Welcome to the anywhere workspace

Service – Week 48-2021 Workspace ONE Updates

Important KB Articles and Release Updates Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com VMware Horizon 8 2111 has been released! What’s New? Horizon Server Ready-to-clone assurance of golden images through integration between Horizon instant clones and Carbon Black Windows Server 2022…

JuliusLienemann
15 minutes
, , ,

Important KB Articles and Release Updates

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com

  • VMware Horizon 8 2111 has been released!
  • What’s New?
    • Horizon Server
    • Ready-to-clone assurance of golden images through integration between Horizon instant clones and Carbon Black
    • Windows Server 2022 support for Horizon Connection Server
    • Instant Clones now support multiple NICs
    • Maintenance mode now supported for floating and dedicated instant clone pools
    • Option to patch selective instant clones in a pool
    • Machine Status in Admin Console Dashboard
    • Events feature enhancements
  • CART
    • OS Optimization Tool
    • improved agent accept-connection error handing
    • Windows client SDK
    • Linux VDI: direct connect 
    • RDSH load throttling to eliminate black hole
    • Anti-keylogger macOS
    • End point risk score, end point ID passing
    • Blast Codec improvements
    • Serial allow/block list 
    • TEAMS – Chrome & HTML Access support, SDK for Dell ThinOS
    • Samsung DeX multi monitor 
  • App Volumes
    • Apps On Demand – Just-in-time delivery upon app launch
    • Multi-instance Management – Manage app volumes packages globally from one console
    • New Scripting Tools – Execute App/Writable Scripts (.bat files) in User Context
    • Added support for Windows 11 – also released for AV 2103 in October
    • Added support for Windows 10 21H2 – also recently released on AV 2103
    • Added support for Windows Server 2022 
    • Added support for Microsoft Office 2021
  • DEM
    • Added support for OneDrive for Business to store profile archives
    • Added support for Overriding Group Policy settings with ADMX-based settings
    • Added support for multi-session App Volumes setups (WVD)
    • Added support for timeout and abort options to printer mapping
  • Download Link:
  • Release Notes:
  • VMware Horizon Cloud Service 2111 is GA!
  • What’s New?
    • For existing provisioned VDI VMs, administrators can now adjust the VM type as needed (to supported alternate VM specifications).
    • Administrators can move individual VMs between assignments in the same pod. This feature is enabled for tenants by request.
    • For greenfield deployments of Horizon Cloud on Microsoft Azure, Universal Broker is enabled as the default.
    • Horizon Agent Update for Horizon Cloud pods on Microsoft Azure now supports remediating incomplete or failed agent updates in cases where the agent is stopped.
    • Administrators can now specify non-admin email addresses for receiving service alerts and notifications.
    • Multi-pod image management now supports use of multi-session Windows OSes with farms for Horizon Cloud pods on Microsoft Azure.
    • In Horizon on VMware Cloud on AWS, administrators can configure App Volume content replication between two or more VMware Cloud on AWS instances. Horizon Universal License is required. This feature is available as a beta preview.
    • If your Horizon Universal License includes SDDC components such as VMware vCenter, vSAN, and vSphere, you can retrieve these keys using the Horizon Universal Console. Note: Full enablement of this feature in the control plane for all tenants is pending and it will be fully enabled in the near future. These Release Notes will be updated at that time.
    • App Volumes now supports Dynamic Environment Manager with Windows 10 multi-session OS.
    • App packages will now be automatically detached as the last assigned user of that app logs off a Windows 10 multi-session system.
  • Release Notes :https://docs.vmware.com/en/VMware-Horizon-Cloud-Service/services/rn/horizon-service-relnotes.html
  • VMware Unified Access Gateway 2111 has been released!
  • VMware Unified Access Gateway 2111 provides the following new features and enhancements:
    • TLS configuration for Horizon and Web Reverse Proxy and Identity Bridging has been extended to include specification of Named Groups (elliptic curves), Signature Schemes, and Client (outbound) Cipher Suites.
    • Added a new delay timer for OPSWAT endpoint compliance checks to improve user experience in cases where the OPSWAT On-demand agent is used with Horizon access.
    • Added support for Unified Access Gateway certificate authentication with client X.509 certificates that use the RSASSA-PSS signature algorithm.
    • SNMPv3 now includes support for additional Auth Alogrithms SHA-224, SHA-256, SHA-384, and SHA-512 in addition to MD5 and SHA.The SNMPv3 Engine ID administratively assigned text value is now configurable. The SNMP MIB now includes disk monitoring in addition to CPU and memory.
    • Added support for Horizon Client and server data protection encryption when used with new versions of Horizon.
    • Java JDK 11 is used for all Unified Access Gateway components.Java JDK 8 has been removed.
    • RSA SecurID support uses a new RSA SecurID Authentication API from RSA.The new API no longer supports the older sdconf.rec file for configuration. To configure RSA SecurID from the Admin UI or REST API, new values need to be specified. For more information about the new configuration settings for RSA SecurID, see the Deploying and Configuring Unified Access Gateway Guide or the details in the Admin UI for this version.
    • Host clock sync is now supported as an optional alternative to the default NTP protocol mechanism.This option is supported for Unified Access Gateway appliances running on VMWware ESXi where the VM can synchronize the clock with the ESXi hypervisor.
    • Configuration of log level modes such as DEBUG and TRACE can now be set for individual components instead of globally for all components.
    • Updates to Photon OS package versions and Java versions.
    • Added support for Blast Secure Gateway host header validation.
  • Release Notes: https://docs.vmware.com/en/Unified-Access-Gateway/2111/rn/unified-access-gateway-2111-release-notes/index.html
  • The Forrester Wave™: Unified Endpoint Management, Q4 2021
  • VMware named a LEADER in The Forrester Wave™: Unified Endpoint Management, Q4 2021 report, top-ranked in the current offering category and among the highest scores in the strategy category!
  • This is the third year Forrester has published their unified endpoint management (UEM) Forrester Wave and VMware has been named a Leader in all three! In this year’s report, Forrester evaluated 11 UEM providers against 24 criteria across three categories—current offering, strategy, and market presence—and emphasized the importance of ‘anywhere-work’, digital employee experience, Zero Trust security, and modern management for the distributed workforce.
  • VMware was recognized as a Leader alongside Microsoft and Ivanti. VMware was TOP-RANKED in the current offering category with the highest possible score in the employee features criterion. VMware also had among the highest scores for the strategy category with the highest possible scores in the execution, market approach, performance, and partner ecosystem criteria.
  • Read our blog to learn more: https://bit.ly/3r0r7PG
  • ISDK-175249 – Third-Party Workspace ONE SDK app registration is failing when Workspace ONE Intelligent Hub is in locked state in iPad split view (86448)
  • Problem Description:
    • Enroll Workspace ONE Intelligent Hub and setup passcode for authentication,
    • keep Hub in iPad split-view mode,
    • now download and launch 3rd party apps (integrated with Workspace ONE SDK) in iPad split mode with Hub also being in the split view,
    • observe that 3rd party app fails with SDK initialization error.
  • When your Workspace ONE SDK apps are launched for the first time in split mode while Hub is also open on the other side, the app registration will fail if Hub is in locked state with passcode.
  • Product team is aware of this and the issue will be fixed with a future version of Workspace ONE Intelligent Hub.
  • There are two workarounds:
    1. Keep Hub in unlocked state if kept in split view mode and then launch the 3rd party SDK app for the first time, this will register the app successfully with the Hub, after which app can be used is split-view mode.
    2. After downloading the 3rd party SDK app from Hub Catalog, launch it in normal mode, this will register the app successfully with the Hub and then app can be used in split-view mode
  • KB-Reference: https://kb.vmware.com/s/article/86448?lang=en_US
  • Information on Horizon 8 Extended Service Branch (ESB) (86477)
  • This article provides details on the Extended Service Branch (ESB) in relation to Horizon 8 product line, App Volumes and Dynamic Environment Manager.  For information on Horizon 7 ESB, refer to KB52845.
  • Horizon introduced Horizon 8 Extended Service Branch (ESB) with Horizon 2111 release in addition to the Current Release (CR) branch. Horizon 8 ESBs receive four (4) planned periodic maintenance updates – typically 6 months, 9 months, 15 months, and 24 months after the base version release. Each update will only contain critical bug, security fixes and new Windows 10 & 11 support, no new features will be added to these updates. 
  • Product & features covered as part of the ESB are Horizon Server & Agents, App Volumes (AV), Dynamic Environment Manager (DEM), formerly User Environment Manager. 
  • Each AV and DEM will have their corresponding ESB with coordinated release cadence. For example, Horizon 2111 is released with the corresponding ESB update from AV, DEM. AV and DEM recommends customers use the latest maintenance release of the respective products. 
  • Whenever a maintenance update is released, corresponding release notes and download page will reflect the ESB update explicitly. 
  • VMware is committed to supporting Horizon 8 ESB for 3 years. After 3 years, the ESB version will be supported under the technical guidance phase for 1 year. 
  • Approximately every 12 months, a new ESB release branch will be available, accumulating features and updates since the previous ESB release. 
  • No new special licensing requirement are needed for ESBs.  A customer with a license to access the CR branch can also access ESBs 
  • Further information at: https://kb.vmware.com/s/article/86477
  • Important Changes for Configuring Launcher with UEM Console 21.11 (86503)
  • Workspace ONE Launcher may exhibit unexpected behavior after UEM console upgrade 21.11, particularly with features configured through custom settings.
  • Workspace ONE UEM Console Version 21.11 introduces new Launcher settings that can be configured through Workspace ONE Launcher’s profile payload. These new settings are designed to replace previous use of custom XML.
  • Most of these settings were previously configurable through custom xml and enabled through the Custom Settings profile payload. Thus, the default value as displayed in the Launcher profile payload UI may take precedence over the custom settings configuration. 
  • The settings listed in the KB have been added to the Launcher profile configuration as Advanced Launcher Settings.
  • To prevent unexpected behavior when a new version of the Launcher profile is published, ensure the Launcher settings configured through the Launcher payload correctly reflect previously configured custom settings. You will only need to configure the features relevant to your deployment. Once configured through the UI, the custom XML will no longer be required.
  • KB-Reference: https://kb.vmware.com/s/article/86503?lang=en_US
  • Verify domains in Apple Business Manager and Apple School Manager
  • Starting on May 26, 2021, Apple will require organizations to verify all existing unverified and new domains that are associated with Apple Business Manager and Apple School Manager.
  • After May 26, you’ll no longer be able to use unverified domains to create new Managed Apple IDs. Existing Managed Apple IDs in an unverified domain will continue to work during a provisional period, but will need to be migrated to a verified domain before December 2021. You’ll still be able to manage devices, update existing Managed Apple IDs, and create new Managed Apple IDs on verified domains and the reserved domain. The reserved domain is created automatically.
  • In December 2021, all unverified domains will be removed from Apple Business Manager and Apple School Manager organizations. Managed Apple IDs will be migrated to the reserved domain. End users won’t be notified of this change. All roles and privileges will remain intact, including the account password and associated email address. For example, if you’re using the domain example.com and don’t verify before December, managed Apple IDs will be renamed from person@example.com to person@examplecom.appleid.com automatically.
  • Apple Support Reference: https://support.apple.com/en-us/HT212275
  • ASDK-173106 Workspace ONE SDK for Android crashes the app intermittently if using ProGuard obfuscation (86488)
  • Mobile apps integrated with version 21.10 of the Workspace ONE software development kit (SDK) for Android, and that use ProGuard obfuscation, might crash intermittently at launch.Messages like the following will appear in the stack trace.
    • java.lang.RuntimeException: An error occurred while executing doInBackground() … Caused by: java.lang.ClassNotFoundException: …
  • The impact is that applications might crash repeatedly at launch.
  • The product team is aware of this issue. It will be fixed in a future release of the Workspace ONE SDK for Android.
  • To work around this issue, add the following rule to the application’s ProGuard configuration.
    • keep class hrxixjtyakuetxs.** { *; }
  • KB-Reference: https://kb.vmware.com/s/article/86488?lang=en_US
  • When using Horizon Microsoft Teams Optimization on low-powered clients, the audio quality is not good. (86505)
  • When using Horizon Microsoft Teams Optimization on low-powered clients, the audio may sound choppy, robotic, broken or bad quality.
  • The client does not have enough processing power.
  • Resolutions (choose one):1) Disable Microsoft Teams Optimization software acoustic echo cancellation (AEC).  This will reduce the CPU usage for audio processing.  Software AEC can be disabled in the “Enable software acoustic echo cancellation for Media Optimization for Microsoft Teams” group policy setting (refer to “Configuring Remote Desktop Features in Horizon” in Horizon Product Documentation). 
    2) Use a headset that has built in AEC
    3) Use alternative AEC algorithm that uses less CPU but compromises audio quality.  This can be configured in the “Enable software acoustic echo cancellation for Media Optimization for Microsoft Teams” group policy setting
  • KB-Reference: https://kb.vmware.com/s/article/86505?lang=en_US
  • When screen sharing with Microsoft Teams Optimization, user will need to restart screen share after changing monitors, resolution, or scale. (86510)
  • User is using the Microsoft Teams Optimization with VMware Horizon and is sharing a screen. If the user changes monitor topology, resolution, or display scale, the screen share will end.
  • This article explains the behaviour and provides a workaround for when the monitor or display is changed while screen sharing with Microsoft Teams Optimization.
  • User will need to restart the screen share. If a monitor was plugged in or unplugged, Microsoft Teams might need to be restarted to update the screen picker selector.
  • KB-Reference: https://kb.vmware.com/s/article/86510?lang=en_US
  • How to disable fallback for unsupported endpoints for Microsoft Teams Optimization. (86509)
  • When users connect from an unsupported endpoint, the users are in fallback mode. In fallback mode, Microsoft Teams calls and meetings uses RTAV, audio and video are not redirected to the client, and media processing will take place on the virtual desktop.
  • If you would like to disable fallback mode and prevent Microsoft Teams calls while using an unsupported client, set one of the following registry DWORD values and the virtual desktop:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Teams\DisableFallback
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Teams\DisableFallback
  • To disable fallback mode, set the value to 1.  Users connected with an unsupported client will not be able to make or join Microsoft Teams calls. To enable audio only, set the value to 2. If the value isn’t present or is set to 0 (zero), fallback mode is enabled.
  • This feature is available in Teams version 1.3.00.13565 and later.
  • KB-Reference: https://kb.vmware.com/s/article/86509?lang=en_US
  • Week 48 Software Updates
  • Component: Workspace ONE Assist Service On-Premise
  • New Release: 21.09
  • Changes:
  • Introducing Attended Remote Control on Android devices without OEM specific service application
  • Prior to Assist 21.09 release, for remote control on Android devices, Assist required the installation of an OEM-specific service application. An exception to this was Samsung, Sony, and Zebra (Android 11+) devices. But with Assist 21.09 release, customers can now remotely control Android Enterprise enrolled fully managed devices without the need for an OEM-specific service app.
  • Enhanced performance using VP8 encoding
  • Workspace ONE Assist now supports VP8 encoding on win10 devices to enhance streaming quality and performance during a screen share session across all supported browsers.
  • Enhancements to Auto-Proxy Discovery
  • Customers with Basic authentication proxy settings enabled can now perform Assist sessions by entering proxy credentials one-time at the start of the first session.
  • Introducing Attended mode on Kiosk and LTSC Devices
  • This release introduces support for attended mode on Kiosk and LTSC devices. The admin experience during the remote session is determined by the UEM Role assigned. If the admin has unattended mode disabled, then the session will always be attended.
  • Introducing Automatic Reconnection on Reboot
  • Improved admin experience now allows automatic reconnection during device reboots.
  • Introducing the ability to switch user accounts during a remote session
  • You can now switch user accounts during an active remote-control session without getting disconnected from the session.
  • Enforcing RBAC on Session Collaboration feature
  • A new resource called Session Collaboration has been added to Administrator Roles within Workspace ONE UEM under the Assist category.
  • Release Date: 02.12.21
  • Release Notes
  • Component: Secure Email Gateway
  • New Release: 2.21
  • Changes:
  • TLSv1.1 is disabled by default, and instead use TLSv1.2 and TLSv1.3.
  • Updated to latest JRE version 11.0.13.
  • Release Date: 30.11.21
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release: 21.5.0.32
  • Changes:
    • Patch Update
  • Release Date: 30.11.21
  • Release Notes

Leave a comment

Trending