VMware Digital Workspace Newsletter - Week 31



Week 31 -  2022






Weekly highlight:


[Article Update:] HW-160130 - Patch instructions to address CVE-2022-31656 - CVE-2022-31665 in Workspace ONE Access Appliance 








APNs for Application certificate renewal for On Premise environments (50121242)

  • 2022 Update of APNS certificate renewal script.
  • APNs for Application is the certificate that you are required to renew so that all enterprise applications continue to communicate with the Workspace ONE UEM Console.

If the APNs for Application is not renewed, the existing applications on the devices will lose communication with Workspace ONE. The applications will not function on the device and will lose communication with the console. This means the applications will not receive new commands and any new changes made in the console.

In order to prevent downtime associated with the iOS versions of Boxer, Content, Web, and Intelligent Hub, all On Premise customers who are utilizing these applications must execute a script on their Workspace ONE database.


Mac Software Distribution (SFD) ManagedSoftwareUpdate Log Changes (89183)

  • This article explains changes in Mac Software Distribution (SFD) logging to help troubleshooting and open-source tool integration (e.g. DEPNotify).
  • From VMware Workspace ONE Intelligent Hub for macOS 21.07 and above, we have introduced Parallel Download of SFD applications to improve overall deployment experience. Because of which, the download progress is no longer tracked and updated in ManagedSoftwareUpdate.log but instead is handled by Hub now.
  • Please read https://kb.vmware.com/s/article/89183?lang=en_US&source=email for more information.


AMST-36056: Workspace One UEM Managed Devices marked as Unmanaged in the Azure portal with "AirWatch by VMware" as the Initiated Actor. (89094)

  • Azure portal marks Workspace One (WS1) UEM Managed Devices as Unmanaged in the Azure portal with "AirWatch by VMware" as the Initiated Actor.
  • When Azure AD (AAD) enrolled devices are re-imaged or re-enrolled Workspace ONE UEM creates a new record that will have the same azuredeviceid. If an admin cleans up the old record, WS1 UEM sends a request to Azure to unregister the device.
  • Microsoft apps access on the device will be affected since Azure consider the device unmanaged.
  • VMware tried to overcome duplicate device records; however, it resulted in adverse effects, so we have to revert the changes. Please refer to Workspace ONE UEM Unique Identifier for Windows Feature Removal (88754) for more details. A future Workspace ONE UEM release will include a different device records cleanup approach.
  • In case an admin wants to delete AAD duplicate devices, we suggest that the admin triggers a "Re-sync device data from UEM to Azure Services" after devices deletion operation to correct azure side compliance status by navigating to Workspace ONE UEM Settings > System > Directory Services > Re-sync device data from UEM to Azure Services.
  • KB-Reference: https://kb.vmware.com/s/article/89094?lang=en_US&source=email


VMware Workspace ONE Device Compromise Protection (88966)

  • Device compromise is the deactivation of the built-in security features of a mobile device operating system. It is commonly referred to as rooting, if applied to Android devices, or jailbreaking, if applied to iOS and iPadOS devices.
    Device compromise increases the vulnerability of enterprise data on the device to unauthorized access, either by accidental leakage or by deliberate attack.
  • The VMware Workspace ONE® platform can protect you from mobile device compromise.
  • Workspace ONE has a security policy for compromise protection. The policy is activated in the management console, and then enforced by the runtime of the mobile software development kit (SDK).
  • More information and details in KB: https://kb.vmware.com/s/article/88966?lang=en_US&source=email


[Resolved] AAGNT-194592: Launcher fails to apply profile updates (89143)

  • The launcher will only apply the initial profile payload and fail to apply any subsequent profile updates.
  • The issue is happening because of the Inter-process communication (IPC) failure between the launcher and Hub when the profile payload is huge.
  • Devices won't receive Launcher profile changes.
  • This issue is already fixed in Hub_22.04, so please upgrade the Hub to the latest.
  • If the profile payload contains Wallpaper then payload size can be reduced by increasing the Wallpaper size > 180 KB since when there is bigger wallpaper only URL will be part of the payload.
  • KB-Reference: https://kb.vmware.com/s/article/89143?lang=en_US&source=email


Highlighting High Priority KBs


Recently updated and added KBs


Digital Workspace Techzone, Blog and YouTube Updates


3rd Party Blogs and Industry Updates


Beta, Lab and Tech Preview Updates

  • Workspace ONE Content 22.08 for iOS
    • Content MIME type
      Additional header parameter for the documents for better security and filtering of documents by enterprise admins
    • Support for Long names
      Updated the experience to show long names of files, repositories etc without needing user to do additional clicks.
    • Blocking access to Content app downloaded from un-managed source when device is managed by enterprise.
  • Workspace ONE Content 22.08 for Android
    • Print Document – This features allows users to print the document right from the Content app to the installed printer on the device.
    • Improved experience of login dialogs with certificate-based authentication.
    • Folder favourite option – This feature gives users ability to mark folders as favorites, so that they can easily find the marked folders.



Patch & Seed Script Updates Week31-2022