Weekly highlight:
Workspace ONE UEM Cloud 22.10 is GA
- VMware Workspace ONE UEM Cloud 2210 is available to Shared SaaS customers as of November 1, 2022! Rollouts to Shared Shared SaaS environments will begin next week.
- New Features:
Console
- We’ve added a user migration tool for LDAP Enabled Organization Groups
A user migration tool addresses errors in the user group sync process and corrects unhandled workflow and database migration errors. You can only use this tool on organisation groups that have Lightweight Directory Access Protocol setup (LDAP). For more information, see User and Admin Accounts.
- Duplicate Authentications Eliminated on Access and Reg Token Configs
When you enable registration tokens and choose Workspace ONE Access as the authentication source, users are no longer subject to duplicate authentications. There is no system setting to configure as this change is enabled by default.
- We've simplified the process of uploading internal applications
The Workspace ONE UEM console now uploads internal app to the Content Delivery Network (CDN) in the background, in addition to displaying CDN upload progress. This enhancement reduces the time spent on the app upload loading screen and frees you to perform other tasks in the Workspace ONE UEM console while the console prepares the app for distribution.
Android
- Let your apps share data by default with cross-profile communication
In Work Profile and Corporate Owned Personally Enabled modes, applications now have a limited ability to share data with each other by default. In Android 11 or higher, Workspace ONE UEM supports allowing specific applications to request user consent for cross-profile communication. For more information, see Restrictions profile.
- We now support configuring domain suffixes in WPA/WPA2 Enterprise Wi-Fi Profiles
Workspace ONE UEM now supports setting a domain suffix for server certificate validation in WPA/WPA2 Enterprise Wi-Fi networks. For more information, see Wi-Fi profile configuration.
Rugged
- Support for Device Metrics in Product Assignment Rules
You can now use device metrics such as IP address, serial number, battery level, and more for assignment rules when you make a new product to be provisioned. For more information, see Create a Product.
Windows
- We've strengthened Bitlocker support
We have added a new security feature that enables you to make the Bitlocker recovery key unique. A single use recovery key rotates the key when it is used to unlock the PC, ensuring that once a key is used to unlock the drive, it cannot be re-used in the future.
- Keep apps on a device even if it is unenrolled
When you enable the device based profile in the Workspace ONE UEM console, you can retain apps managed on a device even if it is unenrolled.
- Release Notes: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2210/rn/vmware-workspace-one-uem-2210-release-notes/index.html
- KB-Article: Introducing Workspace ONE UEM 2210 (89974)
Highlights and new KBs
With 'Allow Factory Reset' disabled, End users are able to perform factory reset on specific Samsung models (89825)
- With certain Samsung models, when the Restriction profile is being set to prevent Factory Reset the device, users are unexpectedly able to perform a factory reset from the Boot Menu.
- Factory reset can be performed on the device from device Boot Menu despite restrictions set by UEM.
- We are actively working with Samsung to resolve this issue.
- Please follow KB: https://kb.vmware.com/s/article/89825?lang=en_US&source=email
HUB Support Tab - Installed profiles misreported failed with error. (89942)
- When HUB services are configured and the latest HUB client is installed, it has been noticed that the Support > Profiles > Actions > Install behavior is reporting false negatives when attempting to force profile reinstall with the following error:
Failed to send profile installation request.
- The API that handles these requests is failing to post the response status code correctly, even though the requests to reinstall these profiles are successful.
The following errors are observed in Workspace One Intelligent Hub logging:
2022-10-25 13:19:47.904259-0700 0x6457 Error 0x1cbb5 2985 0 Intelligent Hub: [com.vmware.hub.hubservices:generic] Request Failed2022-10-25 13:19:47.904328-0700 0x6457 Default 0x1cbb5 2985 0 Intelligent Hub: [com.vmware.hub.h- Impacted devices can continue to use the Install selection within UEM support tab.
VMware Engineering teams are actively engaged in resolving this issue in an upcoming release of Intelligent HUB.
MACOS-3435 - Trusted Certificates field in macOS Network payload is incorrectly enabled by default (89982)
- This issue affects macOS Network profiles that are also leveraging a Credentials payload for certificate based authentication and/or trust. In the Network payload, if a Protocol such as "EAP-TLS" is specified, there is a field to enable "Trusted Certificates" for each of the defined credentials payloads.
By default, this box will be checked in the UI, but the related XML keys will not be published into the profile if this box is not modified by the administrator.
- The Workspace ONE UEM team is working on a resolution to the issue.
- When creating a Network profile as defined above, if the "Trusted Certificates" key is leveraged, simply uncheck and then recheck the appropriate options in the UI. When the profile is then published, the appropriate keys will be included in the XML.
- KB-Reference: https://kb.vmware.com/s/article/89982?lang=en_US&source=email
[Resolved] MACOS-3318 - New versons of an existing Network payload profile do not properly save all settings (89904)
- In Workspace ONE UEM environments with Data Driven UI enabled for macOS profiles, the "Protocol" settings, as well as other Network settings such as hidden network and auto-join, may not get saved if you edit and create a new version of an existing Network profile.
Any existing or newly published Network payloads will continue to function as expected. However, if you edit an existing payload, you will see that the "Protocol" keys in the UI do not reflect the previously configured settings, as well as subkeys under the Protocols section and other Network keys such as auto-join and hidden network. If republished, these keys will not be included in the updated payload.
- This issue has been resolved in Workspace ONE UEM 22.9.0.4.
- If a new version of an existing Network payload is needed, this can be done through the use of a "Custom Settings" XML-based payload. For your existing profile, select "XML" from the Profiles List View page. Copy the entire contents of the PayloadContents array item (from <dict> to </dict>). This can be the basis of a new version of the existing payload, by modifying the XML with any changes needed.
Alternately, if a new version of an existing payload is not explicitly needed, making a new Network profile with the desired settings configured can suffice.
Highlighting High Priority KBs
- HW-156875 - Patch instructions to address CVE-2022-22972, CVE-2022-22973 in Workspace ONE Access Appliance (VMware Identity Manager) (88438)
CVE-2022-22972, CVE-2022-22973 have been determined to impact Workspace ONE Access (VMware Identity Manager). These vulnerabilities and their impact on VMware products are documented in the following VMware Security Advisory - VMSA-2022-0014 , please review this document before continuing - Announcing end of support for device administrator (Android Legacy) in Workspace ONE UEM (80971)
To align with Google’s strategy and ensure VMware’s investment in the right long-term solution for Android, as of March 31st, 2022, VMware will no longer support device administrator-based management on Android (referred to as Android (Legacy) in the Workspace ONE UEM console). - VMware Tunnel Proxy End of Support Life Announcement (87345)
VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023. - VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
Recently updated or added KBs (Links)
- Using Microsoft Certreq to generate signed SSL certificates in VMware Horizon View (2032400)
- Generating a certificate template and generating/renewing certificate for Horizon connection server (80314)
- Common SSL Certificate configuration issues in VMware Horizon (80303)
- Horizon Client Feature Matrix for Horizon 8 and Horizon Cloud on Azure (80386)
- Supported Operating Systems, Microsoft Active Directory Domain Functional Levels, and Events Databases for VMware Horizon 8 2006 and later (78652)
- HW-153019 - Workaround for Liquibase changesets checksums modified on service restart of Workspace ONE Access (89200)
- SSL Certificate Renewal for Workspace ONE UEM Dedicated SaaS Environments (50116922)
- [Resolved] HUBM-2258: Parsing failed error in VMware Workspace ONE Admin Assistant for macOS (79181)
- Workspace ONE Access/vIDM Backup/Restore Procedure - OVF Export Issue Workaround (79131)
- HUBM-2331: Workspace ONE Intelligent Hub 20.04 for macOS shows AWCM status as frequently disconnected (78880)
- VMware Workspace ONE UEM 2210 Shared SaaS and Latest Mode Deployment Schedule (80156)
- WS1 UEM Console Release and End of General Support Matrix (2960922)
- Using VMware Cloud Services to access Workspace ONE services for existing customers (89945)
- Accessing the Horizon View Administrator page displays a blank error window in Horizon 7 (2144768)
- IBRW-172342: Workspace ONE Web for iOS internal site throwing SAML Error (79177)
- FCA-193237: Telecom report export missing message count header in Workspace ONE UEM Console (79056)
- Disabling users in Active Directory and syncing them into Workspace UEM Console (78979)
- Resolved: APF-3128: WS1 is unable to save Mobile Flow connector configuration due to special character (78875)
- CONSVR-1630: SMBConnector Extension is created each time when a file is uploaded using Workspace ONE Content (78305)
- HW-164224: Increase PowerShell read timeout value if entitlements are being removed when there is an automatic synchronization of Virtual Apps (89924)
- Troubleshooting SSL certificate Issues with the VMware Horizon Server or Console (2082408)
- Error "Server's certificate subject name does not match the server's External URL. Server's certificate is not trusted" in Horizon (80371)
- Administration Dashboard in VMware Horizon reports the error: "Server's certificate cannot be checked" (2000063)
- Connecting to VMware Horizon View desktops with a Horizon Client fails with the error: "Tunnel server presented a certificate that didn't match the expected certificate" (2083612)
- Connecting to VMware Horizon View desktops with a Horizon Client fails with the error: "An SSL error Occurred" (78372)
- When connecting to a Horizon View virtual machine using Blast, the alert "SSL Session is invalid" appears (2088354)
- Verifying SSL certificate configuration for VMware Horizon (80317)
- Managing SSL Certificates in VMware Horizon View using an internal Microsoft Certificate Authority (2020913)
- VMware Horizon Connection Server Admin Page fails to load with a new SSL certificate applied (2072459)
- IBRW-172342: Workspace ONE Web for iOS internal site throwing SAML Error (79177)
- Workspace ONE Access/vIDM Backup/Restore Procedure - Open Virtualization Format (OVF) Export Issue Workaround (79131)
- FCA-193237: Telecom report export missing message count header in Workspace ONE UEM Console (79056)
- Disabling users in Active Directory and syncing them into Workspace UEM Console (78979)
- Resolved: APF-3128: Workspace ONE (WS1) UEM is unable to save Mobile Flow connector configuration due to special character (78875)
- [Resolved] UAG-8568 Access denied when accessing UAG admin page (90002)
- CONSVR-1630: SMBConnector Extension is created each time when a file is uploaded using Workspace ONE Content (78305)
Digital Workspace Techzone, Blog and YouTube Updates
- Know before you go! Your guide to digital employee experience (DEX) sessions at VMware Explore Europe 2022
- Announcing the end of product availability and support for Workspace ONE AirLift
- API first! A look at the most important features of Horizon Cloud next-gen
- Announcing URL authentication in Workspace ONE for iOS using YubiKey via Workspace ONE PIV-D Manager
- Modern Management Essentials: OS Lifecycle Management
- Deploying VMware Horizon with Native Amazon EC2 and Amazon Workspaces
- Hybrid working: A Gen Z vs Baby Boomers perspective
3rd Party Blog Updates & Industry News
- Mobile-Jon: Workspace ONE Delivers the MacOS Updater Utility (MUU): Does it Finally Solve the Patching Woes of WS1 Mac Software Updates?
- Simon Elberts: macOS Ventura with VMware Fusion - Workspace ONE
Patch & Seed Script Updates Week 44-2022
- OS Updates Seed Script
- Most recent update: Most recent update: iOS 16.1.0 (20B82),macOS Monterey 12.6.1 (21G217)
- https://resources.workspaceone.com/view/rywydmj6ghb9nmch4ywq/en
- Last Update: CW43
- Seed Script for latest Device Model Information
- Seed Script for latest Device Model Information ... iphone 14 A2883 iphone 14 Plus A2887 iphone 14 Pro A2891 iphone 14 Pro Max A2895
- https://resources.workspaceone.com/view/x8kn6bslt67vwvlgx4ld/en
- Last update: CW38
- Workspace ONE UEM 21.05
- Patch Level: 21.5.0.67
- CMEM-186704: PowerShell failing: "User credential of the remote PowerShell server contains the special characters."
- https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2105/rn/Workspace-ONE-UEM-2105-Release-Notes.html#21-5-0-66-patch-resolved-issues-resolved
- Last Update: CW39
- Workspace ONE UEM 21.09
- Patch Level: 21.9.0.45
- AAPP-14587: Find device option not populating when device is turned off and then on.
- https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2109/rn/Workspace-ONE-UEM-2109-Release-Note.html#21-9-0-41-patch-resolved-issues-resolved
- Last Update: CW41
- Workspace ONE UEM 21.11
- Patch Level: 21.11.0.50
- UM-7637: Deactivating 100 users in bulk fails on UEM console 21.11.0.37+
- CMCM-190120: Remove the usage of template load from DS endpoint
- Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2111/rn/vmware-workspace-one-uem-powered-by-airwatch-2111-release-notes/index.html#resolved-issues-2111043-patch-resolved-issues
- Last Update: CW42
- Workspace ONE UEM 22.03
- Patch Level 22.3.0.32
- FS-1887: [Freestyle Orchestrator][Unable to edit freestyle orchestrator workflow with Time Window condition]
- AMST-37437: Sensors Tab on Device Detail View should be visible for Registered Mode devices.
- AAPP-14775: Cannot Enable Device Assignment for certain VPP applications
- https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2203/rn/vmware-workspace-one-uem-powered-by-airwatch-2203-release-notes/index.html#resolved-issues-223028-patch-resolved-issues
- Last Update: CW44
- Workspace ONE UEM 22.06
- Patch Level 22.6.0.13
- AMST-37435: Sensors Tab on Device Detail View should be visible for Registered Mode devices.
- AMST-37255: Seed v2206 SFD patch to UEM
- AGGL-13119: DDUI profiles fail to save settings
- AGGL-13119: DDUI profiles fail to save settings
- https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2206/rn/vmware-workspace-one-uem-powered-by-airwatch-2206-release-notes/index.html#resolved-issues-226011-patch-resolved-issues
- Last Update: CW44
- Workspace ONE UEM 22.09
- Patch Level 22.9.0.4
- Full Installer
- https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2209/rn/vmware-workspace-one-uem-2209-release-notes/index.html
- Last Update: CW44
Comments
Post a Comment