Weekly highlight: [Resolved] AMST-34805: Workspace ONE UEM User-Context commands remain queued for certain re-enrolled Windows Devices (88723) - There are two types of MDM enrollment for Windows devices:
- AAD enrolled (e.g. Windows OOBE)
- Non-AAD enrolled (regular MDM enrollment)
- For AAD Enrolled devices, during device check-in, the check-in request contains an unique token for the Device Services (DS) to identify the user identity. DS will only pass user-context commands to the device if current login user matches the associated AAD user record in UEM console.
- For Non-AAD Enrolled devices, check-in request will not include the aforementioned token and only indicate check-in context through an additional param:
- maintenance mode: check-in happens when there is an active enrolled user login.
- machine mode: check-in happens in the System context and the system does not have access to the user's profile. In this scenario, UEM will hold off user-context commands (e.g. user-context profile/apps, app list sample command) and only provide device with device-context commands.
- There was an issue identified that enrollment type of the device is not reset upon unenrollment. On re-enrollment of a device which was previously AAD enrolled (e.g. Windows OOBE), even if the new enrollment flow is non-AAD, device remains marked as AAD enrolled.
- This results in devices not able to consume user-context commands. User specific apps and profiles will remain in-queue and not deployed to the device.
- Impacting UEM 21.05
- This issue is resolved in Workspace ONE UEM 2203. In addition to this, the fix is available as a patch for the following versions;
- 21.11.0.11 and above
- 22.9.0.22 and above
Unable to enroll iOS 16 beta and iPadOS 16 beta in Workspace ONE UEM (88735) - When attempting an MDM enrollment on iOS 16 beta or iPadOS 16 beta, the enrollment will fail while installing the MDM profile with an error message that states "Profile Installation Failed". Please see the screenshot in the KB.
- The iOS 16 and iPadOS 16 beta versions need to be seeded into the UEM environment in order for enrollment to succeed.
- For SaaS customers: new versions of iOS and iPadOS will be seeded automatically.
- For On Premise customers: please use the latest seed script available here to update your environment.
Week 24 Software Releases VMware named a Leader in three 2022 IDC MarketScape assessments for UEM - Today, we’re excited to share that VMware was positioned as a Leader in three recent IDC MarketScape vendor assessments for the unified endpoint management (UEM) market:
- This was the fifth year in a row VMware was named a Leader in both the UEM Software and UEM for Ruggedized/Internet of Things (IoT) Device Deployments MarketScape reports, and the second year in a row we were positioned as a Leader in the UEM for Apple Devices assessment, which was published for the first time last year.
- Find out more: https://blogs.vmware.com/euc/2022/06/vmware-named-a-leader-in-three-2022-idc-marketscape-assessments-for-uem.html
CRSVC-29893 - Device Compliance check failing on Workspace ONE Access when using AirWatch CA (88741) - Authentication through Workspace ONE Access may fail if the access policy has both - Single Sign-On and Device Compliance (with Workspace ONE UEM) enabled as required authentication methods.
Single Sign-On can be included in the following authentication methods:
- Certificate Cloud Deployment
- Mobile SSO (for iOS)
- Mobile SSO (for Android)
The administrator should see the below error under the "Workspace ONE Access > Dashboards > Reports" when a device fails to authenticate.
· [{\"reason\":\"AUTHENTICATION_FAILURE\",\"authMethod\":\"identityProvider.embedded.authMethod.airwatchCompliance\",\"failureMessage\":\"Invalid value provided for unique device id.\"}]",· "authMethods" : "identityProvider.embedded.authMethod.airwatchCompliance", "message" : "Authentication failed." Suspend Personal and Work Android Applications on Workspace ONE UEM Managed Devices (88487) - With Workspace ONE Intelligent Hub 22.05 for Android, you can now push a Custom Settings profile to suspend applications on enrolled Android devices:
1. You can suspend some or all managed applications (Public or Internal apps provisioned through Workspace ONE UEM) on devices that are enrolled in the following modes: - Work Profile *
- Work Managed
- Corporate Owned Personally Enabled (COPE)
- Android 11 and above *
- Android 10 and below
· * Managed applications are only suspended inside the Work Profile. 2. On COPE devices in Android 11 and above, you can also suspend all applications on the personal side of the device. Highlighting High Priority KBs - HW-156875 - Patch instructions to address CVE-2022-22972, CVE-2022-22973 in Workspace ONE Access Appliance (VMware Identity Manager) (88438)
CVE-2022-22972, CVE-2022-22973 have been determined to impact Workspace ONE Access (VMware Identity Manager). These vulnerabilities and their impact on VMware products are documented in the following VMware Security Advisory - VMSA-2022-0014 , please review this document before continuing - Announcing end of support for device administrator (Android Legacy) in Workspace ONE UEM (80971)
To align with Google’s strategy and ensure VMware’s investment in the right long-term solution for Android, as of March 31st, 2022, VMware will no longer support device administrator-based management on Android (referred to as Android (Legacy) in the Workspace ONE UEM console). - [Action Required] Android Intelligent Hub 9.0.0.391 Cannot Check In (86083)
VMware will start requiring SNI in Workspace ONE UEM Dedicated SaaS environments starting January 16th, 2022. After this date, Android devices running Intelligent Hub 9.0.0.391 or lower may no longer communicate with Workspace ONE UEM. Affected devices may have to be re-enrolled with a supported version of Intelligent Hub. - VMware Tunnel Proxy End of Support Life Announcement (87345)
VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023. - VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
Recently updated and added KBs Digital Workspace Techzone, Blog and YouTube Updates 3rd Party Blogs and Industry Updates June Software Releases
Patch & Seed Script Updates Week24-2022 - OS Updates Seed Script
- Seed Script for latest Device Model Information
- Custom Script to Allow Android 12 enrollments into Workspace ONE UEM Console
|
Comments
Post a Comment