Release Updates Week 44
Horizon Cloud Service next-gen 2310 (Oct 2023) release
- Horizon Control Plane
- India has been added as a new region to the Horizon Cloud Service Control Plane that you can select while onboarding to the service.
- Additional Microsoft Azure VM SKUs have been configured for fallback use when deploying the Horizon Edge Gateway on Azure Kubernetes Service. This allows the deployment to succeed in regions where one or more of the SKUs is unavailable.
- Horizon Cloud Service for Windows 365 (Preview) is now available to all Horizon Cloud Service next-gen tenants on the latest version. To configure and use the integration, see Horizon Cloud Service next-gen for Windows 365 (Preview).
- The Pool and Pool Group detail pages now display real-time session data.
- Administrators can now configure privacy mode for end users in a VMware Horizon Cloud Service – next-gen environment. With privacy mode enabled, users must authenticate to log into Horizon Client and are redirected to the identity provider (IDP) logout page upon disconnecting from the Horizon Portal or exiting the client.
Workspace ONE Intelligent Hub for Android 23.10 (staged)
- Open the Hub FAQ links within Hub: Hub FAQ links now seamlessly open within the Hub app, eliminating the need to launch a separate browser on the device. This is particularly helpful for restricted/Kiosk mode deployments (especially for frontline use-cases) where users are not expected to navigate out of the Hub app.
- See OEMConfig and other headless apps: Administrators can now see when an OEMConfig application, like KNOX Service Plugin or Zebra OEMConfig clients, is installed on their devices. By default, Workspace ONE UEM does not collect and display information about installed applications when said apps do not have an icon (AKA “headless apps”). This includes many OEMConfig clients. Administrators can now push a Custom Settings Profile to enable sampling and reporting of headless applications, including the installed version. See How to Enable Sampling of OEMConfig and Other Headless Apps for more information.
- Support for custom messages for Workspace ONE Mobile Threat Defense: Administrators can now add content to the standard alerts sent to users for policy violations and when threats are detected. The additional content will be presented in Intelligent Hub in the threat details’ page. Content can include corporate or legal content additional steps or advice, URLs for Support sites, and other important information.
VMware Workspace ONE Boxer for iOS 23.10
- Dynamic text size for email body
- Users with vision problems would be able to read their emails without manually zooming in or out them
- Email body is resized following the user’s device accessibility settings
- General quality and performance improvements with no new features.
Workspace ONE SDK for iOS 23.10
- Compromise detection enhancement for iOS 17 false positives.
- Allowing apps to customize log levels.
- Bug fixes and Stability improvements.
- Third party library updates.
Important KB Articles and Announcements
Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com
VMware EUC related Security Advisories:
- VMSA-2023-0025 – VMware Workspace ONE UEM console updates address an open redirect vulnerability
- Please see the updated advisory here: https://www.vmware.com/security/advisories/VMSA-2023-0025.html
- Impacted Products:
VMware Workspace ONE UEM console - Changelog:
2023-10-31: VMSA-2023-0025 Initial security advisory
KB Highlights & Announcements
[Resolved] UM-7930 – Guidance for mitigating CVE-2023-20886 in Workspace ONE UEM (95372)
- CVE-2023-20886 has been determined to impact Workspace ONE UEM. This vulnerability and its impact on VMware products is documented in VMware Security Advisory – VMSA-2023-0025 .
- Workspace ONE UEM 2203 and higher
- This issue is resolved in Workspace ONE UEM 2306. Additionally, the fix is also available as a patch for the following supported releases of Workspace ONE UEM: (see KB for more info)
Autopilot Hybrid Join Best Practices (94477)
- If you plan to deploy Windows devices with Autopilot Hybrid Join, you should follow the following guidelines. Every other configuration can cause deployment issues, timeouts, or errors.
- Don’t deploy other resources than Domain Join configuration and VPN application / profile in the customer OG.
Devices enrolled via Autopilot, always getting enrolled into the customer OG. If there are other resources assigned to the device, the Autopilot Hybrid Join process might time out. - Pre-stage VPN application.
If your deployment requires a VPN connection because the end-user is outside the company network, you should consider Drop-Ship Provisioning (Online or Offline) to pre-stage the VPN application.
Due to the Microsoft limitations in the Autopilot process, VMware Workspace ONE does not have any ability to wait for the VPN application installation. As soon as the Offline Domain Join blob was applied to the device, the device will reboot.
- Don’t deploy other resources than Domain Join configuration and VPN application / profile in the customer OG.
- … More Best Pratice in KB.
[AGGL-15892] Incorrect Icon displayed for Android Internal Apps in Console (95377)
- When uploading new Internal Apps to the Workspace ONE UEM Console, one of the following issues is seen:
- A generic Android icon is displayed instead of the application’s icon
- An incorrect icon image is displayed
- This issue affects Workspace ONE UEM 2212 and higher.
- Note: This only affects the icon displayed to the administrator. When the application is installed on a device, the correct icon is shown on the device.
- Background:
- In Workspace ONE Intelligence > Integrations, you were able to save ‘Workflow connector’ Integrations by entering just the name, without critical information. This would result in management overhead of incomplete connectors.
Hence in Feb 2023, any new custom connector getting created has certain required fields to ensure only valid connectors are getting created.
[AGGL-15952] Profiles fail to load in Workspace ONE UEM Console (95355)
- In some On-Premise Workspace ONE UEM environments:
- When an administrator attempts to view or edit Android profiles in the Workspace ONE UEM Console, the page fails to load. MacOS profile may also fail to load in some affected environments
- The Metadata Transform Service does not start
- This can be verified by checking Services in the Windows server hosting the UEM REST API application
High Priority KBs
- Workspace ONE UEM – Updated requirements for on-premise cumulative patches (94706)
- The base GA version for current Workspace ONE UEM releases is being revised through updated installers. On-premise customers will need to consume a revised installer for a given major version before any future cumulative patches can be deployed for that major version. These revised installers are required to address compatibility issues with regular cumulative patches.
- Introducing Workspace ONE (WS1) UEM Next-Gen SaaS
- VMware is excited to announce that the resource management & tracking improvements, the first major feature-based milestone in the Workspace ONE UEM Modernization Journey, is now available for customer testing. These improvements will be enabled in limited testing environments (CN135) starting on Thursday August 24, 2023.
- [Resolved] SINST-176145 – Multiple Workspace ONE UEM application pools and services may not start once stopped (93877)
- Workspace ONE UEM services and application pools may fail to start once stopped. This issue is typically observed alongside the following error message in the service’s log[RESOLVED] SINST-176160 – Workspace One UEM – Unable to edit existing or create new DDUI profiles. (93911)
- Upon deploying the patches noted in KB 93877, you may experience an error when creating or editing DDUI device profiles (iOS, macOS, Android Enterprise) in the Workspace ONE UEM Console.
- Getting Ready for Android 14 (2023)
- Getting Ready for Apple Major OS Releases 2023
Recently updated or added KBs (Links)
- Best Practices for Choosing Workflow Connector Auth Type in Workspace ONE Intelligence (95376)
- Common Configuration Issues and Guidelines with TrueSSO (90037)
- Users created or modified in Active Directory fail to synchronize with VMware Horizon Workspace (2061823)
- [Resolved] UM-7930 – Guidance for mitigating CVE-2023-20886 in Workspace ONE UEM (95372)
- WS1 UEM Console Release and End of General Support Matrix (2960922)
- Announcing General Availability of VMware Workspace ONE UEM Console 2306 (95388)
- Autopilot Hybrid Join Best Practices (94477)
- Using a Custom Cache Server for Workspace ONE Dropship Online Provisioning (92819)
- FAQ: Workspace ONE UEM App Publish Behavior (90400)
- [AGGL-15892] Incorrect Icon displayed for Android Internal Apps in Console (95377)
- Action Required: Custom ‘Workflow Connectors’ in Workspace ONE Intelligence Integrations with Incomplete Information Not Supported (95371)
- Resetting the admin@local password in VMware Aria Suite Lifecycle (vRealize Suite Lifecycle Manager) (52434)
- [AGGL-15952] Profiles fail to load in Workspace ONE UEM Console (95355)
- Change the VIP for VMware Aria Automation 8.x installations to a new CNAME (93899)
- Change the VIP for VMware Aria Automation 8.x installations to a new CNAME (93899)
- VMware Best Practices Update – Workspace ONE UEM SaaS IP ranges – updated recommendation for customers to transition to DNS based allow lists by January 15th, 2024 (95271)
- VMware Horizon on Alibaba Cloud VMware Service (ACVS) Support (92140)
- VMware Horizon on Google Cloud VMware Engine (GCVE) Support (81922)
- VMware Horizon on Oracle Cloud VMware Solution (OCVS) Support (88202)
- End of Availability (EOA) and End of Life (EOL) Announcement of the Horizon Cloud Service (HCS) first-gen Control Plane (92424)
- Using VMware Cloud Services to access Workspace ONE services for existing customers (89945)
Digital Workspace Techzone, Blog and YouTube Updates
- VMware and AuthX collaborate to streamline healthcare workflows
- VMware Workspace ONE Achieves FedRAMP High Authorization
- Best Practices and FAQs for Architecting VMware Workspace ONE Access
- VMware named a leader in the Quadrant Knowledge Solutions SPARK Matrix for End-User Experience Management, Q3 2023
3rd Party Blog Updates & Industry News
October Software Releases
System | Component | Release | Announcement | Release Date |
Android | Boxer | 23.09 | Release Notes | 02.10.23 |
Backend | Console DSAAS | 23.06 | Release Notes | 03.10.23 |
iOS | VM Tunnel | 23.06.2 | Release Notes | 03.10.23 |
Android | Hub | 23.09 | Release Notes | 17.10.23 |
macOS | Hub | 23.09 | Release Notes | 10.10.23 |
iOS | Content | 23.10 | Release Notes | 18.10.23 |
Backend | UAG | 2309 | Release Notes | 26.10.23 |
Android | Boxer | 23.10 | Release Notes | staged |
Backend | SEG | 2.28 | Release Notes | 30.10.23 |
Backend | Console OnPrem | 23.06 | Release Notes | 31.10.23 |
Horizon | Horizon Cloud Service Next Gen | 2310 | Release Notes | 31.10.23 |
Android | Hub | 23.10 | Release Notes | staged |
iOS | Workspace ONE SDK SWIFT | 23.10 | Release Notes | 02.11.23 |
Upcoming EUC Events
Event | Start Date | Details |
EUC Customer Success Quarterly Webcast Series | Next EUC Customer Success Quarterly Webcast Coming Soon!Watch our latest webcasts: •Managing, Automating, and Supporting a Frontline Device Fleet •What’s New with Horizon Cloud Service next-gen and Improving VMware Horizon User Experience with Workspace ONE Intelligence •Windows 10 Multi-User Support for UEM & Revolutionize your IT Environment with Freestyle OrchestratorWatch all additional previous webcasts On-Demand here. | |
VMware Digital Workspace Virtual Customer Success Roundtable | Next VMware Digital Workspace Virtual Customer Success Roundtable Coming Soon! | |
VMware Explore 2023 | VMware Explore US Watch 2023 EUC session replays here. VMware Explore Europe Barcelona | Fira Gran Via Register Now Watch replays from VMware Explore Europe 2022 here. | 6-9 November 2023 |
VMUG | Watch On-Demand webcasts here.Register for upcoming live webcasts here.Register for Regional VMUG events here. | |
End User Computing Webinars | Sign up for upcoming webcasts and watch VMware On-Demand webcasts here. |
EUC UX Research Opportunities
- Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
- Interested in giving your opinion and making your voice heard? Check out what’s available!
- Bonus: We give VMWare swag to Customers who participate
EUC Product / Feature | Topic | Opportunity Time | Signup Link |
Horizon Next-Gen (V2) | EUC Design wants to improve the experience when onboarding the new Next-Gen Horizon Cloud Service Console. Whether you’ve partially or fully onboarded, we want to better understand areas of challenge specifically with Pools, Pool Groups, and Entitlements. | 45-minute, 1×1 conversation via Zoom where we will walk through the onboarding flow via a staging environment and discuss the experience. | Interviews begin the week of Oct 16. SIGN UP HERE |
WS1 Assist | EUC Design wants to learn about your helpdesk/servicedesk role and what you like, dislike, and wish could improve in your day-to-day when using Assist. | 60-minute, 1×1 conversation via Zoom. | Interviews + focus groups begin the week of Nov 6. SIGN UP HERE HERE |
Latest Patch & Seed Script Versions
- OS Updates Seed Script
- Most recent update: Apple Seed Scripts tvOS 17.1.0 (21K69),iOS 16.7.2 (20H115),iOS 15.8.0 (19H370),iOS 17.1.0 (21B74),iOS 17.1.0 (21B80),macOS Monterey 12.7.1 ( …
- Last Update: CW43
- Seed Script for latest Device Model Information
- Seed Script to support latest M3 MacBook Pro and iMac Device models
- Last update: CW44
- Workspace ONE UEM 22.03
- Patch Level 22.3.0.54
- AAPP-16437: Update Device Information query Cellular keys.
- CMCM-190723: Status of document in content detail report was not corrected.
- MACOS-4057: macOS 14 ADE enrollment fails if Custom Enrollment is off.
- AGGL-15527: Google seems to have increased oAuthToken length (AndroidWorkSetting AccessToken got truncated).
- Last Update: CW43
- Workspace ONE UEM 22.06
- Patch Level 22.6.0.46
- CMEM-186923: Objects not clearing from the memory and causing high memory usage.
- Last Update: CW43
- Workspace ONE UEM 22.09
- Patch Level 22.9.0.42
- ENRL-3854: Windows devices within the customer Organization Group are shown as being enrolled to the users from a different tenant in the same console.
- CRSVC-41708: Tunnel Gateway unreachable from newly enrolled iOS devices.
- FCA-206098: Unable to send template message to device from public app details device tab.
- Last Update: CW43
- Workspace ONE UEM 22.12
- Patch Level 22.12.0.35
- ARES-26483: Device profile status ID incorrect in API Call.
- AMST-39760: Workaround for OEM update profile fails to install on device.
- AMST-39844: WNS disconnected for multiple Windows devices.
- FCA-206099: Unable to send template message to device from public app details device tab.
- AGGL-15523: Phone Number reported as “SIM not detected” for Android 12+ Profile Owner in the Summary tab.
- Last Update: CW43
- Workspace ONE UEM 23.02
- Patch Level 23.2.0.27
- AGGL-15899: All internal Android apps uploaded to the console were getting the default Android icon.
- CRSVC-42773: Navigating to app events displays spaceman error.
- AMST-39704: BIOS verification status sent incorrectly as a part of Windows security information sample.
- AAPP-16535: iOS updates no query update status button on Workspace ONE UEM 2302.
- AAPP-16586: Custom data (key/value) was not retained in the VPN profile (iOS) after reopening the profile.
- AGGL-15912: Android VPN profile displays “Failed to save profile” error when trying to modify it or add a version to it.
- CRSVC-42634: Migration tool application migration custom batch.
- ARES-26761: High latency in purge expired sample data job execution.
- RUGG-12356: Unable to get the launcher speed lock down feature working.
- AGGL-15777: Add a new Last Used column to Resource Context table
- Last Update: CW44
- Patch Level 23.6.0.8
- AAPP-16587: Custom data (key/value) not retained in VPN profile (iOS) after re-opening the profile.
- AMST-39762: Workaround for OEM update profile fails to install on device.
- ARES-26758: “App already exists with this Organization Group” error message when uploading a duplicate Windows app.
- ARES-26865: Incorrect records are getting fetched due to ordering of duplicate payload templates.
- CMEM-186928: Objects not clearing from the memory and causing high memory usage.
- CRSVC-43006: Some identity certificates are reported as “Cert” type in error.
- FCA-206261: UEM support for Workspace ONE Role Based Access Control.
- PPAT-15442: Review and reduce the Tunnel Service Logs generation.
- UM-8390: Unblock the Auto/Manual syncs during advanced Ldap Sync cycle failure.
- Last Update: CW44
Leave a comment