Workspace ONE Intelligent Hub for iOS and Android brings support for adding and generating Time-based One-time Passwords or TOTP.
    End users with a QR code or the secret key for an account can register that secret key with Workspace ONE Intelligent Hub to allow for the generation of Time-Based One-Time Passwords. This does not require an internet connection.
    End users can find this functionality in the app’s Account screen under “Two Factor Authentication” by tapping on the icon at the top of the app in any of the screens, if users have Hub Services, and in the main screen if in UEM-only mode. This functionality is not supported for multi-staging users where the device is passed around for multiple users because of TOTP’s fundamental security feature of access to the device.
  • Bypass multipleauthn SAML attribute claims in WS-Fed active flows
    The multipleauthn SAML attribute will no longer be passed in active federation flows.
  • For more information, refer to this Release Notes

Workspace ONE Hub Services updates  

  • View End-user Notification Engagement Analytics in Workspace ONE Intelligence
    Admins can view notification engagement analytics of their end-users’ interactions of Intelligent Hub notifications in Workspace ONE Intelligence. This includes notification metrics like viewed, opened, dismissed, and actioned on. To enable this ability, authorize the Hub Services connector in Intelligence. You can then build dashboards to visualize the notification engagement analytics. You can also navigate to this website to leverage predefined notification analytics dashboard templates.
    Note: We currently collect notification analytics from Hub Web portal, Windows Hub, and macOS Hub.
  • Send Intelligent Hub Notifications from Workspace ONE Intelligence Automation Workflows
    Hub notification action is now available as an action when configuring automation workflows in Workspace ONE Intelligence. Leverage the Hub Services notification action to target and send Hub notifications to devices about apps, devices, remediation resources, updates, and more. The Hub notification will appear in the For You tab in Intelligent Hub.
  • Simplified Notification API in Beta
    We’re introducing a simplified Notification API that external systems can leverage to send Intelligent Hub notifications to users and devices. The new Notification API reduces integration steps by allowing external systems to send a notification by providing a well-known identifier – either a userGroup name or a SmartGroup name/id. If interested in testing this API, please reach out to your VMware contact to connect with the product team.
  • For more information, refer to this Release Notes
  • URL Content Redirection does not work for Third Party Application on macOS 13 Beta. (89470)
    • The input URL within Third Party Application can’t be redirected from Mac client to agent side on macOS 13 beta.[Reproduction Steps]
      1. Launch Mac Client on macOS 13.0 Beta
      2. Login to Horizon Server
      3. Click using the URL Filter Application as the Third Party Application
      4. Open the configured URL in the Notes
      5. URL is not redirected to agent side
    • This article provides URL Content Redirection troubleshooting steps.
    • More information in KB: https://kb.vmware.com/s/article/89470?lang=en_US&source=email
  • “Max session bandwidth” of the DEM Horizon Smart Policies does not work on first connection. (89526)
    • When you connect to VDI with “Max session bandwidth” configured in DEM Horizon Smart Policies, it does not take effect and uses the default value “1000000”.
    • However, when you reconnect to the session, it is working as configured.
    • This is a known issue.
      • Blast can only apply the MaxBandwidthKbps setting if the registry value is written before the session begins.
      • DEM won’t be able to provide Horizon Smart Policies before the session begins, as we process this config during login.
    • More details in KB: https://kb.vmware.com/s/article/89526?lang=en_US&source=email
  • Jetzt Registrieren: Enduser Computing Webinare im September und Oktober
    • Live-Webinar: Mobile Threat Defense im Kontext von Workspace One
      Mittwoch, 28. September 2022, 10:00 Uhr
      Speaker: Yana Petrova
    • Live-Webinar: Ist VMware Horizon die bessere Plattform für Desktop & Applikationsvirtualisierung?
      Mittwoch, 05. Oktober 2022, 10:00 Uhr
      Speaker: Stefan Metzger
    • Live-Webinar: Innovation am Remote-Arbeitsplatz: ‚Work from Anywhere’ mit Virtual Reality und Workspace ONE
      Mittwoch, 12. Oktober 2022, 10:00 Uhr
      Speaker: Julius Lienemann
    • Registrierungsseite: VMware
  • Week 38 Software Updates
  • Component: Workspace ONE Intelligent Hub for macOS
  • New Release: 22.08.1
  • Changes:
    • HUBM-5861  Ventura beta 5 Weblink apps are damaged
    • HUBM-5849  Freestyle Orchestrator Sensor does not trigger Application Upgrade/Install
  • Release Date: 22.09.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: OS Updates Seed Script
  • Changes:
    • Most recent update: … iOS 16.0.0 (20A371),iOS 16.1.0 (20B5045d),tvOS 16.1.0 (20K5041d),iOS 16.0.1 (20A371)
  • Release Date: 21.09.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: Seed Script for latest Device Model Information
  • Changes:
    • Seed Script for latest Device Model Information … iphone 14 A2883 iphone 14 Plus A2887 iphone 14 Pro A2891 iphone 14 Pro Max A2895
  • Release Date: 21.09.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 22.3.0.28
  • Changes:
    • CMEM-186702: PowerShell failing: “User credential of the remote PowerShell server contains the special characters.”
    • AMST-37025: SSL Pinning showing not synchronized.
    • CRSVC-32059: “Renew Certificate” not working as expected in Certificate list view.
    • AGGL-12934: Group Organization Mode change command not queued after changing to Fixed Organization Group.
    • AMST-36830: Windows Firewall Rule not working as intended on Win 10 device.
  • Release Date: 21.09.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 22.6.0.6
  • Changes:
    • AMST-36832: Windows Firewall Rule not working as intended on Win 10 device.
    • CRSVC-32057: “Renew Certificate” not working as expected in Certificate list view.
  • Release Date: 21.09.22
  • Release Notes

Service – Week 37-2022 VMware Enduser Computing Updates

Important KB Articles and Release Updates

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com

  • Getting Ready for Apple Fall 2022 Releases
  • On June 6th, 2022 Apple announced at their World Wide Developers Conference (WWDC) the upcoming releases of iOS 16, iPadOS 16, tvOS 16, and macOS Ventura (13.0). This document will provide guidance on all the upcoming Apple updates and any impacts this may have on Workspace ONE.
  • The anticipated release timeline for these updates is similar to previous years. We anticipate a mid to late September release for iOS 16, iPadOS 16, and tvOS 16, with macOS Ventura releasing shortly after in late September or early October. – iOS16 being available since Sep. 12th
  • The docs.vmware information is derived from Apple’s WWDC information sessions. These sessions are available on-demand through Apple’s Developer Program at developer.apple.com. This site also contains information on how test the upcoming releases.
  • WWDC 2022 videos
  • Please find all details at: docs.vmware-reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/GettingReadyForAppleReleases/GUID-GettingReadyforAppleReleases2022.html
  • End of Life for Workspace ONE AirLift (89506)
  • The Workspace ONE AirLift tool will reach end-of-support (EoS) effective immediately and end-of-availability date (EoA) on October 31st, 2022. The Workspace ONE AirLift tool will be removed from the Workspace ONE portal on this date. Current Airlift installations will no longer be supported and no new updates will be made available. 
  • The Workspace ONE AirLift tool was used to accelerate deployments off of SCCM by providing an easy way to migrate applications and policy into Workspace ONE.  While this tool did provide some value in migrating applications, the value found in migrating Group Policy was limited.  VMware is committed to supporting those applications and policy migrations through investment in advanced tooling hosted on VMware {code} and new Baseline policy configurations within Workspace ONE.
  • Customers who have Workspace ONE AirLift should no longer leverage the tool for application and policy migration.
  • For customer looking to migrate applications, VMware has made app upload scripts available on VMware {code}. This code leverages the same Workspace ONE APIs and will provides admins with an automated way to migrate a large number of applications.   VMware has also written a step by step guide on using Workspace ONE APIs to upload Windows applications.
    For policy migrations, VMware recommends customer leverage Workspace ONE Baselines .  Workspace ONE UEM curates industry-recommended settings into one Baseline configuration to simplify securing your devices. Baselines reduce the time it takes to set up and configure Windows devices.  By moving to Baselines, customers will also avoid migrating legacy Group Policy that is prevalent in many legacy environments. 
  • Check the KB for further information: https://kb.vmware.com/s/article/89506
  • URL Content Redirection does not work for Third Party Application on macOS 13 Beta. (89470)
  • he input URL within Third Party Application can’t be redirected from Mac client to agent side on macOS 13 beta.
    [Reproduction Steps]
    1. Launch Mac Client on macOS 13.0 Beta
    2. Login to Horizon Server
    3. Click using the URL Filter Application as the Third Party Application
    4. Open the configured URL in the Notes
    5. URL is not redirected to agent side
  • This article provides URL Content Redirection troubleshooting steps.
  • More information: https://kb.vmware.com/s/article/89470?lang=en_US&source=email
  • End user connection fails when WorkspaceONE only mode used for Horizon (89006)
  • The below error is seen:
    “This Horizon server expects to get your logon credentials from another application or server, not directly through the client login screen. If you usually access Horizon from another application, please launch that application.”
  • General troubleshooting:
    Check Horizon connection server debug logs for more error details.
    Sometimes it may fail at workspace connector end during SAML resolution.
    Check on below:
    Timestamp of WorkspaceONE appliance and Horizon are in sync
  • More information: https://kb.vmware.com/s/article/89006?lang=en_US&source=email
  • USB-R will be enabled when using an APFS removable storage disk. (89452)
  • The disk could be listed on the USB-R menu when the user uses the removable storage disk with APFS format.
  • 1. Drive could not be shared between VMs and Applications using the CD-R when the user uses USB-R.2. Low performance when using the USB-R
  • Avoid choosing APFS storage on the USB menu; if USB-R is activated, disconnecting or replugging the USB device will solve this issue.
  • This affects Horizon Client for Mac.
  • KB-Reference: https://kb.vmware.com/s/article/89452?lang=en_US&source=email
  • Jetzt Registrieren: Enduser Computing Webinare im September und Oktober
  • Live-Webinar: Was macht den Anywhere Workspace bei VMware aus? Ein Blick hinter die Kulissen
    Mittwoch, 21. September 2022, 10:00 Uhr
    Speaker: Arkadiusz KrowczynskiLive-Webinar: Mobile Threat Defense im Kontext von Workspace One
    Mittwoch, 28. September 2022, 10:00 Uhr
    Speaker: Yana PetrovaLive-Webinar: Ist VMware Horizon die bessere Plattform für Desktop & Applikationsvirtualisierung?
    Mittwoch, 05. Oktober 2022, 10:00 Uhr
    Speaker: Stefan MetzgerLive-Webinar: Innovation am Remote-Arbeitsplatz: ‚Work from Anywhere’ mit Virtual Reality und Workspace ONE
    Mittwoch, 12. Oktober 2022, 10:00 Uhr
    Speaker: Julius Lienemann
  • Registrierungsseite: VMware
  • Week 37 Software Updates
  • Component: Workspace ONE Intelligent Hub for Android
  • New Release: 22.08
  • Changes:
    • Generate Time-based one-time password
      • Customers who have previously used VMware verify as their 2FA app will be able to use Intelligent Hub to get their Time-Based One-Time Password (2FA code). 
    • Support for Survey Notifications
      • Users can now take surveys with different question types – NPS, free form text, multi choice etc. within Intelligent Hub app.
      • Survey will be sent as a notification to end users on Intelligent Hub and end users can find it in the For You tab.
    • Bug Fixes
  • Release Date: 14.09.22
  • Release Notes
  • Component: Workspace ONE Intelligent Hub for iOS
  • New Release: 22.08
  • Changes:
    • Time-based one-time password (TOTP)
      • This allows the Intelligent Hub application to generate one-time passwords from a secret key
      • Setup can be found in the Account screen of Intelligent Hub
    • Background Images are now supported in the Explore, App, Favorites, People, For You and Support tabs
    • Accessibility Improvements
  • Release Date: 14.09.22
  • Release Notes
  • Component: Workspace ONE Intelligent Hub for macOS
  • New Release: 22.08
  • Changes:
    • New option added to uninstall managed applications from App Catalog (supported from UEM Console 21.11 and Hub Services 22.07)
    • As of 22.08 for macOS 10.14 is no longer supported
    • General enhancements
      • Optimization of App list sample
      • Improvements have been made to HUB sensors error reporting
      • Munki upgraded to 5.7.2, MSAL to 1.2.2, and Python to 3.10.6
      • Product download from Relay Server improvements.
      • Native App Catalog UI Improvements.
  • Release Date: 14.09.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: OS Updates Seed Script
  • Changes:
    • Most recent update: … iOS 12.5.6 (16H71), iOS 16 (20A362) and iOS 15.7 (19H12)
  • Release Date: 14.09.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.11.0.46
  • Changes:
    • CMEM-186700: PowerShell failing with error message: “User credential of the remote PowerShell server contains the special characters.”
    • MACOS-3335: Device Details page crashing for Linux devices when loading processor architecture from latest Device State Service.
  • Release Date: 14.09.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 22.3.0.26
  • Changes:
    • FCA-203863: Unable to Edit Device Asset Number
    • AGGL-12899: Time mentioned in System Updates profile changes to AM from PM after save and publish, when UI Locale languages is Japanese, Chinese, or Korean.
    • AGGL-12887: URL Blocks & Exceptions in Chrome Browser Profile disappeared with data loss (upgrade from 2102 to 2203)
  • Release Date: 14.09.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 22.6.0.5
  • Changes:
    • AGGL-12898: Time mentioned in System Updates profile changes to AM from PM after save and publish when UI locale languages is Japanese, Chinese, or Korean.
    • INTEL-42182: ETL-Design the ability to enable CDC based exports in AWS RDS.
  • Release Date: 14.09.22
  • Release Notes

Service – Week 36-2022 VMware Enduser Computing Updates

Important KB Articles and Release Updates

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com

  • Deprecation of AirWatch Historical Widgets within Workspace ONE Intelligence (89394)
  • AirWatch Historical widgets are being deprecated within Workspace ONE Intelligence.
    Why is this being deprecated?
    The current implementation of AirWatch Historical only stores the full record of state changes. Storing the full record introduces a limitation as it tracks all changes to the state, including edits. As a result, historical widgets face data accuracy challenges due to its inability to truly track change events.
    For instance, when tracking the total number of apps installed per day, AirWatch Historical will count any changes to a currently installed app as a new installation due to the implementation method. This in turn, misrepresents the actual number of apps being installed a day, resulting in inaccurate data for the widget.
  • What does deprecation mean for users?
    Users will only be able to view or delete the impacted AirWatch Historical widgets. They will NOT be able to edit, copy, duplicate, or rename the impacted widgets. Additionally, users will NOT be able to create any new AirWatch Historical widgets.
    Which widgets are impacted?
    Widgets using data from the following list will be impacted:
    • Workspace ONE UEM -> Apps
    • Workspace ONE UEM -> Devices
    • Workspace ONE UEM -> Windows OS Updates
    • Workspace ONE UEM -> Device Risk Score
    • Workspace ONE UEM -> Device Summary Risk Score
    • Workspace ONE UEM -> User Risk Score
    Impacted widgets will also be labeled with a ‘Deprecated’ pill to make it easier for users to identify.
  • Find more information in KB https://kb.vmware.com/s/article/89394?lang=en_US&source=email
  • Workspace ONE Email Notification Service 2 (ENS2) experiencing sporadic connection errors due to the unavailability of the RDS database (89432)
  • ENS2 Virginia Database was migrated on 27th August to a Multi-AZ configuration. After the migration, the Workspace ONE Team began seeing database connection errors due to a sporadic unavailability of the RDS database. While the Workspace ONE Team works with our partners to identify the root cause, the team will be reverting to a previous version of the database.
  • Since ENS2 relies on Exchange to maintain subscriptions and Exchange is prone to losing subscriptions frequently for unknown reasons, it is possible that many users may lose subscriptions due to the migration.
  • The team will be creating a mock API to keep sending acknowledgements back to the Exchange whenever there is an event pushed from Exchange to ENS2, to reduce chances of losing the active subscriptions.
  • Workaround in KB https://kb.vmware.com/s/article/89432?lang=en_US&source=email
  • HW-164237 Hotfix for 22.05.0.0 Workspace ONE Access Connector, Resolution for OpenJDK 11.0.5 does not work correctly with StartTLS protocol. Upgrade to OpenJDK 11.0.16. (89428)
  • Active Directory Connections using StartTLS option may not work as expected with Workspace ONE Access Connector 22.05.
  • The patch allows you to upgrade the packaged OpenJDK to version 11.0.16, in order to resolve the issue.
  • Known Issue in OpenJDK 11.0.5 packaged with Workspace ONE Access Connector 22.05.
  • Resolution outlined in https://kb.vmware.com/s/article/89428?lang=en_US&source=email
  • Week 36 Software Updates
  • Component: Workspace ONE Intelligent Hub for Android
  • New Release: 22.08
  • Changes:
    • Generate Time-based one-time password
      • Customers who have previously used VMware verify as their 2FA app will be able to use Intelligent Hub to get their Time-Based One-Time Password (2FA code). 
    • Support for Survey Notifications
      • Users can now take surveys with different question types – NPS, free form text, multi choice etc. within Intelligent Hub app.
      • Survey will be sent as a notification to end users on Intelligent Hub and end users can find it in the For You tab.
    • Bug Fixes
  • Release Date: 03.09.22 (staged)
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: OS Updates Seed Script
  • Changes:
    • iOS 16.0.0 (20A362),tvOS 16.0.0 (20J373),iOS 15.7.0 (19H12),macOS Monterey 12.6.0 (21G115)
  • Release Date: 07.09.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.11.0.45
  • Changes:
    • RUGG-11333   Delay in Products getting assigned to android devices
    • ENRL-3534      Un-enrollment date is Null in Intelligence
    • CRSVC-31823  Test latest spec flow in canonical
    • CRSVC-31783  GSX test connection fails with SSL error
    • CRSVC-31691  MacOsx conditional access, UEM is reporting device_type and operating_system as UNKNOWN when device changes its status.
  • Release Date: 07.09.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 22.3.0.25
  • Changes:
    • PPAT-12130     Change the Tunnel Devices API from Public to Internal API
    • MACOS-3334  Device Details page crashing for Linux Devices when loading processor architecture from latest Device State Service
    • FCA-203857    Unable to load Angular Exports page
    • FCA-203818    Improve performance of API_LoadDevice
    • ENRL-3533      Un-enrollment date is Null in Intelligence
    • AMST-36974   Unable to Edit app assignments .
  • Release Date: 07.09.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 22.6.0.4
  • Changes:
    • MACOS-3313  macOS DDUI SCEP Payload – AirWatch CA Template does not populate
    • FCA-203853    Unable to load Angular Exports page
    • CRSVC-31786  GSX test connection fails with SSL error
    • AMST-36972   Unable to Edit app assignments .
  • Release Date: 07.09.22
  • Release Notes

Service – Week 35-2022 VMware Enduser Computing Updates

Important KB Articles and Release Updates

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com

  • VMware Explore – Enduser Computing Announcments Overview
  • VMware Explore 2022 Anywhere Workspace, Workspace ONE, and Horizon announcement overview
  • What’s new in Workspace ONE UEM
    • Autonomous workspaces
      “proactive, data-driven automations that are self-driven by the digital workspace platform, better ensuring your organization’s desired state across management, security, and end-user experiences. Requiring limited to no manual interaction, autonomous workspaces will deliver self-configuring, self-healing, and self-securing outcomes for your workspace.”
    • Freestyle Orchestrator will be expanding to include support for mobile devices.
    • Windows multi-user support is currently in Tech Preview of Azure AD-based deployments, and will be extended to Active Directory-based deployments.
    • Updates for Workspace ONE XR Hub
    • Updates for thr integration between Intel vPro and Workspace ONE
    • Updates for desired state management for mobile
    • Updates for data-driven user interfaces in the UEM console
    • Updates for ChromeOS.
    • Announcing the Workspace ONE Cloud Marketplace, which will feature dashboards, widgets, reports, Freestyle Orchestrator workflows, and other resources that can be imported to help customers adopt additional solutions.
  • What’s new with digital employee experience at VMware Explore 2022
    • now include VMware Horizon, third-party managed and unmanaged devices
    • employee experience scores for Horizon, available soon
    • delivering, measuring, analyzing, and remediating employee experiences
    • announced employee experience scoring capabilities for Horizon
    • frontline solution packs for Workspace ONE Intelligence
    • Intelligence Guided Root Cause Analysis is now available.
  • The next generation of VMware Horizon Cloud is here!
    • VMware Next-Gen Horizon Cloud was announced at VMworld 2021, went into Limited Availability in spring of 2022, and is now Generally Available for Horizon Cloud environments on Microsoft Azure.
    • unique “thin-edge” architecture that drastically reduces the amount of infrastructure deployed in your environment
    • advanced automation via published APIs
  • Simplify and speed virtual desktop delivery with Horizon Managed Desktop
    • will provide a managed service offering that takes care of lifecycle services, support, and more, on top of customer-provided infrastructure.
    • help customers that don’t have in-house experts get to value with VDI faster.
    • Ongoing lifecycle & cost management 
  • Revolutionize virtual apps by publishing apps on demand on generic RDSH servers
    • combine App Volumes Apps On Demand with Horizon app publishing capabilities to simplify app publishing and save on resources.
  • Google ChromeOS devices are now a validated solution with VMware Horizon for healthcare
    • VMware and Google worked together to validate ChromeOS devices and specialized peripherals for key healthcare use cases.
  • Intel vPro and VMware Workspace ONE: An unparalleled integration for chip-to-cloud management
    • became available earlier this summer
    • enables several unique management capabilities, including out-of-band management for devices that are powered off or have operating systems that are not functioning
    • announcing a partner program to help customers take advantage of this integration.
  • MACOS-3266 – Workspace One UEM – WIFI profile with multiple credential payloads fails to install on macOS devices ( Error: 107 Invalid profile) (89423)
    • WIFI profiles for IOS MAC devices that are configured with more than one credential payload may fail to install on devices.
    • From the troubleshooting tab (device view -> more -> troubleshooting) for an affected device in the UEM Console the ‘install failed’ notification should show an error similar to:
    • Additionally in the device hub logs for the profile install event you may see the same error:
    • 2022-30-08 16:47:05+0530 Error 20991 mdmclient: [com.apple.ManagedClient:MDMDaemon] [ERROR] [ErrorChain.0] (InstallProfile) [ConfigProfilePluginDomain:-107] Invalid profile: the PayloadUUID “86d0e0e6-ee0a-4881-b728-c6b08800a5a2” is used more than once in the profile.>
    • Version Identified: Workspace ONE UEM 22.06
    • This issue is resolved in version 22.06.02 (Existing profiles will need to be manually addressed – see workaround section below).
      On-Premise customers can download the latest patch in the resources portal here .
      SaaS customers can request for their environment to be patched.
    • Workaround in KB https://kb.vmware.com/s/article/89423?lang=en_US&source=email
  • CMEM-186691: PowerShell email management integration may not work with Workspace ONE UEM 2206 (89373)
    • With Workspace ONE UEM console 2206, PowerShell email Integration (MEM) may not function as intended. PowerShell Test Connection may not work. The following error can be observed in the UEM console log:EXCEPTION *** AirWatch.AirWatchException: User credential of the remote PowerShell server contains the special characters. At AirWatch
    • Workspace ONE UEM 2206 
    • Newly enrolled devices may not be allowed to access email automatically through MEM PowerShell commands
    • The email configuration will be removed for any unenrolled device, but a block command will not be sent.
    • ‘Sync Mailboxes’ and ‘Run Compliance’ actions will not work. 
    • Devices with existing access to their mailbox will continue to work.
    • Our product team has been engaged and is actively working to resolve the issue. Please follow this KB for updates.
    • Administrators can initialize a manual PowerShell session and manage user or device access as desired.  
      Please refer to this page for more information.  
    • KB-Reference: https://kb.vmware.com/s/article/89373?lang=en_US&source=email
  • Provisioning of full clone encrypted VM’s fails on vSAN with default policies (89371)
    • When provisioning encrypted full clones through View on vSAN you see the following error message in vCenter:
      ““Changing or applying VM Storage Policies with Data Service capabilities during clone operations is disallowed. VM Storage Policies with Data Service capabilities can be assigned to the provisioned VM after the clone operation has been completed and before the VM has been powered on”
    • The reason for the error is due to the policies that View creates on vSAN environments. These policies by default do not take encryption into account and do not create with an encryption policy
    • When using encrypted full clones please enable encryption on the following storage policy created by View for vSAN environments:FULL_CLONE_DISK_FLOATING_uuid-value-goes-hereExample:FULL_CLONE_DISK_FLOATING_d960c469-594e-4e82-a345-8bebc0eea226This will allow for the VM to get the correct encryption key that was assigned to the template when creating the full clone.
    • KB-Reference: https://kb.vmware.com/s/article/89371?lang=en_US&source=email
  • Week 35 Software Updates
  • Component: Workspace ONE Boxer for iOS
  • New Release: 22.08
  • Changes:
    • Support for historical S/MIME certificates with DISA Purebred
    • This feature provides support for storing more than one S/MIME certificate when using PIV-D and Purebred.
    • End users can access older emails that were encrypted with different certificates.
    • To activate or deactivate the support for historical S/MIME certificates with DISA Purebred, use the Historical S/MIME toggle button in Settings > Advanced > Enable features. By default, this feature is activated.
  • Release Date: 01.09.22
  • Release Notes
  • Component: Workspace ONE Boxer for Android
  • New Release: 22.08
  • Changes:
    • KVP for Resource URL during authentication
    • AccountOauthResourceURL is a new, account-based KVP, of type string.
    • During end-user authentication, this KVP overrides the value of the Resource URL.
    • AccountOauthResourceURL can be used with Hybrid Modern Authentication when a specific Resource URL is required.
  • Release Date: 01.09.22 (staged)
  • Release Notes
  • Component: Workspace ONE Intelligent Hub for Linux
  • New Release: 22.06
  • Changes:
    • Web Enrollment: Users can now walk through a web-based wizard to streamline the WS1 Intelligent Hub download and enrollment process. This wizard also supports integrated authentication, so WS1 Access, SAML, or any other integrated modern auth can be used to enroll a user’s Linux device in WS1 UEM.
    • Application Sampling: The application tab in the Device Details view now reports on desktop applications that are installed on enrolled linux based endpoints, including the version information.
    • Disk Encryption Detection:  Workspace ONE now identifies whether or not full disk encryption (using LUKS) is enabled on an enrolled Linux device.
    • Additional Sensor Triggers: In addition to triggering sensor retrieval during device check-ins, IT admins now have the option of triggering a sensor based on login, logout, startup or network changes on enrolled linux devices.
    • Automated Hub Upgrades: IT Admins now have the option of enabling Hub upgrades to occur automatically when new versions are released.
    • Remove Additional Dependencies on Puppet: Puppet open source is now only required for processing custom configuration profiles; not Wi-Fi or Credentials payloads as was the case previously.
  • Release Date: 01.09.22
  • Release Notes
  • Component: Workspace ONE Content for iOS
  • New Release: 22.08.1
  • Changes:
    • ISCL-181881 – Files are missing after adding a file update with name change
  • Release Date: 29.08.22
  • Release Notes
  • Component: Workspace ONE Notebook for Android
  • New Release: 22.08
  • Changes:
    • Android 13 Release Readiness
    • Bug fixes and quality improvements
  • Release Date: 30.08.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 22.3.0.24
  • Changes:
    • ARES-22791: Mac Studio Assignment update missing/unselected.
    • AMST-36839: Device context based applications require valid user session to process uninstall.
    • CRSVC-31784: GSX test connection fails with SSL error.
  • Release Date: 30.08.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 22.6.0.3
  • Changes:
    • MACOS-3330: Identify the cause for DB Upgrade failure due to Invalid column name ‘DevicePlatformId’.
    • MACOS-3312: MacOS DDUI Network access profile not showing option “Use as login window configuration”.
    • CMEM-186698: PowerShell failing: “User credential of the remote PowerShell server contains the special characters”.
    • AMST-36835: Device context based applications require valid user session to process uninstall.
    • AGGL-12800: Device Sync triggers RemoveApp command for iOS app.
    • AMST-36875: App sampling to query SFD when SFD is known to be installed on device.
    • AMST-36865: Seed v2206 SFD patch to UEM.
    • AMST-36850: Samples are being repeatedly queried till samples response comes.
  • Release Date: 30.08.22
  • Release Notes

Service – Week 34-2022 VMware Enduser Computing Updates

Important KB Articles and Release Updates

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com

  • Workspace ONE UEM FedRAMP: Upcoming Cipher Suite Update (89312)
  • Ensuring protection of data-in-transit is a key priority for all communication paths that integrate with Workspace ONE UEM (Unified Endpoint Management). To continue to deliver on that promise, VMware continually reviews and updates the associated cipher suites that are available within our SaaS hosted solutions. In an upcoming change window VMware will be restricting the available cipher suites used on all FedRAMP Workspace ONE UEM hosted endpoints.
  • KB-Reference: https://kb.vmware.com/s/article/89312?lang=en_US&source=email
  • Horizon 2206 fails to connect to vCenter (89331)
  • Horizon 2206 Connection Server fails to validate the server certificate of a vCenter instance, preventing a successful connection.
    This can happen even if an older version of Horizon can connect successfully using the same certificate.
    In the Connection Server debug log, an SSLHandshakeException is logged due to “Certificates do not conform to algorithm constraints.”
  • In Horizon 2206, the list of acceptable certificate signature schemes has changed and may no longer include the algorithm used to sign the vCenter certificate.
  • The list of signature schemes can be modified by editing LDAP attribute pae-SSLClientSignatureSchemes under cn=common,ou=global,ou=properties.
    The format of this attribute is a single string that begins “\LIST:”, followed by one or more comma-separated scheme names.
    For example: pae-SSLClientSignatureSchemes = \LIST:rsa_pkcs1_sha256,rsa_pkcs1_sha384,rsa_pkcs1_sha512
    It is not necessary to restart any service after making this edit.
    In the example above, “rsa_pkcs1_sha256” corresponds to SHA256withRSA, “rsa_pkcs1_sha384” to SHA384withRSA and “rsa_pkcs1_sha512” to SHA512withRSA.
    IMPORTANT: The new list must include at least rsa_pkcs1_sha256 and rsa_pkcs1_sha384 to avoid breaking other outgoing connections.
  • More Info in KB: https://kb.vmware.com/s/article/89331?lang=en_US&source=email
  • ESC-33274 – Elevated CPU usage on Workspace ONE UEM Database after upgrade to 2206 (89338)
  • Upon upgrading to Workspace ONE UEM 2206, your environment may exhibit elevated CPU usage on the database server. This can lead to latency in communications between Workspace ONE UEM and your managed devices 
  • This can lead to performance degradation and latency in device and administrator interactions with Workspace ONE UEM.
  • Our Product team has been notified and is working to address this issue in a timely manner. Please subscribe to this article to be notified when an update is available.
    In the interim:
    • Shared SaaS and Dedicated SaaS (Latest Mode): the rollout of Workspace ONE UEM 2206 has been paused
    • Dedicated SaaS: The upgrade scheduler has been updated and scheduling an upgrade to Workspace ONE UEM 2206 is temporarily disabled. If you have previously scheduled an upgrade for your Dedicated SaaS environment, you may submit a support request to have the upgrade cancelled/postponed
    • On-premise: The installer for On-premise customers for this version has been retracted from the myWorkspaceONE portal temporarily
  • Please follow: https://kb.vmware.com/s/article/89338?lang=en_US&source=email
  • FCA-203819 – Workspace ONE UEM – Access error when navigating to Exports page (89334)
  • Navigating to the Monitor > Reports and Analytics > Exports page in the Workspace ONE UEM console while logged in with a custom or system role may result in the page not loading and showing a “This door is locked” error.
  • The Exports page in the Workspace ONE UEM console has been migrated to a new UI framework that requires a specific admin permission to view. Navigating to this page without the proper permission will result in a “This door is locked” error. By default, most system roles will already have this required permissions, but some custom and system roles may not.
  • Pages that are migrated to the new UI framework require a set of admin permissions to load the components of and give access to the page. Without the correct permissions in the current admin’s role, the page will show a “This door is locked” error.
  • Our product team has been engaged and is actively working to resolve the issue. Please subscribe to this article to be notified when an update is available.
  • Workaround in KB https://kb.vmware.com/s/article/89334?lang=en_US&source=email
  • MACOS-3206 certain Apple Silicon macOS devices leveraging a randomized managed administrator password cannot be accessed with the current password (89299)
  • This issue affects certain Apple Silicon macOS devices that are enrolled via Automated Device Enrollment with Apple Business or School Manager, if a managed administrator account is configured with a randomized password. In some cases, if you attempt to log into the administrator account with the current password, the log in attempt may fail with an incorrect password.
  • The Workspace ONE team has engaged Apple and is working to identify root cause and resolution.
  • If this issue occurs, rotating the password again appears to resolve this issue.  This can be done in two ways:
    1. Leverage the Workspace ONE UEM REST API to immediately rotate the managed administrator password for the target device.  This can be done with one of the following API endpoints:
      1. /mdm/devices/{deviceId}/commands?command=RotateDEPAdminPassword
      2. /mdm/devices/commands/RotateDEPAdminPassword/device?searchBy={searchByParam}&id={Id}
    2. Alternately, simply by viewing the current managed administrator password for the target device in the Device Details page of the Workspace ONE UEM Console, a rotate command will automatically be issued to the device after a grace period of 8 hours.  After this grace period occurs and you verify that the device has processed the command, attempt to log in using the new password.
  • KB-Reference: https://kb.vmware.com/s/article/89299?lang=en_US&source=email
  • Week 34 Software Updates
  • Component: Workspace ONE UEM
  • New Release: 22.3.0.23
  • Changes:
    • CMCM-190024: DB Server CPU spiking to 100% multiple times a day
    • AGGL-12338: DDUI profiles cannot be created or edited
    • AAPP-14462: Delay in OS seed script deployment is causing data inconsistency
  • Release Date: 23.08.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.9.0.42
  • Changes:
    • RUGG-11334: Delay in Products getting assigned to android devices
    • CRSVC-31085: ProvisioningProfile tries to remove expiring profiles when none exist
  • Release Date: 23.08.22
  • Release Notes