Weekly highlight:
Log4j vulnerability updates CVE-2021-44228 – VMware Digital Workspace Products
- Workspace ONE Assist and CVE-2021-44228: https://kb.vmware.com/s/article/87147?lang=en_US
- Log4j CVE-2021-44228
and CVE-2021-45046 in VMware Horizon and VMware Horizon Agent
(on-premises): https://kb.vmware.com/s/article/87073?lang=en_US
- CRSVC-25521 -
Workspace ONE UEM - Guidance for addressing CVE-2021-22054: https://kb.vmware.com/s/article/87167?lang=en_US
- Workaround
Instructions to address CVE-2021-44228 in VMware Identity Manager 3.3.X: https://kb.vmware.com/s/article/87093?lang=en_US
- HW-150543:
VMSA-2021-0028 for Workspace ONE and VMware Identity Manager Connector
(CVE-2021-44228, CVE-2021-45046): https://kb.vmware.com/s/article/87184?lang=en_US
- HW-150541:
VMSA-2021-0028, VMSA-2021-0030 for VMware Identity Manager
(CVE-2021-44228, CVE-2021-45046, CVE-2021-22056) (87185): https://kb.vmware.com/s/article/87185?lang=en_US
- Mitigation
instructions to address CVE-2021-44228 and CVE-2021-45046 in VMware
Unified Access Gateway (UAG): https://kb.vmware.com/s/article/87092?lang=en_US
- Workaround
instructions to address CVE-2021-44228 in Workspace ONE Access Connector
(87091): https://kb.vmware.com/s/article/87091?lang=en_US
Software Releases Week 51 - Release Notes
Updates to the recent Security breaches
Workspace ONE Assist and CVE-2021-44228: https://kb.vmware.com/s/article/87147?lang=en_US
Log4j CVE-2021-44228 and CVE-2021-45046 in VMware Horizon and VMware Horizon Agent (on-premises): https://kb.vmware.com/s/article/87073?lang=en_US
CRSVC-25521 - Workspace ONE UEM - Guidance for addressing CVE-2021-22054: https://kb.vmware.com/s/article/87167?lang=en_US
Workaround Instructions to address CVE-2021-44228 in VMware Identity Manager 3.3.X: https://kb.vmware.com/s/article/87093?lang=en_US
HW-150543: VMSA-2021-0028 for Workspace ONE and VMware Identity Manager Connector (CVE-2021-44228, CVE-2021-45046): https://kb.vmware.com/s/article/87184?lang=en_US
HW-150541: VMSA-2021-0028, VMSA-2021-0030 for VMware Identity Manager (CVE-2021-44228, CVE-2021-45046, CVE-2021-22056) (87185): https://kb.vmware.com/s/article/87185?lang=en_US
Mitigation instructions to address CVE-2021-44228 and CVE-2021-45046 in VMware Unified Access Gateway (UAG): https://kb.vmware.com/s/article/87092?lang=en_US
Workaround instructions to address CVE-2021-44228 in Workspace ONE Access Connector (87091): https://kb.vmware.com/s/article/87091?lang=en_US
ENRL-1714: New user is unable to enroll the device even when there is a registration record existing for the user and when same device is used for enrollment (87175)
Version- Workspace ONE UEM 2102 onwards
Set the Device Enrollment Mode to ‘Registered Devices Only’ and register a device to end user, upon enrollment the registration record was getting updated with all the device identifiers due to this device re-enrollments was getting blocked when device is re-set as UDID gets changed.This is caused because device identifiers were getting updated in device registration record when device was enrolled to User A and when User B was trying to re-enroll the same device enrollment was blocked as the device was registered to User A.
Customer was not able to re-enroll the devices without deleting the old record or manually updating the device registration record.
Resolution: Device registration record will not be updated with device Identifiers unless admin specifies it at the time of creating a registration record and same will be retained when user un-enrolls or deletes a device from console.
Workaround: Delete the device registration record created for User A or modify the registration record created for User A and remove the device identifier from the registration record.
KB-Reference: https://kb.vmware.com/s/article/87175?lang=en_US
Native Check In Check Out may not display notification to create a device passcode (87203)
When checking out a device with Native Check In Check Out, the user may not receive a notification to create a passcode.
The notification to create a passcode will show up only after the Managed Google account is created, which may not happen automatically until the user first clicks the notification to create the Managed Google account.
Workspace ONE Intelligence shows international i18n characters in report export (86395)
Workspace ONE Intelligence reports do not display non-English characters (e.g Chinese) properly in downloadable/CSV reports. Although, the same data is displayed correctly in Workspace ONE UEM report.
This is as designed. Please refer to the workaround to resolve this issue: https://kb.vmware.com/s/article/86395?lang=en_US
VMware Workspace ONE Digital Experience for macOS GA
We are very excited to bring our experience management offering to the macOS platform. Leveraging Workspace ONE beyond device management for hybrid desktop communities is a focus and priority for customers and the team behind this offering.
DEEM harvests telemetry from desktop devices and provides insights to take predictive actions. The Workspace ONE Intelligent Hub gets the data from devices and sends it to Workspace ONE Intelligence for display and interaction on the Devices and Apps dashboards. Listing of specific telemetry categories is provided in a data definition format here.
You can view and manipulate the data in modules. Focus your analysis to predict issues and to mitigate and fix problems. In the Desktop Device Dashboard module, find three tabs; Overview, Performance, and Errors. Additionally, customers can build custom dashboards, widgets, and reports to target specific scenarios or KPIs for their own environments.
Workspace ONE UEM Console : Licenses page scheduled for deprecation (81706)
Starting in Q1 2022, the Licenses page will be deprecated. The Licenses page can be viewed by navigating in the Workspace ONE UEM Console to All Settings > Admin > Licenses. This is only visible to users with the role of AirWatch Admin and System Admin, limiting the deprecation to On-Premise and Dedicated SaaS customers (as no Shared SaaS customers are permitted to hold these roles).
The Product Team is working towards developing an alternative space in the Workspace ONE UEM Console to display device counts for the future use of our customers.
KB-Reference: https://kb.vmware.com/s/article/81706?lang=en_US
AAGNT-193634: Android 11+ devices may not install certs used for WiFi authentication correctly (87128)
When installing certificates for Wi-Fi authentication, depending on the device manufacturer one of the required certificates may not install correctly in some situations.
All versions of Intelligent Hub on Android 11 and newer devices
The Workspace ONE Product Team is actively working with Google to identify and resolve this issue.
here is no known reliable workaround for this issue.
KB-Reference: https://kb.vmware.com/s/article/87128?lang=en_US
Change in the behavior of Tag API for Workspace ONE UEM (85567)
V1 Version:
In the upcoming releases of Workspace ONE UEM, there will be a change in the behavior of Tag API “tags/{tagId}/devices?LastSeen={lastSeen}" to consider Device Last Seen instead of Tag Added Date.
There won't be any changes to the API request or API response:API response
{
"Device": [
{
"DeviceId": 11,
"FriendlyName": "vm3 test device",
"DateTagged": "2021-07-27T11:28:42.930",
"DeviceUuid": "00000000-0000-0000-0000-000000000000"
}
]
}V2 Version: The V2 version of the API is having pagination for “retrieve devices for a tag”.TagUUID is passed to API instead of TagID. The batch size of the API is 100.
API call : /api/mdm/tags/C2802BCE-74DB-4F5D-8394-71F3F96D853D/devices?page=1&pagesize=1
api body : {
"devices": [
{
"device_id": 15593,
"friendly_name": "user1_4d13f94b-230d-4519-959a-7efbbdaf38e6 iOS 10.0.0 B62C\"John\" \"Doe\"10869212-d0cd-46bf-90e5-7a97eeef48412798712754978100.0.0.0",
"date_tagged": "2021-12-01T04:04:15.96",
"device_uuid": "7420b444-d316-419c-ad9f-291ac9988e01",
"device_last_seen": "0001-01-01T00:00:00"
}
],
"total": 1,
"_links": {}
}The only change with this API is LastSeen parameter which was considering Device TAG date. It will be considering device last seen date with this change in future releases.
2022 VMware Workspace ONE UEM Maintenance (81448)
The table in the KB outlines the VMware Workspace ONE UEM® standard maintenance schedule for all SaaS environments in 2022. All times are Eastern Standard.
Please subscribe to regular updates and potential changes.
VMware Techzone, YouTube and Blog Updates
Onwards to 2022: Digital Employee Experience is on the Driver Seat, for a Self-Driving IT
https://blogs.vmware.com/euc/2021/12/onwards-to-2022-digital-employee-experience-is-on-the-driver-seat-for-a-self-driving-it.htmlTechzone Podcast: Happy Holidays! Come join us at VMware!
https://techzone.vmware.com/?share=podcast4330&title=happy-holidays-come-join-us-at-vmwareTech Zone: Why are there so many products called Workspace ONE, and how are they different?
https://blogs.vmware.com/euc/2021/12/tech-zone-why-are-there-so-many-products-called-workspace-one-and-how-are-they-different.htmlDynamic Environment Manager Gets a Boost from Workspace ONE UEM
https://blogs.vmware.com/euc/2021/12/dynamic-environment-manager-gets-a-boost-from-workspace-one-uem.htmlWorkspace ONE 2111 and macOS – Freestyle Orchestrator Now Automates Mac Management
https://blogs.vmware.com/euc/2021/12/workspace-one-2111-and-macos-freestyle-orchestrator-now-automates-mac-management.htmlWindows Modern Management with Workspace ONE is Legit!
https://blogs.vmware.com/euc/2021/12/windows-modern-management-with-workspace-one-is-legit.html
Blog, 3rd Party and Partner Updates
No API to Block that Pesky MacOS Service? Workspace ONE to the Rescue!
https://mobile-jon.com/2021/12/20/no-api-to-block-that-pesky-macos-service-workspace-one-to-the-rescue/Android: Beta 1 Update for 12L feature drop!
https://android-developers.googleblog.com/2021/12/beta-1-update-for-12l-feature-drop.html
Beta, Early Adopter and Lab Projects
Container-wide Tunnel for Android Enterprise Technical Preview
Introducing Container-wide Tunnel for Android Enterprise (Technical Preview)
Tunnel on Android now supports tunneling all device traffic within the AE container regardless of source application in both Work Managed and Work Profile modes.
This may be used by customers still transitioning to Zero Trust access architectures enabled with per-app tunneling.
Enabling container-wide tunneling on Android devices requires UEM console 2111+.
Running 12/17/2021 - 1/10/2022
December Software Releases
Patch & Seed Script Updates Week 51
OS Seed Script Update
Most recent updates: IOS 15.3.0 tvOS 15.3.0 macOS Monterey 12.2.0, macOS Big Sur 11.6.3
https://resources.workspaceone.com/view/rywydmj6ghb9nmch4ywq/en
Last Update: CW51
Custom Script to Allow Android 12 enrollments into Workspace ONE UEM Console
Agnostic script to update seed data to allow Android 12 enrollments into the Console.
https://resources.workspaceone.com/view/rvfdv9s6mhsh4xgdxf7f/en
Last Update: CW44
Workspace ONE UEM 20.05
Patch Level: 20.5.0.52
AAPP-12517 - Generate unique PayloadIdentifier in configuration profile on push
Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2005/rn/VMware-Workspace-ONE-UEM-Release-Notes-2005.html#-20-5-0-52--patch-resolved-issues-resolvedLast Update: CW35
Workspace ONE UEM 20.08
Patch Level: 20.8.0.36
Security Updates.
Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2008/rn/VMware-Workspace-ONE-UEM-Release-Notes-2008.html#-20-8-0-34-patch-resolved-issues-resolvedLast Update: CW50
Workspace ONE UEM 20.11
Patch Level: 20.11.0.40
Security Updates.
Last Update: CW50
Workspace ONE UEM 21.02
Patch Level: 21.2.0.27
Security Updates.
Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2102/rn/Workspace-ONE-UEM-2102-Release-Notes.html#-21-2-0-26-patch-resolved-issues-resolvedLast Update: CW50
Workspace ONE UEM 21.05
Patch Level: 21.5.0.35, latest level .37
MACOS-2712: iOS profile with Allow Removal With Authentication failing to install on supervised device.
PPAT-10193: Mac Tunnel profile is not installing and profile XML view is crashing when DTR are configured.
PPAT-10227: MacOS Tunnel VPN profile fails to install.
Security Updates.
Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2105/rn/Workspace-ONE-UEM-2105-Release-Notes.html#21-5-0-35-patch-resolved-issues-resolved
Last Update: CW50
Workspace ONE UEM 21.09
Patch Level: 21.9.0.15
AMST-34765: Dropship Provisioning Staging user creation, Revoke token and sync button fixes.
CMCM-189505: Uploading large PDF files will cause the Web Console to become inaccessible.
CRSVC-25524: Remove the usage of the encrypted URL query parameter.
CRSVC-25792: Time Window - Time Window is not correctly updated when the Locale of the Console Administrator is set to Non-US.
CRSVC-25839: New enrollments of Boxer fail to connect to on-premises Exchange through SEG after Workspace ONE UEM 2109 upgrade.
UM-7244: Patch fails due to existing back up tables- Rename the back up tables to be more unique.
Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2109/rn/Workspace-ONE-UEM-2109-Release-Note.html#21-9-0-13-patch-resolved-issues-resolved
Last Update: CW51
Comments
Post a Comment