VMware Digital Workspace Newsletter - Week 2






Week 2 -  2023







Weekly highlight:


Workspace ONE UEM Cloud 22.12 


  • We've enhanced certificate retrieval for Entrust and OpenTrust PKI.

To support retrieving and deploying past S/MIME certificates to devices (for decrypting older S/MIME emails encrypted with a past, expired certificate), you can now enable For S/MIME on the certificate template for Entrust and OpenTrust PKI CAs. This checkbox on the certificate template determines whether historical certificates are retrieved or not. Additionally, all existing EntrustPKI V9 and Opentrust PKI CA's will have the For S/MIME checkbox checked through the one time migration.


  • Conditional Access Support for On-Premises UEM Console in a Closed Network Environment.

On-premises customers with closed network UEM console environments can now enable Microsoft Azure AD conditional access by enabling feature flag ConditionalAccessClosedNetworkSupportFeatureFlag. With this feature, customers with closed network UEM console are no longer required to create a publicly resolvable UEM console URL for VMware Workspace ONE Intelligence to reach out to over port 443. For more information, see Use Compliance Data in Azure AD Conditional Access Policies.


  • Deploying iOS profiles is now easier and faster with the new data-driven user interface.

With the new Data-Driven User Interface (DDUI) user experience, you can now quickly add payloads, search, and view profile summaries. Keep an eye out for this new iOS user experience for shared SaaS. We intend to add more payloads and keys released by Apple to Workspace ONE in the future, allowing administrators to deploy much more quickly. This functionality will have a gradual rollout across Shared SaaS. For more information specific to iOS profiles, see iOS Device Profiles.


  • We've made changes to passcode content requirements for Android devices.

A new Passcode Complexity setting is now available in the Work Passcode and Device Passcode sections of Passcode Profile. This feature lets you determine whether you want basic or advanced password settings on the devices of your users. For more information, see Android Passcode Profile.


  • We’ve enhanced and improved Bitlocker.

We've added the ability to configure encryption of removable drives in the Workspace ONE UEM console through the BitLocker To Go settings. You can now customise the encryption method, minimum password length, and the ability to encrypt only used space.

  • A new dashboard for Windows and macOS!

On the Devices Dashboard page of the Workspace ONE UEM console, you can now see newly added dashboards. These dashboards display the number of iOS devices running each version.

  • Workspace ONE UEM 2212 adds support for Windows 10 virtual machines running on Amazon WorkSpaces. 

For Windows 11, Amazon WorkSpaces does not yet provide an option for Windows 11 virtual machines. Therefore, support has not been validated by VMware for Workspace ONE UEM on Amazon WorkSpaces for Windows 11. BitLocker management, licensing and basic user profiles are not supported by Amazon WorkSpaces


Amazon WorkSpaces virtual machines have specific restrictions they enforce which will prevent UEM from modifying these settings.


  • Workspace ONE UEM 2212 adds support for Linux virtual machines running on Amazon WorkSpaces.

Both Ubuntu and Amazon Linux 2 WorkSpaces instances are supported with UEM. 


UEM is unable to determine whether an Amazon WorkSpaces virtual machine is encrypted. This will be included in a future UEM release.




VMware Horizon 2212

Top release content is listed below, for fuller release content per product, see the "What's New" section in release notes linked below.

Horizon Server + Instant Clone

  • Ability for admins to import and validate SSL certificates in Horizon Console
  • Support Cloud Pod Architecture with IPv6
  • Full clone AD binding
  • Instant Clone support for Microsoft MAK licensing
  • Instant Clone mode B support for vTPM desktops
  • Migrate from Azul to Bellsoft OpenJDK in Horizon Server
  • Increased max number of VMs per host support from 200 to 500 for non-vSAN storage
  • Support for Full Clone agent auto upgrade (Beta)
  • Additional REST APIs
  • Support for latest VMC on AWS and AVS platforms


  • Auto install Zoom & WebEx plug-in
  • Support QT Tool to support Blast on Teradici zero clients 
  • DEEM reporting Windows client
  • WebRTC SDK
  • Support comments in location based printing
  • Custom ports for UDP with AVI
  • Migrate to BellSoft OpenJDK
  • LinuxVDI add SuSE 15 SP4; RHEL 7.9; Debian support
  • PIV-D support iOS client
  • Blast tuner for easy pre-sets
  • Prevent multiple server icons with AVI, UAG & SAML IDP with HTML Access

App Volumes

  • Published Apps on Demand
  • Ability to Update Package Notes
  • Apps On Demand: Login Improvements for a Large Number of Apps

Release Notes





Release Updates Week 02:

VMware Unified Access Gateway 2212 

  • Enhancements to deployment on cloud platforms.

Google Cloud Platform (GCP)

  • Added support for deploying Unified Access Gateway image on a GCP project when the image is managed from a different project.
  • Added support for GCP’s shared VPC configurations to be leveraged when deploying Unified Access Gateway on GCP.

Microsoft Azure

  • Added capability for deployment to a specific availability zone on Microsoft Azure.

Amazon Web Services (AWS)

    • Added support for deployment from AWS Cloud Shell.
  • Added support for deployment with PowerShell 7 (version 7.2.7) from an Ubuntu machine.
  • Added support in VMware Tunnel for IPv6 subnets in Server Traffic Rules and when performing validation of Device Traffic Rules.


  • When Unified Access Gateway is used as a service provider for SAML integration, Unified Access Gateway’s service provider identity will change when the TLS certificate is refreshed. This aids in the overall IDP and SP certificate refresh workflow and avoids production downtime.
  • Added support for configuring unique settings per Syslog or MQTT server definition.
  • Improved support for special characters in Workspace ONE UEM API server password.
  • Troubleshooting enhancements and logging improvements.
  • Updates to Photon OS package versions and Java component versions.


iOS Notebook 23.01



KB Highlights


Highlighting High Priority KBs

  • [Action Needed] - Refresh Old Android Enrollment QR Codes
    VMware is making changes to enhance the security posture of cloud-based endpoints related to this enrollment method on March 1st, 2023. As a result of this change enrollment using some older QR codes may fail. As a resolution, new QR codes will need to be generated as replacements for affected QR codes.
  • VMware Tunnel Proxy End of Support Life Announcement (87345)
    VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023.
  • VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
    Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
  • Support Access Policies for Customers with Expired SaaS EUC Licenses (89494)
    In alignment with VMware's Corporate Standards and those of the industry as a whole, VMware customers who have purchased SaaS (Software-as-a-Service) licenses for EUC (End-User Computing) products can expect the behavior outlined in the KB regarding Support access when their subscription has a status of Active Pending Cancellation or Expired/Cancelled.


Security Related KBs


Recently updated or added KBs (Links)


Digital Workspace Techzone, Blog and YouTube Updates


3rd Party Blog Updates & Industry News



VMware EUC Breakfast Briefings in January 2023

  • Jan 17: Employee Experience
  • Jan 18: IT Experience
  • Jan 19: Virtual Apps & Desktops
  • Jan 20: Intrinsic Security
  • Time: 8:15AM - 9:00 AM GMT

Registration in German
Registration in English



Patch & Seed Script Updates Week 02-2023