VMware Digital Workspace Newsletter - Week 40






Weekly highlight:



Android Intelligent Hub 22.09

  • Support for Shift-Based Access Controls
    • Shift-based access control enables admins to deliver a digital workspace that is shift aware. When a worker is off-shift, admins can configure to block access to Intelligent Hub app or restrict access to only specific features(Custom tab, Support, People etc.) in Hub, and restrict launch of web and native apps. This integration is enabled through VMware Workspace ONE Experience Workflows in Hub Services with WorkJam third-party time management and scheduling system to retrieve the data about the workers current on-shift or off-shift work status.
  • Display Custom Attributes in People Search Cards
    • People cards were originally built with a set of standard attributes from AD (Active Directory). With this feature, admins will now be able to configure additional attributes that might be custom to their AD implementation. End users will now be able to see more attributes that are associated with their peers such as Slack usernames, Teams accounts, etc.
  • Disable TOTP Authentication screen
    • With this release, admins can disable TOTP Authentication screen from showing up in the Accounts section of the Hub app via a custom SDK setting: {"HubDisableTOTP" : true }. TOTP screen is also disabled for the shared devices.
  • Change MTD policy groups
    • Admins can now move MTD activated devices between policy groups without impacting end user experiences and identify threats per the newly configured policy group. This will help in instances when a user role changes in an organisation(ex: developers may need USB debugging while a sales executive might not need debugging capabilities enabled).
  • Bug fixes









ESC-33839 - Workspace ONE Email Management leveraging Powershell with Modern Authentication may fail when UEM or ACC is upgraded or reinstalled (89647)

  • Powershell integration leveraging Modern Authentication may fail if Workspace ONE UEM (or AirWatch Cloud Connector) is reinstalled, upgraded, or deployed on a new server.

The issue is associated with the following log statement:

2022/09/29 09:15:09.786 HOSTNAME 123456243-x1x1-1xxx-x1x1-1111xxx11111 [0000000-0000000] (34) Error AirWatch.Security.CodeSigning.WriteValidationFailureToWindowsEventLog Unable to retrieve publisher or publisher not trusted. Assembly: System.IO.Abstractions, Version=, Culture=neutral, PublicKeyToken=111xx11xxx11xx. Assembly Location: C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.0.0\netFramework\System.IO.Abstractions.dll Method: AirWatch.Security.CodeSigning.WriteValidationFailureToWindowsEventLog; LocationGroupID: 1234; UserID: 1234; UserName: user@acme.com; 123456243-x1x1-1xxx-x1x1-1111xxx11111

The error is observed on your Console or Device Services application if you are not leveraging ACC for Powershell integration, or on your ACC server if you are leveraging it for Powershell integration.

  • Version(s) identified: Workspace ONE UEM 2102 and above
  • When Workspace ONE UEM core (Console, Device Services, API) and peripheral components (AirWatch Cloud Connector - ACC) are installed afresh or upgraded on a server, the installer fetches required 3rd-party packages. In some cases, it fetches the latest available version. One such component is the ExchangeOnlineMangement module for Powershell.
    Microsoft released a v3.0.0 of ExchangeOnlineMangement recently, which has been found to negatively impact customers leveraging the Powershell Email Management feature in Workspace ONE UEM , along with Modern Authentication. Environments where UEM or ACC has been upgraded or installed since ExchangeOnlineMangement v3.0.0 was released, will receive this version of the module.
  • Find more information and workaround at: https://kb.vmware.com/s/article/89647


If DDUI has been enabled for macOS profiles, some macOS profiles containing the Login Window payload are affected. (89597)

  • When viewing from the Workspace ONE UEM Console some macOS profiles containing the Login Window payload may show “An error has occurred” If DDUI has been enabled for macOS profiles, some macOS profiles containing the Login Window payload are affected.

This may prevent editing the existing profile after it is created.

  • This issue affects certain profiles that were previously published containing the key "Enable Apple ID Setup During Login" disabled. The core issue has been identified, but it is possible certain existing profiles may remain affected. In the vast majority of cases, simply recreating the existing profile and publishing to the same set of devices will resolve the issue with no end-user impact.

However, in certain edge cases, a profile may also contain other business-critical settings such as a Network configuration or a User Certificate. If recreating the profile is not an option, discuss with the T3 GSS team or an Apple SME about next steps.

  • If you experience this error before the full fix has been applied, you can recreate the existing profile with the same settings and assign this to devices. This profile should deploy successfully, and future versions can be created without issue.

Note that new profiles can be created, and the existing profiles can be deleted without issue. This error should not affect the continued deployment of previously created profiles to devices.


Unable to redirect sound locally to physical machines running Horizon Agent (87886)

  • Horizon has limitations when configured in the following scenario:
    • Horizon Agent is installed on physical machines
    • Users are accessing these physical machines that have the Horizon Agent installed remotely via Horizon Client
    • Users are attempting to playback audio on the physical agent machine via their remote Horizon session

In this scenario, playback on the physical system where Horizon Agent is installed will not occur and audio will only be played back on the remote client device. Within device manager Remote Audio Device will be the only audio device present on the system. This is expected behavior.


Horizon Agent reports Not enough free disk space when attempting to install from ISO (88539)

  • If you put the Horizon Agent on an ISO and mount it to a VM, and then attempt to run the installer from the virtual CD-ROM drive, you may encounter an error such as:
·         There is not enough free disk space for setup to proceed.  
·         To continue, one drive must have at least 350 MB of free space.  
Otherwise, click Cancel to abort setup.
  • This may be from using a newer release of Windows 10 or an older Horizon Agent.
  • As a workaround, you can copy the Horizon Agent installer from the virtual CD-ROM over to a temp folder on the C: drive of the VM.

Otherwise, please use Horizon Agent 2111 (8.4) where this is resolved.


Client Certificates delivered through Workspace ONE UEM fail to install on devices with UEM versions 2204+ if certificate template Subject Name contains “S” (89649)

  • If you are pushing client certificates through a profile with a template Subject Name containing “S”, the profile will fail to install on the device with errors: Exception occurred generating certificate request and Unknown object id - S - passed to distinguished name.

Impacts Workspace ONE UEM 2204 and above.

  • Customers planning to migrate or the customers that have already migrated to UEM impacted versions should update certificate templates to make a change in the Subject Name from “S” to “ST”. e.g.,CN={DeviceSerialNumber}, OU=EUC, O=VMware, L=XX, ST=CA, C=US.
  • KB-Reference: https://kb.vmware.com/s/article/89649


Q3 EUC Webinars

Optimize Your Frontline Worker Device Deployment with Insights, Analytics, and Automation

On Demand

Registration Link

Move over Citrix – Why VMware Horizon is The Best Platform for Desktop and App Virtualization


11 October

Registration Link

Expert Panelists Discuss the Art of Modern Management – ASSETS COMING SOON!


18 October

Registration Link TBC


Jetzt Registrieren: Enduser Computing Webinare im September und Oktober

  • Live-Webinar: Innovation am Remote-Arbeitsplatz: ‚Work from Anywhere’ mit Virtual Reality und Workspace ONE

Mittwoch, 12. Oktober 2022, 10:00 Uhr
Speaker: Julius Lienemann


Highlighting High Priority KBs


Recently updated or added KBs


Digital Workspace Techzone, Blog and YouTube Updates


3rd Blog Updates & Industry News


Patch & Seed Script Updates Week 40-2022