Welcome to the anywhere workspace

Week 44-2023 VMware Enduser Computing Updates

🎯 Horizon 2310 Next Gen and UEM 2306 Installer GA 🎯 Workspace ONE security advisories 🎯 Tons of new KBs, Techzone and Blog Posts

JuliusLienemann
13 minutes

Release Updates Week 44

Horizon Cloud Service next-gen 2310 (Oct 2023) release

  • Horizon Control Plane
    • India has been added as a new region to the Horizon Cloud Service Control Plane that you can select while onboarding to the service. 
    Horizon Edge
    • Additional Microsoft Azure VM SKUs have been configured for fallback use when deploying the Horizon Edge Gateway on Azure Kubernetes Service. This allows the deployment to succeed in regions where one or more of the SKUs is unavailable.
    Provider CapacityDesktops and Applications
    • The Pool and Pool Group detail pages now display real-time session data.
    Horizon Client
    • Administrators can now configure privacy mode for end users in a VMware Horizon Cloud Service – next-gen environment. With privacy mode enabled, users must authenticate to log into Horizon Client and are redirected to the identity provider (IDP) logout page upon disconnecting from the Horizon Portal or exiting the client.

Workspace ONE Intelligent Hub for Android 23.10 (staged)

  • Open the Hub FAQ links within Hub: Hub FAQ links now seamlessly open within the Hub app, eliminating the need to launch a separate browser on the device. This is particularly helpful for restricted/Kiosk mode deployments (especially for frontline use-cases) where users are not expected to navigate out of the Hub app.  
  • See OEMConfig and other headless apps: Administrators can now see when an OEMConfig application, like KNOX Service Plugin or Zebra OEMConfig clients, is installed on their devices. By default, Workspace ONE UEM does not collect and display information about installed applications when said apps do not have an icon (AKA “headless apps”). This includes many OEMConfig clients. Administrators can now push a Custom Settings Profile to enable sampling and reporting of headless applications, including the installed version. See How to Enable Sampling of OEMConfig and Other Headless Apps for more information.
  • Support for custom messages for Workspace ONE Mobile Threat Defense: Administrators can now add content to the standard alerts sent to users for policy violations and when threats are detected. The additional content will be presented in Intelligent Hub in the threat details’ page. Content can include corporate or legal content additional steps or advice, URLs for Support sites, and other important information.

VMware Workspace ONE Boxer for iOS 23.10

  • Dynamic text size for email body
    • Users with vision problems would be able to read their emails without manually zooming in or out them 
    • Email body is resized following the user’s device accessibility settings 

Secure Email Gateway 2.28

  • General quality and performance improvements with no new features.

Workspace ONE SDK for iOS 23.10

  • Compromise detection enhancement for iOS 17 false positives. 
  • Allowing apps to customize log levels. 
  • Bug fixes and Stability improvements. 
  • Third party library updates. 

Workspace ONE UEM Console 2306 – Installer

Important KB Articles and Announcements

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com

VMware EUC related Security Advisories:

  • VMSA-2023-0025 – VMware Workspace ONE UEM console updates address an open redirect vulnerability
  • Please see the updated advisory here: https://www.vmware.com/security/advisories/VMSA-2023-0025.html
  • Impacted Products:
    VMware Workspace ONE UEM console
  • Changelog:
    2023-10-31: VMSA-2023-0025 Initial security advisory

KB Highlights & Announcements

[Resolved] UM-7930 – Guidance for mitigating CVE-2023-20886 in Workspace ONE UEM (95372)

  • CVE-2023-20886 has been determined to impact Workspace ONE UEM. This vulnerability and its impact on VMware products is documented in VMware Security Advisory – VMSA-2023-0025 .
  • Workspace ONE UEM 2203 and higher
  • This issue is resolved in Workspace ONE UEM 2306. Additionally, the fix is also available as a patch for the following supported releases of Workspace ONE UEM: (see KB for more info)

Autopilot Hybrid Join Best Practices (94477)

  • If you plan to deploy Windows devices with Autopilot Hybrid Join, you should follow the following guidelines. Every other configuration can cause deployment issues, timeouts, or errors.
    • Don’t deploy other resources than Domain Join configuration and VPN application / profile in the customer OG. 
      Devices enrolled via Autopilot, always getting enrolled into the customer OG. If there are other resources assigned to the device, the Autopilot Hybrid Join process might time out.
    • Pre-stage VPN application. 
      If your deployment requires a VPN connection because the end-user is outside the company network, you should consider Drop-Ship Provisioning (Online or Offline) to pre-stage the VPN application. 
      Due to the Microsoft limitations in the Autopilot process, VMware Workspace ONE does not have any ability to wait for the VPN application installation. As soon as the Offline Domain Join blob was applied to the device, the device will reboot. 
  • … More Best Pratice in KB.

[AGGL-15892] Incorrect Icon displayed for Android Internal Apps in Console (95377)

  • When uploading new Internal Apps to the Workspace ONE UEM Console, one of the following issues is seen:
    • A generic Android icon is displayed instead of the application’s icon
    • An incorrect icon image is displayed
  • This issue affects Workspace ONE UEM 2212 and higher.
  • Note: This only affects the icon displayed to the administrator. When the application is installed on a device, the correct icon is shown on the device.

Action Required: Custom ‘Workflow Connectors’ in Workspace ONE Intelligence Integrations with Incomplete Information Not Supported (95371)

  • Background:
  • In Workspace ONE Intelligence > Integrations, you were able to save ‘Workflow connector’ Integrations by entering just the name, without critical information. This would result in management overhead of incomplete connectors.
    Hence in Feb 2023, any new custom connector getting created has certain required fields to ensure only valid connectors are getting created.

[AGGL-15952] Profiles fail to load in Workspace ONE UEM Console (95355)

  • In some On-Premise Workspace ONE UEM environments:
    • When an administrator attempts to view or edit Android profiles in the Workspace ONE UEM Console, the page fails to load. MacOS profile may also fail to load in some affected environments
    • The Metadata Transform Service does not start
      • This can be verified by checking Services in the Windows server hosting the UEM REST API application

High Priority KBs

Recently updated or added KBs (Links)

Digital Workspace Techzone, Blog and YouTube Updates

3rd Party Blog Updates & Industry News

October Software Releases

SystemComponentReleaseAnnouncementRelease Date
AndroidBoxer23.09Release Notes02.10.23
BackendConsole DSAAS23.06Release Notes03.10.23
iOSVM Tunnel23.06.2Release Notes03.10.23
AndroidHub23.09Release Notes17.10.23
macOSHub23.09Release Notes10.10.23
iOSContent23.10Release Notes18.10.23
BackendUAG2309Release Notes26.10.23
AndroidBoxer23.10Release Notesstaged
BackendSEG2.28Release Notes30.10.23
BackendConsole OnPrem23.06Release Notes31.10.23
HorizonHorizon Cloud Service Next Gen2310Release Notes31.10.23
AndroidHub23.10Release Notesstaged
iOSWorkspace ONE SDK SWIFT23.10Release Notes02.11.23

Upcoming EUC Events

EventStart DateDetails
EUC Customer Success Quarterly Webcast SeriesNext EUC Customer Success Quarterly Webcast Coming Soon!Watch our latest webcasts:
Managing, Automating, and Supporting a Frontline Device Fleet
What’s New with Horizon Cloud Service next-gen and Improving VMware Horizon User Experience with Workspace ONE Intelligence
Windows 10 Multi-User Support for UEM & Revolutionize your IT Environment with Freestyle OrchestratorWatch all additional previous webcasts On-Demand here.
VMware Digital Workspace Virtual Customer Success RoundtableNext VMware Digital Workspace Virtual Customer Success Roundtable Coming Soon!
VMware Explore 2023VMware Explore US
Watch 2023 EUC session replays here.
VMware Explore Europe Barcelona | Fira Gran Via Register Now
Watch replays from VMware Explore Europe 2022 here.		6-9 November 2023
VMUGWatch On-Demand webcasts here.Register for upcoming live webcasts here.Register for Regional VMUG events here.
End User Computing WebinarsSign up for upcoming webcasts and watch VMware On-Demand webcasts here

EUC UX Research Opportunities  

  • Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
  • Interested in giving your opinion and making your voice heard? Check out what’s available!
  • Bonus: We give VMWare swag to Customers who participate  
EUC Product / FeatureTopicOpportunity TimeSignup Link
Horizon Next-Gen (V2)EUC Design wants to improve the experience when onboarding the new Next-Gen Horizon Cloud Service Console. Whether you’ve partially or fully onboarded, we want to better understand areas of challenge specifically with Pools, Pool Groups, and Entitlements.45-minute, 1×1 conversation via Zoom where we will walk through the onboarding flow via a staging environment and discuss the experience.
Interviews begin the week of Oct 16. SIGN UP HERE
WS1 AssistEUC Design wants to learn about your helpdesk/servicedesk role and what you like, dislike, and wish could improve in your day-to-day when using Assist. 60-minute, 1×1 conversation via Zoom.Interviews + focus groups begin the week of Nov 6. SIGN UP HERE HERE

Latest Patch & Seed Script Versions

  • Workspace ONE UEM 22.03
    • Patch Level 22.3.0.54
    • AAPP-16437: Update Device Information query Cellular keys.
    • CMCM-190723: Status of document in content detail report was not corrected.
    • MACOS-4057: macOS 14 ADE enrollment fails if Custom Enrollment is off.
    • AGGL-15527: Google seems to have increased oAuthToken length (AndroidWorkSetting AccessToken got truncated).
    • Last Update: CW43
  • Workspace ONE UEM 22.06
    • Patch Level 22.6.0.46
    • CMEM-186923: Objects not clearing from the memory and causing high memory usage.
    • Last Update: CW43
  • Workspace ONE UEM 22.09
    • Patch Level 22.9.0.42
    • ENRL-3854: Windows devices within the customer Organization Group are shown as being enrolled to the users from a different tenant in the same console.
    • CRSVC-41708: Tunnel Gateway unreachable from newly enrolled iOS devices.
    • FCA-206098: Unable to send template message to device from public app details device tab.
    • Last Update: CW43
  • Workspace ONE UEM 22.12
    • Patch Level 22.12.0.35
    • ARES-26483: Device profile status ID incorrect in API Call.
    • AMST-39760: Workaround for OEM update profile fails to install on device.
    • AMST-39844: WNS disconnected for multiple Windows devices.
    • FCA-206099: Unable to send template message to device from public app details device tab.
    • AGGL-15523: Phone Number reported as “SIM not detected” for Android 12+ Profile Owner in the Summary tab.
    • Last Update: CW43
  • Workspace ONE UEM 23.02
    • Patch Level 23.2.0.27
    • AGGL-15899: All internal Android apps uploaded to the console were getting the default Android icon.
    • CRSVC-42773: Navigating to app events displays spaceman error.
    • AMST-39704: BIOS verification status sent incorrectly as a part of Windows security information sample.
    • AAPP-16535: iOS updates no query update status button on Workspace ONE UEM 2302.
    • AAPP-16586: Custom data (key/value) was not retained in the VPN profile (iOS) after reopening the profile.
    • AGGL-15912: Android VPN profile displays “Failed to save profile” error when trying to modify it or add a version to it.
    • CRSVC-42634: Migration tool application migration custom batch.
    • ARES-26761: High latency in purge expired sample data job execution.
    • RUGG-12356: Unable to get the launcher speed lock down feature working.
    • AGGL-15777: Add a new Last Used column to Resource Context table
    • Last Update: CW44

Workspace ONE UEM 23.06

  • Patch Level 23.6.0.8
    • AAPP-16587: Custom data (key/value) not retained in VPN profile (iOS) after re-opening the profile.
    • AMST-39762: Workaround for OEM update profile fails to install on device.
    • ARES-26758: “App already exists with this Organization Group” error message when uploading a duplicate Windows app.
    • ARES-26865: Incorrect records are getting fetched due to ordering of duplicate payload templates.
    • CMEM-186928: Objects not clearing from the memory and causing high memory usage.
    • CRSVC-43006: Some identity certificates are reported as “Cert” type in error.
    • FCA-206261: UEM support for Workspace ONE Role Based Access Control.
    • PPAT-15442: Review and reduce the Tunnel Service Logs generation.
    • UM-8390: Unblock the Auto/Manual syncs during advanced Ldap Sync cycle failure.
  • Last Update: CW44

Leave a comment

Trending