VMware Digital Workspace Newsletter - Week 20

Image
                           Week 20 -  2022             Weekly highlight:   Workspace ONE Hub Services  & Workspace ONE Access updates:   Removing the 3-Character Limit for People Search People Search (on Hub Web) will now allow searching with just one or two characters instead of the usual 3-character search. This enables support for searching names in logographic languages like Chinese, Japanese, etc.   Workflows Error Handling – Email Alerts upon failures Workspace ONE Experience Workflows error handling has been improved to send email alerts directly to Administrators   when a scheduled process fails to run successfully for any reason. All integration packs will now have an additional configuration parameter to include an email address to receive these notifications.   Saviynt Access Request Integration Pack for Workspace ONE Experience Workflows Hub Services customers with Workspace ONE Experience Workflows enabled can configure an integration with   Saviynt   to notify approve

VMware Digital Workspace Newsletter - Week 17

                 

      

Week 17 -  2022

 

 

 



 

Weekly highlight:

 

VMware Workspace ONE UEM Console 2203 is General Available as of April 29, 2022!

 

·       Get notified when your Apple Business Manager tokens are about to expire.

Admins in Workspace ONE UEM can now be notified by email or directly in the console 30 days before the expiration of an Apple Business Manager (ABM) app token or device token. Device tokens will also be able to notify admins when errors occur, such as the acceptance of new ABM Terms of Use. For more information, see Configure Console Notifications.

·       Override the default device reboot behavior for your win32 apps during installation.

Workspace ONE UEM now provides you the flexibility to define the device reboot behavior not just at the app configuration level but also at the app assignment level. You can set the device restart options by activating the newly introduced Override Reboot Handling setting at the app assignment level. The restart options you configure at the assignment level override the options configured at the app configuration level. For more information, see Upload and Configure Win32 Files for Software Distribution and Add Assignments and Exclusions to your Applications.

·       We’ve added support for macOS Recovery Lock

Starting from macOS 11.5, as an MDM administrator, you can set a password that must be entered before a user can restart an Apple Silicon macOS device into the recovery OS via API. The password can be set or removed only by the MDM solution. You can also view the recovery lock status in Event Logs. To know more, see Recovery Lock Status.

·       Product delivery to devices in a SaaS environment just got easier!

To optimize performance and free up significant resources in UEM, use CDN to deliver products to devices. By default, we have set the provisioning setting for the organization group that hosts devices to Enabled. You can check the Product Downloads Through CDN setting by navigating to Groups & Settings > All Settings > Admin > Product Provisioning.

 

·       KB: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2203/rn/vmware-workspace-one-uem-powered-by-airwatch-2203-release-notes/index.html


Download Link:

o  2203 - Full Installer

 

 

Workspace ONE Access Services updates include

 

 

 

 

 

 Week 17 Software Releases

System

Component

Release

Announcement

Release Date

Backend

Console OnPrem

22.03

  • Get notified when your Apple Business Manager tokens are about to expire.

  • Override the default device reboot behavior for your win32 apps during installation.

  • We’ve added support for macOS Recovery Lock

  • Product delivery to devices in a SaaS environment just got easier!

  • Bug Fixes

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2203/rn/vmware-workspace-one-uem-powered-by-airwatch-2203-release-notes/index.html

29.04.22

iOS

Boxer

22.04

27.04.22

Android

Content

22.04

  • Digital Signing

    • Content app allows users to digitally sign the documents using PIV-D based derived credentials.

  • PDF Edit 

    • PDF edit feature allows users to do advanced pdf editing operations like rotate, delete, move, and merge pages. Users will be able to split the pages of PDF which also allows user users to merge various PDFs together.

  • Sort and Filter by Date Modified

    • Users will have an option to sort the content based on the Modified date criteria

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workpace-ONE-Content-for-Android.html

25.04.22

Android

Content

22.04.1

  • Bug Fixes

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workpace-ONE-Content-for-Android.html

29.04.22

Backend

ENS

22.04

27.04.22

macOS

DEEM

22.04

28.04.22

Backend

Tunnel Linux

21.11

27.04.22

The automated DEP enrollment of Mac Studio into Workspace ONE MDM fails (88315)

  • The automated DEP enrollment of Mac Studio into Workspace ONE MDM fails.

  • You see the error similar to:
    Enrolling with management server failed. Unexpected error (MDMResponseStatus:500)

  • This issue occurs because the Mac Studio devices represent a new Apple Device Model Family, and the normal device model seeding process cannot be used to enable support.

  • This is a known issue affecting automated DEP MDM enrollments involving Apple MAC Studio hardware. Currently, there is no user-based resolution.

  • VMware's Development team is working to add these designations to UEM, and will be addressing this in future releases.

  • To work around this issue, manually enroll the Apple MAC Studio hardware machine into Workspace ONE UEM.

  • More information: https://kb.vmware.com/s/article/88315?lang=en_US


[AAGNT-194517] Some Samsung COPE devices unexpectedly unenroll (88267)

  • Some Samsung devices enrolled in Corporate-Owned Personally Enabled (COPE) mode and running Android 11+ may unexpectedly unenroll from Workspace ONE UEM. When this occurs, a "Break MDM" event is seen in the UEM Console for the affected device.

  • This issue should be resolved in Android Intelligent Hub 22.03.0.14. If you continue to experience unexpected device un-enrollments, please contact Workspace ONE Support.

  • KB-Reference: https://kb.vmware.com/s/article/88267?lang=en_US


Email Notification Service 2 for on-premises v1.11 and older support notice (86338)

  • All customers of Email Notification Service 2 (ENS2) for on-premises v1.11 and older are advised to migrate to a more recent versions before October 2022. Per VMware Workspace ONE UEM support release policy, on-premises releases are supported for 18 months after general availability.

  • Older versions of ENS2 on-premises distributions rely on the older VMware Workspace ONE Cloud Notification Service and should be upgraded at the earliest convenience to take advantage of the more robust notification framework afforded by VMware Workspace ONE Cloud Notification Service 2, available starting in ENS2 v21.04.

  • Customers using on-premises ENS2 have several upgrade options:

    • Customers preferring to stay with an on-premises ENS2 deployment can upgrade to the latest version of ENS2 on-premises.

    • Customers may also select to migrate to a SaaS-hosted version of ENS2 at no extra charge.

    • High security US Federal Government customers now have an option of SaaS-hosted ENS2 deployed in a FedRAMP High environment.

  • KB-Reference: https://kb.vmware.com/s/article/86338?lang=en_US


VMware RemoteHelp and CVE-2021-44228 (87188)


Workspace ONE Assist for Horizon and CVE-2021-44228 (87189)


Access Denied when authenticating via 3rd party IDP via SAML with HTML5 (83160)

  • To outline a scenario when logging in via unified access gateway (UAG) with a 3rd party IDP .

    • Access Denied when attempting access over HTML5 with SAML based Authentication configured.

    • Access is granted when a thick client is used to connect.

    • A disclaimer is configured on the connection server.

  • With SAML, a disclaimer should be part of the 3rd party SAML IDP login and not on the Connection Server.

    • Note, if configured on the connection server, The disclaimer from the connection server will be cached on the  UAG. Please see documentation on this connection server option .

    • When implementing SAML with a 3rd party IDP and an existing UAG , A  restart of the  UAG will make sure the disclaimer cache is cleared after migrating the disclaimer prompt from the broker to the IDP.

  • KB-Reference: https://kb.vmware.com/s/article/83160?lang=en_US


SNMP Configuration with Unified Access Gateway (83677)


Workspace ONE UEM SSRF CVE-2021-22054 Patch Alert


CRSVC-28928: How to replace the Workspace ONE UEM static master key (88323)

  • The purpose of this knowledge base article is to document the instructions to remove the static master key referred to in the VMware security blog post found here
    The patches listed in the KB will implement a new Scheduler job which can be used to replace the static master key with an instance-specific key and use it to re-encrypt information stored in Workspace ONE UEM.

  • Action Required:

    • Shared SaaS:  None. This change is being deployed by VMware Cloud Operations with zero downtime. 

    • Dedicated Latest:  None. These changes are being deployed by VMware Cloud Operations with zero downtime. If you wish to have this change deployed to your environment at a specific date/time, please contact Workspace ONE Support.

    • Dedicated SaaS customers: If you wish to have this change deployed to your environment, please contact Workspace ONE Support and specify a date/time. This is a zero-downtime change.

    • On-Premise customers: Please refer to the Resolution section for steps to deploy this change to your environment

  • Additional instructions in KB.

  • KB-Reference: https://kb.vmware.com/s/article/88323?lang=en_US


Accelerated EOL of Legacy Workspace ONE Experiences (Workspace ONE App and Web Portal EOL) on May 15, 2022

  • For several reasons listed in https://kb.vmware.com/s/article/87908, we are accelerating the EOL of these legacy experiences to May 15, 2022, which includes removing the Workspace ONE app from the App Store and Play Store. Customers who have the Workspace ONE Apps deployed should migrate immediately to the Workspace ONE Intelligent Hub app.

  • When the Workspace ONE app is EOL, new user enrollments for the Workspace ONE app will be blocked. Additionally, all login attempts to the Workspace ONE app will be detected and might be blocked as part of access policy rules with the Device Enrollment device type.


Workspace ONE Access Services updates include


Hub Services Notification Admin Console UX Improvements

  • We made the following enhancements to the Notifications tab in the Hub Services console.


Highlighting High Priority KBs


Recently updated KBs


Digital Workspace Techzone, Blog and YouTube Updates


Beta, Lab and Tech Preview Updates

  • Workspace ONE Tunnel 3.0 for Windows Beta

    • Introducing Standalone Enrollment for Windows Tunnel client

  • Workspace ONE Tunnel 22.05 for macOS Beta

    • Introducing Standalone Enrollment for macOS Tunnel client

  • Horizon Clients 2206 Beta Release

  • WS1 Intelligent Hub 22.04 for Android Beta

    • Apply Managed Configurations to Internal Applications

    • New Enterprise Wipe for Android 11+ COPE devices 

    • Automated Device Wipe for Offline Devices

  • Workspace ONE Content 22.05 for iOS Beta

    • More Version specific information will be available upon the beta launch.

    • ISCL-181210 Revised tabbed view experience change for opened documents

    • ISCL-180968 Archive format experience improvements

    • Improved document Sync performance

  • Workspace ONE Content 22.05 for Android Beta

    • Version specific information will be available upon the beta launch.


3rd Party Blogs & Industry Updates


April Software Releases

System

Component

Release

Announcement

Release Date

Backend

Console SAAS

22.03

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2203/rn/vmware-workspace-one-uem-powered-by-airwatch-2203-release-notes/index.html

07.04.22

Backend

Console OnPrem

22.03

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2203/rn/vmware-workspace-one-uem-powered-by-airwatch-2203-release-notes/index.html

29.04.22

Backend

SEG

2.22

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Secure-Email-Gateway.html

08.04.22

Backend

Tunnel L

22.11

https://resources.workspaceone.com/view/lhn3qj4xxwn2mf3pmf6k/en

27.04.22

Backend

ENS v2 OnPrem

22.04

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Email-Notification-Service-2-for-On-Premises-Installation.html#resolved-issues-for-workspace-one-email-notification-service-2-version-22-01-resolved

27.04.22

iOS

Hub

22.03

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Workspace-ONE-Intelligent-Hub-for-iOS.html

11.04.22

iOS

Boxer

22.04

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Boxer-for-iOS.html

27.04.22

iOS

Content

22.04

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Content-for-iOS.html

19.04.22

Android

Content

22.04.1

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workpace-ONE-Content-for-Android.html

29.04.22

iOS

VM Tunnel

22.01.1

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Tunnel-for-iOS.html

06.04.22

iOS

Workspace ONE SDK SWIFT

22.4

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-SDK-for-iOS--Swift-.html

21.04.22

iOS

Privacy SDK

22.3

 

07.04.22

iOS

Content SDK 

22.4

 

11.04.22

iOS

Web SDK

22.03

 

05.04.22

Android

Hub

22.03

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Introducing-VMware-Workspace-ONE-Intelligent-Hub-for-Android.html

21.04.22

Android

Boxer

22.04

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Boxer-for-Android.html

26.04.22

Android

Web

22.04

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Web-for-Android.html

11.04.22

Android

Content

22.04

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workpace-ONE-Content-for-Android.html

25.04.22

Android

Launcher

22.04

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Introducing-VMware-Workspace-ONE-Launcher-for-Android.html

21.04.22

Android

Relay

5.16

https://kb.vmware.com/s/article/81990?lang=en_US

21.04.22

Android

SDK

22.3

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-SDK-for-Android.html

05.04.22

Android

Privacy SDK

22.3

 

07.04.22

Windows

Workspace ONE Intelligent Hub for Windows 10

22.03

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Workspace-ONE-Intelligent-Hub.html

07.04.22

Horizon

ThinApp

2203

https://docs.vmware.com/en/VMware-ThinApp/2203/rn/vmware-thinapp-2203-release-notes/index.html

05.04.22

Horizon

Enterprise

2203

Horizon Client for Windows

Horizon Client for Mac

Horizon Client for Linux

Horizon Client for Android

Horizon Client for iOS

Horizon Client for Chrome

App Volumes

Dynamic Environment Manager

ThinApp

05.04.22


Patch & Seed Script Updates Week17-2022









 

 

 

 

 

 

 

 

 

 

 

Comments

Popular posts from this blog

Workspace ONE | Use ADFS as an Identity Provider in Workspace ONE Access with JIT

Configure Shared iPad for Apple Business Manager in Workspace ONE

Simon's recommended VMworld 2021 sessions