VMware Digital Workspace Newsletter - Week 5

                 

     

 

 





 

 

 

Weekly highlight: 

 

AAPP-13137 - Certificates may be revoked on cellular iOS devices when the device is rebooted and not yet first unlocked (87496)

  • iOS cellular devices may incorrectly omit certificates from Certificate List samples in certain scenarios. As a result, Workspace ONE UEM may revoke the affected certificate(s) based on the configured certificate revocation grace period.
  • Upon revocation of the certificate under Device Details > More > Troubleshooting > Event log administrator may observe the event shown in the KB.
  • This occurs on:
  • Cellular iOS devices after a reboot and before first unlock
  • All supported Workspace ONE UEM versionsThis occurs on:
  • When a cellular iOS device is rebooted (e.g. during an OS update) and has not been unlocked for the first time, the device may respond to any query for the certificate list with an empty certificate list. This occurs even if there are valid certificates installed on the device. After a first unlock, the device will respond normally with its full certificate list.
  • This only occurs for cellular iOS devices because Wi-Fi-only iOS devices cannot connect to Wi-Fi after a reboot without the device being unlocked. 
  • Workspace ONE UEM currently revokes device certificates under the following circumstances to clean-up any undesired certificates on the target device.
    1. Enterprise wipe / Device wipe / Delete device / Un-enrollment  
    2. Profile removal 
    3. Manual revocation of the certificate from console 
    4. Absence of a certificate during a regular check-in/sample

 

 

 

 

 

 

Week 05 Software Releases

 

System

Component

Release

Announcement

Release Date

Android

SDK

22.1

  • We've updated the OpenSSL version to 1.0.2zaa.
  • We've updated the LittleProxy libraries.
  • Bug Fixes

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-SDK-for-Android.html

29.01.22

iOS

Hub

22.01

  • Hub will now automatically show the search bar in the People tab without having to swipe down
  • If the Favorites tab is not enabled by your admin, the Favorites section will no longer show
  • Improvements to deep linking to internal applications, this includes the case where end users may see duplicate icons and if they have not opened Hub in a while, they would see out of date information
  • Support for Token Authentication when using Workspace ONE Access as the source of authentication

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Workspace-ONE-Intelligent-Hub-for-iOS.html

03.02.22

iOS

Notebook

22.01

  • KVP for Modern Authentication through WKWebView
  • Support of editing and syncing of flagged tasks to the server
  • Support of special characters in email addresses through Exchange Authentication
  • Bug fixes and quality improvements

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Notebook-for-iOS.html

03.02.22

Android

Content

22.01

  • Improved viewer experience for office documents (Word, Excel, PowerPoint and Text file)
  • Thumbnail Preview - users will have advance browsing experience on the app, they can have a quick preview of the content without opening it with the help of thumbnails.
  • Optimised overall performance of the application
  • Multi-level Sync support - This feature allows WS1-Content admins to sync multiple level of content when documents are marked for auto-download to give users a reliable experience

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workpace-ONE-Content-for-Android.html

03.02.22

Android

Tunnel

21.12

  • Technical Preview: Introducing Container-wide Tunnel for Android Enterprise

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Tunnel-for-Android-Release-Notes.html

03.02.22

(staged)

Horizon

Horizon Cloud Service

2201

  • LDAPS can now be selected as the protocol when registering Active Directory. This feature is available when your tenant is explicitly enabled for it and the pods are on this release's manifest level. To request enablement, you must file a support request as described in VMware KB article 2006985
  • Unified Access Gateway logs can now be sent to a syslog server
  • Dynamic Environment Manager can now distinguish between internal and external users when connecting through Universal Broker
  • Session data for users connecting through Universal Broker will now show breakdown of logon segments
  • A notice will now be shown in the Horizon Universal Console to the administrator if the Unified Access Gateway is upgraded and there may be a need to update the configuration for RADIUS to address changes to the IP addresses
  • When using Image Management Service (IMS) with Horizon pods, you can now select which pods the multi-pod images are copied to
  • Windows Server 2019 is now a supported OS for Horizon pods

https://docs.vmware.com/en/VMware-Horizon-Cloud-Service/services/rn/horizon-service-relnotes.html

03.02.22

Android

Hub

22.01

  • User Bookmarks
    • Now you can access your Intelligent Hub Web bookmarks on your Android device.
    • This can be found in your favorites tab in the area called “Web Links”
    • You can also add your own URLs  
  • Install a root certificate during QR code device provisioning
  • Allow removal of Chrome from Android Enterprise devices
  • Set Cross Profile Packages (Connected Apps)
  • Protect system apps from being disabled on add version/uninstall of Allowlist Application Control Profile
  • Support for the Clear Application Data command for Android 9+ Work Managed devices

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Introducing-VMware-Workspace-ONE-Intelligent-Hub-for-Android.html

03.02.22

(staged)

VMware Workspace ONE Access - Register FIDO2 Device Currently Not Supported on Safari Web Browser (87500)

  • Due to a recent change by Apple, Workspace ONE Access currently does not support registering a FIDO2 security key device on all version of the Safari web browser for the FIDO2 authentication method. A user attempt to register a FIDO2 device on Safari will result in an unresponsive FIDO2 enrollment login page.
  • This resource provides a workaround for a known issue registering a new FIDO2 security key device on the Safari web browser.
  • A recent Apple update to Safari's implementation of the WebAuthn API is incompatible with Workspace ONE Access FIDO2 registration.
  • KB: https://kb.vmware.com/s/article/87500?lang=en_US

 

Workspace ONE Access 20.10 OnPrem : Resolution to Increased loading times of the Catalog (87494)

  • Issues while loading of the catalog and occurrence of "com.hazelcast.client.HazelcastClientNotActiveException" exceptions in catalog-portal logs (for on-premises customers of Hub Services only)
  • This article provides information for on-premises Customers of Access and Hub Services to fix an issue with the Hub Catalog taking a significant amount of time to load.
  • Hazelcast client threads running within catalog-portal application acquire locks with indefinite lease time. If such threads do not release the locks (in case of any errors), the locks thus acquired by the threads are not auto-released, which blocks remaining threads that might be waiting to acquire the same lock.
  • Enable Hazelcast client threads running within catalog-portal application to acquire locks with pre-defined lease time, so that such locks are auto-released after the expiration of the lease time. This will enable other waiting threads to acquire the locks.
  • The fix has been provided and is available as a hotfix for on-premise customers https://resources.workspaceone.com/view/h6vnr2hq4d35kghhlwpb/  
  • Please check https://kb.vmware.com/s/article/87494?lang=en_US for more information.

 

VMware Workspace ONE Intelligent Hub, Assist, and Launcher will end support for Android 5.0.x & Android 5.1.x, in 2022 and 2023 respectively (87466)

  • In order to focus on incorporating functionality available in newer versions of the Android operating system, Workspace ONE Intelligent Hub, Assist, and Launcher for Android will drop support for devices using Android OS 5.0.x upon release of Android 13 (expected in Q3 2022) and Android OS 5.1.x upon release of Android 14 (expected Q3 2023). 
    • Upon Android 13’s release (expected in Q3 2022), new releases of Workspace ONE Intelligent Hub, Assist, and Launcher will no longer support Android 5.0.x. 
    • Upon Android 14’s release (expected in Q3 2023), new releases of Workspace ONE Intelligent Hub, Assist, and Launcher will no longer support Android 5.1.x. 
  • Customers should upgrade their Android devices to meet the minimum operating system requirements to utilize subsequent Workspace ONE Intelligent Hub, Assist, and Launcher releases. After upgrading the Android OS:
    • The Workspace ONE Intelligent Hub can be updated through the Google Play Store.
    • The latest versions of Workspace ONE Assist can be downloaded from the My Workspace ONE portal and deployed through the Workspace ONE UEM console as an internal app.
    • To receive new versions of Workspace ONE Launcher, navigate to Groups & Settings > All Settings > Devices & Users > Android > Service Applications > AirWatch Launcher Version. Then select the version of Launcher to be deployed to devices.
  • KB-Reference: https://kb.vmware.com/s/article/87466?lang=en_US

 

 

VMware Workspace ONE Access - Register FIDO2 Device Currently Not Supported on Safari Web Browser (87500)

  • Due to a recent change by Apple, Workspace ONE Access currently does not support registering a FIDO2 security key device on all version of the Safari web browser for the FIDO2 authentication method. A user attempt to register a FIDO2 device on Safari will result in an unresponsive FIDO2 enrollment login page.
  • This resource provides a workaround for a known issue registering a new FIDO2 security key device on the Safari web browser.
  • Workspace ONE Access is currently working on providing support for FIDO2 registration on the Safari web browser. In the meantime, please refer to the workaround to resolve this issue.
  • Please use another supported web browser when registering a new FIDO2 device for FIDO2 authentication on Workspace ONE Access. Refer to the documentation table for supported web browsers and authenticator types. After the FIDO2 device is registered, users can return to Safari version 14+ for FIDO2 authentication with their registered device.
  • KB-Reference: https://kb.vmware.com/s/article/87500?lang=en_US

 

[Resolved] BINXA-15709: End-users are unable to export mailbox contacts to native contact apps from Workspace ONE Boxer for Android on Samsung devices (86060)

  • Users are unable to export mailbox contacts to native contact apps on Boxer for Android after updating to the August security patch and subsequent patches for Android 11. This issue only affects Samsung devices.
  • KB: https://kb.vmware.com/s/article/86060?lang=en_US

Highlighting High Priority KBs

 

Recently updated KBs

 

Digital Workspace Techzone, Blog and YouTube Updates

 

Third Party Blog and Technology Updates

 


 

February Software Releases

 

System

Component

Release

Announcement

Release Date

iOS

Hub

22.01

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Workspace-ONE-Intelligent-Hub-for-iOS.html

03.02.22

iOS

Notebook

22.01

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Notebook-for-iOS.html

03.02.22

Android

Content

22.01

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workpace-ONE-Content-for-Android.html

03.02.22

Android

Tunnel

21.12

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Tunnel-for-Android-Release-Notes.html

03.02.22

(staged)

Horizon

Horizon Cloud Service

2201

https://docs.vmware.com/en/VMware-Horizon-Cloud-Service/services/rn/horizon-service-relnotes.html

03.02.22

Android

Hub

22.01

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Introducing-VMware-Workspace-ONE-Intelligent-Hub-for-Android.html

03.02.22

(staged)

 

Patch & Seed Script Updates Week05-2022

 

 

 

 

    1.  

 

 

 


 

 

 

 

 

 

 

 

 

 

Comments