Service – Week 12-2021 Workspace ONE Updates

  • Important Releases and KB Updates
    • Android applications may crash due to Android System WebView (Fixed) (83224)
      • Android applications may crash intermittently
      • This is a known issue with the Android System WebView application
      • This issue can be resolved by updating WebView and Chrome
        • Update Android System WebView ( to version 71.0.3578.99 or higher
        • Update Google Chrome ( to version 89.0.4389.105 or higher
      • You can find information about this issue shared by Google here
    • Some devices with Intelligent Hub 21.02 for Android cannot communicate with UEM (83220)
      • This issue affects UEM environments where App Tunneling is enabled under [Groups & Settings > All Settings > Apps > Settings & Policies > Security Policies].
      • When some devices are upgraded to Hub 21.02, the Intelligent Hub stops communicating with Workspace ONE UEM. The Hub is unable to send updated samples or process new commands, and the Last Seen time of the device no longer updates.
      • Our product team has been engaged and is actively working to resolve the issue.
      • Workaround: Disable the Web SDK through the UEM Console
    • AAGNT-191963 – Android 11 device getting restarted with by toggling Airplane mode with Bluetooth restriction being pushed. (83245)
      • On Android 11 Fully Managed Pixel devices, toggling Airplane mode may cause unintended device reboots when Bluetooth is restricted using a Restrictions profile.
      • Issue identified on Android 11 OS while investigating device restart issue AAGNT-191963
      • Google is engaged and we are working with them to check if fix can be pushed for Android 11
      • This is a known issue with Android 11.
      • Upgrading to Android 12 will resolve this issue, the product team is working closely with Google to determine if a fix can also be deployed to Android 11 devices.
      • Removing the Restrictions profile or updating the Restrictions profile to Allow Bluetooth as True will prevent the unintended reboots from occurring when Airplane Mode is toggled by the user.
    • CRSVC-10236: Enable Compromise Device Status Details is disabled in Workspace ONE UEM Console for iOS/iPad OS Devices (82685)
      • Workspace ONE Admins utilizing console version 2011+ cannot view Compromise Device Status Details for iOS/iPadOS devices.
      • Devices are are flagged as compromised within the Workspace ONE console.
      • Support for this feature was added  in VMware Workspace ONE 2011 release
      • Resolution:
        • Shared SaaS Hosted (Shared-Cloud): Wait for 2101 upgrade to be applied to your environment
        • Dedicated SaaS Hosted: Schedule an upgrade for your dedicated environment to version 2101.
        • On-Premise: Self- Upgrade to 2101 when available for On-Premises deployments
    • [Resolved] FCA-195486, FCA-195068, FCA-195540, FCA-196297 – Workspace ONE UEM – Delete Device Workflow issues (82359)
      • First reported on Workspace One UEM 2010
      • Administrators of the Workspace ONE UEM console are:
        • Unable to delete devices from the Devices List View page.
        • Delete failing for unenrolled devices when Lifecycle Notification is turned ON at OG.
    • Functionality and limitations of Customer Connect for customers with Workspace ONE Products (2150265)
    • AAPP-11837 – VPP apps targeting specific device type (e.g. iPhone only apps) may be removed from other device types post upgrade to Workspace ONE UEM 2102 (83244)
      • Prior to 2102 VPP API results for Supported devices were taken from a different API endpoint. As of 2102 this has been changed to have metadata lookup call to utilize “contentmetadatalookup” in whole “sync asset” flow.
      • Historically requests results would give a granular output similar to below which dictates whether or not the application is supported for installation on the device. This format would give a large list of devices and their subtypes.
      • As of 2102 the supported Devices output has instead given a more condensed family of devices resulting in 3 entries, iPhone, iPad, iPod. Some apps may not have been defined by the developer to use iPad therefore after licenses sync, the app may be queued for removal if it is not longer detected as an application to be used for the iPad.
      • Issue is currently under investigation and VMware will be releasing a patch as soon as possible to correct the behavior.
      • Workaround in KB
    • CRSVC-19488: CA issued certificates are marked as UNKNOWN (83253)
      • In Workspace ONE UEM console, when you navigate to Devices > Certificates > List View or Device Summary > More Actions > Certificates, the status of the certificates issued by certain certificate authorities are UNKNOWN
      • As a part of the fix provided for CRSVC-18259,  we excluded the machine keys for AirWatch Cloud Connector and stored them in the memory location. Storing the keys in memory location caused certificates to be not associated with respective Certificate Authority ID and Template ID; thus, marking the status as UNKNOWN.
      • The devices will display a “UNKNOWN” certificate status, however the certificates will not be revoked or renewed. The certificates issued are not associated with a Certificate Authority ID and Template ID; therefore, once the resolution is applied, Workspace ONE UEM will not be able to revoke the bad certificate data.
      • This issue also impacts customers with a Tunnel configured to use the affected Certificate Authorities. Tunnel connectivity for newly enrolled devices and devices with recently installed tunnel profiles will be impacted, however existing devices will not be affected.
      • Our Product team is actively working to resolve this issue in a timely manner. Patches for supported versions of Workspace One UEM are being developed and will be listed here as they are made available. Once the patches are made available please perform the following:
        • Apply the patch to your environment.
        • Re-push the profiles which are associated with the affected Certificate Authorities. This will re-issue certificates to the devices, thus allowing Workspace One UEM to report the current certificate status as “Installed”
  • Week 11 Software Updates
  • Component: Unified Access Gateway
  • New Release: 21.03
  • Changes:
    • Unified Access Gateway can now be deployed in Google Cloud as a Compute Engine VM. This deployment option is in addition to the existing support for vSphere (vCenter/ESXi), Amazon AWS EC2, Microsoft Azure, and Microsoft Hyper-V VMs. 
    • Edge services on Unified Access Gateway are managed by a component called esmanager. If this process fails and restarts for any reason, then when it restarts, it will now automatically attempt to restore the session state of all existing client TLS sessions. This means that in most cases, users will not be impacted if this happens.
    • SAML authentication for Horizon access through Unified Access Gateway now supports encrypted SAML assertions when enabled in the SAML IdP configuration. Normally encrypted SAML assertions are not required as Unified Access Gateway only accepts TLS encrypted communication anyway, but this feature allows for additional encryption if the IdP requires it.
    • For Unified Access Gateway forwarding of events to an external event management system, multiple Syslog server destinations can now be specified.
    • Added support for Horizon Chromebook clients using SAML authentication. 
    • Updates to Photon OS package versions and Java versions.
  • Release Date: 17.03.21
  • Release Notes
  • Component: Horizon 8
    VMware Horizon 2103
    VMware Horizon Clients 2103
    VMware App Volumes 2103
    Dynamic Environment Manager 2103
  • New Release: 21.03
  • Changes:
    • Horizon Server:
      • Added support for “Global Access Group”
      • Added support for open source database — “PostgresSQL”
      • Added support for untrusted domain
      • Pegged unabated growth of event database
      • Ability to pre-assign computer names to instant clone desktops
      • Delivered View API parity REST APIs
    • Horizon Agents & Clients
      • Teams offload Mac client
      • USB redirection for HTML Access & Chrome client
      • Pen redirection iOS & Android
      • HEVC 444 Intel GPU Linux client
      • Drop 32-bit support Windows agent, Linux agent and client
    • App Volumes
      • Support for Windows 10 Enterprise multi-session on Horizon Cloud on Azure
    • Dynamic Environment Manager
      • Replication of the Script folder in SyncTool
      • Simplification of computer environment configuration
      • Support for late arrival of system environment variables in agent configuration for computer environment settings
  • Release Date: 23.03.21
  • Release Notes
  • Component: Workspace ONE Web for iOS
  • New Release: 21.02
  • Changes:
    • The settings screen has an option for the user to choose to close unused tabs based on a certain time frame.
    • Added KVP in Web to enable/disable WebSDK.
    • Support options in Kiosk mode.
    • Enabled Diagnostic Logging in the production build.
    • Bug fixes and Improvements.
  • Release Date: 19.03.21
  • Release Notes
  • Component: Workspace ONE Tunnel for iOS
  • New Release: 20.12
  • Changes:
    • Added support for Device Traffic Rules using CNAME records for DNS resolution 
  • Release Date: 18.03.21
  • Release Notes
  • Component: Workspace ONE Tunnel for Android
  • New Release: 21.01
  • Changes:
    • Added ability to set debug logs via Managed Configuration KVP. 
    • Added ability to show last app usage in the client UI that can be set via Managed Configuration KVP.
  • Release Date: 19.03.21
  • Release Notes
  • Component: Workspace ONE SDK for Android
  • New Release: 21.3
  • Changes:
    • We’ve packaged the Workspace ONE SDK for iOS (Swift) as XCFramework.
    • We’ve upgraded the Open SSL.
  • Release Date: 24.03.21
  • Release Notes
  • Component: Workspace ONE Assist for Android
  • New Release: 21.03
  • Changes:
    • Support for Scoped Storage on Android 11
    • In Android 11, Google is enforcing scoped storage on all applications targeting API level 30. With the enforcement of scoped storage, an application is limited to only accessing its own file sandbox and specific types of media files that the app has created. To access other file locations on the device, the remote user must explicitly grant permissions to the application requesting it.
    • Support for Android 11 on Zebra devices
    • Starting Android 11 and above, the Assist agent will leverage Zebra provided APIs to support remote control functionality within Assist. On Android 11 and above, the Assist service application will not be used. As a result, newly enrolled devices do not need the service application to be installed on them.
    • Fixes to chat notification on Android
      In-session chat was introduced as part of the 20.11 release on Android, macOS, and Windows 10 platforms. On Android alone, the chat notifications were failing. This issue is now fixed in this release. 
  • Release Date: 26.03.21
  • Release Notes
  • Component: Workspace ONE Assist for Windows Mobile / CE
  • New Release: 21.03
  • Changes:
    • In this release, we’ve made an update addressing functionality and performance improvements with no new features.
  • Release Date: 26.03.21
  • Release Notes
  • Component: Workspace ONE Assist for Windows 10
  • New Release: 21.03
  • Changes:
    • In this release, we’ve made an update addressing functionality and performance improvements with no new features.
  • Release Date: 26.03.21
  • Release Notes
  • Component: Workspace ONE Assist for macOS
  • New Release: 21.03
  • Changes:
  • Enhanced performance using VP8 encoding
    Workspace ONE Assist now supports VP8 encoding on macOS devices to enhance streaming quality and performance during a screen share session across all supported browsers.
  • Release Date: 26.03.21
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release:
  • Changes:
    • Patch Update
  • Release Date: 22.03.21
  • Release Notes

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: