VMware Digital Workspace Newsletter - Week 41



Week 41 -  2022







Weekly highlight:



VMware Workspace ONE Assist: Changes to expect in macOS Ventura (89699)

  • On June 6th, 2022 Apple announced at their World Wide Developers Conference (WWDC) the upcoming release of macOS Ventura (13.0). This document details the impact of macOS Ventura on Workspace ONE Assist. More details on the impact of macOS Ventura on Workspace ONE Intelligent Hub can be found here
    macOS Ventura introduces a new setting for users to manage which applications and processes are able to launch at login and run in the background. When installing an application that requires this functionality, a notification is presented to the user informing them that the application can run in the background. After installation, the user can enable/disable this setting on a per-app basis within the Login Items Settings.
  • Apple has also introduced a new MDM profile payload that manages these login item settings. When you begin allowing macOS Ventura devices in your production environment, VMware recommends deploying the linked sample to all Ventura devices to eliminate the possibility of the Workspace ONE Intelligent Hub and Workspace ONE Assist being denied background access, which could severely impact device functionality. This payload will be deployed by default in a future version of Workspace ONE UEM.
  • KB-Reference: https://kb.vmware.com/s/article/89699?lang=en_US&source=email


iOS Intelligent Hub 22.09 Released

  • Adding “Mark Completed” option to Urgent Notifications so they can be dismissed in the event of an error.
  • Dark Mode updates to the Terms of Use feature
  • Mobile Threat Defense
    • Screen consolidation for easier navigation
    • Updates to the MTD privacy disclosure in Hub
  • Time-based One-time Passwords (TOTP) is restricted from use in CICO scenarios
  • Change in the Account screen to show the owner’s full name instead of the username







Samsung ELM License Key Deprecation (88179)

  • Note: Workspace ONE Intelligent Hub 22.09 is the version supporting this change
    To access Samsung Knox Platform for Enterprise (KPE) Standard capabilities, Workspace ONE Intelligent Hub activates a Samsung ELM license on every Samsung Android Work Managed device. 
    Samsung has migrated to a new, more secure license key format, called KPE Standard.  The KPE Standard key replaces the ELM key, and the ELM key will be decommissioned on December 1, 2022.
  • When the ELM key is decommissioned on December 1, 2022, new activations of this key will fail. This means any devices enrolling into work managed mode with a version of Workspace ONE Intelligent Hub older than v22.09 will fail enrollment. Existing/currently enrolled devices will not be impacted. Devices enrolling into Work Profile or COPE modes are also not impacted.
  • In Workspace ONE Intelligent Hub v22.09, the ELM key is replaced with a KPE Standard key. Customers must use this version (or higher) after December 1 to enroll Samsung devices.
  • KB-Reference: https://kb.vmware.com/s/article/88179?lang=en_US&source=email



Microsoft Teams Optimization screenshare shows black screen when using Horizon Client for Windows 2206 (89741)

  • While screensharing using Microsoft Teams Optimization, peers cannot see the shared screen (and instead will see black screen).
    This is a known issue when using Horizon Client for Windows 2206 with Horizon Agent 2111 or 2203, and can be seen with the following scenarios:
    • When sharer types in shared screen.
    • When sharer holds down mouse and drags.
    • When sharer is sharing one screen, and moves cursor to the other screen.
  • This is a known issue when using Horizon Client for Windows 2206 with Horizon Agent 2111 or 2203.
  • Workaround:
    • The following workarounds are suggested:
      1) Update Horizon Agent to 2206*
      2) Downgrade Horizon Client to 2203
      3) Add the registry key on the client: 
      [HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\vmware html5mmr\webrtcRedir]
      *Note that Horizon Agent 2206 is not an ESB release.  If you are on a Horizon Agent 2111 ESB release, one of the other workarounds are suggested.
      In addition, this issue will be addressed in a future version of Horizon Client for Windows.  At that time, if using workaround #3, the registry key should be removed.
  • KB-Reference: https://kb.vmware.com/s/article/89741?lang=en_US&source=email


Android enrollments using afw#hub fail to complete on Android 10 and 11 devices (89758)

  • When attempting to enroll an Android device using the afw#hub method, the enrollment will fail. End users may see a screen showing the download progress of the the Intelligent Hub. However, this screen will disappear and the normal setup wizard screen will reappear.

After completing the normal device setup, end users will see that the Hub is not installed on the device. Under the Accounts section, there is an Android Enterprise account present, even though the device has not been fully enrolled.

  • Android devices running OS 10 or 11 are not able to enroll using the afw#hub method. Customers attempting to enroll new devices using this method will need to factory reset the devices again and use a different enrollment method such as a QR code.

Android devices on OS 12+ appear to be unaffected at this time.


Known issue with some endpoints failing to authorize users via the issued certificate if SCEP certificate profile is setup with auto-renewal enabled (89783)

  • Some endpoints fail to identify the certificate for performing authentication when a SCEP certificate profile is setup with auto-renewal enabled.
  • For SCEP Certificate renewal, Workspace ONE UEM automatically inserts an additional Common Name (with a unique id) in the certificate template so we can associate the certificate with an appropriate CA configuration. Some endpoints(e.g. GlobalProtect) that expect only one Common Name with the certificate are failing to resolve the issued certificate.
  • Endpoints fail to authorize users via the issued certificate and instead present a username/password authentication challenge to the end users.
  • Our Product team has been informed and is working to address this issue in an upcoming release of Workspace ONE UEM. Please subscribe to this article to be notified when there is an update.
  • To support auto renewing certificates, deploy certificate as a credential payload with auto-renewal enabled. 
  • Or use the SCEP certificate profile with auto-renewal disabled, and re-push the profile when the certificate is nearing expiration to issue a new certificate. 
  • KB-Reference: https://kb.vmware.com/s/article/89783?lang=en_US&source=email


Q3 EUC Webinars

Optimize Your Frontline Worker Device Deployment with Insights, Analytics, and Automation

On Demand

Registration Link

Move over Citrix – Why VMware Horizon is The Best Platform for Desktop and App Virtualization


11 October

Registration Link

Expert Panelists Discuss the Art of Modern Management – ASSETS COMING SOON!


18 October

Registration Link TBC


Highlighting High Priority KBs


Recently updated or added KBs


Digital Workspace Techzone, Blog and YouTube Updates


3rd Party Blog Updates & Industry News



Patch & Seed Script Updates Week 41-2022