Service – Week 15-2022 VMware Enduser Computing Updates

Important KB Articles and Release Updates

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in

  • NEW FEATURE: Zero Trust solution in Workspace ONE Cloud – 60-minute virtual Zoom discussion 
  • The VMware EUC Research Team is looking for feedback on a potential Zero Trust solution for IT Admins to set up compliance rules for applications within Workspace ONE Cloud.
    • From April 18 to April 29, we’ll be conducting virtual one-on-one interviews to walk through this new Zero Trust concept that’s not released yet and get your thoughts.
    • If you’re interested in being a part of this conversation, please fill out the short survey. This will take less than 3 minutes to complete.
  • Sign Up
  • NEW FEATURE: Search and find what you need in Workspace ONE Intelligent Hub – 60-minute virtual Zoom discussion [OPEN TO ANY ROLE / INTERNAL AND EXTERNAL]
  • The VMware EUC Research Team is looking for feedback on new ways to search for the content, apps, and people you’re looking for in Workspace ONE Intelligent Hub. 
    • From May 3 to May 13, we’ll be conducting virtual one-on-one interviews to walk through a couple ideas and get your thoughts.
    • If you’re interested in being a part of this conversation, please fill out the short survey. This will take less than 3 minutes to complete. 
  • Sign Up
  • Repost from last week due to security severity: VMSA-2022-0011: VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.
  • Multiple vulnerabilities were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products.
  • Description
    VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
  • Known Attack Vectors
    A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
  • ResolutionTo remediate CVE-2022-22954, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.
  • Master KB:
  • Please review for more details.
  • Additional information in:
  • Samsung ELM License Key Deprecation (88179)
  • To access Samsung Knox Platform for Enterprise (KPE) Standard capabilities, Workspace ONE Intelligent Hub activates a Samsung ELM license on every Samsung Android Work Managed device. 
  • Samsung has migrated to a new, more secure license key format, called KPE Standard.  The KPE Standard key replaces the ELM key, and the ELM key will be decommissioned on December 1, 2022.
  • When the ELM key is decommissioned on December 1, 2022, new activations of this key will fail. This means any devices enrolling into work managed mode with an older version of Workspace ONE Intelligent Hub will fail enrollment. Existing/currently enrolled devices will not be impacted. Devices enrolling into Work Profile or COPE modes are also not impacted.
  • In an upcoming version of Workspace ONE Intelligent Hub, the ELM key will be replaced with a KPE Standard key. Customers must use this upcoming version after December 1 to enroll Samsung devices.
  • Customers should monitor Hub release notes regarding this change. This article will also be updated with the exact version when that is determined.
  • KB-Reference:
  • VMware Horizon on Oracle Cloud VMware Solution (OCVS) Support (88202)
  • Starting with Horizon 2006 on the Horizon 8 release train or Horizon 7.13 on the Horizon 7 release train, Horizon can be deployed on Oracle Cloud VMware Solution (OCVS).
  • This article discusses the support details feature parity between Horizon on-premise and Horizon on OCVS.
  • Feature Parity: The same Horizon versions support both on-premise deployment as well as deployment on OCVS. 
  • The two tables in the KB list features that are available on-premise but not available OCVS. Any Horizon feature not listed in the table below can be assumed to be supported.  
  • More information in KN
  • ESC-31150 : Issue with accessing Face ID on iPad with two apps simultaneously used in split screen mode (88112)
  • VMware apps enrolled on iPad with biometric auth enabled in SDK, are facing issues with authenticating using Face ID when the two apps are simultaneously used in split-screen mode
  • The KB details the scenario when the issue occurs and why it’s observed.
    1. Install and Enroll Workspace ONE apps on iPad with Face ID enabled.
    2. Enable with SDK setting to use Biometric (Face ID).
    3. Open two apps (Boxer/Content) > launch both the apps split-screen mode.
    4. Navigate to Home screen > wait until SDK authentication session times out for Workspace ONE Apps. Leave in split-screen. 
    5. Reopen VMware Boxer/Content.
  • Expected Result: FaceID should be accepted and both apps authenticate without passcode or username/password authentication
  • Actual Result: Error dialogue window is shown 
  • his issue is seen from the iOS APIs. We have simulated the exact same behaviour with sample apps without WS1 SDK. The iOS returns an error “errSecAuthFailed” when trying to authenticate two apps simultaneously using Face ID authentication. 
  • More info:
  • CRSVC-27688 – Missing Intermediate certificate causing failure in certificate issuance (88223)
  • The Workspace ONE team has identified an issue in storing the certificate chain in the database. When issue happens, you will see the below error under the ‘Device > More> Troubleshooting > Event Data’ when the profile delivery fails.
  • Workspace ONE UEM 2111
  • When storing the certificate chain, we were not processing the complete chain, due to which the validation was failing, resulting in the failure of the delivery of the profile. As part of the fix, we are validating the complete chain of certificates, including the intermediate.
  • The profile will fail to deliver the certificates to the device resulting in the device being unable to perform the needed action using that certificate. For example, it may fail to connect to Wi-Fi or perform mobile SSO.
  • This issue is resolved in a future console version. In addition to this, the fix is available as a patch for the following versions:
    • UEM 2111
    • UEM 2203
  • More information:
  • Week 15 Software Updates
  • Component: Secure Email Gateway
  • New Release Version: 2.22
  • Changes:
    • Updated to latest JRE version
  • Release Date: 08.04.22
  • Release Notes
  • Component: Workspace ONE Intelligent Hub for iOS
  • New Release Version: 22.03
  • Changes:
    • Improved Feedback system
      • Users will be prompted randomly if they are enjoying Intelligent Hub, if they are not having a good experience, they are able to access FAQs that will help them learn more about the application or get support if they need it.
      • If they need additional support they can email the support address from the support screen or in the case that the support email is not set up, it will be directed to VMware.
      • This version also brings the help and support sections to a user’s account screen where they can access these resources.
    • Accessibility Improvements for users of Larger Text and VoiceOver
    • Bug Fixes
  • Release Date: 11.04.22
  • Release Notes
  • Component: Workspace ONE Intelligent Hub for Android
  • New Release Version: 22.03
  • Changes:
    • Samsung Fully Managed and COPE devices will now more strongly enforce users to meet password requirements.
    • Hub Template changes will update upon Hub app relaunch
    • Support custom error messages with Experience Workflows notification card actions in For You tab
    • Bug Fixes
  • Release Date: 12.04.22 (staged)
  • Release Notes
  • Component: Workspace ONE Web for Android
  • New Release Version: 22.04
  • Changes:
    • ABRW-173841: Enhanced organization and discovery of bookmarks in Web
    • The search in bookmarks now work across the title and URL and the bookmarks are now sorted by default in an alphabetical manner on both the bookmark launcher home page and the bookmarks page. This will now enable users to discover the bookmarks more easily.
    • ABRW-173358: Support to send Web app logs to UEM
    • End user will now get an option to send the Web application logs to UEM console through the new option ‘Send logs to administrator’ on the support page. This is particularly helpful in extracting logs from Web for diagnostic purposes when the Web is used in the single app mode.
    • ABRW-173911: Support to pull Web application logs from UEM console
    • This new capability allows the UEM administrator to pull the Web application logs from a device through the UEM console without involving the end user using the device.
    • ABRW-173878: Option to renew IA certificate in Single app Kiosk Mode
    • End user will now have an option to view and renew certificates in Kiosk mode as well.
    • ABRW-173921: Integrating In-App update SDK feature in Workspace ONE Web
    • This feature will allow a way for the admins to configure in-app update prompt for the users who have not upgraded the Web app to the latest Play Store version on their devices.
    • ABRW-173876: Enhancements to IA certificate renewal option IA 
    • More intuitive messages for IA certificate renewal
    • Bug Fixes
  • Release Date: 15.04.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release:
  • Changes:
    • RUGG-10771: Enhance Product Priority to include command prioritization.
    • RUGG-10770: Observed deadlocks in database while processing the files to be uploaded to relay server when products are published to large number of devices.
  • Release Date: 12.04.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release:
  • Changes:
    • CRSVC-28448: ZDT upgrades making the environment inaccessible during the upgrade
  • Release Date: 12.04.22
  • Release Notes
  • Component: Workspace ONE UEM
  • New Release:
  • Changes:
    • AGGL-11678: DDUI is broken by a certificate date format in Android profiles.
    • AMST-35756: When enrolling VDI, the latest enrolled device overtakes existing device record.
    • CMSVC-16056: Add new procedure for Assignment group v1 API without device count.
    • AGGL-11653: Android 12 Profile Owner Device Serial Number “HubNoSerial”.
    • FCA-202432: UEM console crash while navigating to Devices > Compliance Policies > Event Log.
  • Release Date: 12.04.22
  • Release Notes

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: