Service – Week 43-2021 Workspace ONE Updates

Important KB Articles and Release Updates

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in

  • [CRSVC-25020] High CPU Utilization – Freestyle Tech Preview (86134)
  • For Workspace ONE UEM environments on the following versions that participate in the Freestyle Tech Preview, the Console application server may periodically experience high CPU utilization:
    • 21.09 (all versions)
  • This may cause intermittent performance degradation for several features of UEM, including:
    • Browsing the Web Console
    • Performing bulk actions, such as publishing Resources
    • Delivering content to Relay Servers
    • Scheduled tasks, such as collecting samples from devices
  • Additionally, we have paused deploying the affected versions – 2109 and patches to 2105 & 2107 – to environments that are part of the Freestyle Tech Preview as we investigate this issue. Once a resolution is available, we will resume upgrading these environments.
  • We are actively working to resolve this issue and will provide updates via this article. The issue is tracked with internal identifier CRSVC-25020.
  • KB-Reference:
  • AAGNT-193663: Passcode Profile fails to install in Android 11 (86143)
  • When applying a passcode profile on Android 11 devices with “Passcode Content” values of “Any” or “Weak Biometric”, an error occurs, and the profile does not install.
  • In Intelligent Hub version 21.09, the Target API level was increased to level 30, which includes new requirements for how certain minimum passcode criteria can be set based on corresponding passcode content levels.
  • When setting a low minimum passcode content, such as “Any” and “Weak Biometric”, the minimum length cannot be enforced, and an exception is thrown by Android which prevents the profile from installing.
  • Our Product Team has been engaged and is actively working to resolve the issue.
  • Since the minimum length is currently a required field, this situation can be mitigated by using a passcode content value other than “Any” or “Weak Biometric”, such as “Numeric”.
  • KB-Reference:
  • RUGG-10272 : Remove dependency for Product Compliance on Hub Application setting (86141)
  • When deploying Products on Windows desktop devices using Product Provisioning, if the setting under (All Settings > Devices and Users > Windows > Windows Desktop > Intelligent Hub Application > Publish Workspace ONE Intelligent Hub) is not enabled, the Compliance status will not update.
  • For Windows desktop devices, please follow this path to enable “Publish Workspace ONE Intelligent Hub”
    (All Settings > Devices and Users > Windows > Windows Desktop > Intelligent Hub Application > Publish Workspace ONE Intelligent Hub -> enable checkbox) to ensure that devices go into complaint status. 
    We are looking to remove this dependency for Product Compliance from Workspace ONE UEM version 22.01 release onwards.
  • A code within Product Provisioning is looking for this setting to be enabled to move the Product to a compliant state, which is not required and is a redundant check.
  • The dependency to have this setting checked to update the Product Compliance status would be taken out with Workspace ONE UEM 22.01 release.
  • Customers in all the Workspace ONE UEM earlier releases would need to continue to check this setting to ensure their Windows desktop products have the compliance status updated.
  • KB-Reference:
  • BINXA-15820: Incorrect invitee availability is displayed in the visual scheduler in Workspace ONE Boxer for Android (86155)
  • Workspace ONE Boxer 21.10 for Android
  • The visual scheduler sporadically displays incorrect invitee availability when the invitee has an All Day event scheduled. 
    Note: This issue has not been observed with events in the invitee’s calendar for other periods of time.
  • End-users may see incorrect availability of their invitees in the visual scheduler.
  • Our product team has been engaged and is actively working to resolve the issue.
  • KB-Reference:
  • Content Locker Prompts for Passcode (50102239)
  • When you or your users attempt to open email attachments via the Content application, a prompt to input a passcode appears.
  • This behavior is likely due to the Authentication type set as Passcode for applications within the Workspace ONE (WS1) UEM Console.
  • Within the WS1 UEM Console, navigate to your application security settings using the following path: Settings> All Settings> App > Settings and Policies> Security Policy> Authentication Type.
  • The authentication type will likely be set to Passcode. Choose another option under Authentication Type to stop users from being prompted to enter a passcode/credentials when opening attachments in Content.
  • KB-Reference:
  • PAC Proxy Settings Issues – Android OS v7 thru v9 (86197)
  • In Android 7.x, 8.x, and 9.x, proxy settings that are configured via a PAC file may not function. Applications on the device may not send traffic through the proxy configured in the PAC file or honor other traffic rules in said file. This is a known issue identified by Google and resolved in Android 10 and onward.
    Google tracks this bug internally with identifier b/110762695.
  • In Android 7.x, 8.x, and 9.x, the two system components responsible for enforcing PAC proxy rules – PacProcessor and ProxyHandler – are not exempted from battery optimization features. If these packages are stopped due to battery optimization, applications on the device will not follow the PAC proxy settings.
  • Organizations that push:
    • WiFi Profiles with Proxy Mode – Proxy Auto Configuration
    • Proxy Setting Profiles with Proxy Mode – Pac Scriptmay see that applications do not honor the settings in the PAC file pushed to the device on Android 7.x, 8.x, and 9.x devices. The issue no longer occurs if you:
    1. Open the Settings app
    2. Navigate to Apps > Special App Access > Battery Optimization
    3. Set PacProcessor and ProxyHandler to Don’t optimize
  • Google has resolved this in Android 10 by exempting PacProcessor and ProxyHandler from battery optimization.
  • Through OEMConfig applications for OEMs like Samsung and Zebra allow organizations to exempt applications from battery optimization. You can use Workspace ONE UEM to deploy OEMConfig applications through the Managed Play Store.
    Note: OEMConfig is not supported for devices enrolled in Android (Legacy) mode.
    For more information, see OEMConfig on Android Enterprise Devices
  • KB-Reference:
  • Week 43 Software Updates
  • Component: WS1 ONE Web for Android
  • New Release: 21.10
  • Changes:
    • ABRW-172736: Fullscreen mode enhancement for frontline use-cases.
    • Customers will now be able to provide a more focused and locked down experience to their frontline employees to improve productivity and secure sensitive URLs. A new configuration provides a way to open webclips in Web Fullscreen mode which cannot be exited by the user. This avoids any kind of distraction for the user by hiding the URL address bar, navigation controls, and other features of the Web. It also protects any sensitive URLs from getting exposed to the end-users for intentional/accidental misuse.
    • Bug fixes and improvements
  • Release Date: 26.10.21
  • Release Notes
  • Component: WS1 ONE Tunnel for Android
  • New Release: 21.09.0
  • Changes:
    • Android 12 readiness
  • Release Date: 26.10.21
  • Release Notes

  • Component: WS1 ONE Content SDK
  • New Release: 21.10
  • Changes:
    • Support for WS1 SDK 21.8 and above. (Reachability changes)
    • Auto discovery support for Microsoft Repository Login
  • Release Date: 25.10.21
  • xxx
  • Component: Workspace ONE Intelligent Hub for Android
  • New Release: 21.09
  • Changes:
    • Scoped Storage Support for Android 11 fully managed devices 
      • Please read 
      •  If Workspace ONE Launcher is used, Administrators must update to Launcher v21.09. It is recommended to update Launcher before updating Hub.
      • Minimum Android version support incremented to Android 5.0
    • Improvements and reduced errors for DA to DO migration
    • Unpin Hub in case of errors during auto-enrollment
    • Retry autodiscovery enrollment if enrollment fails
    • Browse in Hub functionality is GA
    • Render “For You” notification links in-line in Hub
    • Sync Hub catalog on Deep link
    • Show each For You notification as a separate system tray notification
    • Enhanced accessibility support
  • Release Date: 28.10.21
  • Release Notes
  • Component: Zebra MX Service for Android
  • New Release: 5.4
  • Changes:
    • AAGNT-192822: Automatically grant the All Files Access permission for Zebra Android 11 devices
    • AAGNT-192738: Update target SDK to 30
  • Release Date: 27.10.21
  • xxx
  • Component: SDK for Android
  • New Release: 21.10
  • Changes:
    • ASDK-172979: Branding optimization changes for SDK background image.
    • Note: UEM administrators need set the branding image of all sizes for Background Image Android.
    • Under settings and policies > settings > Branding > Background Image Android.
    • ASDK-173045: Update Koin to 2.1.6 and use mavenCentral for it
  • Release Date: 28.10.21
  • Release Notes
  • Component: Workspace ONE Boxer for Android
  • New Release: 21.10
  • Changes:
  • Visual Scheduler Technical Preview
  • Visual Scheduler displays when the attendees are not available in cumulative unavailability blocks
  • Users are able to resolve the conflicts by dragging and dropping the event and changing the event start and end time 
  • Suggested time slots feature automatically provides suggestions when is the best time to schedule the meeting, according to the availability of the invitee
  • Create and Edit screen redesign (Technical Preview)
  • Introduces complete redesign and refactoring of the Create and Edit Event experience
  • Major UI and UX improvements are introduced, together with a preview of the Visual Scheduler
  • User-Agent based authentication policy
  • Introduces new KVP – AppBoxerUserAgentInOauthWebView (bool)
    • If the KVP is set to True, the app will set and use the Boxer-specific WebView UserAgent during OAuth
  • Integration with Workspace ONE Notebook
  • Introduced one new button in the Email Action grid –  Notebook
  • With this integration, Boxer users are able to convert an email from Boxer to a note or task in Notebook by tapping on the Notebook button
  • All data from the email will be populated in the note or the task
  • The Notebook button can be removed by the administrator in UEM by setting PolicyDisableNotebookButton (bool) KVP to false
  • Note: This will also disable the integration with Notebook
  • Release Date: 05.10.21 (staged)
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release:
  • Changes:
    • Patch Update
  • Release Date: 15.10.21
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release:
  • Changes:
    • Patch Update
  • Release Date: 25.10.21
  • Release Notes
  • Component: Workspace ONE UEM Apple Seed Script
  • New Release: no versioning
  • Changes:
    • Most recent updates: iOS: 12.5.4, 15.0.2 iPadOS: 12.5.4, 15.0.2, 15.1 RC tvOS: 14.7, 15 beta macOS: Big Sur 11.6, 12.0.1 RC
  • Release Date: 25.10.21
  • Release Notes

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: