EUC Week 3 highlight: VMware Cloud Services Status for Workspace ONE Subscriptions (90633) - As of December 2020, new Workspace ONE SaaS subscriptions come with access to a new platform called VMware Cloud Services (console.cloud.vmware.com). An onboarding invite will be sent out for these subscriptions, with instructions on how to onboard and access your Workspace ONE services through this platform. Once you redeem the invite, your services will then be active.
- Microsoft and CIS Baselines updated:
Release Updates Week 03: Workspace ONE Intelligent Hub for Android 23.01 (staged rollout) What's New - Enhanced Prompt to Meet Device/Work Profile Passcode Requirements
- When the Device and/or Work Profile passcodes are not compliant with the organization's requirements, Intelligent Hub shows a screen prompting end users to update these. This screen has been enhanced to better explain the order in which passcodes should be set in cases where separate Device and Work Profile passcodes are required.
- Prompt for Users to Enable Google Location Accuracy
- When administrators enable location data collection from Workspace ONE UEM, Intelligent Hub requests that end users enable any required, missing location permissions. With Intelligent Hub 23.01, Workspace ONE UEM will also request that end users enable Google Location Accuracy. Enabling Google Location Accuracy allows Workspace ONE UEM to more reliably sample location data from Android by expanding the location data sources to include cellular and WiFi networks.
- Enhanced failure scenarios for Hub Check Out flow
- Hub's checkout flow now handles failure scenarios more gracefully by providing more information to the end user about what is happening and ability for the end user to take corrective actions in case of a failure.
KB Highlights Week 03: Workspace ONE Web - Issue loading websites with improper cookie handling (90619) - Workspace ONE Web is based on Android’s System WebView component which in turn is based on Chromium, the open source project that powers Google’s Chrome browser. Chromium introduced changes to the handling of third-party cookies to provide more security and privacy and offer users more transparency and control. These changes were included in Android System WebView version 89.0.4385.0+.
Discrepancy in Encryption Status for certain Workspace ONE UEM managed Windows Devices (90631) - Certain Windows Devices are reported as Not Encrypted on Device Details page even though they are fully encrypted.
- Upon checking Hub and DeviceServices (DS) logs, noticing Workspace ONE Intelligent hub is only sending older version of DiskEncryptionSamples (DiskEncryptionV2).
- Workspace ONE UEM 2101+ and Workspace ONE Intelligent Hub 2101+
- From Workspace ONE UEM 2101 (Workspace ONE Intelligent Hub 2101), we have introduced a new sample (DiskEncryptionV3) for enhanced support on Bitlocker Encryption and Sampling.
There was a known issue when using newer Workspace ONE Intelligent Hub (2101 and above) with older Workspace ONE UEM console (2011 and earlier versions), console could not handle the new samples properly resulting in Encryption Profile installation failure. You were advised at that time to manually disable the BitlockerEnhancementMode feature on the device to improve compatibility for UEM console that is below 2011. However, turning the feature off after device already sends the new sample to console could lead to device stuck at "Not Encrypted" state. - For currently supported Hub and UEM versions, BitlockerEnhancementMode (HKEY_LOCAL_MACHINE\SOFTWARE\AIRWATCH\Feature, BitlockerEnhancementMode) is by default enabled. We recommend not modifying the feature toggle and keep it on (true) on your devices.
AMST-37302 - Compromised status change for Mac Devices are flooding Event Logs table (90065) - Upon upgrading to Workspace ONE UEM 2203/2206, your environment may exhibit one or all of the following symptoms:
- MacOS Compromised Status events are flooding the event logs in the UEM console (Monitor > Reports and Analytics > Events > Device Events).
- This causes event log table/data to balloon up in size.
- This can cause a number of performance issues with components that use the event log / data tables.
- This issue is addressed through cumulative patch:
- Workspace ONE UEM 2206 (22.6.0.11 or higher)
- Workspace ONE UEM 2203 (22.3.0.31 or higher)
- These patches are now available for all customers through the myWorkspace ONE Resources Portal. In addition, the Workspace ONE UEM 2206 installer is now available for consumption for On-premise environments.
High Priority KBs - [Action Needed] - Refresh Old Android Enrollment QR Codes
VMware is making changes to enhance the security posture of cloud-based endpoints related to this enrollment method on March 1st, 2023. As a result of this change enrollment using some older QR codes may fail. As a resolution, new QR codes will need to be generated as replacements for affected QR codes. - VMware Tunnel Proxy End of Support Life Announcement (87345)
VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023. - VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022). - Support Access Policies for Customers with Expired SaaS EUC Licenses (89494)
In alignment with VMware's Corporate Standards and those of the industry as a whole, VMware customers who have purchased SaaS (Software-as-a-Service) licenses for EUC (End-User Computing) products can expect the behavior outlined in the KB regarding Support access when their subscription has a status of Active Pending Cancellation or Expired/Cancelled.
Security Related KBs - HW-137959: VMSA-2021-0016 for Workspace ONE Access, VMware Identity Manager (CVE-2021-22002, CVE-2021-22003) (85254)
- HW-150533: VMSA-2021-0028, VMSA-2021-0030 for Workspace ONE Access Appliance (CVE-2021-44228, CVE-2021-45046, CVE-2021-22056, CVE-2021-22057) (87183)
- HW-150543: VMSA-2021-0028 for Workspace ONE and VMware Identity Manager Connector (CVE-2021-44228, CVE-2021-45046) (87184)
- HW-150541: VMSA-2021-0028, VMSA-2021-0030 for VMware Identity Manager (CVE-2021-44228, CVE-2021-45046, CVE-2021-22056) (87185)
- HW-146724: Users maybe be unable to authenticate on Workspace ONE Access with Active Directory over IWA and STARTTLS option (85921)
Recently updated or added KBs (Links) Digital Workspace Techzone, Blog and YouTube Updates 3rd Party Blog Updates & Industry News
January Software Releases Patch & Seed Script Updates Week 03-2023 - OS Updates Seed Script
- Seed Script for latest Device Model Information
|
Comments
Post a Comment