Weekly highlight: AAPP-13137 - Certificates may be revoked on cellular iOS devices when the device is rebooted and not yet first unlocked (87496) - iOS cellular devices may incorrectly omit certificates from Certificate List samples in certain scenarios. As a result, Workspace ONE UEM may revoke the affected certificate(s) based on the configured certificate revocation grace period.
- Upon revocation of the certificate under Device Details > More > Troubleshooting > Event log administrator may observe the event shown in the KB.
- This occurs on:
- Cellular iOS devices after a reboot and before first unlock
- All supported Workspace ONE UEM versionsThis occurs on:
- When a cellular iOS device is rebooted (e.g. during an OS update) and has not been unlocked for the first time, the device may respond to any query for the certificate list with an empty certificate list. This occurs even if there are valid certificates installed on the device. After a first unlock, the device will respond normally with its full certificate list.
- This only occurs for cellular iOS devices because Wi-Fi-only iOS devices cannot connect to Wi-Fi after a reboot without the device being unlocked.
- Workspace ONE UEM currently revokes device certificates under the following circumstances to clean-up any undesired certificates on the target device.
- Enterprise wipe / Device wipe / Delete device / Un-enrollment
- Profile removal
- Manual revocation of the certificate from console
- Absence of a certificate during a regular check-in/sample
Week 05 Software Releases System | Component | Release | Announcement | Release Date | Android | SDK | 22.1 | - We've updated the OpenSSL version to 1.0.2zaa.
- We've updated the LittleProxy libraries.
- Bug Fixes
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-SDK-for-Android.html | 29.01.22 | iOS | Hub | 22.01 | - Hub will now automatically show the search bar in the People tab without having to swipe down
- If the Favorites tab is not enabled by your admin, the Favorites section will no longer show
- Improvements to deep linking to internal applications, this includes the case where end users may see duplicate icons and if they have not opened Hub in a while, they would see out of date information
- Support for Token Authentication when using Workspace ONE Access as the source of authentication
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Workspace-ONE-Intelligent-Hub-for-iOS.html | 03.02.22 | iOS | Notebook | 22.01 | - KVP for Modern Authentication through WKWebView
- Support of editing and syncing of flagged tasks to the server
- Support of special characters in email addresses through Exchange Authentication
- Bug fixes and quality improvements
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Notebook-for-iOS.html | 03.02.22 | Android | Content | 22.01 | - Improved viewer experience for office documents (Word, Excel, PowerPoint and Text file)
- Thumbnail Preview - users will have advance browsing experience on the app, they can have a quick preview of the content without opening it with the help of thumbnails.
- Optimised overall performance of the application
- Multi-level Sync support - This feature allows WS1-Content admins to sync multiple level of content when documents are marked for auto-download to give users a reliable experience
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workpace-ONE-Content-for-Android.html | 03.02.22 | Android | Tunnel | 21.12 | - Technical Preview: Introducing Container-wide Tunnel for Android Enterprise
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Tunnel-for-Android-Release-Notes.html | 03.02.22 (staged) | Horizon | Horizon Cloud Service | 2201 | - LDAPS can now be selected as the protocol when registering Active Directory. This feature is available when your tenant is explicitly enabled for it and the pods are on this release's manifest level. To request enablement, you must file a support request as described in VMware KB article 2006985
- Unified Access Gateway logs can now be sent to a syslog server
- Dynamic Environment Manager can now distinguish between internal and external users when connecting through Universal Broker
- Session data for users connecting through Universal Broker will now show breakdown of logon segments
- A notice will now be shown in the Horizon Universal Console to the administrator if the Unified Access Gateway is upgraded and there may be a need to update the configuration for RADIUS to address changes to the IP addresses
- When using Image Management Service (IMS) with Horizon pods, you can now select which pods the multi-pod images are copied to
- Windows Server 2019 is now a supported OS for Horizon pods
https://docs.vmware.com/en/VMware-Horizon-Cloud-Service/services/rn/horizon-service-relnotes.html | 03.02.22 | Android | Hub | 22.01 | - User Bookmarks
- Now you can access your Intelligent Hub Web bookmarks on your Android device.
- This can be found in your favorites tab in the area called “Web Links”
- You can also add your own URLs
- Install a root certificate during QR code device provisioning
- Allow removal of Chrome from Android Enterprise devices
- Set Cross Profile Packages (Connected Apps)
- Protect system apps from being disabled on add version/uninstall of Allowlist Application Control Profile
- Support for the Clear Application Data command for Android 9+ Work Managed devices
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Introducing-VMware-Workspace-ONE-Intelligent-Hub-for-Android.html | 03.02.22 (staged) |
VMware Workspace ONE Access - Register FIDO2 Device Currently Not Supported on Safari Web Browser (87500) - Due to a recent change by Apple, Workspace ONE Access currently does not support registering a FIDO2 security key device on all version of the Safari web browser for the FIDO2 authentication method. A user attempt to register a FIDO2 device on Safari will result in an unresponsive FIDO2 enrollment login page.
- This resource provides a workaround for a known issue registering a new FIDO2 security key device on the Safari web browser.
- A recent Apple update to Safari's implementation of the WebAuthn API is incompatible with Workspace ONE Access FIDO2 registration.
- KB: https://kb.vmware.com/s/article/87500?lang=en_US
Workspace ONE Access 20.10 OnPrem : Resolution to Increased loading times of the Catalog (87494) - Issues while loading of the catalog and occurrence of "com.hazelcast.client.HazelcastClientNotActiveException" exceptions in catalog-portal logs (for on-premises customers of Hub Services only)
- This article provides information for on-premises Customers of Access and Hub Services to fix an issue with the Hub Catalog taking a significant amount of time to load.
- Hazelcast client threads running within catalog-portal application acquire locks with indefinite lease time. If such threads do not release the locks (in case of any errors), the locks thus acquired by the threads are not auto-released, which blocks remaining threads that might be waiting to acquire the same lock.
- Enable Hazelcast client threads running within catalog-portal application to acquire locks with pre-defined lease time, so that such locks are auto-released after the expiration of the lease time. This will enable other waiting threads to acquire the locks.
- The fix has been provided and is available as a hotfix for on-premise customers https://resources.workspaceone.com/view/h6vnr2hq4d35kghhlwpb/
- Please check https://kb.vmware.com/s/article/87494?lang=en_US for more information.
VMware Workspace ONE Intelligent Hub, Assist, and Launcher will end support for Android 5.0.x & Android 5.1.x, in 2022 and 2023 respectively (87466) - In order to focus on incorporating functionality available in newer versions of the Android operating system, Workspace ONE Intelligent Hub, Assist, and Launcher for Android will drop support for devices using Android OS 5.0.x upon release of Android 13 (expected in Q3 2022) and Android OS 5.1.x upon release of Android 14 (expected Q3 2023).
- Upon Android 13’s release (expected in Q3 2022), new releases of Workspace ONE Intelligent Hub, Assist, and Launcher will no longer support Android 5.0.x.
- Upon Android 14’s release (expected in Q3 2023), new releases of Workspace ONE Intelligent Hub, Assist, and Launcher will no longer support Android 5.1.x.
- Customers should upgrade their Android devices to meet the minimum operating system requirements to utilize subsequent Workspace ONE Intelligent Hub, Assist, and Launcher releases. After upgrading the Android OS:
- The Workspace ONE Intelligent Hub can be updated through the Google Play Store.
- The latest versions of Workspace ONE Assist can be downloaded from the My Workspace ONE portal and deployed through the Workspace ONE UEM console as an internal app.
- To receive new versions of Workspace ONE Launcher, navigate to Groups & Settings > All Settings > Devices & Users > Android > Service Applications > AirWatch Launcher Version. Then select the version of Launcher to be deployed to devices.
- KB-Reference: https://kb.vmware.com/s/article/87466?lang=en_US
VMware Workspace ONE Access - Register FIDO2 Device Currently Not Supported on Safari Web Browser (87500) - Due to a recent change by Apple, Workspace ONE Access currently does not support registering a FIDO2 security key device on all version of the Safari web browser for the FIDO2 authentication method. A user attempt to register a FIDO2 device on Safari will result in an unresponsive FIDO2 enrollment login page.
- This resource provides a workaround for a known issue registering a new FIDO2 security key device on the Safari web browser.
- Workspace ONE Access is currently working on providing support for FIDO2 registration on the Safari web browser. In the meantime, please refer to the workaround to resolve this issue.
- Please use another supported web browser when registering a new FIDO2 device for FIDO2 authentication on Workspace ONE Access. Refer to the documentation table for supported web browsers and authenticator types. After the FIDO2 device is registered, users can return to Safari version 14+ for FIDO2 authentication with their registered device.
- KB-Reference: https://kb.vmware.com/s/article/87500?lang=en_US
[Resolved] BINXA-15709: End-users are unable to export mailbox contacts to native contact apps from Workspace ONE Boxer for Android on Samsung devices (86060) - Users are unable to export mailbox contacts to native contact apps on Boxer for Android after updating to the August security patch and subsequent patches for Android 11. This issue only affects Samsung devices.
- KB: https://kb.vmware.com/s/article/86060?lang=en_US
Highlighting High Priority KBs Recently updated KBs Digital Workspace Techzone, Blog and YouTube Updates Third Party Blog and Technology Updates
February Software Releases Patch & Seed Script Updates Week05-2022 - OS Seed Script Update
- Seed Script for latest Device Model Information
- Custom Script to Allow Android 12 enrollments into Workspace ONE UEM Console
|
Comments
Post a Comment