Week 08 Software Releases
Removal of the globalization/localization support in the exported files on Workspace ONE (WS1) UEM Console (87654)
As part of our effort to remove complexity due to our ongoing modernization effort, globalization/localization support will be removed in the exported files in the Workspace ONE UEM Console.
Additionally, we will be moving away from the local date time formats of the exported values in support of UTC date-time formats instead.
This will affect the functionality on exports of Grid and Reports in the Console and will be effective from the early release of Q1 2022.
The following details will not be localized/globalized in reports:
Column Headers – Localized column headers for various columns would not be available. Date Formats –
Data would be in UTC and separators such as / would not take effect from locale.
Data of columns – Data for various columns that are system generated such as various Status, Types etc. would not be localized.
Please review: https://kb.vmware.com/s/article/87654?lang=en_US
Deprecation of bulk actions affecting all devices of an Organization Group on Workspace ONE UEM (87653)
There is a plan for deprecating bulk actions affecting all devices of an Organization Group if bulk management setting allows it. The change will take effect from early releases of Q1 2022.
We are planning to limit bulk actions to the number of devices shown on the Devices List View grid and avoid performing actions on any device that is beyond the current page. Please note that this info is subject to change. This KB article will continue to be updated as the change being finalized.
There is no upper limit on the bulk management settings as of today. Hence, these bulk actions/commands can result in large number of device check-ins and can be problematic with the new architecture in place.
We have limited our search APIs on devices to 500 as the maximum page size. Hence, through APIs no bulk actions can be taken on more than that limit at one go. To avoid confusion and maintain consistency between REST API and UEM console, the mentioned change is required.
This removes any looping logic with our internal services to get devices more than what is allowed. This will help in performance improvement of the feature.
On Workspace ONE UEM console, bulk actions will be limited to the number of devices shown on the Devices List View grid and device actions will not be performed on any device that is beyond the current page.
AGGL-11101: Adding a version to a profile within a product doesn't queue a new product job (87593)
Admins are not prompted to activate the product for an update upon adding a version to a profile within a product. This behavior occurs in Workspace ONE UEM consoles with DDUI profile framework enabled. The admin can manually reprocess the product, which is not recommended as the associated job will have corrupt data.
Workspace ONE UEM 2109 and above
The DDUI profile framework is under review to further support Product Provisioning.
Profiles updated within products will not properly update on devices. This will cause the profile update to fail to install, or the profile will install however the device will not properly install the profile data.
Our product team has been engaged and is actively working to resolve the issue.
Use profiles and resources under Devices>Profiles & Resources to deploy profiles.
Note: Do not update current profiles inside of products.
When using Microsoft Teams Optimization on the Mac client and the Mac client goes to sleep, active calls might not end immediately (87742)
When the Mac client goes to sleep during an active call or screenshare, the peer may not see the call or screenshare end immediately. The peer may also see remnants of the shared screen until the call is reconnected or ended.
This article describes the behaviour when using Microsoft Teams Optimization on the Mac client.
Network access is shut down when the Mac client is put to sleep, so Microsoft Teams is unable to end the call.
Wake up the Mac client and Teams will try to automatically reconnect the call. If the reconnect has already timed out, re-establish the call.
Introducing VMware Workspace ONE® Remote Management Certificate Generator 22.03 (87663)
In order for a device to establish an Assist session with an administrator, it must be enrolled into an Organization Group (OG) in a Workspace ONE UEM instance. The OG then attempts to communicate with the Assist server via TLS. For security purposes, the Assist server requires the OG to validate its identity.
The Remote Management Certificate Generator (RMCG) creates a certificate that the OG can provide to the Assist server as proof of its identity. The purpose of the RMCG is to generate certificates so that the Workspace ONE UEM Console can authenticate itself to the Assist server when initiating an Assist (Remote Management) session via T10 interface.
You must generate the T10 API root and intermediate certificates used during an on-premises installation whether you are performing a Standard (Basic) or Advanced (Custom) installation. These certificates are also required for an on-premises build of Workspace ONE UEM while using Workspace ONE Assist in a SaaS environment.
The certificate generator is called RemoteManagementCertificateGenerator 22.03. This installer must be run on a machine with the same locale settings as the database server to ensure that the same date format is set in the SQL script. You must run this certificate generator as an administrator.
Find more information: https://kb.vmware.com/s/article/87663?lang=en_US
VMSA-Alert: Moderate Severity - VMSA-2022-0006 - VMware Workspace ONE Boxer update addresses a stored cross-site scripting (XSS) vulnerability
VMSA-2022-0006 - VMware Workspace ONE Boxer update addresses a stored cross-site scripting (XSS) vulnerability (CVE-2022-22944)
Please see the advisory here: https://www.vmware.com/security/advisories/VMSA-2022-0006.html
Highlighting High Priority KBs
Announcing end of support for device administrator (Android Legacy) in Workspace ONE UEM (80971)
To align with Google’s strategy and ensure VMware’s investment in the right long-term solution for Android, as of March 31st, 2022, VMware will no longer support device administrator-based management on Android (referred to as Android (Legacy) in the Workspace ONE UEM console).
[Action Required] Android Intelligent Hub 18.104.22.1681 Cannot Check In (86083)
VMware will start requiring SNI in Workspace ONE UEM Dedicated SaaS environments starting January 16th, 2022. After this date, Android devices running Intelligent Hub 22.214.171.1241 or lower may no longer communicate with Workspace ONE UEM. Affected devices may have to be re-enrolled with a supported version of Intelligent Hub.
VMware Tunnel Proxy End of Support Life Announcement (87345)
VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023.
VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
[Resolved] CRSVC-25521 - Workspace ONE UEM - Guidance for addressing CVE-2021-22054 (87167)
The Workspace ONE team has investigated CVE-2021-22054 and has determined that the possibility of exploitation can be removed by performing the steps detailed in the Workaround section of this article. This workaround is meant to be a temporary solution until updates documented in VMSA-2021-0029 can be deployed.
New Workspace ONE exams are released:
VMware Workspace ONE Design and Advanced Integration Specialist 2022
This badge validates understanding of how to design, deploy and support the ongoing management of a Workspace ONE app catalog.
Workspace ONE Unified Endpoint Management Specialist 2022
This badge validates deep understanding of how to implement and troubleshoot all components of Workspace ONE UEM.
Recently updated KBs
Digital Workspace Techzone, Blog and YouTube Updates
Third Party Blog and Technology Updates
Beta, Lab and Tech Preview Updates
WS1 Intelligent Hub 22.02 for iOS
+ User Bookmarks – Access your bookmarks saved in Intelligent Hub (including the Web version of Hub) on your iOS device
+ Refresh iOS Hub template more often
+ Installation and reinstallation of Web Clips support
+ Improved Help and Support about Hub with FAQs for end users that can be found in their Account Screen
- Bug Fixes: HUBI-7086: Open app button UI improvements
February Software Releases
Patch & Seed Script Updates Week08-2022
OS Seed Script Update
Most recent updates: Apple Seed Scripts iOS 15.3.1 (19D52),macOS Monterey 12.2.1 (21D62)
Last Update: CW07
Seed Script for latest Device Model Information
Latest Models: Macbook Pro 14 and 16
Last update: CW01
Custom Script to Allow Android 12 enrollments into Workspace ONE UEM Console
Agnostic script to update seed data to allow Android 12 enrollments into the Console.
Last Update: CW44
Workspace ONE UEM 20.08
Patch Level: 126.96.36.199
FCA-200869: Update SKUORDER update API to allow Freestyle basic SKU to be added to older UEM versions.
Last Update: CW01
Workspace ONE UEM 20.11
Patch Level: 188.8.131.52
FCA-200867: Update SKUORDER update API to allow Freestyle basic SKU to be added to older UEM versions.
Last Update: CW01
Workspace ONE UEM 21.02
Patch Level: 184.108.40.206
FCA-200865: Update SKUORDER update API to allow Freestyle basic SKU to be added to older UEM versions.
Last Update: CW01
Workspace ONE UEM 21.05
Patch Level: 220.127.116.11
PPAT-10454: Internal SDK app throws Error Code:14 with Tunnel Proxy.
RUGG-10569: Investigate if jQuery can be upgraded to 1.12.
CRSVC-26774: Update the Claim "org_location_group_id" to use customer OrganizationgroupId where Opt-in happens instead of Global OrganizationgroupId.
Last Update: CW07
Workspace ONE UEM 21.09
Patch Level: 18.104.22.168
AMST-35182: Newly enrolled Windows 10 devices install x86 version of AppDeploymentAgent.
RUGG-10570: Investigate if jQuery can be upgraded to 1.12.
Last Update: CW07
Workspace ONE UEM 21.11
Patch Level: 22.214.171.124
ARES-21698: CN888 - DeviceProfile_SearchByDeviceDashboard_V3 causing tempdb contention
Last Update: CW08