VMware Digital Workspace Newsletter - Week 18


Weekly highlight:

VMware Workspace ONE Mobile Threat Defense has been released!

Workspace ONE Mobile Threat Defense is an advanced security solution for Android, iOS, and Chrome OS that helps protect against threats, vulnerabilities, behaviors, and configurations originating on mobile devices. Through integrations with the Workspace ONE platform, advanced mobile security is easy to deploy and manage, and offers enhanced protection designed to secure the workspace and enhance Zero Trust initiatives. Workspace ONE Mobile Threat Defense is powered by Lookout, an industry leader in advanced mobile security:


iOS: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Workspace-ONE-Intelligent-Hub-for-iOS.html?hWord=N4IghgNiBcIGoFkDuYBOBTABAdQPaoGsBnABzAGMsB5AOQFFMBJAOwBd0IIBLAc3TcwAJAK4AjTADN8mLlQDKmAEod0YIlhq52REAF8gA

Android: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Introducing-VMware-Workspace-ONE-Intelligent-Hub-for-Android.html



Getting Ready for Android 13 (88379)

  • As of April 26th, 2022, the Android 13 public beta 1 is available for users on Pixel devices.
  • What’s new in Android 13 
    To review new Android Enterprise features on Android 13, click here
    For Android app developers, please review behavior changes that may affect your apps: 
    • Changes affecting all apps can be reviewed here

    • Changes affecting apps that target Android 13 can be reviewed here

    • Updates to non-SDK interface restrictions can be reviewed here

  • Behavior Changes in Workspace ONE UEM on Android 13
      • Android 13 introduces a new runtime permission to send notifications. 
        • In order to ensure that users maintain the same experience after upgrading to Android 13, it is recommended to use the Android Permissions profile to grant this permission to any apps that need to send notifications. 
      • More details will be added as testing continues for Workspace ONE applications.
  • Known Issues for Android 13
    • No issues yet identified
  • VMware application support for Android 13 
    • Please review in the KB directly.
  • Please follow: https://kb.vmware.com/s/article/88379?lang=en_US

Digital Workspace Office Hours - Virtual Customer Event

  • Our mission is to ensure you get the most out of your Workspace ONE and Horizon investments. These office hours provide you direct access to VMware experts and enable you to leverage all of the capabilities of VMware's Digital Workspace solutions.

  • During 60-minute, interactive sessions, you’ll engage with VMware experts and explore:

    • Common pitfalls
    • Frequently asked questions
    • Best available resources
  • Register for future sessions or view previous ones on-demand to get onboarding and optimizing tips from VMware Workspace ONE and Horizon experts.
  • Next Session: May 12th, 17:00 CET → Automate the deployment of Applications and Configurations with Workspace ONE UEM Freestyle Orchestrator
    • Hosted by Patrick Zöller and Grischa Ernst
  • Join this webinar session to learn the latest from our Expert Customer Success Architects on the following:

    • Learn how you can use Freestyle to take your Deployment of Applications, Profiles and Scripts to the next Level 
    • See how you can effectively leverage Sensors and Device Attributes and Time Window in Workflows. 
    • Best Practices for using Freestyle Orchestrator for Windows and macOS. Introduction of Freestyle for mobile.
  • Register here: https://www.vmware.com/learn/1332050_REG.html?src=so_6273f866a37bd&cid=7012H000001Kbbp

Workspace ONE UEM - Device Friendly Name and Enrollment User hyperlinks are disabled on the Device Events page (88380)

  • Hyperlinks in the Device Friendly Name and Enrollment User columns are disabled on the Device Events page in the Workspace ONE UEM console. Administrators will not be able to redirect to the Device Details or User Details pages directly from the Device Events page.
  • Admins will not be able to redirect to the Device Details or User Details pages directly from the Device Events page.
  • Our product team has been engaged and will be working to resolve this issue as soon as possible.
  • Workaround: Admins can view and copy the Device Friendly Name and/or Enrollment User from the Device Events page then manually navigate to the Device List View or Users List View pages and perform a search to view the details.
  • KB-Reference: https://kb.vmware.com/s/article/88380?lang=en_US

HUBW-6320 - Workspace One UEM - Windows Baselines show as failed in the console for devices with Windows Hub 21.07.x (88377)

  • New or updated baselines may fail to apply when pushed to windows devices that have Windows Hub version 21.07.x installed.
  • From the Workspace ONE UEM Console, Windows baselines may show a status of failed.
  • Task Scheduler and Baselines logs from the device hub logs will show an error similar to the one below.
    "@mt":"Failed to reapply the baseline {Exception}","@l":"Error","Exception":"Newtonsoft.Json.JsonSerializationException: Error convertin
  • Workspace ONE UEM Windows Hub 21.07.x
  • This issue has been addressed in Workspace ONE UEM 2203. The fix has also been backported to Workspace ONE UEM Windows Hub 21.07.9
  • KB-Reference: https://kb.vmware.com/s/article/88377?lang=en_US

Teams optimization becomes unavailable after network interruption on HTML Access and Chrome client (85761)

  • When use Teams in VDI/RDSH by HTML Access and Chrome Client with Teams optimization ON, client has short network interruption, teams optimization becomes unavailable even horizon session has recovered. User cannot make video/audio call or join meeting at that time.
  • When there is short-time network break(similarly as refresh), the VDI session(based on blast) will use the old token to reconnect and both side will consider this VDI session continuous.

  • But at the same time, the VVC channel through which the Html5MMRServer and the Html5MMRClient communicate with each other will be broken down and to reconnect as brand new one. So the old WebRTC instance will destroy and pending for the new one to be created.

  • The WebRTC instance(consider as the initialization of all WebRTC Redirection) will only be created by the command from MS Teams client. Since MS Teams client only listen to the event of VDI session, it will treat this situation as session continuously connected and won't trigger a new command to create new WebRTC instance.

  • Since the root cause is that MS Teams client and Html5MMRServer are out-of-sync of the WebRTC Redirection status at this case.

  • We need to work with MS to figure out some way to let Html5MMRServer tell MS Teams client that "WebRTC Redirection session was broken, and there is a new session just connected. You could send a new command to create new WebRTC Instance."

  • Workaround:
    • Option1: Quit and relaunch MS teams app.

    • Option2: Disconnect/logoff current session then reconnect it.

  • KB-Reference: https://kb.vmware.com/s/article/85761?lang=en_US

Boxer Phishing Report (86184)

Error “Session Handle null, Hence we are initiating to disconnect” occurs when attempting to remotely access device (84128)

  • When attempting to remotely access a device, the following error message appears: “Session Handle null, Hence we are initiating to disconnect.”
  • The Assist Agent prints this error when it checks in with the ARM server to verify if there is an active session, and the ARM servers say "no". Even in successful attempts to start a remote management session, this error may be viewed several times before the ARM servers say "yes" and return a handle for the session.
  • To resolve, please restart the AetherPal services in the following order and check that they are functioning as expected:
    • Service coordinator
    • DataTierProxy
    • Management entity
    • MessagingEntity
    • AetherPalToolController
    • ConnectionProctor
  • Additional information: https://kb.vmware.com/s/article/84128?lang=en_US

Highlighting High Priority KBs

Recently updated or added KBs

Digital Workspace Techzone, Blog and YouTube Updates

3rd Party Blogs and Industry News

Beta, Lab and Tech Preview Updates

  • WS1 Web 22.05 for Android 
    • ABRW-173842: Allow upload of files from Workspace ONE Content repositoriesUser will now be able to upload files/documents present in WS1 Content repositories or local storage to web applications opened in the Workspace ONE Web browser.
    • Bug Fixes & Stability improvements
  • WS1 Web 22.05 for iOS
    • IBRW-174293: Support download with HTTP POST request
      •  Bug Fixes & Stability improvement

Patch & Seed Script Updates Week18-2022

  • Workspace ONE UEM 21.05
    • Patch Level:
    • UM-7437         Automatic LDAP group sync skipped for customer intermittently

    • CMSVC-16057 Evaluate and Improve Scheduler Job resiliency in the event of DB connectivity issue

    • ARES-21981    Device preview page should show exclusions from the current edit only

    • AGGL-11714    Android 11: Work Profile devices are getting Android Legacy Profiles

    • AGGL-11710    CN1919 - DB Systel - Post OP2S migration, Android Devices are consuming commands slowly

    • AGGL-11668    Chrome URLWhitelist/URLBlacklist does not work on the latest Chrome Versions.

    • https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2105/rn/Workspace-ONE-UEM-2105-Release-Notes.html#21-5-0-55-patch-resolved-issues-resolved
    • Last Update: CW18

  • Workspace ONE UEM 21.11
    • Patch Level:
    • RUGG-10851   Provisioning/PoliciesViewDevices grid ‘Last Seen’ shows time 5 hours behind expected Admin time zone

    • LUEM-472       Web Enrollment - intermittent failure with hub package download

    • FCA-202433    UEM console crash while navigating to Devices > Compliance Policies > Event Log

    • CRSVC-28932  Unable to install smime profile due to certificate is used more than once error

    • CRSVC-28398  [Device State] Migration of few devices failing due to missing compliance_status value

    • CRSVC-28308  Async email notifications cause thread pool exhaustion and suspends compliance evaluation

    • CMSVC-16076 Tags Update API fails when organization group id is not passed.

    • CMCM-189750           Remove ContentLockerSDKLibraryKey system code and its overrides

    • ATL-15995       version updates for package

    • AMST-35938   Seed v2107.9 patch version of Hub to UEM

    • AMST-35880   Windows Application Deployment Commands are only cleared after a manual Query or App Sample Query from UEM Console

    • AMST-35816   Blobs being served by DS even when they are present in the CDN and StorageType set to 1

    • AGGL-11679    DDUI is broken by a certificate date format in Android profiles

    • AAPP-13760    iOS Device Updates page timeout issue

    • AAPP-13759    VPP licenses are not getting disassociated

    • Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2111/rn/vmware-workspace-one-uem-2111-release-notes/index.html#resolved-issues-2111026-patch-resolved-issues
    • Last Update: CW18

  • Workspace ONE UEM 22.03
    • Patch Level 22.3.04
    • MACOS-2701: Add patch.sql to execute DeviceQueue_MigrateSeededMacOsProfileMacOs2629
    • CRSVC-28931: Unable to install smime profile due to certificate is used more than once error
    • CRSVC-28397: Migration of few devices failing due to missing compliance_status value

    • CRSVC-28385: Page fail for ADCS CA in aa
    • CMCM-189749: Remove ContentLockerSDKLibraryKey system code and its overrides
    • AMST-35882: Unable to run Selective App list API call on the certain enrolled Win 10 devices
    • AMST-35837: Purge hardcoded keys from config files
    • AMST-35753: Windows OS build version shows different in Device list view and Device summary page
    • AGGL-11680: DDUI is broken by a certificate date format in Android profiles
    • AAPP-13787: Privacy Preferences Bugs Audit
    • https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2203/rn/vmware-workspace-one-uem-powered-by-airwatch-2203-release-notes/index.html#resolved-issues-22303-patch-resolved-issues
    • Last Update: CW18