Weekly highlight: [Article Update:] HW-160130 - Patch instructions to address CVE-2022-31656 - CVE-2022-31665 in Workspace ONE Access Appliance - CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665 have been determined to impact Workspace ONE Access (VMware Identity Manager). These vulnerabilities and their impact on VMware products are documented in the following VMware Security Advisory - VMSA-2022-0021 , please review this document before continuing
- Please follow the KB https://kb.vmware.com/s/article/89096?lang=en_US&source=email for latest information.
- Please review the VMSA https://www.vmware.com/security/advisories/VMSA-2022-0021.html to check if you are impacted.
APNs for Application certificate renewal for On Premise environments (50121242) - 2022 Update of APNS certificate renewal script.
- APNs for Application is the certificate that you are required to renew so that all enterprise applications continue to communicate with the Workspace ONE UEM Console.
If the APNs for Application is not renewed, the existing applications on the devices will lose communication with Workspace ONE. The applications will not function on the device and will lose communication with the console. This means the applications will not receive new commands and any new changes made in the console. In order to prevent downtime associated with the iOS versions of Boxer, Content, Web, and Intelligent Hub, all On Premise customers who are utilizing these applications must execute a script on their Workspace ONE database. Mac Software Distribution (SFD) ManagedSoftwareUpdate Log Changes (89183) - This article explains changes in Mac Software Distribution (SFD) logging to help troubleshooting and open-source tool integration (e.g. DEPNotify).
- From VMware Workspace ONE Intelligent Hub for macOS 21.07 and above, we have introduced Parallel Download of SFD applications to improve overall deployment experience. Because of which, the download progress is no longer tracked and updated in ManagedSoftwareUpdate.log but instead is handled by Hub now.
- Please read https://kb.vmware.com/s/article/89183?lang=en_US&source=email for more information.
AMST-36056: Workspace One UEM Managed Devices marked as Unmanaged in the Azure portal with "AirWatch by VMware" as the Initiated Actor. (89094) - Azure portal marks Workspace One (WS1) UEM Managed Devices as Unmanaged in the Azure portal with "AirWatch by VMware" as the Initiated Actor.
- When Azure AD (AAD) enrolled devices are re-imaged or re-enrolled Workspace ONE UEM creates a new record that will have the same azuredeviceid. If an admin cleans up the old record, WS1 UEM sends a request to Azure to unregister the device.
- Microsoft apps access on the device will be affected since Azure consider the device unmanaged.
- VMware tried to overcome duplicate device records; however, it resulted in adverse effects, so we have to revert the changes. Please refer to Workspace ONE UEM Unique Identifier for Windows Feature Removal (88754) for more details. A future Workspace ONE UEM release will include a different device records cleanup approach.
- In case an admin wants to delete AAD duplicate devices, we suggest that the admin triggers a "Re-sync device data from UEM to Azure Services" after devices deletion operation to correct azure side compliance status by navigating to Workspace ONE UEM Settings > System > Directory Services > Re-sync device data from UEM to Azure Services.
- KB-Reference: https://kb.vmware.com/s/article/89094?lang=en_US&source=email
VMware Workspace ONE Device Compromise Protection (88966) - Device compromise is the deactivation of the built-in security features of a mobile device operating system. It is commonly referred to as rooting, if applied to Android devices, or jailbreaking, if applied to iOS and iPadOS devices.
Device compromise increases the vulnerability of enterprise data on the device to unauthorized access, either by accidental leakage or by deliberate attack. - The VMware Workspace ONE® platform can protect you from mobile device compromise.
- Workspace ONE has a security policy for compromise protection. The policy is activated in the management console, and then enforced by the runtime of the mobile software development kit (SDK).
- More information and details in KB: https://kb.vmware.com/s/article/88966?lang=en_US&source=email
[Resolved] AAGNT-194592: Launcher fails to apply profile updates (89143) - The launcher will only apply the initial profile payload and fail to apply any subsequent profile updates.
- The issue is happening because of the Inter-process communication (IPC) failure between the launcher and Hub when the profile payload is huge.
- Devices won't receive Launcher profile changes.
- This issue is already fixed in Hub_22.04, so please upgrade the Hub to the latest.
- If the profile payload contains Wallpaper then payload size can be reduced by increasing the Wallpaper size > 180 KB since when there is bigger wallpaper only URL will be part of the payload.
- KB-Reference: https://kb.vmware.com/s/article/89143?lang=en_US&source=email
Highlighting High Priority KBs - HW-156875 - Patch instructions to address CVE-2022-22972, CVE-2022-22973 in Workspace ONE Access Appliance (VMware Identity Manager) (88438)
CVE-2022-22972, CVE-2022-22973 have been determined to impact Workspace ONE Access (VMware Identity Manager). These vulnerabilities and their impact on VMware products are documented in the following VMware Security Advisory - VMSA-2022-0014 , please review this document before continuing - Announcing end of support for device administrator (Android Legacy) in Workspace ONE UEM (80971)
To align with Google’s strategy and ensure VMware’s investment in the right long-term solution for Android, as of March 31st, 2022, VMware will no longer support device administrator-based management on Android (referred to as Android (Legacy) in the Workspace ONE UEM console). - VMware Tunnel Proxy End of Support Life Announcement (87345)
VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023. - VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
Recently updated and added KBs Digital Workspace Techzone, Blog and YouTube Updates 3rd Party Blogs and Industry Updates Beta, Lab and Tech Preview Updates - Workspace ONE Content 22.08 for iOS
- Content MIME type
Additional header parameter for the documents for better security and filtering of documents by enterprise admins - Support for Long names
Updated the experience to show long names of files, repositories etc without needing user to do additional clicks. - Blocking access to Content app downloaded from un-managed source when device is managed by enterprise.
- Workspace ONE Content 22.08 for Android
- Print Document – This features allows users to print the document right from the Content app to the installed printer on the device.
- Improved experience of login dialogs with certificate-based authentication.
- Folder favourite option – This feature gives users ability to mark folders as favorites, so that they can easily find the marked folders.
Patch & Seed Script Updates Week31-2022 - OS Updates Seed Script
- Seed Script for latest Device Model Information
- Custom Script to Allow Android 12 enrollments into Workspace ONE UEM Console
|
Comments
Post a Comment