Workspace ONE Hub Services & Workspace ONE Access updates:
Removing the 3-Character Limit for People Search
People Search (on Hub Web) will now allow searching with just one or two characters instead of the usual 3-character search. This enables support for searching names in logographic languages like Chinese, Japanese, etc.
Workflows Error Handling – Email Alerts upon failures
Workspace ONE Experience Workflows error handling has been improved to send email alerts directly to Administratorswhen a scheduled process fails to run successfully for any reason. All integration packs will now have an additional configuration parameter to include an email address to receive these notifications.
Saviynt Access Request Integration Pack for Workspace ONE Experience Workflows
Hub Services customers with Workspace ONE Experience Workflows enabled can configure an integration withSaviyntto notify approvers when a task is pending. Approvers will be able to view the request and take action on the task, such as Approve or Reject, from within the Workspace ONE Intelligent Hub app.
BMC Helix Change Request Integration Pack for Workspace ONE Experience Workflows (Beta)
Hub Services customers with Workspace ONE Experience Workflows enabled can configure an integration withBMC Helixto notify approvers when a Change Request is pending. Approvers will be able to view the request and take action on the change request, such as Approve or Reject, from within the Workspace ONE Intelligent Hub app.
Authenticator App is a new authentication method available for multi-factor authentication (MFA) that is supported directly by Workspace ONE Access. This MFA is ideal for users with unmanaged devices and requiresno collection of personal identifying information (PII). Users can leverage any authenticator app of their choice–such as Google Authenticator, Microsoft Authenticator, Okta Verify, Authy, 1Password–that follows the time-based one-time passcode (TOTP) as defined in RFC 6238 on their own device. TOTP client support will be available on the Intelligent Hub iOS and Android App later this year in Q3.
Continue-on-Failure Authentication Policy
In this release, a new access policy configuration is introduced to control the rule policy execution. You can now create an access policy with rules that let the user authentication progress to the next rule if the authentication fails on the present rule. In the Workspace ONE Access service, regular policy execution terminates when the conditions in the first matching rule are executed. The new rule progression option allows you to progress rule execution to the next matching rule in the policy if the authentication fails on the present rule. A common use of this configuration includes password less authentication policy and alternative authentication rules for different sets of users.
Refreshed Custom Branding Page
When you choose to use the new navigation and there-designed look of the Workspace ONE Access console,you will see a refreshed Branding page under Settings > Branding. The setting to change Favicon is no longer available in the re-designed console. The settings to customize branding for the VMware Verify application is nowavailable on the Branding page.
Removed Settings Due to the End-of-Support-Life for the Workspace ONE application
Several configuration and branding settings have been removed from user interface in the Workspace ONE Access console because of the end-of-support-life for the Workspace ONE application. Please refer to theEnd of Support Life for the VMware Workspace ONE Application KB article(80208) for more information on the End of Support Life for the Workspace ONE Application.
Connector Support for Horizon Cloud Service on Microsoft Azure with Single-Pod Broker(Cloud only)
The 22.05 release of the Workspace ONE Access Connector will include support for integrating with Horizon Cloud Service on Microsoft Azure with Single-Pod Broker and Horizon Cloud Service on IBM Cloud. This will allow for the legacy connectors that are used for virtual apps to be migrated from version 19.03 or 19.03.0.1 to version 22.05 connector. Both directories and virtual apps collections must be migrated together during this one-time process.
FIPS Mode Support for the Connector (Cloud only)
The 22.05 Workspace ONE Access Connector will have an option to enable FIPS mode during installation. FIPS mode will set the connector to run with data and encryption that is secure at a level of compliance encouraged by the United States government. The algorithms used are FIPS 140-2 compliant algorithms.
Workspace ONE Access Connectors with FIPS mode enabled will not support integrating with Citrix, Horizon, Horizon Cloud Service on Microsoft Azure with Single-Pod Broker, or Horizon Cloud Service on IBM Cloud. A Workspace ONE Access Connector with FIPS mode enabled will support integrating virtual apps that are running in Horizon Cloud Service on Microsoft Azure with Universal Broker.
The FIPS mode option is not available when you upgrade to a 22.05 connector. The option to enable FIPS mode is supported only in new connector installations.
If you enable FIPS mode in the connector, to disable FIPS mode, you must reinstall the connector.
The VMware EUC Research Team wants to better understand the ins and outs of the life of an IT pro in the Support/ServiceDesk space, so we can anticipate your needs and provide solutions that make your job easier. In this survey, you'll get to tell us about your top Helpdesk requests, challenges, and what metrics are important to you.
At the end, you'll also have the opportunity to sign up for a virtual Workshop with fellow IT pros in the upcoming weeks where you’ll get to help design!
HW-156875 - Patch instructions to address CVE-2022-22972, CVE-2022-22973 in Workspace ONE Access Appliance (VMware Identity Manager) (88438)
CVE-2022-22972, CVE-2022-22973 have been determined to impact Workspace ONE Access (VMware Identity Manager). These vulnerabilities and their impact on VMware products are documented in the followingVMware Security Advisory - VMSA-2022-0014, please review this document before continuing
VMware Workspace ONE Access Appliance: 21.08.0.1, 21.08.0.0, 126.96.36.199, 188.8.131.52
Generate Installation Token in Certificate Signing Portal (88462)
New Workspace ONE (WS1) customers with an on premise deployment (perpetual licenses) must generate an installation token within the certificate signing portal (found within the My Workspace ONE portal) as part of their initial Workspace ONE UEM install.This token allows them to manually install WS1 UEM on their server.
To go into further detail, the certificate signing portal allows customers to sign a public SSL certificate from their vendor with VMware's unique security key to ensure secure communication between their organization's devices and Workspace ONE UEM during device enrollment.
Apple Business Manager now supports Google Workspace
Apple Business Manager organizations that use Google Workspace can now take advantage of directory sync and federated authentication. With directory sync, user records and Managed Apple IDs are created automatically, saving IT admins both time and effort. And with federated authentication, end users can sign in to their Managed Apple ID with their Google Workspace account, making for a seamless login experience to apps like Pages, Numbers, Keynote, Apple Business Essentials, iCloud Drive, and more.
For more information, refer to the Apple Business ManagerUser Guide.
VMware Tunnel Client Update - Support for Standalone enrollment (88311)
We are excited to share a major update to our VMware Tunnel solution. The Workspace ONE Tunnel clients on Windows and macOS platforms now support Standalone enrollment without Workspace ONE Intelligent Hub or any device management. As a result, there are two Tunnel clients available on macOS and Windows, one for supporting Standalone enrollment and one for existing Hub and MDM workflows. Please read ahead to understand these changes.
macOS Tunnel Client:
The VMware macOS Tunnel application 22.05 delivered through theWorkspace ONE Resources Portalsupports Standalone enrollment. Note that this client does not support existing MDM workflows or installation on a Workspace ONE managed device. Therefore, the 21.08 client is still available through Apple’s App Store. Please continue using the macOS Tunnel client delivered through the App Store for all MDM and Per-App use-cases/workflows.
Windows Tunnel Client:
There are now two versions of the Windows Tunnel client available on the Workspace ONE Resources portal. The current GA version (2.1.6) supports all existing workflows excluding Standalone enrollment.Client version 3.0 supports Standalone Enrollment and both full device and per-app Tunnel mode. Note that client version 3.0 does not support existing MDM workflows or installation on a Workspace ONE managed device.
Enabling both the MDM and Standalone enrollment workflows into a single Tunnel client will be provided in an upcoming release version.
Please refer to thisKBfor information on configuring the newStandalone enrollment feature. The official documentation will be updated shortly with the next UEM release.
AAGNT-194622 - Managed App Config for Internal Apps not working on Android 11+ (88463)
Workspace ONE UEM 2204 introduces support for pushing managed application configurations for Internal Applications uploaded through the Apps & Books section of the Console. On Android 11 and 12 devices that are enrolled using Intelligent Hub 22.04.0.30, UEM fails to apply these managed configurations to Internal Applications. This does not affect Android 11 and 12 devices that upgrade from previous versions of the Intelligent Hub application.
Our product team has been engaged and is actively working to resolve the issue.
Unable to use the external mouse support feature after upgrading to iPadOS14 (83205)
Cannot use the external mouse support feature after upgrade to iPadOS14 and enabled "Perform Touch Gestures". Host cursor cannot be hidden, left-click works like finger tap, etc.
This issue started with iPadOS 14. Enable "Perform Touch Gestures" will convert the events from the pointer devices into which triggered by fingers. Then it will make the external mouse/trackpad not work properly on the remote desktop, but the finger operations are still the same as before without any problems.
Therefore, we recommend that you turn off this option when using an external pointer device.
Turn off the option "Perform Touch Gestures" in system settings while using an external pointer device on a remote desktop.
[Action Required] Android Intelligent Hub 184.108.40.2061 Cannot Check In (86083) VMware will start requiring SNI in Workspace ONE UEM Dedicated SaaS environments starting January 16th, 2022. After this date,Android devices running Intelligent Hub 220.127.116.111 or lower may no longer communicate with Workspace ONE UEM. Affected devices may have to be re-enrolled with a supported version of Intelligent Hub.
VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243) Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).