VMware Digital Workspace Newsletter - Week 20



Week 20 -  2022







Weekly highlight:


Workspace ONE Hub Services & Workspace ONE Access updates:


Removing the 3-Character Limit for People Search

People Search (on Hub Web) will now allow searching with just one or two characters instead of the usual 3-character search. This enables support for searching names in logographic languages like Chinese, Japanese, etc.


Workflows Error Handling – Email Alerts upon failures

Workspace ONE Experience Workflows error handling has been improved to send email alerts directly to Administrators when a scheduled process fails to run successfully for any reason. All integration packs will now have an additional configuration parameter to include an email address to receive these notifications.


Saviynt Access Request Integration Pack for Workspace ONE Experience Workflows

Hub Services customers with Workspace ONE Experience Workflows enabled can configure an integration with Saviynt to notify approvers when a task is pending. Approvers will be able to view the request and take action on the task, such as Approve or Reject, from within the Workspace ONE Intelligent Hub app.


BMC Helix Change Request Integration Pack for Workspace ONE Experience Workflows (Beta)

Hub Services customers with Workspace ONE Experience Workflows enabled can configure an integration with BMC Helix to notify approvers when a Change Request is pending. Approvers will be able to view the request and take action on the change request, such as Approve or Reject, from within the Workspace ONE Intelligent Hub app.



For more information, refer to this Release Notes



Workspace ONE Access Services:

Authenticator App for Multi-Factor Authentication

Authenticator App is a new authentication method available for multi-factor authentication (MFA) that is supported directly by Workspace ONE Access. This MFA is ideal for users with unmanaged devices and requires no collection of personal identifying information (PII). Users can leverage any authenticator app of their choice–such as Google Authenticator, Microsoft Authenticator, Okta Verify, Authy, 1Password–that follows the time-based one-time passcode (TOTP) as defined in RFC 6238 on their own device. TOTP client support will be available on the Intelligent Hub iOS and Android App later this year in Q3.

Continue-on-Failure Authentication Policy

In this release, a new access policy configuration is introduced to control the rule policy execution. You can now create an access policy with rules that let the user authentication progress to the next rule if the authentication fails on the present rule. In the Workspace ONE Access service, regular policy execution terminates when the conditions in the first matching rule are executed. The new rule progression option allows you to progress rule execution to the next matching rule in the policy if the authentication fails on the present rule. A common use of this configuration includes password less authentication policy and alternative authentication rules for different sets of users.

Refreshed Custom Branding Page

When you choose to use the new navigation and the re-designed look of the Workspace ONE Access console, you will see a refreshed Branding page under Settings > Branding. The setting to change Favicon is no longer available in the re-designed console. The settings to customize branding for the VMware Verify application is now available on the Branding page. 

Removed Settings Due to the End-of-Support-Life for the Workspace ONE application

Several configuration and branding settings have been removed from user interface in the Workspace ONE Access console because of the end-of-support-life for the Workspace ONE application. Please refer to the End of Support Life for the VMware Workspace ONE Application KB article (80208) for more information on the End of Support Life for the Workspace ONE Application.

Connector Support for Horizon Cloud Service on Microsoft Azure with Single-Pod Broker (Cloud only)

The 22.05 release of the Workspace ONE Access Connector will include support for integrating with Horizon Cloud Service on Microsoft Azure with Single-Pod Broker and Horizon Cloud Service on IBM Cloud. This will allow for the legacy connectors that are used for virtual apps to be migrated from version 19.03 or to version 22.05 connector. Both directories and virtual apps collections must be migrated together during this one-time process.

FIPS Mode Support for the Connector (Cloud only)

The 22.05 Workspace ONE Access Connector will have an option to enable FIPS mode during installation. FIPS mode will set the connector to run with data and encryption that is secure at a level of compliance encouraged by the United States government. The algorithms used are FIPS 140-2 compliant algorithms.

Workspace ONE Access Connectors with FIPS mode enabled will not support integrating with Citrix, Horizon, Horizon Cloud Service on Microsoft Azure with Single-Pod Broker, or Horizon Cloud Service on IBM Cloud. A Workspace ONE Access Connector with FIPS mode enabled will support integrating virtual apps that are running in Horizon Cloud Service on Microsoft Azure with Universal Broker.


  • The FIPS mode option is not available when you upgrade to a 22.05 connector. The option to enable FIPS mode is supported only in new connector installations.
  • If you enable FIPS mode in the connector, to disable FIPS mode, you must reinstall the connector.



For more information, refer to this Release Notes.






Life of a ServiceDesk Admin + Workshop Signup

The VMware EUC Research Team wants to better understand the ins and outs of the life of an IT pro in the Support/ServiceDesk space, so we can anticipate your needs and provide solutions that make your job easier. In this survey, you'll get to tell us about your top Helpdesk requests, challenges, and what metrics are important to you.

At the end, you'll also have the opportunity to sign up for a virtual Workshop with fellow IT pros in the upcoming weeks where you’ll get to help design!

This can take up to 10 minutes of your time.



HW-156875 - Patch instructions to address CVE-2022-22972, CVE-2022-22973 in Workspace ONE Access Appliance (VMware Identity Manager) (88438)


Generate Installation Token in Certificate Signing Portal (88462)

  • New Workspace ONE (WS1) customers with an on premise deployment (perpetual licenses) must generate an installation token within the certificate signing portal (found within the My Workspace ONE portal) as part of their initial Workspace ONE UEM install.This token allows them to manually install WS1 UEM on their server.
  • To go into further detail, the certificate signing portal allows customers to sign a public SSL certificate from their vendor with VMware's unique security key to ensure secure communication between their organization's devices and Workspace ONE UEM during device enrollment.
  • KB: https://kb.vmware.com/s/article/88462?lang=en_US&source=email


Workspace ONE Windows Health Attestation Unknown Status (88478)


Apple Business Manager now supports Google Workspace

  • Apple Business Manager organizations that use Google Workspace can now take advantage of directory sync and federated authentication. With directory sync, user records and Managed Apple IDs are created automatically, saving IT admins both time and effort. And with federated authentication, end users can sign in to their Managed Apple ID with their Google Workspace account, making for a seamless login experience to apps like Pages, Numbers, Keynote, Apple Business Essentials, iCloud Drive, and more. 
  • For more information, refer to the Apple Business Manager User Guide.


VMware Tunnel Client Update - Support for Standalone enrollment (88311)

  • We are excited to share a major update to our VMware Tunnel solution. The Workspace ONE Tunnel clients on Windows and macOS platforms now support Standalone enrollment without Workspace ONE Intelligent Hub or any device management.
    As a result, there are two Tunnel clients available on macOS and Windows, one for supporting Standalone enrollment and one for existing Hub and MDM workflows. Please read ahead to understand these changes.
  • macOS Tunnel Client:
    • The VMware macOS Tunnel application 22.05 delivered through the Workspace ONE Resources Portal supports Standalone enrollment. Note that this client does not support existing MDM workflows or installation on a Workspace ONE managed device. Therefore, the 21.08 client is still available through Apple’s App Store. Please continue using the macOS Tunnel client delivered through the App Store for all MDM and Per-App use-cases/workflows.
  • Windows Tunnel Client:
    • There are now two versions of the Windows Tunnel client available on the Workspace ONE Resources portal. The current GA version (2.1.6) supports all existing workflows excluding Standalone enrollment. Client version 3.0 supports Standalone Enrollment and both full device and per-app Tunnel mode.
      Note that client version 3.0 does not support existing MDM workflows or installation on a Workspace ONE managed device.
  • Next Steps:
    • Enabling both the MDM and Standalone enrollment workflows into a single Tunnel client will be provided in an upcoming release version.
    • Please refer to this KB for information on configuring the new Standalone enrollment featureThe official documentation will be updated shortly with the next UEM release.
  • KB-Reference: https://kb.vmware.com/s/article/88311?lang=en_US&source=email


Configuring VMware Tunnel Client for Standalone enrollment (88457)


AAGNT-194622 - Managed App Config for Internal Apps not working on Android 11+ (88463)

  • Workspace ONE UEM 2204 introduces support for pushing managed application configurations for Internal Applications uploaded through the Apps & Books section of the Console. On Android 11 and 12 devices that are enrolled using Intelligent Hub, UEM fails to apply these managed configurations to Internal Applications. This does not affect Android 11 and 12 devices that upgrade from previous versions of the Intelligent Hub application.
  • Our product team has been engaged and is actively working to resolve the issue.
  • KB-Reference: https://kb.vmware.com/s/article/88463?lang=en_US&source=email


Unable to use the external mouse support feature after upgrading to iPadOS14 (83205)

  • Cannot use the external mouse support feature after upgrade to iPadOS14 and enabled "Perform Touch Gestures". Host cursor cannot be hidden, left-click works like finger tap, etc.
  • This issue started with iPadOS 14. Enable "Perform Touch Gestures" will convert the events from the pointer devices into which triggered by fingers. Then it will make the external mouse/trackpad not work properly on the remote desktop, but the finger operations are still the same as before without any problems.
  • Therefore, we recommend that you turn off this option when using an external pointer device.
  • Turn off the option "Perform Touch Gestures" in system settings while using an external pointer device on a remote desktop. 
    • Settings > Accessibility > Touch > AssistiveTouch > Perform Touch Gestures.
  • KB-Reference: https://kb.vmware.com/s/article/83205?lang=en_US&source=email


Highlighting High Priority KBs


Recently updated or newly added KBs


Digital Workspace Techzone, Blog and YouTube Updates


3rd Party Blogs & Industry Updates




Patch & Seed Script Updates Week20-2022