VMware Digital Workspace Newsletter - Week 38

                 

Week 38 -  2022       Weekly highlight:     Workspace ONE Access Services updates Directory Sync Frequency Updates The interval between synchronization times has been made more flexible and will let administrators to choose between setting hourly synchronizations or synchronizations every 2, 6, or 12 hours. Administrators can also choose to set their sync frequency to be less often with daily or weekly intervals. Shift-based conditional access policies in Workspace ONE Access to support Shift-based Access to Workspace ONE Digital Workspace Shift-based access control with Workspace ONE enables your company to deliver a digital workspace that is shift aware. Shift-based access control restricts the use of different product apps and features when a worker is not clocked-in for their shift. In the Workspace ONE Access console, you can configure Shift-based Auth as an authorization method to manage when workers can launch specific Workspace ONE Access federated applications based on whether the worker is on-shift or off-shift. The authorization is applied after workers are authenticated with a first factor authentication method based on your access policy rules. UEM Token Device Enrollment Authentication Method The UEM Token authentication method allows customers to seamlessly change the source of authentication from Workspace ONE UEM to Workspace ONE Access for device enrollment of the Workspace ONE Intelligent Hub for iOS and Android. Devices that are on registered mode and Android devices, which do not have a Workspace ONE UEM certificate at time of enrollment, can be identified and authenticate with Workspace ONE Access. This feature addresses the previous problem of duplicate authentication and provides the most seamless transition for Workspace ONE UEM customers to Workspace ONE Access yet and does not impact existing enrolled devices. Time-based One-Time Password (TOTP) Authentication Now Available in Workspace ONE Intelligent Hub iOS and Android Workspace ONE Intelligent Hub for iOS and Android brings support for adding and generating Time-based One-time Passwords or TOTP. End users with a QR code or the secret key for an account can register that secret key with Workspace ONE Intelligent Hub to allow for the generation of Time-Based One-Time Passwords. This does not require an internet connection. End users can find this functionality in the app’s Account screen under “Two Factor Authentication” by tapping on the icon at the top of the app in any of the screens, if users have Hub Services, and in the main screen if in UEM-only mode. This functionality is not supported for multi-staging users where the device is passed around for multiple users because of TOTP’s fundamental security feature of access to the device. Bypass multipleauthn SAML attribute claims in WS-Fed active flows The multipleauthn SAML attribute will no longer be passed in active federation flows. For more information, refer to this Release Notes.    Workspace ONE Hub Services updates   View End-user Notification Engagement Analytics in Workspace ONE Intelligence Admins can view notification engagement analytics of their end-users' interactions of Intelligent Hub notifications in Workspace ONE Intelligence. This includes notification metrics like viewed, opened, dismissed, and actioned on. To enable this ability, authorize the Hub Services connector in Intelligence. You can then build dashboards to visualize the notification engagement analytics. You can also navigate to this website to leverage predefined notification analytics dashboard templates. Note: We currently collect notification analytics from Hub Web portal, Windows Hub, and macOS Hub. Send Intelligent Hub Notifications from Workspace ONE Intelligence Automation Workflows Hub notification action is now available as an action when configuring automation workflows in Workspace ONE Intelligence. Leverage the Hub Services notification action to target and send Hub notifications to devices about apps, devices, remediation resources, updates, and more. The Hub notification will appear in the For You tab in Intelligent Hub. Simplified Notification API in Beta We’re introducing a simplified Notification API that external systems can leverage to send Intelligent Hub notifications to users and devices. The new Notification API reduces integration steps by allowing external systems to send a notification by providing a well-known identifier – either a userGroup name or a SmartGroup name/id. If interested in testing this API, please reach out to your VMware contact to connect with the product team. For more information, refer to this Release Notes.            macOS Intelligent Hub 22.08.1 Resolved Issues HUBM-5861: macOS 13 Ventura (beta5)- Weblink-apps are damaged. HUBM-5849: Verizon - Freestyle Orchestrator Sensor does not trigger Application Upgrade/Install. Link https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Workspace-ONE-Intelligent-Hub-for-macOS.html URL Content Redirection does not work for Third Party Application on macOS 13 Beta. (89470) The input URL within Third Party Application can’t be redirected from Mac client to agent side on macOS 13 beta. [Reproduction Steps] 1. Launch Mac Client on macOS 13.0 Beta 2. Login to Horizon Server 3. Click using the URL Filter Application as the Third Party Application 4. Open the configured URL in the Notes 5. URL is not redirected to agent side This article provides URL Content Redirection troubleshooting steps. More information in KB: https://kb.vmware.com/s/article/89470?lang=en_US&source=email   "Max session bandwidth" of the DEM Horizon Smart Policies does not work on first connection. (89526) When you connect to VDI with "Max session bandwidth" configured in DEM Horizon Smart Policies, it does not take effect and uses the default value "1000000". However, when you reconnect to the session, it is working as configured. This is a known issue. Blast can only apply the MaxBandwidthKbps setting if the registry value is written before the session begins. DEM won't be able to provide Horizon Smart Policies before the session begins, as we process this config during login. More details in KB: https://kb.vmware.com/s/article/89526?lang=en_US&source=email   Jetzt Registrieren: Enduser Computing Webinare im September und Oktober Live-Webinar: Was macht den Anywhere Workspace bei VMware aus? Ein Blick hinter die Kulissen Mittwoch, 21. September 2022, 10:00 Uhr Speaker: Arkadiusz Krowczynski Live-Webinar: Mobile Threat Defense im Kontext von Workspace One Mittwoch, 28. September 2022, 10:00 Uhr Speaker: Yana Petrova Live-Webinar: Ist VMware Horizon die bessere Plattform für Desktop & Applikationsvirtualisierung? Mittwoch, 05. Oktober 2022, 10:00 Uhr Speaker: Stefan Metzger Live-Webinar: Innovation am Remote-Arbeitsplatz: ‚Work from Anywhere’ mit Virtual Reality und Workspace ONE Mittwoch, 12. Oktober 2022, 10:00 Uhr Speaker: Julius Lienemann Registrierungsseite: VMware   Highlighting High Priority KBs HW-156875 - Patch instructions to address CVE-2022-22972, CVE-2022-22973 in Workspace ONE Access Appliance (VMware Identity Manager) (88438) CVE-2022-22972, CVE-2022-22973 have been determined to impact Workspace ONE Access (VMware Identity Manager).  These vulnerabilities and their impact on VMware products are documented in the following VMware Security Advisory - VMSA-2022-0014 , please review this document before continuing Announcing end of support for device administrator (Android Legacy) in Workspace ONE UEM (80971) To align with Google’s strategy and ensure VMware’s investment in the right long-term solution for Android, as of March 31st, 2022, VMware will no longer support device administrator-based management on Android (referred to as Android (Legacy) in the Workspace ONE UEM console).  VMware Tunnel Proxy End of Support Life Announcement (87345) VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023. VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243) Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).   Recently updated or added KBs Copying and pasting a large amount of data does not work, or only works partially (89527) Recompose fails when memory reservation settings are changed with Linked Clones (89523) Scan results are in greyscale when using Neat Desktop scanner redirection with a remote scanner application from Horizon (67056) Smart Card Redirection using PCoIP or Blast fails in EDGE and IE with Enhanced Protection Mode (57207) AHA SDKI-I-46 HUBI-I-142 VMware Workspace ONE Device Compromise Protection (88966) Inventory Sync of VMware Identity Manager Services fails in vRealize Suite Lifecycle Manager (83586) Configuring VMware Tunnel Client for Standalone enrollment (88457) Device data discrepancies between Workspace ONE UEM and Workspace ONE Intelligence (83857) iOS Microsoft Outlook application is crashing after updating to 4.2115 (83479) Use API server URL for Workspace ONE UEM REST API calls (82724) Workspace ONE Assist 20.11 removes deployment certificate dependency (82115) HTTP/2 - APNs Support For WS1 Windows Servers - Cipher Suites (81286) NTP fails post reboot of VMware Identity Manager (80997) HW-122016: Failure to validate es-config.json password in Workspace ONE Access Connector and Certificate Generation errors (80489) Disable secure startup for Android devices (79949) ARES-13332: Workspace ONE Boxer unable to receive new configuration and newly enrolled devices unable to receive email (79849) Devices not checking in after upgrade-DS log shows InvalidOperationException: Sequence contains no elements error (86129) Impact of CVE-2021-26414 (KB5004442) on CA integration with ADCS DCOM (89550) MS Teams Optimization Feature Compatibility Matrix for Horizon 7 and Horizon 8 Recent Releases. (86475) Enabling New User Authentication Security Features in Horizon 7 (67401) Setting Frame Rates and Resolution for Real-Time Audio-Video on Horizon View Clients (2053644) TrueSSO: "The request is not supported" while launching a published App\Desktop (59953)   Digital Workspace Techzone, Blog and YouTube Updates VMware Workspace ONE now includes Baselines to enhance its FedRAMP SaaS UEM Insights from VMware Explore 2022: A Q&A with Bharath Rangarajan, GM of VDI/DaaS and VP of EUC Product Management VMware Horizon outperforms Citrix in Principled Technologies report VDI vs. DaaS: Which is better for your virtual desktop and app environment?   3rd Blog Updates & Industry News Edwin de Bruin: Using VMware Access and Imprivata ConfirmID for remote Access as MFA solution Simon Elberts: Uninstall Applications - Intelligent Hub Venturebeat: Unified endpoint management (UEM) tools: What’s new in Gartner’s Magic Quadrant Venturebeat: How zero trust can improve mobile security     Patch & Seed Script Updates Week38-2022 OS Updates Seed Script  Most recent update: ... Most recent update: ... iOS 16.0.0 (20A371),iOS 16.1.0 (20B5045d),tvOS 16.1.0 (20K5041d),iOS 16.0.1 (20A371) https://resources.workspaceone.com/view/rywydmj6ghb9nmch4ywq/en Last Update: CW38 Seed Script for latest Device Model Information Seed Script for latest Device Model Information ... iphone 14 A2883 iphone 14 Plus A2887 iphone 14 Pro A2891 iphone 14 Pro Max A2895 https://resources.workspaceone.com/view/x8kn6bslt67vwvlgx4ld/en Last update: CW38   Workspace ONE UEM 21.05 Patch Level: 21.5.0.66 RUGG-11244: Table cleanup to free up identity column. CRSVC-31187: Entitlement service migration tool fails to connect to database on DB credential change. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2105/rn/Workspace-ONE-UEM-2105-Release-Notes.html#21-5-0-66-patch-resolved-issues-resolved Last Update: CW32   Workspace ONE UEM 21.09 Patch Level: 21.9.0.43 CRSVC-31782: GSX test connection fails with SSL error CMEM-186703: PowerShell failing: "User credential of the remote PowerShell server contains the special characters." https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2109/rn/Workspace-ONE-UEM-2109-Release-Note.html#21-9-0-41-patch-resolved-issues-resolved Last Update: CW37   Workspace ONE UEM 21.11 Patch Level: 21.11.0.46 CMEM-186700: PowerShell failing with error message: "User credential of the remote PowerShell server contains the special characters." MACOS-3335: Device Details page crashing for Linux devices when loading processor architecture from latest Device State Service. Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2111/rn/vmware-workspace-one-uem-powered-by-airwatch-2111-release-notes/index.html#resolved-issues-2111043-patch-resolved-issues Last Update: CW37   Workspace ONE UEM 22.03 Patch Level 22.3.0.28 CMEM-186702: PowerShell failing: "User credential of the remote PowerShell server contains the special characters." AMST-37025: SSL Pinning showing not synchronized. CRSVC-32059: “Renew Certificate" not working as expected in Certificate list view. AGGL-12934: Group Organization Mode change command not queued after changing to Fixed Organization Group. AMST-36830: Windows Firewall Rule not working as intended on Win 10 device. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2203/rn/vmware-workspace-one-uem-powered-by-airwatch-2203-release-notes/index.html#resolved-issues-223028-patch-resolved-issues Last Update: CW38   Workspace ONE UEM 22.06 Patch Level 22.6.0.6 AMST-36832: Windows Firewall Rule not working as intended on Win 10 device. CRSVC-32057: “Renew Certificate" not working as expected in Certificate list view. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2206/rn/vmware-workspace-one-uem-powered-by-airwatch-2206-release-notes/index.html#resolved-issues-22606-patch-resolved-issues Last Update: CW38