VMware Digital Workspace Newsletter - Week 23

                

Week 23 -  2022             Weekly highlight:   More details on Mobile Threat Defense TechZone video’s online: Workspace ONE Mobile Threat Defense in Action (Demo) Workspace ONE Mobile Threat Defense Technical Overview Workspace ONE Mobile Threat Defense Architecture and Integrations   Relative Enterprise Announcements from this week Apple’s WWDC: What's new in managing Apple devices Discover Managed Device Attestation What’s new in Endpoint Security Adopt declarative device management   Third party blog on Apple’s WWDC: Mobile-Jon: Mobile Jon’s 7 Interesting Things at WWDC 2022             Week 23 Software Releases System Component Release Announcement Release Date macOS Workspace ONE Intelligent Hub for macOS 22.05 This release of macOS Intelligent Hub is primarily focused on backend improvements and bug fixes. The new feature for this release includes: Troubleshooting enhancements: Workspace ONE Hub now provides logged-in Username to the DEEM agent. Bug Fixes https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Workspace-ONE-Intelligent-Hub-for-macOS.html 03.06.22 Android Hub 22.05 Suspend Personal and Work Android Applications Intelligent Hub can now suspend personal and work applications on enrolled Android devices. You can suspend some or all managed applications (Public and Internal apps) in any enrollment mode. In addition, you can suspend all applications in the personal side of Android 11+ devices enrolled in COPE mode. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Introducing-VMware-Workspace-ONE-Intelligent-Hub-for-Android.html 09.06.22 Android Launcher 22.05 Resolved Issues ALAU-171781: Orientation lock set for guest mode incorrectly persists on non-guest logins ALAU-171675: List of applications is not updated when an app is removed from the 'Applications' Tab ALAU-171859: Floating Button is incorrectly shown when inactivity timeout screen is configured ALAU-171718: User cannot enable notification permission when none of the device settings are enabled in Launcher profile ALAU-171499: Select devices experience disappearance of internal app icon in Launcher home screen ALAU-171942: Access to Wi-Fi and select launcher settings are briefly available after a device reboot https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Introducing-VMware-Workspace-ONE-Launcher-for-Android.html 06.06.22 Android SDK 22.5 SDK Android 12 support to apps targeting API 31 Upgrade to Openssl 1.0.2.ze https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-SDK-for-Android.html 08.06.22 Windows WinMo Agent 6.5.14 WMAGNT-4014 – hub fails to generate enrolled device udid https://resources.workspaceone.com/view/yq5gy46jkn63ny8trpp7/en 09.06.22 Backend WS1 Access Connector (Cloud Only) 22.05 Connector Support for Horizon Cloud Service on Microsoft Azure with Single-Pod Broker (Workspace ONE Access Cloud only) The 22.05 release of the Workspace ONE Access Connector will include support for integrating with Horizon Cloud Service on Microsoft Azure with Single-Pod Broker and Horizon Cloud Service on IBM Cloud. This will allow for the legacy connectors that are used for virtual apps to be migrated from version 19.03 or 19.03.0.1 to version 22.05 connector. Both directories and virtual apps collections must be migrated together during this one-time process. FIPS Mode Support for the Connector (Workspace ONE Access Cloud only) The 22.05 Workspace ONE Access Connector will have an option to enable FIPS mode during installation. FIPS mode will set the connector to run with data and encryption that is secure at a level of compliance encouraged by the United States government. The algorithms used are FIPS 140-2 compliant algorithms. Workspace ONE Access Connectors with FIPS mode enabled will not support integrating with Citrix, Horizon, Horizon Cloud Service on Microsoft Azure with Single-Pod Broker, or Horizon Cloud Service on IBM Cloud. A Workspace ONE Access Connector with FIPS mode enabled will support integrating virtual apps that are running in Horizon Cloud Service on Microsoft Azure with Universal Broker. Note: The FIPS mode option is not available when you upgrade to a 22.05 connector. The option to enable FIPS mode is supported only in new connector installations. If you enable FIPS mode in the connector, to disable FIPS mode, you must reinstall the connector. Time-based One-Time Password (TOTP) support for RFC 6238 Compliant Authenticator Apps* Workspace ONE Access now supports a new authentication method ‘Authenticator App’ to enhance its native MFA capabilities. This MFA is ideal for users with unmanaged devices, can be used offline, and requires no collection of personal identifying information (PII). Users can leverage any authenticator app of their choice–such as Google Authenticator, Microsoft Authenticator, Okta Verify, Authy, 1Password–that follows the time-based one-time passcode (TOTP) standards as defined in RFC 6238 on their own device. TOTP client support will be available on the Intelligent Hub iOS and Android App later this year in Q3. See Configure an Authenticator App with Two-Factor Authentication for configuration instructions. https://docs.vmware.com/en/VMware-Workspace-ONE-Access/services/rn/vmware-workspace-one-access-release-notes/index.html 09.06.22   End User Computing / VDI Environment + Horizon Survey [Horizon Admins only] The VMware EUC Research Team wants to hear your thoughts about end user computing solutions and VDI. What’s your device and app setup for accessing VDI solutions? What are your plans around mobile device programs? Help us understand what you’re working with and how Horizon may be able to help. This may take up to 5 minutes of your time. Take The Survey    BitLocker and BitLocker to Go Best Practices and Considerations (88620) BitLocker and BitLocker to Go (BL2Go) are technologies designed to encrypt data and provide recovery capabilities as needed in the UEM console. There are some situations where changing GPO settings might conflict with BitLocker settings, resulting in unexpected results. Other best practices can be followed to ensure the highest recovery capabilities for hardware issues or forgotten passwords. This article is intended to track recent issues identified with BitLocker and BL2Go and help guide you on the best experience with these technologies. Please review https://kb.vmware.com/s/article/88620?lang=en_US&source=email for more details.   Highlighting High Priority KBs HW-156875 - Patch instructions to address CVE-2022-22972, CVE-2022-22973 in Workspace ONE Access Appliance (VMware Identity Manager) (88438) CVE-2022-22972, CVE-2022-22973 have been determined to impact Workspace ONE Access (VMware Identity Manager).  These vulnerabilities and their impact on VMware products are documented in the following VMware Security Advisory - VMSA-2022-0014 , please review this document before continuing Announcing end of support for device administrator (Android Legacy) in Workspace ONE UEM (80971) To align with Google’s strategy and ensure VMware’s investment in the right long-term solution for Android, as of March 31st, 2022, VMware will no longer support device administrator-based management on Android (referred to as Android (Legacy) in the Workspace ONE UEM console).  [Action Required] Android Intelligent Hub 9.0.0.391 Cannot Check In (86083) VMware will start requiring SNI in Workspace ONE UEM Dedicated SaaS environments starting January 16th, 2022. After this date, Android devices running Intelligent Hub 9.0.0.391 or lower may no longer communicate with Workspace ONE UEM. Affected devices may have to be re-enrolled with a supported version of Intelligent Hub. VMware Tunnel Proxy End of Support Life Announcement (87345) VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023. VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243) Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).   Recently updated and added KBs Unable to Access SharePoint files in Content (50107385) End of General Support for AirWatch DataMart (84035) Best Practices for Enterprise Reset on Zebra Work Managed Devices (74764) "Autocreated" user metadata displaying in the Workspace ONE Intelligence User Interface (UI) (83922) How do you create a Wi-Fi profile for iOS devices? (50103741) Android - Unable to Install application using URL method (50122124) Third Party Keyboard is Disabled on Samsung Devices Running on Android 8.0 with Android for Work (50120968) Unable To View The Zebra MX Payload When Creating An Android For Work Profile (50121244) Changes to Log Files for Workspace ONE Intelligent Hub 19.10 for macOS (75326) Error: "You are missing one of the services required to run Custom Reports. Please contact your administrator to configure this service." (50121073) VMware Workspace ONE UEM 2204 Shared SaaS and Latest Mode Deployment Schedule (80156)   Digital Workspace Techzone, Blog and YouTube Updates Redefine Digital Workspace with VMware Horizon on VMware Cloud on Dell See the new query builder user interface in Workspace ONE Intelligence Introducing new Horizon SaaS editions to reduce TCO with automation, optimization, and performance management RSAC 2022 – Where to find VMware Anywhere Workspace, plus all the latest news   3rd Party Blogs and Industry Updates David Deans: How to Empower Your Hybrid Workforce Vladan Seget: Auto-Start VMs on Desktop after Power outage or reboot     June Software Releases Component Release Announcement Release Date WS1 Access Connector 22.05 https://docs.vmware.com/en/VMware-Workspace-ONE-Access/services/rn/vmware-workspace-one-access-release-notes/index.html 09.06.22 Hub 22.05 https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Introducing-VMware-Workspace-ONE-Intelligent-Hub-for-Android.html 09.06.22 Launcher 22.05 https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Introducing-VMware-Workspace-ONE-Launcher-for-Android.html 06.06.22 SDK 22.5 https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-SDK-for-Android.html 08.06.22 WinMo Agent 6.5.14 https://resources.workspaceone.com/view/zvh5p8knphvqxqrwy6rw/en 10.06.22 Workspace ONE Intelligent Hub for macOS 22.05 https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Workspace-ONE-Intelligent-Hub-for-macOS.html 03.06.22   Patch & Seed Script Updates Week23-2022 OS Updates Seed Script  Most recent update: iOS 16.0.0 (20A5283p),tvOS 16.0.0 (20J5299n),macOS Ventura 13.0.0 (22A5266r) https://resources.workspaceone.com/view/rywydmj6ghb9nmch4ywq/en Last Update: CW20 Seed Script for latest Device Model Information Update Device Model details seed for iiPad Air (Gen 5), iPhone SE (Gen 3) models https://resources.workspaceone.com/view/x8kn6bslt67vwvlgx4ld/en Last update: CW14   Custom Script to Allow Android 12 enrollments into Workspace ONE UEM Console Agnostic script to update seed data to allow Android 12 enrollments into the Console. https://resources.workspaceone.com/view/rvfdv9s6mhsh4xgdxf7f/en Last Update: CW44   Workspace ONE UEM 20.11 Patch Level: 20.11.0.44 CRSVC-28747: Migrate UEM database table BlobMaster that were encrypted using kv0 CRSVC-28486: Update PasswordMigrationMetadata.json file to include Patch-2 tables and column details for migration CMSVC-16084: UEM discloses smart group details from other tenants https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2011/rn/VMware-Workspace-ONE-UEM-Release-Notes-2011.html#20-11-0-42-patch-resolved-issues-resolved https://resources.workspaceone.com/view/pdwkjgfsb8b57cxvfnpd/en Last Update: CW17 Workspace ONE UEM 21.02 Patch Level: 21.2.0.35 CRSVC-28747: Migrate UEM database table BlobMaster that were encrypted using kv0 CRSVC-28486: Update PasswordMigrationMetadata.json file to include Patch-2 tables and column details for migration CMSVC-16084: UEM discloses smart group details from other tenants https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2102/rn/Workspace-ONE-UEM-2102-Release-Notes.html#21-2-0-31-patch-resolved-issues-resolved https://resources.workspaceone.com/view/48ktw9p6spmq8dflll49/en Last Update: CW17   Workspace ONE UEM 21.05 Patch Level: 21.5.0.60 AGGL-11976: Device wipe initiated for devices even if admin cancels the request mid-way. ARES-22121: Profile V2 Search API working only for the device profiles. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2105/rn/Workspace-ONE-UEM-2105-Release-Notes.html#21-5-0-60-patch-resolved-issues-resolved Last Update: CW23   Workspace ONE UEM 21.09 Patch Level: 21.9.0.34 INTEL-38429: ETL | Analyse and fix checksum failures for tags involving special characters AMST-36009: Greater Than or Equal to application detection operator not working AMST-35839: Purge hardcoded keys from config files AAPP-13900: VPP licenses are not getting disassociated https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2109/rn/Workspace-ONE-UEM-2109-Release-Note.html#21-9-0-33-patch-resolved-issues-resolved Last Update: CW22   Workspace ONE UEM 21.11 Patch Level: 21.11.0.33 ARES-22093: External App Assignment fails due to duplicate key error AMST-36130: Native Enrollment failing with error MultiUserFFSetup AGGL-11949: Zebra Device Model's Being Reported as Unknown - 2111 AGGL-11944: Chrome URLWhitelist/URLBlacklist does not work on the latest Chrome Versions. Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2111/rn/vmware-workspace-one-uem-2111-release-notes/index.html#resolved-issues-2111030-patch-resolved-issues Last Update: CW22   Workspace ONE UEM 22.03 Patch Level 22.3.09 PPAT-10981: [Console] Clicking on "Manage Tunnel Access" options crashes the page FCA-202994: Device wipe initiated for devices even if admin cancels the request mid-way CRSVC-29618: Failed to view device summary--troubleshooting in uem console 2203 when admin locale set to Chinese AMST-36175: Customer cannot upload missing dependencies for some .appx files while editing them https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2203/rn/vmware-workspace-one-uem-powered-by-airwatch-2203-release-notes/index.html#resolved-issues-22308-patch-resolved-issues Last Update: CW23