VMware Digital Workspace Newsletter - Week 44

Weekly highlight:



Workspace ONE UEM Cloud 22.10 is GA

  • VMware Workspace ONE UEM Cloud 2210 is available to Shared SaaS customers as of November 1, 2022!  Rollouts to Shared Shared SaaS environments will begin next week.
  • New Features:


  • We’ve added a user migration tool for LDAP Enabled Organization Groups

A user migration tool addresses errors in the user group sync process and corrects unhandled workflow and database migration errors. You can only use this tool on organisation groups that have Lightweight Directory Access Protocol setup (LDAP). For more information, see User and Admin Accounts.

  • Duplicate Authentications Eliminated on Access and Reg Token Configs

When you enable registration tokens and choose Workspace ONE Access as the authentication source, users are no longer subject to duplicate authentications. There is no system setting to configure as this change is enabled by default.


  • We've simplified the process of uploading internal applications

The Workspace ONE UEM console now uploads internal app to the Content Delivery Network (CDN) in the background, in addition to displaying CDN upload progress. This enhancement reduces the time spent on the app upload loading screen and frees you to perform other tasks in the Workspace ONE UEM console while the console prepares the app for distribution.


  • Let your apps share data by default with cross-profile communication

In Work Profile and Corporate Owned Personally Enabled modes, applications now have a limited ability to share data with each other by default. In Android 11 or higher, Workspace ONE UEM supports allowing specific applications to request user consent for cross-profile communication. For more information, see Restrictions profile.

  • We now support configuring domain suffixes in WPA/WPA2 Enterprise Wi-Fi Profiles

Workspace ONE UEM now supports setting a domain suffix for server certificate validation in WPA/WPA2 Enterprise Wi-Fi networks. For more information, see Wi-Fi profile configuration.


  • Support for Device Metrics in Product Assignment Rules

You can now use device metrics such as IP address, serial number, battery level, and more for assignment rules when you make a new product to be provisioned. For more information, see Create a Product.


  • We've strengthened Bitlocker support

We have added a new security feature that enables you to make the Bitlocker recovery key unique. A single use recovery key rotates the key when it is used to unlock the PC, ensuring that once a key is used to unlock the drive, it cannot be re-used in the future.

  • Keep apps on a device even if it is unenrolled

When you enable the device based profile in the Workspace ONE UEM console, you can retain apps managed on a device even if it is unenrolled.

Highlights and new KBs


With 'Allow Factory Reset' disabled, End users are able to perform factory reset on specific Samsung models (89825)

  • With certain Samsung models, when the Restriction profile is being set to prevent Factory Reset the device, users are unexpectedly able to perform a factory reset from the Boot Menu.
  • Factory reset can be performed on the device from device Boot Menu despite restrictions set by UEM.
  • We are actively working with Samsung to resolve this issue.
  • Please follow KB: https://kb.vmware.com/s/article/89825?lang=en_US&source=email


HUB Support Tab - Installed profiles misreported failed with error. (89942)

  • When HUB services are configured and the latest HUB client is installed, it has been noticed that the Support > Profiles > Actions > Install behavior is reporting false negatives when attempting to force profile reinstall with the following error:

Failed to send profile installation request.

  • The API that handles these requests is failing to post the response status code correctly, even though the requests to reinstall these profiles are successful.

The following errors are observed in Workspace One Intelligent Hub logging:

2022-10-25 13:19:47.904259-0700 0x6457     Error       0x1cbb5              2985   0    Intelligent Hub: [com.vmware.hub.hubservices:generic] Request Failed
2022-10-25 13:19:47.904328-0700 0x6457     Default     0x1cbb5              2985   0    Intelligent Hub: [com.vmware.hub.h
  • Impacted devices can continue to use the Install selection within UEM support tab. 

VMware Engineering teams are actively engaged in resolving this issue in an upcoming release of Intelligent HUB.


MACOS-3435 - Trusted Certificates field in macOS Network payload is incorrectly enabled by default (89982)

  • This issue affects macOS Network profiles that are also leveraging a Credentials payload for certificate based authentication and/or trust. In the Network payload, if a Protocol such as "EAP-TLS" is specified, there is a field to enable "Trusted Certificates" for each of the defined credentials payloads.

By default, this box will be checked in the UI, but the related XML keys will not be published into the profile if this box is not modified by the administrator.

  • The Workspace ONE UEM team is working on a resolution to the issue.
  • When creating a Network profile as defined above, if the "Trusted Certificates" key is leveraged, simply uncheck and then recheck the appropriate options in the UI. When the profile is then published, the appropriate keys will be included in the XML.
  • KB-Reference: https://kb.vmware.com/s/article/89982?lang=en_US&source=email


[Resolved] MACOS-3318 - New versons of an existing Network payload profile do not properly save all settings (89904)

  • In Workspace ONE UEM environments with Data Driven UI enabled for macOS profiles, the "Protocol" settings, as well as other Network settings such as hidden network and auto-join, may not get saved if you edit and create a new version of an existing Network profile.

Any existing or newly published Network payloads will continue to function as expected. However, if you edit an existing payload, you will see that the "Protocol" keys in the UI do not reflect the previously configured settings, as well as subkeys under the Protocols section and other Network keys such as auto-join and hidden network. If republished, these keys will not be included in the updated payload.

  • This issue has been resolved in Workspace ONE UEM
  • If a new version of an existing Network payload is needed, this can be done through the use of a "Custom Settings" XML-based payload. For your existing profile, select "XML" from the Profiles List View page. Copy the entire contents of the PayloadContents array item (from <dict> to </dict>). This can be the basis of a new version of the existing payload, by modifying the XML with any changes needed.

Alternately, if a new version of an existing payload is not explicitly needed, making a new Network profile with the desired settings configured can suffice.


Highlighting High Priority KBs


Recently updated or added KBs (Links)


Digital Workspace Techzone, Blog and YouTube Updates


3rd Party Blog Updates & Industry News




Patch & Seed Script Updates Week 44-2022