VMware EUC Newsletter - Week 11






Week 11 - 2023







Weekly highlight:




Release Updates Week 11:

Unified Access Gateway 2303

  • VMware Unified Access Gateway 2303 provides the following new features and enhancements:
    • Enhancements to the existing command line utilities for making configuration changes:
      • adminpwd command (used to reset password of admin and monitoring users) now supports an option to force the user to change the password on first login.
      • adminreset command (used to reset the admin interface settings back to the default settings for password authentication) now supports granular options to reset the individual configurations (like admin TLS certificate, admin SAML configuration, and TLS settings).
    • Added an option in VMware Per-App Tunnel Settings to control if automatic configuration updates from Workspace ONE UEM console are applied.
    • Added support to allow configuration of TLS settings used in communication with Workspace ONE UEM console for pulling initial configurations of VMware Per-App Tunnel, Content Gateway, and Secure Email Gateway edge services. Perpetual API communications for each service still require TLS setting configuration in their source configurations in Workspace ONE UEM.
    • Added support for deployment with PowerShell version 7.3 from an Ubuntu machine.
    • End of Support Life for VMware Tunnel Proxy. The VMware Per-App Tunnel component includes support for the same use cases as VMware Tunnel Proxy component. For more information, see the Knowledge Base (KB) article VMware Tunnel Proxy End of Support Life Announcement (87345).
    • Logging improvements and troubleshooting enhancements.
    • Updates to Photon OS package versions and Java component versions


VMware Secure Email Gateway 2.26

  • General quality and performance improvements with no new features.
    • CMEM-186794 - Device policy bulk flow not completing in some circumstances due to duplicate entries.


Workspace ONE SDK for iOS 23.3

  • Landscape support for iPhones.
  • Updated to OpenSSL 1.0.2zg
  • Bug fixes and Stability Improvements.


KB Highlights & Announcements Week 11:

VMware Strikes Gold at 2023 Cybersecurity Excellence Awards

  • VMware experienced a gold rush at the 2023 Cybersecurity Excellence Awards, taking home the top prize across ten categories and spotlighting a range of security solutions that help customers better secure multi-cloud workloads, modern applications, and the hybrid workforce – all while modernizing the Security Operations Center.


Announcing end of support for PCoIP in VMware Horizon

  • [...] We will include PCoIP as a protocol option in the Horizon Client and Horizon Agent through the end of 2025. At that point in three years, we will remove the PCoIP protocol option from all new Horizon releases. Note that all Horizon releases are supported for three years from ship date. This means that the client and agent that will ship in 2025 will be supported until the end of 2028.


VMware Best Practices Update – Workspace ONE UEM SaaS IP ranges - update and recommendation for customers to transition to DNS based allow lists by April 17, 2023. (91317)

  • As part of our ongoing journey to enhance the quality and security of the UEM SaaS offering, VMware is deploying AWS CloudFront as the ingress service for all UEM environments hosted in VMC on AWS. In keeping with recommendations outlined by Amazon, this change provides all customers with access to over 450 geographically distributed and secure Points of Presence (POPs).  
  • VMware will implement this change for all UEM environments hosted in VMC on AWS. Dedicated SaaS environments will begin receiving this change starting on April 17, 2023. Shared SaaS environments will begin receiving this change starting on May 17, 2023.  
  • List of exceptions in KB.
  • Customers who configure IP-based allow lists that restrict traffic from their corporate network to the UEM SaaS service will need to migrate away from these configurations (https://kb.vmware.com/s/article/2960995). VMware recommends that customers use DNS-based allow lists instead.


Self-Service Migration of First-Generation Horizon Cloud on Microsoft Azure Deployments to Horizon Cloud Service - next-gen

  • [...] Migration of a Horizon Cloud on Microsoft Azure deployment to the Horizon Cloud Service - next-gen environment involves taking the resources currently configured in the Horizon Cloud environment and making those resources available, in an equivalent manner, in the next-gen service environment.


High Priority KBs

  • [Action Needed] - Refresh Old Android Enrollment QR Codes
    VMware is making changes to enhance the security posture of cloud-based endpoints related to this enrollment method on March 1st, 2023. As a result of this change enrollment using some older QR codes may fail. As a resolution, new QR codes will need to be generated as replacements for affected QR codes.
  • VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
    Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
  • Support Access Policies for Customers with Expired SaaS EUC Licenses (89494)
    In alignment with VMware's Corporate Standards and those of the industry as a whole, VMware customers who have purchased SaaS (Software-as-a-Service) licenses for EUC (End-User Computing) products can expect the behavior outlined in the KB regarding Support access when their subscription has a status of Active Pending Cancellation or Expired/Cancelled.


Recently updated or added KBs (Links)


Digital Workspace Techzone, Blog and YouTube Updates


3rd Party Blog Updates & Industry News



Patch & Seed Script Updates Week 11-2023








  • Workspace ONE UEM 22.10
    • Patch Level
    • AAPP-15424: Post Console Upgrade from 22.06 to 22.09 VPP Assignment is not working as expected.
    • AAPP-15427: Beacon sample should trigger Device Info Sample but should not save OS data.
    • AMST-38336: Baseline compliance report generation on fully compliant devices refreshes the baseline policies and switches the status to Pending Install.
    • ARES-24501: Enterprise Application Repository is no longer able to add iTunes application.
    • FCA-204247: Console app pool is terminating with unhandled exception.
    • FCA-204891: Show success for change og of device even when it is prevented by tenancy restriction.
    • https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2210/rn/vmware-workspace-one-uem-2210-release-notes/index.html
    • Last Update: CW10


  • Workspace ONE UEM 22.12
    • Patch Level
    • AMST-38337: Baseline compliance report generation on fully compliant devices refreshes the baseline policies and switches the status to Pending Install.
    • ARES-24702: Unable to view/edit Credential Profile in UEM.
    • AAPP-15387: Beacon sample should trigger Device Info sample but should not save OS data.
    • CRSVC-35245: AWCM Test Connection stops working after console runs for a few days.
    • MACOS-3613: DDUI - VPN payload "Provider Designated Requirement" field has a maximum character limit of 255.
    • AAPP-15425: Post Console Upgrade from 22.06 to 22.09 VPP Assignment is not working as expected.
    • FCA-204781: Console app pool is terminating with unhandled exception.
    • AMST-38342: Computer name field missing for Windows devices
    • https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2212/rn/vmware-workspace-one-uem-2212-release-notes/index.html#Resolved%20Issues-
    • Last Update: CW10