Important KB Articles, Announcements and Release Updates
Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com
- Android work profile devices are not able to communicate with Hub Services when using Hub 23.01 which prevents them from performing operations which are dependent on Hub Services like sync device, installing applications, etc.
- This issue occurs for both fresh enrolment on Hub 23.01 and upgrade to Hub 23.01 for the customer deployments which meet the following conditions:
- Workspace ONE Access and Hub Services are enabled
- Hub Services Notifications are disabled
- The communication to Hub Services gets broken on the affected devices which prevents them from performing operations which are dependent on Hub Services like sync device, installing applications, etc.
- This issue is fixed in the Workspace ONE Intelligent Hub for Android 23.01.1. The issue should be resolved once the affected devices are upgraded to this Hub version.
- If upgrading to Android 23.01.1 is not an immediate option, the affected customers can enable Hub Services Notifications through the admin console. Although, this will not recover existing impacted devices but no newly enrolled devices will see the issue.
“An Error has Occurred” when viewing the apps within a device list view. (90939)
- “An Error has Occurred” is displayed when loading the Apps page under Device > List View > Device Details > Apps
Freestyle on Workspace ONE Intelligence (90841)
- This article is to provide an overview on how to use the new Freestyle Orchestrator in Intelligence.
- Overview
Freestyle Orchestrator in Intelligence is a powerful, low-code workflow orchestration platform that empowers IT admins to automate complex tasks by sequencing actions to achieve business outcomes. This new experience delivers a canvas user interface with drag and drop resources, actions, and an intuitive graphical presentation of the workflow. - New Navigation
The new Freestyle Orchestrator canvas for Workspace ONE Intelligence replaces the previous Intelligence Automations experience. Navigate to the Freestyle page in the left navigation (previously called Automations) to find all your workflows and start building new ones. - Further information in the KB
iOS/iPadOS 14: Crash seen during launch of Intelligent Hub 23.01 (90871)
- It has been observed that some users who are on iOS 14 and iPadOS 14 are observing a crash on launch of Intelligent Hub 23.01 when the Intelligent Hub app is pushed as managed app from AppStore or deployed via VPP method.
- Customers are encouraged to upgrade iOS/iPadOS 14 devices to iOS 15 as we are not seeing this crash on iOS/iPadOS 15+
- If customers do not want to or are unable to update their devices to iOS 15, users can delete the Intelligent Hub application and install it from the App Store to resolve this crash.
- Highlighting High Priority KBs
- [Action Needed] – Refresh Old Android Enrollment QR Codes
VMware is making changes to enhance the security posture of cloud-based endpoints related to this enrollment method on March 1st, 2023. As a result of this change enrollment using some older QR codes may fail. As a resolution, new QR codes will need to be generated as replacements for affected QR codes. - VMware Tunnel Proxy End of Support Life Announcement (87345)
VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023. - VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022). - Support Access Policies for Customers with Expired SaaS EUC Licenses (89494)
In alignment with VMware’s Corporate Standards and those of the industry as a whole, VMware customers who have purchased SaaS (Software-as-a-Service) licenses for EUC (End-User Computing) products can expect the behavior outlined in the KB regarding Support access when their subscription has a status of Active Pending Cancellation or Expired/Cancelled.
- [Action Needed] – Refresh Old Android Enrollment QR Codes
- Security Related KBs
- HW-137959: VMSA-2021-0016 for Workspace ONE Access, VMware Identity Manager (CVE-2021-22002, CVE-2021-22003) (85254)
- HW-150533: VMSA-2021-0028, VMSA-2021-0030 for Workspace ONE Access Appliance (CVE-2021-44228, CVE-2021-45046, CVE-2021-22056, CVE-2021-22057) (87183)
- HW-150543: VMSA-2021-0028 for Workspace ONE and VMware Identity Manager Connector (CVE-2021-44228, CVE-2021-45046) (87184)
- HW-150541: VMSA-2021-0028, VMSA-2021-0030 for VMware Identity Manager (CVE-2021-44228, CVE-2021-45046, CVE-2021-22056) (87185)
- HW-146724: Users maybe be unable to authenticate on Workspace ONE Access with Active Directory over IWA and STARTTLS option (85921)
- Recently updated or newly added KBs
- Supported Operating Systems, Microsoft Active Directory Domain Functional Levels, and Events Databases for VMware Horizon 8 (78652)
- Supported Windows 10 and Windows 11 Guest Operating Systems for Horizon Agent and Remote Experience, for VMware Horizon 8.x (2006 and Later) (78714)
- Monitoring health of Horizon Connection Server using Load Balancer, timeout, Load Balancer persistence settings in Horizon 7.x and 8 (56636)
- MACOS-3545: New macOS models containing the M2 Pro or M2 Max chip are not properly characterized upon enrollment into Workspace ONE UEM (90675)
- Horizon on VMware Cloud on AWS Support (58539)
- VMware Tunnel Client – Support for Standalone enrollment (88311)
- Deprecation of the Insecure HTTP connections in Workspace ONE Boxer for Android effective 1st March 2023 (90138)
- Workspace ONE UEM FedRAMP: Upcoming Cipher Suite Update (89312)
- Digital Workspace Techzone, Blog and YouTube Updates
- Webinar Recording: Gone Wild: Freestyle Orchestrator Success Stories and What’s Coming Next
- Getting to the “Core” of VMware Horizon 8 on Amazon WorkSpaces
- Top 8 reasons to upgrade to Horizon 8
- What is Digital Employee Experience (DEX) and who owns it?
- How to block unwanted mobile apps with Workspace ONE
- Engage with VMware EUC at Mobile World Congress 2023 in Barcelona
- How to block unwanted mobile apps with Workspace ONE
- Third Party Blog and Technology Updates
- Laurens van Duijn – Horizon Apps on Demand with App Volumes
- Laurens van Duijn – Why is VMware Workspace ONE a powerful solution!?
- Whitepaper: Anywhere Workspace For Dummies
- Week 07 Software Updates
- Component: Workspace ONE Intelligent Hub 23.01.1 for Android
- Changes:
- Bug Fix
- AAGNT-196613 Disable “Enable API Pre-Check condition” to mitigate ESC-35804 Work profile devices are unable to sync device from Hub
- Bug Fix
- Component: VMware Horizon Client for Windows 2212.1
- Changes:
- Bug Fix
- When using adaptive and multimonitor topologies on Horizon Client for Windows version 2212 with an older Horizon Agent, the display on the extended monitor was corrupted.
- Bug Fix
- Component: Workspace ONE Content for iOS 23.02
- Changes:
- Improved audio and video experience
- Book Style view in PDF to view 2 pages in landscape mode on iPad devices
- Custom font support for MS Office files
- Bug Fixes:
- ISCL-182392 – iOS 14 – App is crashing on launch
- ISCL-182373 – Delay in Managed Content Repository to show up in app
- Component: Workspace ONE Content for Android 23.02 (staged rollout)
- Changes:
- What’s New
- KVP to disable Edit PDF page for organising pages
- Improved experience of image and video capture from camera with flash support
- Improved navigation experience
- Bugs Fixed
- ASCL-178576 – Unable to load PDF at/after page 6 with watermark enabled and 2-byte characters specified as values
- What’s New
- Component: Workspace ONE Tunnel for Windows 3.3 (standalone)
- Changes:
- Introducing Session Authentication with SAML for Windows Tunnel client (Standalone Mode)
To facilitate user-interactive authentication for Tunnel in addition to the existing certificate-based authentication, VMware is pleased to introduce Session Authentication with SAML for the Windows and macOS Tunnel clients in Standalone mode. This leverages your enterprise Identity Provider where you may also configure additional entitlement restrictions and Conditional Access policies.
This is currently available for the Windows Tunnel client in Standalone mode only. Client version 3.3 supports Standalone enrollment mode and Session Authentication. This release is an update to the Windows 3.1 Workspace ONE Tunnel client.
Please continue using the Windows Tunnel client version 2.1.8 for all MDM workflows. Support for Session Authentication for the MDM workflow and consolidating the MDM and standalone workflows in a unified Windows Tunnel client is on our roadmap.
Please refer to official documentation for information on Session Authentication and Standalone enrollment.
Resolved Issues- PPAT-11472 and PPAT-12153: Fixed intermittent DNS resolution issues for internal domains when Enhanced Domain Resolution is enabled.
- PPAT-13019: Optimized local port usage for improved DNS management
- Introducing Session Authentication with SAML for Windows Tunnel client (Standalone Mode)
- Component: Workspace ONE Tunnel for macOS 23.01 (standalone)
- Changes:
- Introducing Session Authentication with SAML for macOS Tunnel client (Standalone Mode)
To facilitate user-interactive authentication for Tunnel in addition to the existing certificate-based authentication, VMware is pleased to introduce Session Authentication with SAML for the macOS and Windows Tunnel clients in Standalone mode. This leverages your enterprise Identity Provider where you may also configure additional entitlement restrictions and Conditional Access policies.
This is currently available for the macOS Tunnel client in Standalone mode only. Client version 23.01 supports Standalone enrollment mode and Session Authentication. This release is an update to the macOS 22.06 Workspace ONE Tunnel client.
Please continue using the macOS Tunnel client version 22.04.1 for all MDM workflows. Support for Session Authentication for the MDM workflow and consolidating the MDM and standalone workflows in a unified macOS Tunnel client is on our roadmap.
Please refer to official documentation for information on Session Authentication and Standalone enrollment.
- Introducing Session Authentication with SAML for macOS Tunnel client (Standalone Mode)
- Component: Workspace ONE UEM
- New Release: OS Updates Seed Script
- Changes:
- Most recent update: iOS 16.3.1 (20D67), tvOS 16.3.2 (20K672)
- Release Date: CW07
- Release Notes
- Component: Workspace ONE UEM
- New Release: Seed Script for latest Device Model Information
- Changes:
- Seed new ipad pro models for 2022 … iPad Pro 11″ 4th gen iPad Pro 12.9″ 6th gen
- Release Date: CW01
- Release Notes
- Component: Workspace ONE UEM
- New Release: 21.9.0.47
- Changes:
- AMST-37313: Device Identifier and UDID mismatch for any reason should not unenroll device.
- AAPP-14928: Cannot enable Device Assignment for certain VPP applications.
- Release Date: 22.11.22
- Release Notes
- Component: Workspace ONE UEM
- New Release: 21.11.0.56
- Changes:
- FCA-204432: Report name is randomized while downloading legacy reports.
- Release Date: Week03-23
- Release Notes
- Component: Workspace ONE UEM
- New Release: 22.3.0.41
- Changes:
- AGGL-13810: Microsoft Surface Duo (Android) enrollment is blocked even though Microsoft as Manufacturer is allowed.
- PPAT-13434: iOS VPN Profiles have the incorrect DTR ruleset getting applied for devices.
- Release Date: Week07-23
- Release Notes
- Component: Workspace ONE UEM
- New Release: 22.6.0.25
- Changes:
- AMST-38157: Hub not showing device as enrolled and not receiving apps/profiles.
- PPAT-12920: DTR updates are not consistently consumed by Windows devices.
- PPAT-13436: iOS VPN Profiles have the incorrect DTR ruleset getting applied for devices.
- Release Date: Week07-23
- Release Notes
- Component: Workspace ONE UEM
- New Release: 22.9.0.16
- Changes:
- AMST-38158: Hub app not showing device as enrolled and not receiving apps/profiles.
- CMEM-186774: PowerShell integration with Modern Authentication failing for O365 Tenants.
- PPAT-12921: DTR updates are not consistently consumed by Windows devices.
- PPAT-13437: iOS VPN Profiles have the incorrect DTR ruleset getting applied for devices.
- Release Date: Week06
- Release Notes
Julius Lienemann 