Release Updates Week 24
![](https://juliuslienemann.wordpress.com/wp-content/uploads/2023/07/cropped-ws1-ico.png?w=1024)
- Device Enrollment Terms of Use support in Workspace ONE Intelligent Hub
Workspace ONE Intelligent Hub app users can now view and act on updates to the Terms of Use (TOU) for any of their enrolled devices directly within the Workspace ONE Intelligent Hub app. Previously, this functionality was only available through the Self-Service Portal (SSP), requiring users to log in separately, often delaying critical actions on TOU updates. By integrating this feature into the Intelligent Hub app, we streamline it into the regular employee workflow, allowing for more immediate responses to TOU updates.
This functionality is currently available on Hub Web and Windows.
- Application Terms of Use support in Workspace ONE Intelligent Hub
Users of the Hub native applications (i.e. Hub iOS, Android and Windows) can now view and act on updates to the Terms of Use (TOU) associated with any applications installed on their devices. Previously, Intelligent Hub prompted users for TOU action (acceptance or rejection) only during the initial app installation via the Hub catalog, with no way to address subsequent TOU updates. This new feature enables users to stay updated and respond to TOU changes at any time.
This functionality is currently available on Windows on all Intelligent Hub app versions. For iOS and Android, please refer to the iOS and Android Hub release notes for the Intelligent Hub version which adds support for this feature.
NOTE: This was the last significant parity gap between the Hub Services app catalog and the legacy UEM app catalog, which is already scheduled for end-of-life See KB article 95774
- Increase in limit for Employee Self-Service Helpful Links from 10 to 20
Hub Services admins can now configure up to 20 Helpful Links in the Employee Self-Service section of the Hub admin console, doubling the previous limit of 10 links. This increased capacity allows admins (UEM and Horizon) to provide more self-service content, such as knowledge bases (KBs), for end users in the Intelligent Hub Self-Support tab.
![](https://juliuslienemann.wordpress.com/wp-content/uploads/2023/11/94225.png?w=512)
Apple Business Manager and Apple School Manager:
- Domain Capture and Account Transfer: Organizations can now ensure all Apple Accounts using their domain are managed. Users can transfer their personal accounts to Managed Apple Accounts or rename them to free up the domain.
- Activation Lock Management: Admins can now turn off Activation Lock for organization-owned devices without needing AppleCare support.
- Support for Apple Watch and Apple Vision Pro: These devices can now be managed within Apple Business Manager and Apple School Manager.
- SIS Synchronization Updates: Improved synchronization with additional vendors and options to prevent duplicate entries during data import.
Device Management:
- Safari Extensions Management: Organizations can now manage Safari extensions on supervised devices.
- Software Update Management: Declarative device management replaces MDM profiles for software updates, offering more resilient management.
- Beta Software Management: Organizations can now remotely enroll devices into beta programs and manage beta software installations.
- Apps and Books API: Enhanced API capabilities for retrieving information about apps and books.
- Provisioning and Managing Users: New APIs for enterprise app developers to automate tasks like provisioning profile generation.
New Hardware Requirements for Managed Device Attestation:
- Attestations will be issued only to devices meeting specific hardware requirements (A11 Bionic chip or later for iPhone, iPad, Apple TV; Apple silicon for Mac).
Security Improvements:
- Push Notifications: CSRs for Apple Push Notification service must now be signed with the SHA2 algorithm.
macOS Management:
- Passkey and Hardware Security Key Support: Support during enrollment for ASWebAuthenticationSession.
- Platform Single Sign-On: Extended to require IdP authentication across various macOS security points.
- External and Network Storage Access: New configuration to manage external or network storage access.
- Local Network Access: Apps and agents must now request permission to interact with local devices.
- Virtual Machine Updates: iCloud sign-in and Erase All Contents and Settings are now supported on macOS virtual machines.
iOS and iPadOS Management:
- Hiding and Locking Apps: New options to require authentication to open apps and hide them from the Home Screen.
- In-House App Installations: Device restart is now required to complete the trust of provisioning profiles for manually installed apps.
- eSIM Updates: New restrictions to prevent eSIM removal during device erase and control eSIM transfers.
tvOS Management:
- Return to Service: New management capabilities for Apple TV devices.
visionOS Management:
- Automated Device Enrollment for Apple Vision Pro: Enhanced enrollment capabilities.
Apple Configurator for Mac Updates:
- New actions and improved status reporting for Shortcuts.
Education-Specific Updates:
- Calculator on iPad: New addition.
- Multiapp Assessment Mode for iPad: Improved capabilities for educational assessments.
- Schoolwork 3.0: New features for the Classroom app.
![](https://juliuslienemann.wordpress.com/wp-content/uploads/2023/07/cropped-ws1-ico.png?w=1024)
- Support for Entra ID MFA as additional authentication method
Workspace ONE Access now enables integration with Microsoft Entra ID MFA as an additional authentication method. Users can log in to Workspace ONE Access using their existing authentication methods, and then be prompted for the Entra ID MFA without an additional Entra ID login prompt. This feature simplifies the user experience while adding the feature-rich Entra MFA capabilities to Workspace ONE Access authentication.
![](https://juliuslienemann.wordpress.com/wp-content/uploads/2020/11/tunnel.png?w=1024)
Workspace ONE Tunnel for iOS 24.05
- In this release, we have made a few updates containing general quality and performance improvements with no new features.
- Introducing Full-Device Tunnel mode for the iOS Tunnel client on MDM enrolled devices.
- This is in addition to existing support for Per-App Tunnel mode.
- See ‘How to configure the iOS Tunnel MDM Profile for Full-Device Tunnel mode’ for setup instructions.
- Introducing Full-Device Tunnel mode for the iOS Tunnel client on MDM enrolled devices.
![](https://juliuslienemann.wordpress.com/wp-content/uploads/2020/11/tunnel.png?w=1024)
Workspace ONE Tunnel for Android 24.05 (staged)
- New workflow to allow Tunnel to be exempt from battery optimization.
![](https://juliuslienemann.wordpress.com/wp-content/uploads/2020/11/content.png?w=512)
Workspace ONE Tunnel for Android 24.05 (staged)
- New workflow to allow Tunnel to be exempt from battery optimization.
![](https://juliuslienemann.wordpress.com/wp-content/uploads/2021/03/hoirzonlogo.png?w=300)
Horizon Cloud Service – next-gen
- Horizon Edge
- You can now switch your Horizon Edge Gateway deployment type from Single Virtual Machine to Azure Kubernetes Services (AKS) to enable high availability to the Edge Gateway.
- The Italy North region is now available for Horizon Edges deployed in Microsoft Azure.
- The Israel Central region is now available for Horizon Edges deployed in Microsoft Azure.
- Desktops and Applications
- App Volumes
- File Shares for storing App Volumes packages now support the Microsoft Azure automated key rotation functionality to enhance security by ensuring that storage account access keys are regularly updated.
- Pool Groups
- Applications from different sources (automatically scanned, manual applications, or App Volumes) are now grouped by name, publisher, and application type. Consequently, manual applications are no longer grouped with automatically scanned applications.
- App Volumes
- Help Desk
- The Help Desk Administrator role has been added to enable restricted access to the Horizon Universal Console for admins who only need to perform help desk related actions.
![](https://juliuslienemann.wordpress.com/wp-content/uploads/2020/11/hub.png?w=512)
Workspace ONE Intelligent Hub for iOS 24.04
Bug Fixes
EOL Notice – The Legacy Catalog in UEM for SaaS UEM Customers will be EOGS on August 31, 2024 and EOL on October 31, 2024. Refer to KB article for details.
Note: If you are using the App Catalog in Intelligent Hub, then you are already migrated and no action is needed. This applies for all platforms (iOS, Android, macOS, Windows).
Background processing improvements for Workspace ONE Mobile Threat Defense.
Improvements to graphics for enrollment screens
![](https://juliuslienemann.wordpress.com/wp-content/uploads/2020/11/hub.png?w=512)
Workspace ONE Intelligent Hub 24.04 for Android
- Accessibility improvements in Intelligent Hub
- Support for enabling 3rd-party cookies when authenticating with Workspace ONE Access: In some cases, Intelligent Hub needs to support 3rd-party cookies in order for users to authenticate with Workspace ONE Access. In cases where 3rd-party cookie support is required and this is not enabled, users may see a “cookies not supported” error in Intelligent Hub. See How to Enable 3rd-party Cookies for Workspace ONE Access Authentication in the Beta Resources for more information on how to test this feature.
- Intelligent Hub processes pending actions and delivers samples at a more consistent frequency: When an Android device exits Doze Mode, Intelligent Hub will now count the time the device spent in Doze Mode to determine when to next execute certain recurring tasks. Previously, the time a device spent in Doze Mode would not be considered in this calculation, which extended the time between executions of said recurring tasks on devices that frequently entered Doze Mode. These tasks include processing pending actions in Workspace ONE UEM, such as installation of profiles and apps, as well as sending device information to Workspace ONE UEM.
- Higher priority for Tunnel Profile installation: In instances where Intelligent Hub needs to apply multiple resources, it will install Tunnel Profiles before most other resources. This can accelerate setup of Workspace ONE Tunnel during checkout of shared devices, which in turn can allow users to authenticate with applications sooner using Mobile SSO.
- Improvements to Samsung KNOX integration: Intelligent Hub uses a Samsung KNOX License to leverage Samsung-specific Android device management functionality, such as Samsung-only profiles. Intelligent Hub 24.04 improves the resilience of this integration to prevent issues where the KNOX license key is not properly activated.
- Bug Fixes
![](https://juliuslienemann.wordpress.com/wp-content/uploads/2020/11/workspace_one_intelligence.png?w=452)
Workspace ONE Intelligence 24.05.20
- We improved column management in widgets.
- Hide or display selected columns, and arrange columns in a desired order.
- We made improvements to how custom widgets process and display date ranges for time series events.
- You can select an entire date range for the frequency of relative time ranges.
- We added a bar chart option that you can group multiple bars per interval.
- We added the horizontal bar chart option for stacked and non-stacked data.
- We made enhancements to custom widget loading.
- Widgets will now display a loading bar at the bottom, providing a clear visual indicator of their loading status. Once the widget is fully loaded, you will see a green check mark.
- We also implemented incremental loading for widgets with large data records. For such widgets, the data will load in smaller chunks or incrementally, preventing timeouts and maintaining widget responsiveness.
- With the addition of short-term and long-term caching, you will experience faster load times for the widgets you’ve created.
- Resolved Issues
- We are always working to improve Workspace ONE Intelligence with every release. There are no major bug fixes to report.
![](https://juliuslienemann.wordpress.com/wp-content/uploads/2023/07/cropped-ws1-ico.png?w=1024)
Workspace ONE TOPdesk ITSM Integration
Receiving notifications, asking if the require assistance is a great way of reaching out to the end user.
Integrating TOPdesk with Workspace ONE ensures preventive and proactive action for all incidents.
Automatic incident creation also gives a complete view and control of the experience of the end user – no more issues, without IT knowing about it.
Handing out new devices will be made easier as IT administrators will no longer have to enter CMDB fields manually.
Employee experience will be increased as issues are spotted early and are possibly resolved before the know.
Important KB Articles and Announcements
Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com
Multi-Factor Authentication for Workspace ONE Mobile Threat Defense Tenants (6000034)
- Multi-Factor Authentication (MFA) is now supported for local administrators accessing Workspace ONE Mobile Threat Defense tenants. MFA applies to Mobile Threat Defense console local admin accounts only. External accounts authenticated via an Identity Provider (IDP) use the IDP provided MFA. Starting June 17, 2024, MFA will be a requirement for all local administrators on all Workspace ONE Mobile Threat Defense tenants.
- MFA augments password authentication by adding one-time passcodes generated by a mobile authenticator app. All local administrators accessing Workspace ONE Mobile Threat Defense tenants will be required to set up MFA in order to login starting from June 17, 2024. Any authenticator that generates standard time-based one-time passwords (TOTP) codes such as Hub Verify or Google Authenticator can be used. MFA applies to Mobile Threat Defense console local admin accounts only and not external accounts authenticated via an Identity Provider (IDP).
Upcoming changes to APNs for Applications for On-Premises Workspace ONE UEM (91116)
- Workspace ONE Productivity apps on iOS receive push notifications using APNs through Workspace ONE UEM. The certificates necessary to deliver these notifications need to be renewed every year that requires administrators of On-Premises environments to run a database script provided by VMware, before the expiry to avoid any disruptionWorkspace ONE Productivity Applications that are part of this process flow are:
- Workspace ONE Intelligent Hub
- Workspace ONE Boxer
- Workspace ONE Content
- Workspace ONE Web
APNs for Application certificate renewal for On Premise environments (50121242)
- Please review the instructions below to learn what actions are required when the Apple Push Notification service (APNs) for Application certificate expires in an On Premise environment.
- APNs for Application is the certificate that you are required to renew so that all enterprise applications continue to communicate with the Workspace ONE UEM Console.If the APNs for Application is not renewed, the existing applications on the devices will lose communication with Workspace ONE. The applications will not function on the device and will lose communication with the console. This means the applications will not receive new commands and any new changes made in the console. In order to prevent downtime associated with the iOS versions of Boxer, Content, Web, and Intelligent Hub, all On Premise customers who are utilizing these applications must execute a script on their Workspace ONE database.This APNs for Application certificate needs to be renewed every year and the script is available in the My Workspace ONE portal.
Multi Tab Kiosk Mode Enhancements (6000033)
- In Workspace ONE Web 24.06 for iOS and Android, there are enhancements been made in Multi tab kiosk mode. As part of this, URL bar is non-editable and Scan QR code is not accessible by default. This enhancement advances security feature of multi tab kiosk mode which is in line with Single tab kiosk mode. If customers want to enable URL bar and Scan QR code in Multi tab kiosk mode, they can achieve it by enabling KVP in the UEM. There are no changes in Single tab kiosk mode functionality.
- Due to Backend System Changes no new KBs published this week. Find the latest KBs now at https://kb.omnissa.com/s/.
- Migration work is still in progress for some functionalities.
- Links to documentation, product notes etc. in the EUC Newsletter will be fixed one after the other over the next weeks.
- Find all latest information, support portals, documentation etc. at:
VMware EUC related Security Advisories:
—No New Security Advisories this week—
High Priority KBs
- System Migration Changes Impacting Workspace ONE and Horizon Customers (97841)
The end-user computing (EUC) division of Broadcom will transition from VMware-hosted systems to EUC-hosted systems in April and May 2024. This transition is part of our preparation to become a standalone entity following the pending acquisition of EUC by KKR. - End of Life Announcement for the Legacy App Catalog in Workspace ONE UEM for SaaS UEM Customers (95774)
We are announcing the End of Life (EOL) for the UEM Legacy Catalog for UEM SaaS customers only at this time. If you are a On-Premises UEM Customer, this notice does not impact you at this time, further communications will follow for timelines on migrating On-Premises UEM Customers to the Intelligent Hub App Catalog. - Workspace ONE UEM – Updated requirements for on-premise cumulative patches (94706)
The base GA version for current Workspace ONE UEM releases is being revised through updated installers. On-premise customers will need to consume a revised installer for a given major version before any future cumulative patches can be deployed for that major version. These revised installers are required to address compatibility issues with regular cumulative patches. - Introducing Workspace ONE (WS1) UEM Next-Gen SaaS
VMware is excited to announce that the resource management & tracking improvements, the first major feature-based milestone in the Workspace ONE UEM Modernization Journey, is now available for customer testing. These improvements will be enabled in limited testing environments (CN135) starting on Thursday August 24, 2023.
Recently updated or added KBs (Links)
- Multi-Factor Authentication for Workspace ONE Mobile Threat Defense Tenants (6000034)
- Upcoming changes to APNs for Applications for On-Premises Workspace ONE UEM (91116)
- APNs for Application certificate renewal for On Premise environments (50121242)
- How to configure the iOS Tunnel MDM Profile for Full-Device Tunnel mode (6000032)
- Multi Tab Kiosk Mode Enhancements (6000033)
- Engaging Workspace ONE Professional Services (50104664)
- EUC Issue Type Definitions and Top Issues (6000031)
- [AGGL-16565] HTTP 400 error from Google during Android Enterprise registration (6000030)
- EUC Support Phone Numbers (6000004)
- Logoff after disconnect setting for published desktop is not working as expected in certain scenarios. (88417)
- VMware Horizon combined offerings with vSphere and vSAN will continue post divestiture (14804)
Digital Workspace Techzone, Blog and YouTube Updates
- Securing your Windows PCs against Recall with Workspace ONE UEM
- Inventorying Workspace ONE Devices for Windows 10 End of Life
- Windows 11 Readiness Operational Tutorial
- Guided Tour: Sensors for Collecting Data from Windows Devices
3rd Party Blog Updates & Industry News
- Android Enterprise Blog: How we’re making Android Enterprise signup and access to Google services better
- Rorymon.com: Apple Announces New AI Features! New VMware Deals! Patch Tuesday News!
- msandbu.org: What does the future workspace look like?
June Software Releases
tem | Component | Release | Announcement | Release Date |
iOS | Hub | 24.04 | Release Notes | 03.06.24 |
Android | Hub | 24.04 | Release Notes | 04.06.24 |
Windows | Tunnel Win10 | 24.05 | Release Notes | 06.06.24 |
Horizon | Horizon Cloud Service Next Gen | May 30 | Release Notes | 30.05.24 |
Backend | WS1 Intelligence | 24.05.20 | Release Notes | 04.06.24 |
iOS | Tunnel | 24.05 | Release Notes | 11.06.24 |
Android | Tunnel | 24.05 | Release Notes | staged |
iOS | Content | 24.06 | Release Notes | 13.06.24 |
Upcoming EUC Events
Event | Details | Date |
EUC TechInsights – Unlock the Possibilities of Android Management with Workspace ONE | egistration link: https://broadcom.zoom.us/webinar/register/WN_oaE6BB0gSTunzBgr_Kbm2w#/registration Unlock the Possibilities of Android Management with Workspace ONE Join us for our monthly EUC TechInsights webinar, “Unlock the Possibilities of Android Management with Workspace ONE,” where we delve into advanced topics such as Android management, enrollment options, and device management modes. Learn how to enhance productivity with Workspace ONE’s powerful features like OEM Config, remote support, and OS update management. This webinar will equip you with the knowledge to optimize your Android device management strategy using Workspace ONE. | 25th of June |
Securing Your Digital Workspace: The Essential Role of VMware Workspace ONE Tunnel | Registration link: https://broadcom.zoom.us/webinar/register/WN_Q4xDmQQKSl6OxFtW_07nMA Description: In an era where cybersecurity threats evolve daily, ensuring your digital workspace remains secure against sophisticated attacks is paramount. With recent incidents highlighting the vulnerabilities within traditional VPN solutions, it’s clear that a more robust and adaptable approach to remote access security is needed. Discover the Zero Trust Model: Learn how this security model can protect your organization against both external and internal threats by enforcing “never trust, always verify” policies. Gain experience with Workspace ONE Tunnel, showcasing its simplicity in deployment, flexibility, and how it embodies the principles of Zero Trust security. This session will explain use cases, include demonstrations of VMware WS1 Tunnel across different platforms, and offers the option to get all your questions answered. | 28th May 2024 |
EUC TechInsights Recordings | https://vmwaretv.vmware.com/channel/EUC+TECH+INSIGHTS/322091202 Sander Noordijk Laurens van Duijn Pim van de Vis | |
VMUG | Watch On-Demand webcasts here.Register for upcoming live webcasts here.Register for Regional VMUG events here. | |
End User Computing Webinars | Sign up for upcoming webcasts and watch VMware On-Demand webcasts here. |
EUC UX Research Opportunities
- Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
- Interested in giving your opinion and making your voice heard? Check out what’s available!
- Bonus: We give VMware swag to Customers who participate
EUC UX Research Opportunities:
- Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
- Interested in giving your opinion and making your voice heard? Check out what’s available!
Workspace One: Filter Redesign
- About: The placement of filters and where they’re located on the page is getting refreshed.
- What: Play with a clickable prototype on your own time in Maze, a user testing tool. It will record your audio and computer screen while you tell us what you think.
- SIGN UP HERE
Latest Patch & Seed Script Versions
- OS Updates Seed Script
- Most recent update: Android 15
- Last Update: CW24
- Seed Script for latest Device Model Information
- Seed Script for latest Device Model Information Seed Script to support new MacBook Air M3 model Mac15,2 models
- Last update: CW11
- Workspace ONE UEM 22.12
- Patch Level 22.12.0.46
- UM-8939 – VIS to UEM unlink is not removing the UEM user from the UEM group.
- Last Update: CW22
- Workspace ONE UEM 23.02
- Patch Level 23.02.0.45
- UM-8940 – VIS to UEM unlink is not removing the UEM user from the UEM group.
CRSVC-46414 – CellTrust integration was not working.
AMST-41258 – Arm64 hub was not getting published to device. - Last Update: CW23
- Workspace ONE UEM 23.06
- Patch Level 23.06.0.33
- LUEM-858 – All the Linux devices get the same lookup value for sensors.
- AGGL-16970 – Redirect to Google in EMM registration fails.
- AAPP-17407 – Refreshing sToken for a VPP v2 enabled OGs, resets migration flag.
- AAPP-17404 – Fix duplicate asset identifiers in an asset management V2 API call.
- ARES-27837 – Add FedRamp system code for identifying FedRamp customers
- Last Update: CW24
- Workspace ONE UEM 23.10
- Patch Level: 23.10.0.19
- UM-8842 – Unable to view User Groups for certain User Accounts regardless of the admin role.
- FCA-207737 – Physical memory values missing in Workspace ONE UEM devices or search API call.
- AMST-40244 – Actual file version is not updating when adding new version for Windows app.
- AGGL-16985 – Not able to publish public app with SG having devices.
- AAPP-17051 – VPP failures for asset management due to duplicate assets in request to V2 endpoints.
- Last Update: CW24
- Workspace ONE UEM 24.02
- Patch Level: 24.2.0.6
- AGGL-16822: Capability enrichment sample failing post the patch update in environment to update enterprise version.
- AGGL-16827: Android Device delete intermittently takes 4 hours to wipe the device.
- FCA-207587: DLV tooltip for friendly name is broken.
- FCA-207603: Device List view Export is not producing export to download.
- AMST-40616: Device state to capture new status for pause.
- AMST-40654: Pause status to be displayed in List view.
- AMST-41111: Bulk Management settings throwing error.
- FS-5414: Matches Found count is incorrect whenever adding/removing Application Versions/Names in Conditions.
- Last Update: CW18
Leave a comment