Weekly highlight: VMware Workspace ONE Assist: Changes to expect in macOS Ventura (89699) - On June 6th, 2022 Apple announced at their World Wide Developers Conference (WWDC) the upcoming release of macOS Ventura (13.0). This document details the impact of macOS Ventura on Workspace ONE Assist. More details on the impact of macOS Ventura on Workspace ONE Intelligent Hub can be found here
macOS Ventura introduces a new setting for users to manage which applications and processes are able to launch at login and run in the background. When installing an application that requires this functionality, a notification is presented to the user informing them that the application can run in the background. After installation, the user can enable/disable this setting on a per-app basis within the Login Items Settings. - Apple has also introduced a new MDM profile payload that manages these login item settings. When you begin allowing macOS Ventura devices in your production environment, VMware recommends deploying the linked sample to all Ventura devices to eliminate the possibility of the Workspace ONE Intelligent Hub and Workspace ONE Assist being denied background access, which could severely impact device functionality. This payload will be deployed by default in a future version of Workspace ONE UEM.
- KB-Reference: https://kb.vmware.com/s/article/89699?lang=en_US&source=email
iOS Intelligent Hub 22.09 Released - Adding “Mark Completed” option to Urgent Notifications so they can be dismissed in the event of an error.
- Dark Mode updates to the Terms of Use feature
- Mobile Threat Defense
- Screen consolidation for easier navigation
- Updates to the MTD privacy disclosure in Hub
- Time-based One-time Passwords (TOTP) is restricted from use in CICO scenarios
- Change in the Account screen to show the owner’s full name instead of the username
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Workspace-ONE-Intelligent-Hub-for-iOS.html Samsung ELM License Key Deprecation (88179) - Note: Workspace ONE Intelligent Hub 22.09 is the version supporting this change
To access Samsung Knox Platform for Enterprise (KPE) Standard capabilities, Workspace ONE Intelligent Hub activates a Samsung ELM license on every Samsung Android Work Managed device.
Samsung has migrated to a new, more secure license key format, called KPE Standard. The KPE Standard key replaces the ELM key, and the ELM key will be decommissioned on December 1, 2022. - When the ELM key is decommissioned on December 1, 2022, new activations of this key will fail. This means any devices enrolling into work managed mode with a version of Workspace ONE Intelligent Hub older than v22.09 will fail enrollment. Existing/currently enrolled devices will not be impacted. Devices enrolling into Work Profile or COPE modes are also not impacted.
- In Workspace ONE Intelligent Hub v22.09, the ELM key is replaced with a KPE Standard key. Customers must use this version (or higher) after December 1 to enroll Samsung devices.
- KB-Reference: https://kb.vmware.com/s/article/88179?lang=en_US&source=email
Microsoft Teams Optimization screenshare shows black screen when using Horizon Client for Windows 2206 (89741) - While screensharing using Microsoft Teams Optimization, peers cannot see the shared screen (and instead will see black screen).
This is a known issue when using Horizon Client for Windows 2206 with Horizon Agent 2111 or 2203, and can be seen with the following scenarios: - When sharer types in shared screen.
- When sharer holds down mouse and drags.
- When sharer is sharing one screen, and moves cursor to the other screen.
- This is a known issue when using Horizon Client for Windows 2206 with Horizon Agent 2111 or 2203.
- Workaround:
- The following workarounds are suggested:
1) Update Horizon Agent to 2206*
2) Downgrade Horizon Client to 2203
3) Add the registry key on the client:
[HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\vmware html5mmr\webrtcRedir]
"html5mmr.webrtc.enableWinReadback"=dword:00000000
*Note that Horizon Agent 2206 is not an ESB release. If you are on a Horizon Agent 2111 ESB release, one of the other workarounds are suggested.
In addition, this issue will be addressed in a future version of Horizon Client for Windows. At that time, if using workaround #3, the registry key should be removed.
- KB-Reference: https://kb.vmware.com/s/article/89741?lang=en_US&source=email
Android enrollments using afw#hub fail to complete on Android 10 and 11 devices (89758) - When attempting to enroll an Android device using the afw#hub method, the enrollment will fail. End users may see a screen showing the download progress of the the Intelligent Hub. However, this screen will disappear and the normal setup wizard screen will reappear.
After completing the normal device setup, end users will see that the Hub is not installed on the device. Under the Accounts section, there is an Android Enterprise account present, even though the device has not been fully enrolled. - Android devices running OS 10 or 11 are not able to enroll using the afw#hub method. Customers attempting to enroll new devices using this method will need to factory reset the devices again and use a different enrollment method such as a QR code.
Android devices on OS 12+ appear to be unaffected at this time. Known issue with some endpoints failing to authorize users via the issued certificate if SCEP certificate profile is setup with auto-renewal enabled (89783) - Some endpoints fail to identify the certificate for performing authentication when a SCEP certificate profile is setup with auto-renewal enabled.
- For SCEP Certificate renewal, Workspace ONE UEM automatically inserts an additional Common Name (with a unique id) in the certificate template so we can associate the certificate with an appropriate CA configuration. Some endpoints(e.g. GlobalProtect) that expect only one Common Name with the certificate are failing to resolve the issued certificate.
- Endpoints fail to authorize users via the issued certificate and instead present a username/password authentication challenge to the end users.
- Our Product team has been informed and is working to address this issue in an upcoming release of Workspace ONE UEM. Please subscribe to this article to be notified when there is an update.
- To support auto renewing certificates, deploy certificate as a credential payload with auto-renewal enabled.
- Or use the SCEP certificate profile with auto-renewal disabled, and re-push the profile when the certificate is nearing expiration to issue a new certificate.
- KB-Reference: https://kb.vmware.com/s/article/89783?lang=en_US&source=email
Q3 EUC Webinars Optimize Your Frontline Worker Device Deployment with Insights, Analytics, and Automation | On Demand | Registration Link | Move over Citrix – Why VMware Horizon is The Best Platform for Desktop and App Virtualization | SIMU-LIVE: 11 October | Registration Link | Expert Panelists Discuss the Art of Modern Management – ASSETS COMING SOON! | SIMU-LIVE: 18 October | Registration Link TBC |
Highlighting High Priority KBs - HW-156875 - Patch instructions to address CVE-2022-22972, CVE-2022-22973 in Workspace ONE Access Appliance (VMware Identity Manager) (88438)
CVE-2022-22972, CVE-2022-22973 have been determined to impact Workspace ONE Access (VMware Identity Manager). These vulnerabilities and their impact on VMware products are documented in the following VMware Security Advisory - VMSA-2022-0014 , please review this document before continuing - Announcing end of support for device administrator (Android Legacy) in Workspace ONE UEM (80971)
To align with Google’s strategy and ensure VMware’s investment in the right long-term solution for Android, as of March 31st, 2022, VMware will no longer support device administrator-based management on Android (referred to as Android (Legacy) in the Workspace ONE UEM console). - VMware Tunnel Proxy End of Support Life Announcement (87345)
VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023. - VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
Recently updated or added KBs Digital Workspace Techzone, Blog and YouTube Updates 3rd Party Blog Updates & Industry News Patch & Seed Script Updates Week 41-2022 - OS Updates Seed Script
- Seed Script for latest Device Model Information
|
Comments
Post a Comment