Weekly highlight: CRSVC-30733 - Workspace ONE UEM 2209 - Console and API access, and device communications may fail (90366) - Upon upgrading to Workspace ONE UEM version 2209, servers hosted on Windows server 2012 R2 may experience the following symptoms:
- Console fails to load
- Enrollments and device communication with UEM may fail
- REST API endpoints are inaccessible
Error Observed when reaching Health check end-points:
HTTP Error 500 - Internal Server Error - Workspace ONE UEM 2209
- Enhancements have been made to remove IIS Server version information from HTTP responses. These changes are not compatible with IIS version 8.5 and lower.
- This may result in the following impact:
- Console is not accessible
- Enrollments fail and devices cannot communicate with WS1 UEM
- REST API is inaccessible
- Health check endpoint does not load
- Our Product team has been notified and is working to resolve this issue in a timely manner. Please subscribe to this article to receive updates
Week 49 Software Releases Secure Email Gateway 2.24 - Updated to latest JRE version 11.0.16
- Added support for OCSP stapling. OCSP stapling is enabled by default and the SEG server will return an OCSP response to the email client.
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Secure-Email-Gateway.html
macOS Intelligent Hub 2212
- hubCLI support for managed software updates via MDM commands
- 3rd party package updates - Python, MSAL, Firebase, SwiftProtobuf etc.
- Bug Fixes
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Workspace-ONE-Intelligent-Hub-for-macOS.html
Android Intelligent Hub 2211 - Support for Shift-Based Access Controls (Tech Preview)
- Shift-based access control enables admins to deliver a digital workspace that is shift aware. When a worker is off-shift, admins can configure to block access to Intelligent Hub app or restrict access to only specific features(Custom tab, Support, People etc.) in Hub, and restrict launch of web and native apps. This integration is enabled through VMware Workspace ONE Experience Workflows in Hub Services with WorkJam third-party time management and scheduling system to retrieve the data about the workers current on-shift or off-shift work status.
- Terms of Use in Hub Apps Catalog
- An admin can now define and apply Terms of Use (TOU) for the applications in the Hub Apps catalog. When an end user installs an application which is configured with TOU, Hub app presents the TOU which needs to be accepted by the end user to use the app.
- Simplified Password Complexity (Android 12+)
- You can now set the minimum complexity or Device and Work passcodes to Low, Medium, and High. These basic complexity levels are pre-defined in Android and are meant to provide end users greater flexibility in how they lock their devices and work apps. Advanced controls to set minimum passcode content and length are still available. However, these advanced controls are not supported in the Device Passcode Policy for Android 12+ devices.
- Bug Fixes
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/Introducing-VMware-Workspace-ONE-Intelligent-Hub-for-Android.html Vmware Tunnel for Android 2211 - PPAT-12827: Fixed intermittent DNS resolution issue when Tunnel is running in Full Device mode
- PPAT-12827: Fixed intermittent issues with Trusted Network Detection on network switch
https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Tunnel-for-Android-Release-Notes.html Workspace ONE UEM - Directory Services Permission Required to Add/Edit Admins and Admin Groups (90165) - In Workspace ONE UEM version 22.10, adding or editing an admin account or admin group will result in a "This door is locked" error even if the logged in admin has the appropriate permissions for these actions.
An admin role must now include the Directory Services 'Edit' permission in order to add or edit admin accounts and admin groups within the Workspace ONE UEM console. - The Admin List View and Admin Groups pages have undergone a UI refresh in Workspace ONE UEM 22.10. This entailed a migration to a new UI framework. Due to the nature of the new UI framework, the permission for accessing Directory Services settings is required to load and edit the required data and resources on the Admin List View and Admin Groups pages.
- Our product team has been engaged and is actively working to resolve the issue. The product team will create a read-only permission for the Directory Services settings page that will be required to add/edit Admin Accounts and Admin Groups.
Please subscribe to this article to be notified when an update is available. AAPP-9553: iOS apps developed with Workspace ONE SDK may prompt for server URL and Group ID (78740) - When app configuration values are modified and sent to devices via Send Application Configuration option in Workspace ONE UEM console, public applications developed with Workspace ONE SDK for iOS may prompt users for server URL and Group ID.
- This issue will be resolved in a future release of Workspace ONE UEM.
- The application can be deployed as an internal application in Workspace ONE UEM.
.PPT files cannot be open in Workspace ONE Boxer for Android (90308) - Attachments with a .ppt extention cannot be open.
- This problem can be solved by turning on the "Enterprise Content" setting from the UEM Admin Console by going to the Boxer for Android assignment -> App Policies -> Usability.
[CRSVC-31561] - AWCM URL Test Connection - Server's Certificate is not trusted by AWCM Server (90377) - The VMware team has identified that with an update to Workspace ONE v22.04 the
AWCM test connection may not correctly indicate the status the AWCM endpoints.
In some cases, the error message "The executing server’s certificate is not trusted
by the AWCM server" will be displayed.
Note: This test connection failure is not indicative of any communication issues
with devices or other services. - This will be resolved in an upcoming version of Workspace ONE UEM. Please
subscribe to this KB for updates as we progress on resolution of this KB.
Action Required
On-premises: See workaround steps provided below
Shared and Dedicated SaaS: No Action Required as this the internal VMware
teams are executing an internal proactive analysis to ensure any affected SaaS
environments are remediated.
[FCA-204402] Unable to add SAML-based directory accounts after 22.10 Upgrade. (90376) - The VMware team has identified that that with an update to Workspace ONE v22.10 SAML based directory configurations are unable to add new directory users and are experiencing complications while editing existing administrator roles.
- In order to prevent impact to existing configurations VMware has rolled back an update to the affected UI elements while a permanent fix is developed. Once the issue has been resolved VMware will re-enable this page to utilize the modern UI backend framework.
- This will be resolved in an upcoming version of Workspace ONE UEM. Please subscribe
to this KB for updates as we progress on resolution of this KB.
Action Required
On-premises: No action is required as v22.10 is a SaaS only release.
Shared and Dedicated SaaS: No Action Required - For all environments the
workaround has already been implemented.
Upcoming Change to Workspace ONE Access Cloud Default Password Policy for Local Users (90320) - As VMware is committed to the highest security standards, the Workspace ONE Access team is hardening our default password policy for local users.
This update is applicable ONLY to: - The password policy for the local users created in the Workspace ONE Access Cloud console
- The customers using the default password policy for local users
This change will only go into effect when Workspace ONE Access local users using the default password policy reset their passwords and new users create their passwords. When local users reset their passwords; the new password must comply with the updated password policy. The change will be rolled out as part of the Workspace ONE Access December release for all Workspace ONE Access customers. This change is NOT applicable to on-premises deployments. - VMware Workspace ONE Access default password policy for local users will enforce the following conditions:
- Password must contain a minimum of 8 characters
- Passwords must contain a minimum of one uppercase character
- Passwords must contain a minimum of one lowercase character
- Passwords must contain a minimum of one numerical character
- Passwords must contain a minimum of one non-alphanumeric character
Highlighting High Priority KBs - HW-156875 - Patch instructions to address CVE-2022-22972, CVE-2022-22973 in Workspace ONE Access Appliance (VMware Identity Manager) (88438)
CVE-2022-22972, CVE-2022-22973 have been determined to impact Workspace ONE Access (VMware Identity Manager). These vulnerabilities and their impact on VMware products are documented in the following VMware Security Advisory - VMSA-2022-0014 , please review this document before continuing - Announcing end of support for device administrator (Android Legacy) in Workspace ONE UEM (80971)
To align with Google’s strategy and ensure VMware’s investment in the right long-term solution for Android, as of March 31st, 2022, VMware will no longer support device administrator-based management on Android (referred to as Android (Legacy) in the Workspace ONE UEM console). - VMware Tunnel Proxy End of Support Life Announcement (87345)
VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023. - VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
Recently updated or added KBs (Links) Digital Workspace Techzone, Blog and YouTube Updates 3rd Party Blog Updates & Industry News Beta, Lab and Tech Preview Updates - Zebra LifeGuard FOTA Tech Preview
- Registration to the Zebra LifeGuard FOTA service
- Configuration of an Automatic Updates Policy
- Additional features coming soon:
- Custom updates configuration for selecting specific firmware versions
- Update details and monitoring
- Workspace ONE Intelligent Hub 22.11 for iOS
- + Technical Preview: Support for Google Conditional Access see the documentation in the beta community at beta-ea.vmware.com
- + “Web Links” section is now called “My Web Links”
- + TOTP is now available in the Support Tab as well as the Account screen
- + Action cards will now show and persist comments
- + Bug fixes and general improvements
- WS1 Web 22.12 for iOS
· - IBRW-174697: Enable Data Collection for DEX through WS1 Web
This will enable the admins to monitor the usage and performance of Workspace ONE Web through Workspace ONE Intelligence. - Bug fixes & Quality improvements
- IBRW-174819: QR Code in Kiosk mode stops working when navigating away from the Home Screen.
- IBRW-174811: WS1 Web fails to download non-render able files while opening URLs with downloadable from web clips.
- IBRW-174830: iOS Web doesn’t honor “Data Sharing” in Privacy Screen from Settings.
Patch & Seed Script Updates Week 49-2022 - OS Updates Seed Script
- Seed Script for latest Device Model Information
| 
Comments
Post a Comment