VMware Digital Workspace Newsletter - Week 48

 

Week 48 -  2022             Weekly highlight:   Apps/Process Blocking Failures For Intelligent HUB on macOS (90209) Devices managed by Workspace ONE UEM are able to launch applications and processes that are prohibited by VMware Apps and Process Restrictions for macOS macOS Intelligent Hub uses Apple's Endpoint Security System Extension framework to monitor system events to help administrators block specific software from running on a managed device. While security tools should still be used for malware, viruses, or other malicious software, this functionality helps with basic restrictions such as games, CLI tools, messaging apps, or even OS update installers. The enrolled device is running macOS 13 or later. Workspace ONE Intelligent Hub 21.04 or later is installed. System Extension and Privacy Preferences for Intelligent Hub are installed. If you are using Workspace ONE UEM console version 2105, you do not need to manually create the System Extension and Privacy Preferences profiles Per Hub logs, it can be seen that the events required for Endpoint Security extensions are occurring as expected, but are failing to trigger the necessary framework in macOS to for targeted processes. To stream process blocking events on an affected device, please open the terminal.app and enter the following command line to stream the unified logging process filtered for macOS security events  ·         /usr/bin/log stream --predicate '(subsystem contains "com.vmware.hub.security")' | grep EndpointSecurity This issue is currently under active investigation by VMware product engineering.         Week 48 Software Releases   Horizon Cloud next-gen 22.11 Horizon Agent Update  Pools now display a status showing if any agents are out-of-date or unsupported, allowing you to update those agents. Onboarding Horizon Universal Subscription License Administrators can now track concurrent license usage details on the Subscriptions page. This page displays information such as the total number of concurrent licenses available and the peak usage statistics per 24 hours, 30 days and 90 days. Monitoring The Simulated Launch test type has been added to Availability Monitoring. This test allows an administrator to have a testing client perform a synthetic session launch on the Edge Gateway, avoiding the need to launch a specific desktop resource.  Horizon Universal Console Document links related to the current page that you are on in the Horizon Universal Console populate in a list when you click the help button. https://docs.vmware.com/en/VMware-Horizon-Cloud-Service---next-gen/services/rn/vmware-horizon-cloud-service--nextgen-release-notes/index.html   Horizon UAG 2209.01 Support for validation of admin and internet facing TLS certificate chains when the certificate is configured using uagcertutil utility. Improve UDP reporting in Tunnel Access Logs. Updates to Photon OS package versions. https://docs.vmware.com/en/VMware-Unified-Access-Gateway/2209.1/rn/vmware-unified-access-gateway-22091-release-notes/index.html iOS Content 22.11 Added new filters like Black & White, Grayscale, and flash while capturing images. Refreshed PDF Viewer appearance https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Content-for-iOS.html iOS Web 22.11.1  Bug Fixes https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Web-for-iOS.html iOS Boxer 22.11 Create Online Meetings for Zoom  Prerequisites: Cloud ENS enabled With this feature the users are going to be able to create a Zoom meeting and add the conference details directly into an invite when they create or edit it A new “Zoom Online Meeting” toggle is present in the create/edit event screen, which when turned on automatically creates the Zoom link together with the other meeting details  The feature is activated and the toggle appears when the new account-level KVP EnableZoomOnlineMeetings is set to true.  The default value of the KVP is false  The first time when the user tries to create a meeting he/she would be prompted to authenticate in Zoom with their credientials Email Outbox Status Enhancements  New status labels have been added when emails are shown in Outbox folder If there are any obstacles emails to be sent or it is taking more time than expected a proper label will be present next to the email's title Bug Fixes https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Boxer-for-iOS.html Android Content 22.11 Camera enhancements – Optimised photos and videos preview https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workpace-ONE-Content-for-Android.html   Introducing VMware Workspace ONE ITSM Connector for ServiceNow 2.0 (90287) Introducing Employee self-service actions within the service catalog - Empower your employees to remediate frequently occurring devices issues with self-service actions in the ServiceNow service catalog. Employees can now perform various actions like adding their device into Workspace ONE UEM, change device passcode when they are locked out or have forgotten their passcode, find a misplaced device, lock a lost or stolen device, sync device with UEM to get latest resources and view encryption recovery keys. This functionality helps reduce incoming support requests to Service desk teams and increases employee downtime and productivity. Additional UEM actions available within the ServiceNow Incident – The following additional UEM actions are now available to the service desk admin in the Workspace ONE UEM tab within an incident – Add device- Enroll a device into the Workspace ONE UEM console by sending an email to its user with details necessary to enroll their device Find device- Assist an employee in finding their lost or misplaced device by sending an alert tone meant to help user locate their device View encryption recovery keys- Unlock encrypted windows and macOS devices with easy access to the BitLocker recovery key for windows and FileVault recovery key for macOS devices. https://kb.vmware.com/s/article/90287   Important KB Updates   Failure to upgrade to Horizon 2209 when message security is MIXED (90251) A Connection Server upgrade appears to be completed but the machine never becomes ready. You see the following error in the log: Could not configure message security: Invalid parameter for levelString: null Downgrading to 2206 is successful. If upgrading to Horizon 2209 when message security is set to MIXED, JMS does not operate correctly. Message security needs to be set as ON or ENHANCED MIXED message security is meant to be a transitional mode and we do not expect the environment to remain in this state beyond one day. Upgrades to Horizon 2209 in this state have been found to fail. Resolution: Set message security to ON or ENHANCED before upgrading. Ensure you can connect to the Admin Console and that a desktop or application can be successfully launched. The upgrade to 2209 should then be successful.   [Resolved] AAPP-14746: Unable to enable Device Assignment for certain VPP applications (90282) When syncing new VPP applications, you may notice the following errors: "Enable Device Assignment" option is missing  Unable to delete VPP applications Unable to associate licenses to VPP applications Each VPP application has a unique ID for tracking and identification. Apple has introduced a larger ID format for new applications, which certain workflows in Workspace ONE UEM could not handle. This issue is resolved as of Workspace ONE UEM 2210 (SaaS only). The fix is also available as a patch for the following versions: Workspace ONE UEM 2111 - Issue is resolved in 21.11.0.52 and above. Patch is available on the Resources Portal Workspace ONE UEM 2203 - Issue is resolved in 22.3.0.32 and above. Patch is available on the Resources Portal Workspace ONE UEM 2206 - Issue is resolved in 22.6.0.11 and above. Patch is available on the Resources Portal Workspace ONE UEM 2209 - Issue is resolved in 22.9.0.5 and above. Patch is available on the Resources Portal   Unable to upload the Workspace ONE Assist for MacOS agent 22.10 to UEM console ‘Apps & Books’ due to Application ID mismatch in the plist file (90301) “Application ID does not match” error seen when customers try to add the 22.10 Assist MacOS agent version on top of an existing agent in the UEM console through ‘Apps & Books’. Version Impacted: VMware Workspace ONE Assist for MacOS v22.10 The plist file that was bundled with the 22.10 Assist MacOS agent had an incorrect 'Application ID' for the package which resulted in an ‘Application ID does not match’ error while trying to upload the package in the UEM Apps & Books. This issue impacts customers trying to upload the MacOS agent 22.10 by using the ‘Add Version’ option to add the new agent version on top of an existing agent. This issue does not impact customers who uploaded the MacOS agent 22.10 either as a new application or through the Bootstrap method. A new macOS agent with an updated plist file which fixes this issue is available to download from the Resource Portal (https://resources.workspaceone.com/view/r6wdzxhmtd6zksdmswbp/en).Customers who have already downloaded the package bundle from the Resource Portal between 8th November 2022 & 29th November 2022 will need to remove the plist file/agent 22.10 (that has the issue) and download the package bundle again from Resource Portal that has the updated files.   Highlighting High Priority KBs HW-156875 - Patch instructions to address CVE-2022-22972, CVE-2022-22973 in Workspace ONE Access Appliance (VMware Identity Manager) (88438) CVE-2022-22972, CVE-2022-22973 have been determined to impact Workspace ONE Access (VMware Identity Manager).  These vulnerabilities and their impact on VMware products are documented in the following VMware Security Advisory - VMSA-2022-0014 , please review this document before continuing Announcing end of support for device administrator (Android Legacy) in Workspace ONE UEM (80971) To align with Google’s strategy and ensure VMware’s investment in the right long-term solution for Android, as of March 31st, 2022, VMware will no longer support device administrator-based management on Android (referred to as Android (Legacy) in the Workspace ONE UEM console).  VMware Tunnel Proxy End of Support Life Announcement (87345) VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023. VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243) Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).   Recently updated or added KBs (Links) Email Sync in Workspace ONE Boxer stops working intermittently on Samsung and Pixel devices with Android 13 (90201) Antivirus executable exclusion list for VMware Horizon (2082045) Black screen with Horizon View desktop with a "SVGADevTap_Flip entirely failed" Error (56433) Horizon View Best Practices : Parent Image Creation and Maintenance. (90152) Agent installation order for Horizon View, Dynamic Environment Manager, and App Volumes (2118048) Failure to upgrade to Horizon 2209 when message security is MIXED (90251) Frequently Asked Questions (FAQs): Freestyle Orchestrator (81163) EDT - EUC Diagnostic Tool (88683) Horizon Client Feature Matrix for Horizon 8 and Horizon Cloud on Azure (80386) Windows 10 and Windows 11 Guest OS support FAQ for Horizon (YYMM/8) (84254) Occasional black screen in Horizon View pools with NVIDIA GPUs (78996) Intermittent black screens are observed when connecting to Horizon with Sysinternals utility Sysmon 11 present (82263) HTML5 MMR Redirection for YouTube shows black screen at the bottom of the screen (82754) A Microsoft Teams screenshare with Optimization shows a black screen instead of shared contents when using Horizon Client for Windows 2206 (89741) Black screen or other graphics-related issues with Horizon session on a physical machine. (88748) After upgrading to Horizon Agent 7.8/7.9 Nvidia refresh rate defaults to 20Hz (79630) Horizon PCoIP session freezes with NVIDIA grid card configured (85541) vGPU enabled Instant clone desktops are not load balanced correctly (57297) When connecting to a NVIDIA vGPU enabled pool with zero clients and monitors rotated in portrait mode a black screen disconnect will occur. (83770) Some Windows 7 IC vms with Nvidia vGPU attached fail to provision in a pool (74643) PCoIP connections to VMware Horizon View 6.x / 7.x desktops with multiple network adapters fail (2062604) [Resolved] AAPP-14746: Unable to enable Device Assignment for certain VPP applications (90282) VMware Horizon and Horizon Cloud readiness for Microsoft Windows 11 (85960) DNS settings are not being imported from vCenter after upgrading Workspace One Access (88637) Supported versions of Windows 10 and Windows 11 on Horizon Client (58096) Common Configuration Issues and Guidelines with TrueSSO (90037) Troubleshooting SSL certificate Issues with the VMware Horizon Server or Console (2082408) Known Issues with NVIDIA VGPU and Horizon View (90271) .PPT files cannot be open in Workspace ONE Boxer for Android (90308)   Digital Workspace Techzone, Blog and YouTube Updates Workspace One Cloud Services Security Anywhere Workspace How to set up Intelligent Hub notifications for content acknowledgments in Workspace ONE with Intelligence Automations Innovation vs. job satisfaction: The hybrid work world dilemma Data-driven UI in Workspace ONE UEM is now coming for iOS, so you can get new iOS profiles faster! Wave 2: CI/CD and what it means for SaaS customers Empowering healthcare organizations with VMware Horizon multi-cloud solutions   3rd Party Blog Updates & Industry News Geursen: Unable to start all WS ONE Connector services New Fling: End User computing - Diagnostic Tool Pim van de Vis: Office 365 apps available in the Enterprise Application Repository   Beta, Lab and Tech Preview Updates Workspace ONE Intelligent Hub 22.12 for macOS hubcli support for managed software updates via MDM commands. 3rd party package updates - Python , MSAL, Firebase, KeychainAccess, SwiftProtobuf etc. WS1 Intelligent Hub 22.11 for Android Delay in profile installation & removal commands on Android 13 Pixel devices HUB is not able to open Microsoft Authenticator if the process gets interrupted. Redmi Note 4 is not getting enrolled in Work Profile mode Support for Shift-Based Access Controls Terms of Use in Hub Catalog Bug Fixes: Simplified Device/Work Password Complexity for Android 12+ CICO Native Launcher – Auto Logout Hub services notification alerts are not showing on Android devices if enrolled with staging user Workspace ONE Content 22.12 for iOS Updated experience for searching template user repositories by allowing user to search automatically from the list of admin added repository templates. Provided separate KVPs for enabling PDF editing capabilities like annotations and organising pages. Updated the loading experience when files and folders are synced. WS1 Tunnel 22.11 for Android In this release, we’ve made a few updates containing general quality and performance improvements with no new features.  Please visit the Early Access Community portal for further information.     Patch & Seed Script Updates Week 48-2022 OS Updates Seed Script  Most recent update: macOS Ventura 13.0.1 (22A400),iOS 16.1.1 (20B101) https://resources.workspaceone.com/view/rywydmj6ghb9nmch4ywq/en Last Update: CW47 Seed Script for latest Device Model Information Seed Script for latest Device Model Information ... Seed new ipad 10th generation device models https://resources.workspaceone.com/view/x8kn6bslt67vwvlgx4ld/en Last update: CW45   Workspace ONE UEM 21.05 Patch Level: 21.5.0.67 CMEM-186704: PowerShell failing: "User credential of the remote PowerShell server contains the special characters." https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2105/rn/Workspace-ONE-UEM-2105-Release-Notes.html#21-5-0-66-patch-resolved-issues-resolved Last Update: CW39   Workspace ONE UEM 21.09 Patch Level: 21.9.0.47 AMST-37313: Device Identifier and UDID mismatch for any reason should not unenroll device. AAPP-14928: Cannot enable Device Assignment for certain VPP applications. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2109/rn/Workspace-ONE-UEM-2109-Release-Note.html#21-9-0-41-patch-resolved-issues-resolved Last Update: CW47   Workspace ONE UEM 21.11 Patch Level: 21.11.0.53 CRSVC-33270: Add debug logging to the HMAC Canonical code. AMST-37559: Security sample improvements. Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2111/rn/vmware-workspace-one-uem-powered-by-airwatch-2111-release-notes/index.html#resolved-issues-2111043-patch-resolved-issues Last Update: CW47   Workspace ONE UEM 22.03 Patch Level 22.3.0.34 RUGG-11545: Smartgroups with OS version criteria not updating when a device updates OS version. AGGL-13299: DDUI - Request to increase maximum character limit for fields in Chrome Browser settings profile. AGGL-13298: Saving profiles containing encrypted string fails due to Enum mismatch. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2203/rn/vmware-workspace-one-uem-powered-by-airwatch-2203-release-notes/index.html#resolved-issues-223028-patch-resolved-issues Last Update: CW46   Workspace ONE UEM 22.06 Patch Level 22.6.0.18 CRSVC-33615: [Compliance] Fix Toggle Compliance Policy Status not working properly when setting a active policy to inactive AMST-37560: P2P requests are being served by DS instead of CDN. AMST-37556: Security sample improvements https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2206/rn/vmware-workspace-one-uem-powered-by-airwatch-2206-release-notes/index.html#resolved-issues-226011-patch-resolved-issues Last Update: CW48   Workspace ONE UEM 22.09 Patch Level 22.9.0.8 INTEL-44408: Display Last Checked Out username in UEM devices data in Intelligence. ARES-23743: Issue with shift based Access SDK.  AMST-37555: Security sample improvements. AGGL-13396: DDUI - Request to increase maximum character limit for fields in Chrome Browser settings profile. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2209/rn/vmware-workspace-one-uem-2209-release-notes/index.html#resolved-issues-22904-patch-resolved-issues Last Update: CW48