Welcome to the anywhere workspace

Week 24-2024 VMware Enduser Computing Updates

🎯 Apple WWDC Announcement Overview 🎯 APNS for Apps Renewal 🎯 Important KBs, Techzone and Blog Posts

JuliusLienemann
19 minutes
, , , , , ,

Release Updates Week 24

Workspace ONE Hub Services

  • Device Enrollment Terms of Use support in Workspace ONE Intelligent Hub

Workspace ONE Intelligent Hub app users can now view and act on updates to the Terms of Use (TOU) for any of their enrolled devices directly within the Workspace ONE Intelligent Hub app. Previously, this functionality was only available through the Self-Service Portal (SSP), requiring users to log in separately, often delaying critical actions on TOU updates. By integrating this feature into the Intelligent Hub app, we streamline it into the regular employee workflow, allowing for more immediate responses to TOU updates.

This functionality is currently available on Hub Web and Windows.

  • Application Terms of Use support in Workspace ONE Intelligent Hub

Users of the Hub native applications (i.e. Hub iOS, Android and Windows) can now view and act on updates to the Terms of Use (TOU) associated with any applications installed on their devices. Previously, Intelligent Hub prompted users for TOU action (acceptance or rejection) only during the initial app installation via the Hub catalog, with no way to address subsequent TOU updates. This new feature enables users to stay updated and respond to TOU changes at any time.

This functionality is currently available on Windows on all Intelligent Hub app versions. For iOS and Android, please refer to the iOS and Android Hub release notes for the Intelligent Hub version which adds support for this feature.

NOTE: This was the last significant parity gap between the Hub Services app catalog and the legacy UEM app catalog, which is already scheduled for end-of-life See KB article 95774

  • Increase in limit for Employee Self-Service Helpful Links from 10 to 20

Hub Services admins can now configure up to 20 Helpful Links in the Employee Self-Service section of the Hub admin console, doubling the previous limit of 10 links. This increased capacity allows admins (UEM and Horizon) to provide more self-service content, such as knowledge bases (KBs), for end users in the Intelligent Hub Self-Support tab.

WWDC 2024 IT Announcements

Apple Business Manager and Apple School Manager:

  • Domain Capture and Account Transfer: Organizations can now ensure all Apple Accounts using their domain are managed. Users can transfer their personal accounts to Managed Apple Accounts or rename them to free up the domain.
  • Activation Lock Management: Admins can now turn off Activation Lock for organization-owned devices without needing AppleCare support.
  • Support for Apple Watch and Apple Vision Pro: These devices can now be managed within Apple Business Manager and Apple School Manager.
  • SIS Synchronization Updates: Improved synchronization with additional vendors and options to prevent duplicate entries during data import.

Device Management:

  • Safari Extensions Management: Organizations can now manage Safari extensions on supervised devices.
  • Software Update Management: Declarative device management replaces MDM profiles for software updates, offering more resilient management.
  • Beta Software Management: Organizations can now remotely enroll devices into beta programs and manage beta software installations.
  • Apps and Books API: Enhanced API capabilities for retrieving information about apps and books.
  • Provisioning and Managing Users: New APIs for enterprise app developers to automate tasks like provisioning profile generation.

New Hardware Requirements for Managed Device Attestation:

  • Attestations will be issued only to devices meeting specific hardware requirements (A11 Bionic chip or later for iPhone, iPad, Apple TV; Apple silicon for Mac).

Security Improvements:

  • Push Notifications: CSRs for Apple Push Notification service must now be signed with the SHA2 algorithm.

macOS Management:

  • Passkey and Hardware Security Key Support: Support during enrollment for ASWebAuthenticationSession.
  • Platform Single Sign-On: Extended to require IdP authentication across various macOS security points.
  • External and Network Storage Access: New configuration to manage external or network storage access.
  • Local Network Access: Apps and agents must now request permission to interact with local devices.
  • Virtual Machine Updates: iCloud sign-in and Erase All Contents and Settings are now supported on macOS virtual machines.

iOS and iPadOS Management:

  • Hiding and Locking Apps: New options to require authentication to open apps and hide them from the Home Screen.
  • In-House App Installations: Device restart is now required to complete the trust of provisioning profiles for manually installed apps.
  • eSIM Updates: New restrictions to prevent eSIM removal during device erase and control eSIM transfers.

tvOS Management:

  • Return to Service: New management capabilities for Apple TV devices.

visionOS Management:

  • Automated Device Enrollment for Apple Vision Pro: Enhanced enrollment capabilities.

Apple Configurator for Mac Updates:

  • New actions and improved status reporting for Shortcuts.

Education-Specific Updates:

  • Calculator on iPad: New addition.
  • Multiapp Assessment Mode for iPad: Improved capabilities for educational assessments.
  • Schoolwork 3.0: New features for the Classroom app.

Workspace ONE Access

  • Support for Entra ID MFA as additional authentication method

Workspace ONE Access now enables integration with Microsoft Entra ID MFA as an additional authentication method. Users can log in to Workspace ONE Access using their existing authentication methods, and then be prompted for the Entra ID MFA without an additional Entra ID login prompt. This feature simplifies the user experience while adding the feature-rich Entra MFA capabilities to Workspace ONE Access authentication.

Workspace ONE Tunnel for iOS 24.05

  • In this release, we have made a few updates containing general quality and performance improvements with no new features.

Workspace ONE Tunnel for Android 24.05 (staged)

  • New workflow to allow Tunnel to be exempt from battery optimization.

Workspace ONE Tunnel for Android 24.05 (staged)

  • New workflow to allow Tunnel to be exempt from battery optimization.

Horizon Cloud Service – next-gen

  • Horizon Edge
    • You can now switch your Horizon Edge Gateway deployment type from Single Virtual Machine to Azure Kubernetes Services (AKS) to enable high availability to the Edge Gateway.
    • The Italy North region is now available for Horizon Edges deployed in Microsoft Azure. 
    • The Israel Central region is now available for Horizon Edges deployed in Microsoft Azure. 
  • Desktops and Applications
    • App Volumes
      • File Shares for storing App Volumes packages now support the Microsoft Azure automated key rotation functionality to enhance security by ensuring that storage account access keys are regularly updated.
    • Pool Groups
      • Applications from different sources (automatically scanned, manual applications, or App Volumes) are now grouped by name, publisher, and application type. Consequently, manual applications are no longer grouped with automatically scanned applications.
  • Help Desk
    • The Help Desk Administrator role has been added to enable restricted access to the Horizon Universal Console for admins who only need to perform help desk related actions.

Workspace ONE Intelligent Hub for iOS 24.04

Bug Fixes

EOL Notice – The Legacy Catalog in UEM for SaaS UEM Customers will be EOGS on August 31, 2024 and EOL on October 31, 2024. Refer to KB article for details.

Note: If you are using the App Catalog in Intelligent Hub, then you are already migrated and no action is needed. This applies for all platforms (iOS, Android, macOS, Windows).

Background processing improvements for Workspace ONE Mobile Threat Defense.

Improvements to graphics for enrollment screens

Workspace ONE Intelligent Hub 24.04 for Android

  • Accessibility improvements in Intelligent Hub
  • Support for enabling 3rd-party cookies when authenticating with Workspace ONE Access: In some cases, Intelligent Hub needs to support 3rd-party cookies in order for users to authenticate with Workspace ONE Access. In cases where 3rd-party cookie support is required and this is not enabled, users may see a “cookies not supported” error in Intelligent Hub. See How to Enable 3rd-party Cookies for Workspace ONE Access Authentication in the Beta Resources for more information on how to test this feature.
  • Intelligent Hub processes pending actions and delivers samples at a more consistent frequency: When an Android device exits Doze Mode, Intelligent Hub will now count the time the device spent in Doze Mode to determine when to next execute certain recurring tasks. Previously, the time a device spent in Doze Mode would not be considered in this calculation, which extended the time between executions of said recurring tasks on devices that frequently entered Doze Mode. These tasks include processing pending actions in Workspace ONE UEM, such as installation of profiles and apps, as well as sending device information to Workspace ONE UEM.
  • Higher priority for Tunnel Profile installation: In instances where Intelligent Hub needs to apply multiple resources, it will install Tunnel Profiles before most other resources. This can accelerate setup of Workspace ONE Tunnel during checkout of shared devices, which in turn can allow users to authenticate with applications sooner using Mobile SSO.  
  • Improvements to Samsung KNOX integration: Intelligent Hub uses a Samsung KNOX License to leverage Samsung-specific Android device management functionality, such as Samsung-only profiles. Intelligent Hub 24.04 improves the resilience of this integration to prevent issues where the KNOX license key is not properly activated. 
  • Bug Fixes

Workspace ONE Intelligence 24.05.20

  • We improved column management in widgets.
    • Hide or display selected columns, and arrange columns in a desired order. 
  • We made improvements to how custom widgets process and display date ranges for time series events.
    • You can select an entire date range for the frequency of relative time ranges.
    • We added a bar chart option that you can group multiple bars per interval.
    • We added the horizontal bar chart option for stacked and non-stacked data.
  • We made enhancements to custom widget loading.
    • Widgets will now display a loading bar at the bottom, providing a clear visual indicator of their loading status. Once the widget is fully loaded, you will see a green check mark.
    • We also implemented incremental loading for widgets with large data records. For such widgets, the data will load in smaller chunks or incrementally, preventing timeouts and maintaining widget responsiveness.
    • With the addition of short-term and long-term caching, you will experience faster load times for the widgets you’ve created.
  • Resolved Issues
    • We are always working to improve Workspace ONE Intelligence with every release. There are no major bug fixes to report.

Workspace ONE TOPdesk ITSM Integration

Receiving notifications, asking if the require assistance is a great way of reaching out to the end user.

Integrating TOPdesk with Workspace ONE ensures preventive and proactive action for all incidents.
Automatic incident creation also gives a complete view and control of the experience of the end user – no more issues, without IT knowing about it.

Handing out new devices will be made easier as IT administrators will no longer have to enter CMDB fields manually.

Employee experience will be increased as issues are spotted early and are possibly resolved before the know.

Important KB Articles and Announcements

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com

Multi-Factor Authentication for Workspace ONE Mobile Threat Defense Tenants (6000034)

  • Multi-Factor Authentication (MFA) is now supported for local administrators accessing Workspace ONE Mobile Threat Defense tenants. MFA applies to Mobile Threat Defense console local admin accounts only. External accounts authenticated via an Identity Provider (IDP) use the IDP provided MFA. Starting June 17, 2024, MFA will be a requirement for all local administrators on all Workspace ONE Mobile Threat Defense tenants. 
  • MFA augments password authentication by adding one-time passcodes generated by a mobile authenticator app. All local administrators accessing Workspace ONE Mobile Threat Defense tenants will be required to set up MFA in order to login starting from June 17, 2024. Any authenticator that generates standard time-based one-time passwords (TOTP) codes such as Hub Verify or Google Authenticator can be used. MFA applies to Mobile Threat Defense console local admin accounts only and not external accounts authenticated via an Identity Provider (IDP).

Upcoming changes to APNs for Applications for On-Premises Workspace ONE UEM (91116)

  • Workspace ONE Productivity apps on iOS receive push notifications using APNs through Workspace ONE UEM. The certificates necessary to deliver these notifications need to be renewed every year that requires administrators of On-Premises environments to run a database script provided by VMware, before the expiry to avoid any disruptionWorkspace ONE Productivity Applications that are part of this process flow are:
    1. Workspace ONE Intelligent Hub
    2. Workspace ONE Boxer
    3. Workspace ONE Content
    4. Workspace ONE Web

APNs for Application certificate renewal for On Premise environments (50121242)

  • Please review the instructions below to learn what actions are required when the Apple Push Notification service (APNs) for Application certificate expires in an On Premise environment.
  • APNs for Application is the certificate that you are required to renew so that all enterprise applications continue to communicate with the Workspace ONE UEM Console.If the APNs for Application is not renewed, the existing applications on the devices will lose communication with Workspace ONE. The applications will not function on the device and will lose communication with the console. This means the applications will not receive new commands and any new changes made in the console. In order to prevent downtime associated with the iOS versions of Boxer, Content, Web, and Intelligent Hub, all On Premise customers who are utilizing these applications must execute a script on their Workspace ONE database.This APNs for Application certificate needs to be renewed every year and the script is available in the My Workspace ONE portal.

Multi Tab Kiosk Mode Enhancements (6000033)

  • In Workspace ONE Web 24.06 for iOS and Android, there are enhancements been made in Multi tab kiosk mode. As part of this, URL bar is non-editable and Scan QR code is not accessible by default. This enhancement advances security feature of multi tab kiosk mode which is in line with Single tab kiosk mode. If customers want to enable URL bar and Scan QR code in Multi tab kiosk mode, they can achieve it by enabling KVP in the UEM. There are no changes in Single tab kiosk mode functionality.

System Migration Changes

  • Due to Backend System Changes no new KBs published this week. Find the latest KBs now at https://kb.omnissa.com/s/.
  • Migration work is still in progress for some functionalities.
  • Links to documentation, product notes etc. in the EUC Newsletter will be fixed one after the other over the next weeks.
  • Find all latest information, support portals, documentation etc. at:
ServiceOld LinkNew Link
CustomerConnectcustomerconnect.vmware.comcustomerconnect.omnissa.com
CSPcloud.vmware.comconnect.omnissa.com
Documentationdocs.vmware.comdocs.omnissa.com
KBkb.vmware.comkb.omnissa.com
Techzonetechzone.vmware.comtechzone.omnissa.com
MyLearnmylearn.vmware.comlearning.omnissa.com/learn
MyWorkspaceONEmy.workspaceone.commy.workspaceone.com
Horizon Launcherlaunch.vmware.comlaunch-horizon.omnissa.com
Horizon ControlPlanecloud.horizon.vmware.comtbd
EUC Beta Portalbeta-ea.vmware.com/tbd
Aha! Feature Requestswsone.ideas.aha.iowsone.ideas.aha.io
Status WorkspaceONEstatus.workspaceone.com/status.workspaceone.com/
Omnissa PartnerConnectvmware.com/partners/work-with-vmware/partner-connect.htmlomnissa.my.site.com/partnerconnect
Product Lifecycle Matrixlifecycle.vmware.com/docs.omnissa.com/bundle/Product-Lifecycle-Matrix/page/lifecyclematrix.html
Omnissa Community Forum community.omnissa.com/
Developer Portaldeveloper.vmware.comdeveloper.omnissa.com
ConfigMaxRecommended configuration limits for VMware products configmax.omnissa.com
Interoperability Matrixinteropmatrix.vmware.cominteropmatrix.omnissa.com/Interoperability

VMware EUC related Security Advisories:

—No New Security Advisories this week—

High Priority KBs

Recently updated or added KBs (Links)

Digital Workspace Techzone, Blog and YouTube Updates

3rd Party Blog Updates & Industry News

June Software Releases

temComponentReleaseAnnouncementRelease Date
iOSHub24.04Release Notes03.06.24
AndroidHub24.04Release Notes04.06.24
WindowsTunnel Win1024.05Release Notes06.06.24
HorizonHorizon Cloud Service Next GenMay 30Release Notes30.05.24
BackendWS1 Intelligence24.05.20Release Notes04.06.24
iOSTunnel24.05Release Notes11.06.24
AndroidTunnel24.05Release Notesstaged
iOSContent24.06Release Notes13.06.24

Upcoming EUC Events

EventDetailsDate
EUC TechInsights – Unlock the Possibilities of Android Management with Workspace ONEegistration linkhttps://broadcom.zoom.us/webinar/register/WN_oaE6BB0gSTunzBgr_Kbm2w#/registration
Unlock the Possibilities of Android Management with Workspace ONE Join us for our monthly EUC TechInsights webinar, “Unlock the Possibilities of Android Management with Workspace ONE,” where we delve into advanced topics such as Android management, enrollment options, and device management modes. Learn how to enhance productivity with Workspace ONE’s powerful features like OEM Config, remote support, and OS update management. This webinar will equip you with the knowledge to optimize your Android device management strategy using Workspace ONE.		25th of June
Securing Your Digital Workspace: The Essential Role of VMware Workspace ONE TunnelRegistration linkhttps://broadcom.zoom.us/webinar/register/WN_Q4xDmQQKSl6OxFtW_07nMA

 
Description: In an era where cybersecurity threats evolve daily, ensuring your digital workspace remains secure against sophisticated attacks is paramount. With recent incidents highlighting the vulnerabilities within traditional VPN solutions, it’s clear that a more robust and adaptable approach to remote access security is needed.
Discover the Zero Trust Model: Learn how this security model can protect your organization against both external and internal threats by enforcing “never trust, always verify” policies.
Gain experience with Workspace ONE Tunnel, showcasing its simplicity in deployment, flexibility, and how it embodies the principles of Zero Trust security.
This session will explain use cases, include demonstrations of VMware WS1 Tunnel across different platforms, and offers the option to get all your questions answered.		28th May 2024
EUC TechInsights Recordingshttps://vmwaretv.vmware.com/channel/EUC+TECH+INSIGHTS/322091202
Sander Noordijk
Laurens van Duijn
Pim van de Vis
VMUGWatch On-Demand webcasts here.Register for upcoming live webcasts here.Register for Regional VMUG events here.
End User Computing WebinarsSign up for upcoming webcasts and watch VMware On-Demand webcasts here

EUC UX Research Opportunities  

  • Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
  • Interested in giving your opinion and making your voice heard? Check out what’s available!
  • Bonus: We give VMware swag to Customers who participate  

EUC UX Research Opportunities: 

  • Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
  • Interested in giving your opinion and making your voice heard? Check out what’s available!

Workspace One: Filter Redesign

  • About: The placement of filters and where they’re located on the page is getting refreshed.
  • What: Play with a clickable prototype on your own time in Maze, a user testing tool. It will record your audio and computer screen while you tell us what you think.
  • SIGN UP HERE

Latest Patch & Seed Script Versions

  • Workspace ONE UEM 22.12
    • Patch Level 22.12.0.46
    • UM-8939 – VIS to UEM unlink is not removing the UEM user from the UEM group.
    • Last Update: CW22
  • Workspace ONE UEM 23.02
    • Patch Level 23.02.0.45
    • UM-8940 – VIS to UEM unlink is not removing the UEM user from the UEM group.
      CRSVC-46414 – CellTrust integration was not working.
      AMST-41258 – Arm64 hub was not getting published to device.
    • Last Update: CW23
  • Workspace ONE UEM 23.06
    • Patch Level 23.06.0.33
    • LUEM-858 – All the Linux devices get the same lookup value for sensors.
    • AGGL-16970 – Redirect to Google in EMM registration fails.
    • AAPP-17407 – Refreshing sToken for a VPP v2 enabled OGs, resets migration flag.
    • AAPP-17404 – Fix duplicate asset identifiers in an asset management V2 API call.
    • ARES-27837 – Add FedRamp system code for identifying FedRamp customers
    • Last Update: CW24
  • Workspace ONE UEM 23.10
    • Patch Level: 23.10.0.19
    • UM-8842 – Unable to view User Groups for certain User Accounts regardless of the admin role.
    • FCA-207737 – Physical memory values missing in Workspace ONE UEM devices or search API call.
    • AMST-40244 – Actual file version is not updating when adding new version for Windows app.
    • AGGL-16985 – Not able to publish public app with SG having devices.
    • AAPP-17051 – VPP failures for asset management due to duplicate assets in request to V2 endpoints.
    • Last Update: CW24
  • Workspace ONE UEM 24.02
    • Patch Level: 24.2.0.6
    • AGGL-16822: Capability enrichment sample failing post the patch update in environment to update enterprise version.
    • AGGL-16827: Android Device delete intermittently takes 4 hours to wipe the device.
    • FCA-207587: DLV tooltip for friendly name is broken.
    • FCA-207603: Device List view Export is not producing export to download.
    • AMST-40616: Device state to capture new status for pause.
    • AMST-40654: Pause status to be displayed in List view.
    • AMST-41111: Bulk Management settings throwing error.
    • FS-5414: Matches Found count is incorrect whenever adding/removing Application Versions/Names in Conditions.
    • Last Update: CW18

Leave a comment

Trending