Release Updates Week 47
Workspace ONE Tunnel for Android 23.09 (staged)
- Phishing and Content Protection is enforced for all applications on the device (or container) independent of the Full-Device or Per-App Tunnel-VPN mode.
- Technical Preview: Block Private DNS
- We have noticed that with recent Android OS updates, the Private DNS setting on the device is set to ‘Automatic’ by default. This setting encrypts all DNS requests from the device.
- This includes DNS requests from applications and to destinations that are configured for Tunnel.
- As a result, the Tunnel client is unable to process these DNS requests and the user is unable to access internal resources.
- To ensure users can access internal resources and private DNS continues to function for non-Tunnel workflows, we are introducing the ability to block Private DNS requests for requests that are managed by Tunnel.
- This is implemented via the following KVP:
- KVP: BlockPrivateDNS | Type: Boolean | Default Value: False
- Set this value to True to block all Private DNS requests. This is implemented by blocking all TLS DNS requests over port 853.
- It is expected that the OS will default back to DNS over UDP over port 53.
- Horizon Clients 2309.1 is a bug fix release. For details on specific fixes per client, see the “What’s New” section in the release notes provided in the “Documentation and Links” section below
- Release Notes: Horizon Client for Windows
- Release Notes: Horizon Client for Mac
- Release Notes: Horizon Client for Linux
Workspace ONE Content for iOS 23.11
- Preserve PDF Bookmarks – Ability to preserve bookmarks for a document, when a new version of that PDF document is updated.
- Bug Fixes and Improvements
- ISCL-183281 Not able to Zoom In/Out while taking Photos or Videos through camera
- ISCL-183280 Incorrect drop down list values shown when the values are depended on previous drop down
- ISCL-183324 File specific – App crashing while applying filters for excel files
Workspace ONE Web for Android 23.11
- ABRW-175422: Custom icon for Bookmarks
- Ability to customize personal bookmarks icon on device.
- Bug Fixes
- ABRW-175466: Bottom panel icon gets greyed out after changing theme from System Default(dark) to Light mode
- ABRW-175648: JavaScript window.close() not getting called because of blocked screen
- Other bug fixes and quality improvements
Important KB Articles and Announcements
Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com
Unable to edit roles for Cloud Services Administrators in Workspace ONE UEM 23.06 (95700)
- In Workspace ONE Unified Endpoint Management (UEM) 23.06 environments, when an administrator navigates to Accounts > Administrators > List view, the option to modify an admin account where the Source is ‘Cloud Service’ is disabled. Roles will not be editable for administrators added from ‘Cloud Service’ Source.
- Currently, administrators can only assign Basic (Read-Only) or Admin (Console Administrator) level roles within VMware Cloud Services (VCS) for Cloud Administrators at Identity & Access management > Active Users. VCS does not currently support other UEM system roles or custom roles.
- Users attempting to access or update the VMware AirWatch Agent and VMware AirWatch Admin Assistant may experience failures or errors.
- Inability to download or upIdate these applications using previous URLs, leading to potential disruptions in service or application functionality.
- VMware recommends all customers download the latest versions of these applications from the following new URLs:
- VMware Workspace ONE Intelligent Hub for macOS: https://getwsone.com/macOS/VMwareWorkspaceONEIntelligentHub.pkg
- VMware Workspace ONE Admin Assistant for macOS: https://getwsone.com/AdminAssistant/VMwareWorkspaceONEAdminAssistant.dmg
Announcement: End of Availability (EOA) for VMware Secure Access (95651)
- VMware is streamlining and simplifying its product offering in order to deliver more value to its customers. As part of this, VMware is announcing End of Availability (EOA) for VMware Secure Access starting January 31st, 2024.
- For customers who are currently looking at Secure Access as a remote access solution, VMware can provide two options:
- VMware SD-Access (formerly branded as VMware SD-WAN Client) is a replacement solution for customers who are looking for a remote access solution for remote workers that is based on the principles of ZTNA.
- VMware Workspace ONE Tunnel is part of the Workspace ONE portfolio for endpoint security and zero trust access.
Pull Relay Servers are losing connection to UEM Console following relay servers reboot (95704)
- In UEM version 22.3.0.54 or later if the Pull Relay Server is rebooted it is not able to connect back to the UEM console. The Status indicator for the Relay server in the console would show a warning symbol in this case of a lost connection.
- There was a security patch for Pull Relay servers pushed to UEM version 22.3.0.54 or later. This security patch led to an issue with Pull Relay Servers where an IP or Mac address only was used as the discovery text. This would lead to the Pull Relay server losing connection to the UEM console when restarted.
- The Workspace ONE SDK will no longer offer support for the ability to restrict network access. Specifically the Network Access Control (NAC) setting in the SDK profile will no longer be supported. This change will be reflected in the releases of the Workspace ONE SDK for iOS and Android that will happen after May 1st 2024.
- This NAC setting may remain available in the Workspace ONE UEM Console UI even after the EOGS date, however it will be removed in a future version of Workspace ONE UEM.
VMware EUC related Security Advisories:
- No new VMSAs
High Priority KBs
- Workspace ONE UEM – Updated requirements for on-premise cumulative patches (94706)
- The base GA version for current Workspace ONE UEM releases is being revised through updated installers. On-premise customers will need to consume a revised installer for a given major version before any future cumulative patches can be deployed for that major version. These revised installers are required to address compatibility issues with regular cumulative patches.
- Introducing Workspace ONE (WS1) UEM Next-Gen SaaS
- VMware is excited to announce that the resource management & tracking improvements, the first major feature-based milestone in the Workspace ONE UEM Modernization Journey, is now available for customer testing. These improvements will be enabled in limited testing environments (CN135) starting on Thursday August 24, 2023.
- [Resolved] SINST-176145 – Multiple Workspace ONE UEM application pools and services may not start once stopped (93877)
- Workspace ONE UEM services and application pools may fail to start once stopped. This issue is typically observed alongside the following error message in the service’s log[RESOLVED] SINST-176160 – Workspace One UEM – Unable to edit existing or create new DDUI profiles. (93911)
- Upon deploying the patches noted in KB 93877, you may experience an error when creating or editing DDUI device profiles (iOS, macOS, Android Enterprise) in the Workspace ONE UEM Console.
- Getting Ready for Android 14 (2023)
- Getting Ready for Apple Major OS Releases 2023
Recently updated or added KBs (Links)
- Update sequence for Horizon 7, Horizon 8, and compatible VMware products (78445)
- Announcing End of General Support for the ‘Network Access Control (NAC)’ setting in the Workspace ONE SDK (95722)
- Pull Relay Servers are losing connection to UEM Console following relay servers reboot. (95704)
- Important information regarding Zebra Android 13 Update (91896)
- Unable to edit roles for Cloud Services Administrators in Workspace ONE UEM 23.06 (95700)
- VMware Workspace ONE Hub for macOS | Workspace ONE Admin Assistant for macOS Update Endpoints (82032)
- Following an upgrade Workspace fails to start correctly with error: Could not acquire change log lock (2076107)
- Announcement: End of Availability (EOA) for VMware Secure Access (95651)
- Create Office 365 web application link as a workaround for Office 365 launch failures (95637)
- VMware Integrated Printing : Certain Legacy Published Desktop Applications are unable to set the configured default printer (94373)
- Horizon Mac Client: A Multi Monitor setup using a DisplayLink Adapter shows Grey Screens with Screen-Capture Blocking enabled (95432)
- Horizon Cloud Pod – Resolving stale entries in ADLDS database (81379)
- Horizon Client 2309 and Later: Smart card authentication fails with a TLS handshake error when using the X.509 certificate signed with SHA1
Digital Workspace Techzone, Blog and YouTube Updates
- Get the latest updates for Horizon packaging and licensing
- Secure your world against mobile device thr Bullet list eats with Lookout and VMware
- Horizon Cloud Service – next-gen Architecture
- Horizon Cloud Service – next-gen Configuration
- Deploying Horizon Edge Gateway Appliance – URL Checker
- Black Friday Discount: New Beta Exam and Chance to Receive Half Off a Future VCP Exam
- Introducing frontline dashboards and templates in Workspace ONE Intelligence
3rd Party Blog Updates & Industry News
November Software Releases
| System | Component | Release | Announcement | Release Date |
| Android | Hub | 23.10 | Release Notes | 09.11.23 |
| iOS | Workspace ONE SDK SWIFT | 23.10 | Release Notes | 02.11.23 |
| Backend | WS1 Access OnPrem | 23.09 | Release Notes | 02.11.23 |
| Android | Boxer | 23.10 | Release Notes | 06.11.23 |
| iOS | Notebook | 23.10 | Release Notes | 06.11.23 |
| Android | Content | 23.10 | Release Notes | 15.11.23 |
| iOS | Web | 23.11 | Release Notes | 15.11.23 |
| Android | Web | 23.11 | Release Notes | 22.11.23 |
| iOS | Hub | 23.10 | Release Notes | 16.11.23 |
| Horizon | Server Components and Clients | 2309.1 | Horizon Client for Windows | 21.11.23 |
| Horizon | Server Components and Clients | 2309.1 | Horizon Client for Linux | 21.11.23 |
| Horizon | Server Components and Clients | 2309.1 | Horizon Client for Mac | 21.11.23 |
| iOS | Content | 23.11 | Release Notes | 23.11.23 |
Upcoming EUC Events
| Event | Start Date | Details |
| VMware – ITQ EUC Customer Roundtable Germany | German language on-site event at Cologne Motorworld Sign Up Here VMware Explore BCN Recap and EUC Strategy Update Desktop as a Service BC and DR Rescue Plan HR meets IT – Boost your Employee Experience Ask the EUC Expert Peer Networking | 06.12.2023 |
| EUC Customer Success Quarterly Webcast Series | Next EUC Customer Success Quarterly Webcast Coming Soon!Watch our latest webcasts: •Managing, Automating, and Supporting a Frontline Device Fleet •What’s New with Horizon Cloud Service next-gen and Improving VMware Horizon User Experience with Workspace ONE Intelligence •Windows 10 Multi-User Support for UEM & Revolutionize your IT Environment with Freestyle OrchestratorWatch all additional previous webcasts On-Demand here. | |
| VMware Digital Workspace Virtual Customer Success Roundtable | Next VMware Digital Workspace Virtual Customer Success Roundtable Coming Soon! | |
| VMware Explore 2023 | VMware Explore US Watch 2023 EUC session replays here. VMware Explore Europe Barcelona | Fira Gran Via Register Now Watch replays from VMware Explore Europe 2022 here. | 6-9 November 2023 |
| VMUG | Watch On-Demand webcasts here.Register for upcoming live webcasts here.Register for Regional VMUG events here. | |
| End User Computing Webinars | Sign up for upcoming webcasts and watch VMware On-Demand webcasts here. |
EUC UX Research Opportunities
- Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
- Interested in giving your opinion and making your voice heard? Check out what’s available!
- Bonus: We give VMWare swag to Customers who participate
| EUC Product / Feature | Topic | Opportunity Time | Signup Link |
| WS1 Hub Services + UEM | EUC Design is improving the experience for the Employee Self-Service feature – where Admins configure a self-service tab for their employees to access helpful links and manage their devices. Additionally, actions from WS1 UEM will now be available here! | 60-minute, 1×1 conversation via Zoom where you’ll get to see early wireframe concepts. | Interviews begin the week of Nov 13. SIGN UP HERE |
| WS1 Intelligence | EUC Design may build a potential new feature, Custom Alerts, which would inform Admins when key metrics change in real time. You could be alerted when your Dashboard reaches a certain threshold, or have the alert trigger a Freestyle workflow. | 60-minute, focus group conversation via Zoom where you’ll get to see early wireframe concepts. | Focus Groups on 11/28 and 11/30. SIGN UP HERE |
| Horizon Next-Gen (V2) | EUC Design wants to improve the experience when onboarding the new Next-Gen Horizon Cloud Service Console. Whether you’ve partially or fully onboarded, we want to better understand areas of challenge specifically with Pools, Pool Groups, and Entitlements. | 45-minute, 1×1 conversation via Zoom where we will walk through the onboarding flow via a staging environment and discuss the experience. | Interviews begin the week of Oct 16. SIGN UP HERE |
| WS1 Assist | EUC Design wants to learn about your helpdesk/servicedesk role and what you like, dislike, and wish could improve in your day-to-day when using Assist. | 60-minute, 1×1 conversation via Zoom. | Interviews + focus groups begin the week of Nov 6. SIGN UP HERE HERE |
Latest Patch & Seed Script Versions
- OS Updates Seed Script
- Most recent update: Apple Seed Script iOS 17.1.1 (21B91),macOS 13.6.2 (22G320),macOS 14.1.1 (23B81),macOS 13.6.2 (22G2321),macOS 14.1.1 (23B2082)
- Last Update: CW45
- Seed Script for latest Device Model Information
- Seed Script to support latest M3 MacBook Pro and iMac Device models
- Last update: CW44
- Workspace ONE UEM 22.03
- Patch Level 22.3.0.54
- AAPP-16437: Update Device Information query Cellular keys.
- CMCM-190723: Status of document in content detail report was not corrected.
- MACOS-4057: macOS 14 ADE enrollment fails if Custom Enrollment is off.
- AGGL-15527: Google seems to have increased oAuthToken length (AndroidWorkSetting AccessToken got truncated).
- Last Update: CW43
- Workspace ONE UEM 22.06
- Patch Level 22.6.0.47
- PPAT-15437: Review and reduce the Tunnel service logs generation.
- ARES-26831: Application rule PUT API improvements.
- Last Update: CW46
- Workspace ONE UEM 22.09
- Patch Level 22.9.0.44
- CRSVC-42821: Secure Channel – Cannot find the original signer issue.
- Last Update: CW47
- Workspace ONE UEM 22.12
- Patch Level 22.12.0.38
- CRSVC-42823: Secure Channel, unable to find the original signer issue.
- AGGL-15898: All internal Android apps uploaded to the Workspace ONE UEM console were getting the default Android icon.
- Last Update: CW47
- Workspace ONE UEM 23.02
- Patch Level 23.2.0.30
- CRSVC-42824: Secure Channel – Cannot find the original signer issue.
- SINST-176239: Workspace ONE UEM Patch installer 22.12.0.31 fails at Cert Installer execution.
- AAPP-16647: Unable to install VPN profile on iOS devices.
- AAPP-16653: Show or hide a field which is dependent on different fields out of which one is set.
- AAPP-16650: Action parameter section sequencing is not correct.
- FS-4566: macOS workflow stuck waiting on profiles.
- CRSVC-43330: Increased CPU usage by CiscoISE app pool.
- RUGG-12628: Add support for pull relay server discovery with IP as discovery text.
- AAPP-16684: Workspace ONE UEM unable to edit approved SIM for some devices.
- CRSVC-41111: Cisco ISE API account password expiration.
- AAPP-16639: VPN IKEv2 payload dropdown values were changing to default value after adding a version.
- AMST-39887: Removing Windows update profile does not remove configured policies.
- CRSVC-39018: Convert StartRowCount datatype to bigint from int for Purge Statistics table.
- FS-4602: macOS workflow status does not update without a manual query.
- FS-4727: Seed Mac workflow host in canonical release 23.02.
- AMST-40140: If the “Managed Applications” payload is configured in Windows profile, checkbox size in other payloads will become huge
- Last Update: CW47
- Patch Level 23.6.0.11
- AAPP-16712: Correcting the existing profile context data.
- CRSVC-43754: Android shared device mode app configuration was not completing.
- RUGG-12629: Add support for pull relay server discovery with IP as discovery text.
- CMCM-190730: Status of document in content detail report was not corrected.
- CRSVC-43331: Increased CPU usage by CiscoISE app pool.
- AMST-40139: If the “Managed Applications” payload is configured in Windows profile, checkbox size in other payloads will become huge.
- ARES-26622: Device logs not uploaded to console.
- CRSVC-42825: Secure Channel – Cannot find the original signer issue.
- CRSVC-42774: Navigating to app events gives spaceman error.
- ARES-26909: Sync should queue install commands when there are already pending commands for other devices and previous status is pending release.
- FS-4728: Seed Mac workflow host in canonical release 23.06.
- AAPP-16685: Workspace ONE UEM unable to edit approved SIM for some devices.
- Last Update: CW47
Welcome to the anywhere workspace 
Leave a comment