VMware Digital Workspace Newsletter - Week 48

 

             

 

 

                

      

Week 48 -  2022

 

 

 



 

 

 

Weekly highlight:

 

Apps/Process Blocking Failures For Intelligent HUB on macOS (90209)


  • Devices managed by Workspace ONE UEM are able to launch applications and processes that are prohibited by VMware Apps and Process Restrictions for macOS
  • macOS Intelligent Hub uses Apple's Endpoint Security System Extension framework to monitor system events to help administrators block specific software from running on a managed device. While security tools should still be used for malware, viruses, or other malicious software, this functionality helps with basic restrictions such as games, CLI tools, messaging apps, or even OS update installers.
  • The enrolled device is running macOS 13 or later.
  • Workspace ONE Intelligent Hub 21.04 or later is installed.
  • System Extension and Privacy Preferences for Intelligent Hub are installed. If you are using Workspace ONE UEM console version 2105, you do not need to manually create the System Extension and Privacy Preferences profiles
  • Per Hub logs, it can be seen that the events required for Endpoint Security extensions are occurring as expected, but are failing to trigger the necessary framework in macOS to for targeted processes.
  • To stream process blocking events on an affected device, please open the terminal.app and enter the following command line to stream the unified logging process filtered for macOS security events 
·         /usr/bin/log stream --predicate '(subsystem contains "com.vmware.hub.security")' | grep EndpointSecurity
  • This issue is currently under active investigation by VMware product engineering.

 

 

 

 


Week 48 Software Releases


 

Horizon Cloud next-gen 22.11


Horizon Agent Update 

  • Pools now display a status showing if any agents are out-of-date or unsupported, allowing you to update those agents.

Onboarding

  • Horizon Universal Subscription License
    • Administrators can now track concurrent license usage details on the Subscriptions page. This page displays information such as the total number of concurrent licenses available and the peak usage statistics per 24 hours, 30 days and 90 days.

Monitoring

  • The Simulated Launch test type has been added to Availability Monitoring. This test allows an administrator to have a testing client perform a synthetic session launch on the Edge Gateway, avoiding the need to launch a specific desktop resource. 

Horizon Universal Console

  • Document links related to the current page that you are on in the Horizon Universal Console populate in a list when you click the help button.

https://docs.vmware.com/en/VMware-Horizon-Cloud-Service---next-gen/services/rn/vmware-horizon-cloud-service--nextgen-release-notes/index.html

 

Horizon UAG 2209.01

  • Support for validation of admin and internet facing TLS certificate chains when the certificate is configured using uagcertutil utility.
  • Improve UDP reporting in Tunnel Access Logs.
  • Updates to Photon OS package versions.

https://docs.vmware.com/en/VMware-Unified-Access-Gateway/2209.1/rn/vmware-unified-access-gateway-22091-release-notes/index.html


iOS Content 22.11

  • Added new filters like Black & White, Grayscale, and flash while capturing images.
  • Refreshed PDF Viewer appearance

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Content-for-iOS.html


iOS Web 22.11.1 

  • Bug Fixes

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Web-for-iOS.html


iOS Boxer 22.11


Create Online Meetings for Zoom 

  • Prerequisites:
    • Cloud ENS enabled
  • With this feature the users are going to be able to create a Zoom meeting and add the conference details directly into an invite when they create or edit it
  • A new “Zoom Online Meeting” toggle is present in the create/edit event screen, which when turned on automatically creates the Zoom link together with the other meeting details 
  • The feature is activated and the toggle appears when the new account-level KVP EnableZoomOnlineMeetings is set to true. 
    • The default value of the KVP is false 
  • The first time when the user tries to create a meeting he/she would be prompted to authenticate in Zoom with their credientials

Email Outbox Status Enhancements 

  • New status labels have been added when emails are shown in Outbox folder
  • If there are any obstacles emails to be sent or it is taking more time than expected a proper label will be present next to the email's title

Bug Fixes

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Boxer-for-iOS.html


Android Content 22.11

  • Camera enhancements – Optimised photos and videos preview

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workpace-ONE-Content-for-Android.html


 

Introducing VMware Workspace ONE ITSM Connector for ServiceNow 2.0 (90287)

  • Introducing Employee self-service actions within the service catalog - Empower your employees to remediate frequently occurring devices issues with self-service actions in the ServiceNow service catalog. Employees can now perform various actions like adding their device into Workspace ONE UEM, change device passcode when they are locked out or have forgotten their passcode, find a misplaced device, lock a lost or stolen device, sync device with UEM to get latest resources and view encryption recovery keys. This functionality helps reduce incoming support requests to Service desk teams and increases employee downtime and productivity.
  • Additional UEM actions available within the ServiceNow Incident – The following additional UEM actions are now available to the service desk admin in the Workspace ONE UEM tab within an incident –
    • Add device- Enroll a device into the Workspace ONE UEM console by sending an email to its user with details necessary to enroll their device
    • Find device- Assist an employee in finding their lost or misplaced device by sending an alert tone meant to help user locate their device
    • View encryption recovery keys- Unlock encrypted windows and macOS devices with easy access to the BitLocker recovery key for windows and FileVault recovery key for macOS devices.
  • https://kb.vmware.com/s/article/90287

 

Important KB Updates

 

Failure to upgrade to Horizon 2209 when message security is MIXED (90251)

  • A Connection Server upgrade appears to be completed but the machine never becomes ready.
    You see the following error in the log:
    Could not configure message security: Invalid parameter for levelString: null
    Downgrading to 2206 is successful.
  • If upgrading to Horizon 2209 when message security is set to MIXED, JMS does not operate correctly.
  • Message security needs to be set as ON or ENHANCED
  • MIXED message security is meant to be a transitional mode and we do not expect the environment to remain in this state beyond one day. Upgrades to Horizon 2209 in this state have been found to fail.
  • Resolution:

Set message security to ON or ENHANCED before upgrading.

Ensure you can connect to the Admin Console and that a desktop or application can be successfully launched.

The upgrade to 2209 should then be successful.

 

[Resolved] AAPP-14746: Unable to enable Device Assignment for certain VPP applications (90282)

  • When syncing new VPP applications, you may notice the following errors:
    • "Enable Device Assignment" option is missing 
    • Unable to delete VPP applications
    • Unable to associate licenses to VPP applications
  • Each VPP application has a unique ID for tracking and identification. Apple has introduced a larger ID format for new applications, which certain workflows in Workspace ONE UEM could not handle.
  • This issue is resolved as of Workspace ONE UEM 2210 (SaaS only). The fix is also available as a patch for the following versions:
    • Workspace ONE UEM 2111 - Issue is resolved in 21.11.0.52 and above. Patch is available on the Resources Portal
    • Workspace ONE UEM 2203 - Issue is resolved in 22.3.0.32 and above. Patch is available on the Resources Portal
    • Workspace ONE UEM 2206 - Issue is resolved in 22.6.0.11 and above. Patch is available on the Resources Portal
    • Workspace ONE UEM 2209 - Issue is resolved in 22.9.0.5 and above. Patch is available on the Resources Portal

 

Unable to upload the Workspace ONE Assist for MacOS agent 22.10 to UEM console ‘Apps & Books’ due to Application ID mismatch in the plist file (90301)

  • “Application ID does not match” error seen when customers try to add the 22.10 Assist MacOS agent version on top of an existing agent in the UEM console through ‘Apps & Books’.
    Version Impacted:
    VMware Workspace ONE Assist for MacOS v22.10
  • The plist file that was bundled with the 22.10 Assist MacOS agent had an incorrect 'Application ID' for the package which resulted in an ‘Application ID does not match’ error while trying to upload the package in the UEM Apps & Books.
  • This issue impacts customers trying to upload the MacOS agent 22.10 by using the ‘Add Version’ option to add the new agent version on top of an existing agent.

This issue does not impact customers who uploaded the MacOS agent 22.10 either as a new application or through the Bootstrap method.

  • A new macOS agent with an updated plist file which fixes this issue is available to download from the Resource Portal (https://resources.workspaceone.com/view/r6wdzxhmtd6zksdmswbp/en).Customers who have already downloaded the package bundle from the Resource Portal between 8th November 2022 & 29th November 2022 will need to remove the plist file/agent 22.10 (that has the issue) and download the package bundle again from Resource Portal that has the updated files.

 

Highlighting High Priority KBs

 

Recently updated or added KBs (Links)

 

Digital Workspace Techzone, Blog and YouTube Updates

 

3rd Party Blog Updates & Industry News

 

Beta, Lab and Tech Preview Updates

  • Workspace ONE Intelligent Hub 22.12 for macOS
    • hubcli support for managed software updates via MDM commands.
    • 3rd party package updates - Python , MSAL, Firebase, KeychainAccess, SwiftProtobuf etc.
  • WS1 Intelligent Hub 22.11 for Android
    • Delay in profile installation & removal commands on Android 13 Pixel devices
    • HUB is not able to open Microsoft Authenticator if the process gets interrupted.
    • Redmi Note 4 is not getting enrolled in Work Profile mode
    • Support for Shift-Based Access Controls
    • Terms of Use in Hub Catalog
    • Bug Fixes:
      • Simplified Device/Work Password Complexity for Android 12+
      • CICO Native Launcher – Auto Logout
      • Hub services notification alerts are not showing on Android devices if enrolled with staging user
  • Workspace ONE Content 22.12 for iOS
    • Updated experience for searching template user repositories by allowing user to search automatically from the list of admin added repository templates.
    • Provided separate KVPs for enabling PDF editing capabilities like annotations and organising pages.
    • Updated the loading experience when files and folders are synced.
  • WS1 Tunnel 22.11 for Android
    • In this release, we’ve made a few updates containing general quality and performance improvements with no new features. 
  • Please visit the Early Access Community portal for further information.

 


 

Patch & Seed Script Updates Week 48-2022

 

 

 

 

 

 

 


 

 

 

 

 

 

 

 

 

 

Comments