VMware Digital Workspace Newsletter - Week 2

 

Week 2 -  2023             Weekly highlight:   Workspace ONE UEM Cloud 22.12  Console We've enhanced certificate retrieval for Entrust and OpenTrust PKI. To support retrieving and deploying past S/MIME certificates to devices (for decrypting older S/MIME emails encrypted with a past, expired certificate), you can now enable For S/MIME on the certificate template for Entrust and OpenTrust PKI CAs. This checkbox on the certificate template determines whether historical certificates are retrieved or not. Additionally, all existing EntrustPKI V9 and Opentrust PKI CA's will have the For S/MIME checkbox checked through the one time migration.   Conditional Access Support for On-Premises UEM Console in a Closed Network Environment. On-premises customers with closed network UEM console environments can now enable Microsoft Azure AD conditional access by enabling feature flag ConditionalAccessClosedNetworkSupportFeatureFlag. With this feature, customers with closed network UEM console are no longer required to create a publicly resolvable UEM console URL for VMware Workspace ONE Intelligence to reach out to over port 443. For more information, see Use Compliance Data in Azure AD Conditional Access Policies. iOS Deploying iOS profiles is now easier and faster with the new data-driven user interface. With the new Data-Driven User Interface (DDUI) user experience, you can now quickly add payloads, search, and view profile summaries. Keep an eye out for this new iOS user experience for shared SaaS. We intend to add more payloads and keys released by Apple to Workspace ONE in the future, allowing administrators to deploy much more quickly. This functionality will have a gradual rollout across Shared SaaS. For more information specific to iOS profiles, see iOS Device Profiles. Android We've made changes to passcode content requirements for Android devices. A new Passcode Complexity setting is now available in the Work Passcode and Device Passcode sections of Passcode Profile. This feature lets you determine whether you want basic or advanced password settings on the devices of your users. For more information, see Android Passcode Profile. Windows We’ve enhanced and improved Bitlocker. We've added the ability to configure encryption of removable drives in the Workspace ONE UEM console through the BitLocker To Go settings. You can now customise the encryption method, minimum password length, and the ability to encrypt only used space. A new dashboard for Windows and macOS! On the Devices Dashboard page of the Workspace ONE UEM console, you can now see newly added dashboards. These dashboards display the number of iOS devices running each version. Workspace ONE UEM 2212 adds support for Windows 10 virtual machines running on Amazon WorkSpaces.  For Windows 11, Amazon WorkSpaces does not yet provide an option for Windows 11 virtual machines. Therefore, support has not been validated by VMware for Workspace ONE UEM on Amazon WorkSpaces for Windows 11. BitLocker management, licensing and basic user profiles are not supported by Amazon WorkSpaces Note: Amazon WorkSpaces virtual machines have specific restrictions they enforce which will prevent UEM from modifying these settings. Linux Workspace ONE UEM 2212 adds support for Linux virtual machines running on Amazon WorkSpaces. Both Ubuntu and Amazon Linux 2 WorkSpaces instances are supported with UEM.  Note: UEM is unable to determine whether an Amazon WorkSpaces virtual machine is encrypted. This will be included in a future UEM release. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2212/rn/vmware-workspace-one-uem-2212-release-notes/index.html     VMware Horizon 2212 Top release content is listed below, for fuller release content per product, see the "What's New" section in release notes linked below. Horizon Server + Instant Clone Ability for admins to import and validate SSL certificates in Horizon Console Support Cloud Pod Architecture with IPv6 Full clone AD binding Instant Clone support for Microsoft MAK licensing Instant Clone mode B support for vTPM desktops Migrate from Azul to Bellsoft OpenJDK in Horizon Server Increased max number of VMs per host support from 200 to 500 for non-vSAN storage Support for Full Clone agent auto upgrade (Beta) Additional REST APIs Support for latest VMC on AWS and AVS platforms CART Auto install Zoom & WebEx plug-in Support QT Tool to support Blast on Teradici zero clients  DEEM reporting Windows client WebRTC SDK Support comments in location based printing Custom ports for UDP with AVI Migrate to BellSoft OpenJDK LinuxVDI add SuSE 15 SP4; RHEL 7.9; Debian support PIV-D support iOS client Blast tuner for easy pre-sets Prevent multiple server icons with AVI, UAG & SAML IDP with HTML Access App Volumes Published Apps on Demand Ability to Update Package Notes Apps On Demand: Login Improvements for a Large Number of Apps Release Notes Horizon Server Horizon Client for Windows Horizon Client for Linux Horizon Client for Mac Horizon Client for Android Horizon Client for iOS Horizon Client for Chrome Horizon HTML Access App Volumes Dynamic Environment Manager         Release Updates Week 02: VMware Unified Access Gateway 2212  Enhancements to deployment on cloud platforms. Google Cloud Platform (GCP) Added support for deploying Unified Access Gateway image on a GCP project when the image is managed from a different project. Added support for GCP’s shared VPC configurations to be leveraged when deploying Unified Access Gateway on GCP. Microsoft Azure Added capability for deployment to a specific availability zone on Microsoft Azure. Amazon Web Services (AWS) Added support for deployment from AWS Cloud Shell. Added support for deployment with PowerShell 7 (version 7.2.7) from an Ubuntu machine. Added support in VMware Tunnel for IPv6 subnets in Server Traffic Rules and when performing validation of Device Traffic Rules.   When Unified Access Gateway is used as a service provider for SAML integration, Unified Access Gateway’s service provider identity will change when the TLS certificate is refreshed. This aids in the overall IDP and SP certificate refresh workflow and avoids production downtime. Added support for configuring unique settings per Syslog or MQTT server definition. Improved support for special characters in Workspace ONE UEM API server password. Troubleshooting enhancements and logging improvements. Updates to Photon OS package versions and Java component versions. https://docs.vmware.com/en/Unified-Access-Gateway/2212/rn/unified-access-gateway-2212-release-notes/index.html iOS Notebook 23.01 URL Schemes Support This feature provides support for inter-app integration using URL schemes Workspace ONE UEM provides you with a set of URLs that can be used to access different Workspace ONE Notebook menus and options from supported third-party applications. The URL schemes can be used with any application that supports URL formats, for example, browsers, email applications, and notes. Support the following URL schemes is provided: notebook:// notebook://tasks notebook://notes notebook://favorites notebook://createnote notebook://createtask notebook://createnotefromtemplate SDK Update Bug fixes and quality improvements https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/VMware-Workspace-ONE-Notebook-for-iOS.html   KB Highlights   Highlighting High Priority KBs [Action Needed] - Refresh Old Android Enrollment QR Codes VMware is making changes to enhance the security posture of cloud-based endpoints related to this enrollment method on March 1st, 2023. As a result of this change enrollment using some older QR codes may fail. As a resolution, new QR codes will need to be generated as replacements for affected QR codes. VMware Tunnel Proxy End of Support Life Announcement (87345) VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023. VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243) Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022). Support Access Policies for Customers with Expired SaaS EUC Licenses (89494) In alignment with VMware's Corporate Standards and those of the industry as a whole, VMware customers who have purchased SaaS (Software-as-a-Service) licenses for EUC (End-User Computing) products can expect the behavior outlined in the KB regarding Support access when their subscription has a status of Active Pending Cancellation or Expired/Cancelled.   Security Related KBs HW-137959: VMSA-2021-0016 for Workspace ONE Access, VMware Identity Manager (CVE-2021-22002, CVE-2021-22003) (85254) HW-150533: VMSA-2021-0028, VMSA-2021-0030 for Workspace ONE Access Appliance (CVE-2021-44228, CVE-2021-45046, CVE-2021-22056, CVE-2021-22057) (87183) HW-150543: VMSA-2021-0028 for Workspace ONE and VMware Identity Manager Connector (CVE-2021-44228, CVE-2021-45046) (87184) HW-150541: VMSA-2021-0028, VMSA-2021-0030 for VMware Identity Manager (CVE-2021-44228, CVE-2021-45046, CVE-2021-22056) (87185) HW-146724: Users maybe be unable to authenticate on Workspace ONE Access with Active Directory over IWA and STARTTLS option (85921)   Recently updated or added KBs (Links) Workspace ONE -F SaaS (Non-FedRAMP) End of Availability (90466) Confirming that the userinit string is configured properly (1028975) Lifecycle support policy for VMware Unified Access Gateway (UAG) (2147313) Network error after upgrading VMware Identity Manager (vIDM) to 20.10 (84157) With Workspace ONE Control Plane 2022.7.1.525, sensor Last Executed Date reflects timestamp for last sensor value change (89235) Workspace ONE Access SaaS TLS certificates renewal and replacement process (88153) Creating and Configuring an additional disk for VMware Identity sva (2097696) A 502-synchronization error can be reported when BASIC profile is selected during the Horizon Cloud Connector setup (82557) Windows 10 Start menu, Search, Store Apps does not work to mouse clicks on linked-clone VDI with persistent disk (54877) Enabling SSH on VMware Unified Access Gateway (UAG) (2145537) Error: CSRF attempt from IP address failed when Logging into Horizon via UAG with MFA a pre-login message is configured on the Connection Server (86416) Horizon Linux client: Special function keys on Bloomberg keyboard do not work (84036) During a log collection of the connection servers, the connection servers went unresponsive. (83631) UNKNOWN_FAULT_FATAL - After waiting for 300 seconds internal template VM Instant Clone Creation Error (76469) [review] Scan results are in greyscale when using Neat Desktop scanner redirection with a remote scanner application from Horizon (67056) Support Extension for VMware Identity Manager Connector (Linux) for ThinApp Customers (76358) Workspace ONE Intelligent Hub for MacOS (22.04.x or 22.05.0) may not successfully autoupdate (88834) Email Sync in Workspace ONE Boxer stops working intermittently on Samsung and Pixel devices with Android 13 (90201) Workspace ONE (WS1) Products: Current Versions and Compatibility (80174) Workspace One Access fails to sync Horizon Entitlements (84397) Workaround instructions to address CVE-2021-44228 in Workspace ONE Access Connector (87091) Workaround instructions to address CVE-2021-44228 in Workspace ONE Access Appliance (87090) Workspace ONE Access SQL Server High CPU utilization (85057) Launcher fails to auto-launch after updating on Samsung devices (84139) Workspace ONE UEM Profile Redesign for Android and Apple tvOS - What's new (83168) Announcing End of Life for Hub Services IBM Watson Chatbot (87895) Requirements for Workspace ONE UEM on Linux (86393) How to Self Upgrade an On-Premise Environment for Workspace ONE (WS1) (50102201)   Digital Workspace Techzone, Blog and YouTube Updates Announcing Workspace ONE UEM support for virtual desktops with Amazon WorkSpaces What Is VMware Horizon Cloud Service - Next-Gen? Announcing GA of VMware Aria Operations for Applications for Managed Services Providers Intelligent digital workspace value creation: A guide for IT leaders Workspace ONE integrates with Microsoft Azure AD to support conditional access for shared devices FedRAMP High Authorization for VMware Horizon Cloud Service Workspace ONE extends shift-based access control for frontline workers with UKG Dimensions integration   3rd Party Blog Updates & Industry News Patrick Zöller: Android Hub Registered Mode with AOSP Devices Microsoft: Easily deploy and use Microsoft 365 Apps on shared devices for your frontline workforce Mobile-Jon: Filling the Gaps in Workspace ONE Access Audit Logs     VMware EUC Breakfast Briefings in January 2023 Jan 17: Employee Experience Jan 18: IT Experience Jan 19: Virtual Apps & Desktops Jan 20: Intrinsic Security Time: 8:15AM - 9:00 AM GMT Registration in German Registration in English     Patch & Seed Script Updates Week 02-2023 OS Updates Seed Script  Most recent update: Most recent update: macOS Big Sur 11.7.2 (20G1020) https://resources.workspaceone.com/view/rywydmj6ghb9nmch4ywq/en Last Update: CW01 Seed Script for latest Device Model Information Seed Script for latest Device Model Information ... Seed new ipad pro models for 2022 ... iPad Pro 11" 4th gen iPad Pro 12.9" 6th gen https://resources.workspaceone.com/view/x8kn6bslt67vwvlgx4ld/en Last update: CW01   Workspace ONE UEM 21.05 Patch Level: 21.5.0.67 CMEM-186704: PowerShell failing: "User credential of the remote PowerShell server contains the special characters." https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2105/rn/Workspace-ONE-UEM-2105-Release-Notes.html#21-5-0-66-patch-resolved-issues-resolved Last Update: CW39   Workspace ONE UEM 21.09 Patch Level: 21.9.0.47 AMST-37313: Device Identifier and UDID mismatch for any reason should not unenroll device. AAPP-14928: Cannot enable Device Assignment for certain VPP applications. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2109/rn/Workspace-ONE-UEM-2109-Release-Note.html#21-9-0-41-patch-resolved-issues-resolved Last Update: CW47   Workspace ONE UEM 21.11 Patch Level: 21.11.0.55 AAPP-15118: Certain VPP Apps are stuck pending check. Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2111/rn/vmware-workspace-one-uem-powered-by-airwatch-2111-release-notes/index.html#resolved-issues-2111043-patch-resolved-issues Last Update: CW02   Workspace ONE UEM 22.03 Patch Level 22.3.0.37 AAPP-15139: Certain VPP Apps are stuck Pending Check. CRSVC-34143: Add debug logging to the HMAC Canonical code. CMSVC-16660: Unable to delete Smart Groups. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2203/rn/vmware-workspace-one-uem-powered-by-airwatch-2203-release-notes/index.html#resolved-issues-223028-patch-resolved-issues Last Update: CW02   Workspace ONE UEM 22.06 Patch Level 22.6.0.21 CRSVC-34057: DB Installer script for 2209.9 fails on SQL Server Standard Edition. AGGL-13506: Android Restriction - Allow user to modify Location settings for Work Profile is not working. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2206/rn/vmware-workspace-one-uem-powered-by-airwatch-2206-release-notes/index.html#resolved-issues-226011-patch-resolved-issues Last Update: CW02   Workspace ONE UEM 22.09 Patch Level 22.9.0.12 AAPP-15129: App details are not getting pre-filled when uploading internal app in UEM 22.09 or above. CRSVC-34056: DB Installer script for 2209.9 fails on SQL Server Standard Edition. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2209/rn/vmware-workspace-one-uem-2209-release-notes/index.html#resolved-issues-22904-patch-resolved-issues Last Update: CW02