Service – Week 34-2021 Workspace ONE Updates

Important Releases and KB Updates

  • Usage of ‘EMM Managed Access’ Flag to allow/block access to Workspace ONE SDK apps on Android (85501)
    • Today, there is a gap on Android devices with COPE and Work Profile enrollment, where end-users can install SDK apps like Boxer, Content, Web, and Notes on the personal container. When this happens, the device does not report these apps as ‘unmanaged’ to Workspace ONE UEM. In this scenario, these SDK applications continue to access corporate resources.
    • To overcome this gap, SDK applications will now receive the ‘EMM Managed Access’ flag configuration. If the ‘EMM Managed Access’ flag is enabled for these applications and if theese apps are unmanaged by sideloading or downloading from the play store on the personal container, then access to these apps will be blocked. SDK apps inside the work container are not affected.
    • You can control access to all SDK apps, except Intelligent Hub, using the ‘EMM  Managed Access’ flag when the applications are in an ‘unmanaged’ state on Android devices. This capability is available with Workspace ONE UEM console version 20.10 and SDK apps using SDK version 21.07 or higher.
    • If you have Android devices with COPE or Work Profile enrollment and are deploying Workspace ONE SDK applications (other than Intelligent Hub), you can restrict access to these apps on the personal container of the devices, with apps using Workspace One SDK version 21.07 (or higher) and with UEM Console version 20.10 (or higher). 
    • You can selectively configure from the App Assignment screens which Smart Groups would be enforcing the “EMM Managed Access” flag (as depicted in the screenshot below). The SDK apps will receive this config and compare it with the management mode of the app on the device. 
    • If the flag is enabled and the app is inside the work container(managed), the end-users can access the corporate content. If the flag is enabled and the app is in the personal container (unmanaged), end-users can’t access the application.
    • KB-Reference: https://kb.vmware.com/s/article/85501?lang=en_US
  • HUBI-6678 – Shared devices are unable to log out of Hub and are seeing a network error (85545)
    • Users on shared devices may see “Error Network Connection Lost” when trying to check a device back in
    • Our product team has been engaged and a fix is scheduled to be released in an upcoming release. To get early access please make sure you join the Intelligent Hub beta at beta-ea.vmware.com/key/getbeta
    • Workaround: If you are unable to wait until our next release, and are on AirWatch only / UEM only environments, you can disable Intelligent Hub Catalog/Hub Services related settings in UEM. This can be found under AirWatch Catalog under Apps Settings in UEM. If this does not work, please wait until our next release.
    • Please follow: https://kb.vmware.com/s/article/85545?lang=en_US
  • Special TAM Lab 105:  Protecting Horizon VDI desktops with Carbon Black and Workspace ONE
  • Workspace ONE Intelligent Hub 21.07 for Android continues to prompt with “Hub settings have been updated” screen (85508)
    • Workspace ONE Intelligent Hub 21.07 for Android continuously prompts with a “Hub settings have been updated” screen.
    • If the Access/Hub Services URL has a trailing slash in the Workspace ONE UEM environment, Workspace ONE Intelligent Hub 21.07 for Android is doing a URL comparison and the comparison incorrectly detects a change.
    • When a change is detected, Hub presents the “Hub settings have been updated” screen.
    • The comparison fails because the stored URL is sanitized (i.e. trialing slash is removed when saved) while the received URL from the server contains a slash.
    • KB-Reference: https://kb.vmware.com/s/article/85508?lang=en_US
  • [Resolved] AGGL-10465: User based accounts are always used when migrating Zebra devices to Work Managed using the Android Enterprise migration tool (85202)
    • When utilizing the migration tool to migrate Zebra devices from device administrator/ Android (legacy) to Work Managed, the Google accounts created on the device are always ‘user based’. This occurs even if “Google Account Generation for Corporate devices” is set to “Device Based” under Settings > Devices & Users > Android > Android EMM Registration > Enrollment Settings. 
    • On the device, this leads to the Google account on the device getting expired. An error message that states “Work Managed Expired” will be seen in the Intelligent Hub, as shown below:
    • There are limits on how many devices can use a “user based” account (<=10 devices). If the same enrollment user is used on many devices (>10), public app management will not work on devices past the limit, as the Google Accounts on these devices can be invalidated.
    • The issue is resolved in Workspace ONE UEM Console 2107 (patch to previous versions pending) and Intelligent Hub for Android v21.07. It is recommended to upgrade to these versions of the UEM Console and Intelligent Hub prior to migrating devices. The fixes in these versions are to ensure this issue does not occur for future migrations. If devices have already been migrated prior to these versions and have run into this issue, please open a support ticket to correct the account on these devices.
    • KB-Reference: https://kb.vmware.com/s/article/85202?lang=en_US
  • Week 34 Software Updates
  • Component: WS1 SDK for Android
  • New Release: 21.7
  • Changes:
    • ASDK-171547: Restrict Standalone SDK applications used outside of the AE container on COPE and PO mode with “EMM Managed Access” flag.
    • ASDK-172829, ASDK-171647 : IntermittentlyBoxer locks before the SDK passcode timeout period runs outhas elapsed on Webviews (mail draft and web).
  • Release Date: 24.08.21
  • Release Notes
  • Component: WS1 Tunnel for iOS
  • New Release: 21.04.01
  • Changes:
    • PPAT-9338: Improved DNS handling to store both IPv4 and IPv6 addresses.
    • PPAT-9291: Improved UDP socket management to improve gateway performance
  • Release Date: 26.08.21
  • Release Notes
  • Component: WS1 Intelligence
  • New Release: 21.08.25
  • Changes:
    • We’ve added the Users tab for mobile apps using Workspace ONE Intelligence SDK.
    • If you’ve set user names on the app details page, you can now view your complete list of users and get a summary for each user. Refer to our SDK documentation on how to set user names. For every user and associated device, you can track the following:Errors users have experienced (crashes, network errors, handled exceptions)
    • User flow data 
    • App usage 
    • Workspace ONE Intelligence no longer supports viewing the console in Internet Explorer 11.
    • Resolved Issues
  • Release Date: 26.08.21
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 20.8.0.33
  • Changes:
    • Patch Update
  • Release Date: 24.08.21
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 20.11.0.35
  • Changes:
    • Patch Update
  • Release Date: 24.08.21
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.2.0.20
  • Changes:
    • Patch Update
  • Release Date: 24.08.21
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.5.0.14
  • Changes:
    • Patch Update
  • Release Date: 24.08.21
  • Release Notes

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: