VMware EUC Newsletter - Week 14

Weekly highlight:   Workspace ONE UEM Cloud 2302 VMware Workspace ONE UEM Cloud 2302 is available to Shared SaaS customers as of 4/6/2023!   Rollouts to Shared SaaS environments will begin next week. Console We’ve improved our Device Profile Search to check against more qualifiers. We have enhanced the search while creating Android and tvOS device profiles. Your searches are now applied to setting descriptions, tooltips, payload subcategory labels, and platform qualifiers, which appear in bubbles to the right of the settings, in addition to the name of the setting. For more information, see Add a General Profile. We’ve added a new compliance policy based on Tags. You can now detect whether a tag is present on a device and mark as not compliant if it is missing. This policy supports all platforms. For more information, see Compliance Policies Rules and Actions. Introducing new APIs for performing bulk actions on Enrollment tokens. We've now added new APIs for retrieving, deleting, and revoking Enrollment tokens in bulk. To identify the Enrollment token, these APIs use the enrollment-token uuid as the key. We have limited the update to 500 devices per call to maintain efficiency. When the number of devices exceeds the limit, the API rejects all bulk updates and returns an error. The following are the new revoke and delete tokens APIs: PUT (api/mdm/enrollment-tokens/compliance-statuses) DELETE (api/mdm/enrollment-tokens) Mandatory Smart Group Migration to Customer OGs If you have smart groups created in global or any organization group that lacks a parent OG of a customer type, you must follow the smart group migration procedure. The procedure is fully customer directed but it is not optional. For more information about the smart group migration, see Migrating Smart Groups. Chrome OS You can now manage ChromeOS devices for both Enterprise and Education domains using Chrome Management v2 (Chrome Policy API). Enterprise and Education Chrome OS devices are now managed using Chrome Policy API, which is the 2nd generation of the cloud-based device management solution for Chrome OS. This will be the default management method for Chrome OS devices. For more information, see Using Chrome OS Devices with Chrome Policy API. Android You can now control the installation of apps from your personal Google Play Store on your COPE devices. The Application Control profile now includes a new setting, Application Control on COPE, that lets you apply the settings to the device's Work or Personal profiles. For more information, see How to Configure Android Profiles. Freestyle We now support on-demand workflow deployment options for macOS devices. You can now configure deployment options for individual macOS workflows. In the workflow Admin Panel, after you enter the Platform and select a smart group for your workflow, you can select the deployment options for your workflow. For more information, see Configure On-Demand Workflow Deployment Options topic. We're adding new functionality to support copying, exporting, and importing workflows. You can now easily import and export workflows, copy workflows within the same OG, and duplicate a workflow into another OG. This feature allows you to replicate and repurpose workflows for different personas, use cases, or geographies without the need for manual work or side-by-side comparisons, reducing potential errors. Additionally, it is now simple to import test workflows from UAT into production after exporting them in bulk from UAT. Windows Standard Device profiles no longer need an active user session. Workspace ONE now supports deploying resources and commands with no active user session. These resources are consumed by the device as long as the device is powered on and connected to a network. To view the inventory of profiles and consoles that can be installed or used without a user being actively using them, see Workspace ONE UEM Profiles for Windows. Defer installation of Native Workspace ONE UEM Application. You can now enable application installation deferral that is natively built into Workspace ONE UEM. To use this native deferral capability, select UEM from the Use UEM or Custom Notifications settings to allow the user to postpone the application installation until a time that is convenient for the user. We have made some updates to what happens after enrollment of Azure AD UPNs. There were occasional re-syncing issues with the Azure AD UPNs post enrollment. This has been resolved and is now working as designed. We've added new Windows Updates Profile features along with a Windows Updates (Legacy) Profile page. Windows Updates Profile page - Explains the new supported settings and configuration. Windows Updates (Legacy) Profile Page- It is for Windows Desktop devices using Windows 10, 1909 or previous. A button to migrate can be found here. A Migration Button- Provides easy profile migration by automatically updating your old settings to the new supported ones. Pause & Rollback Buttons- After migration if you find issues with some drivers or third-party software you can now Pause and/or Rollback both feature and quality updates to resolve any issues. New features to the Windows Updates Profile now offer the ability to have use case driven setting selections that are fully supported on Windows 10 20H2 and above. The enhancements include: For more information, see: Windows Updates Profile & Windows Updates (Legacy) Profile pages. Rugged View queued product components on relay server. Similar to viewing remote files on the relay server, you can now view product components in the queue on a relay server. For more information, see Relay Servers.

Release Updates Week 14:   Horizon Cloud Service next-gen 2303 (March 2023) Desktops and Applications App Volumes Application admins can now select between classic and on-demand delivery for each package. Apps on Demand allows shortcuts, file type associations and their icons to be presented to the user after login. The package containing the application files is then delivered on demand only when the user launches the application. This reduces processing time to load applications and allows for a lean operating system containing only the applications the user actually needs. Horizon Client End users can now use the following additional Horizon Client versions: Horizon Client for Android 2303 or later Horizon Client for iOS 2303 or later Monitoring Horizon Availability Monitoring now allows an administrator to configure a cloud-hosted testing client. Administrators can now initiate a manual health check of registered Active Directory domains. Administrators can now access Horizon Cloud Notifications History by clicking the bell icon in the top navigation bar. The Notifications History page now displays the channel the notification was sent through and additional details.   Workspace ONE Intelligent Hub 23.03 for MacOS What's New Native People Tab support on macOS Supporting the headless mac mini. Enable hub upgrade when device is on the lock screen. Consume User Principal Name from HubServices for Microsoft Authentication Library (MSAL) Third party updates: Firebase, JWTDecode, Swift protobuf, MSAL, Munki, Sparkle (HUBM-6528, HUBM-6533, HUBM-6535, HUBM-6534, HUBM-6125, HUBM-6548)         Fixed Bugs HUBM-5439: Hub Auto Update not working for headless Macs  Known Issues HUBM-6526: End-of-Support for Mobile Flows (KB Article)   Workspace ONE Intelligent Hub 23.03 for iOS What's New App Clip Support We have created an App Clip that can be accessed before downloading the Intelligent Hub application from http://getwsone.com. This helps the end user to install the Hub Application when on the site by using the native flow that Apple provides us for app installation. You can use App Clip when you use or create a getwsone.com URL that has additional parameters in it. The App Clip will pick up these parameters and when an end user downloads the Intelligent Hub Application, the Server URL and Group ID will be automatically filled out and the user will not have to type it in. For Example, a custom URL with parameters could be https://getwsone.com/?serverurl=testserver.com&gid=test Replace testserver.com and test for the server URL and Group ID respectively and provide this to your end users for an easier installation process. Fixed Bugs HUBI-9191: RSA token CTKIP activation is not working   Workspace ONE Intelligent Hub 23.03.1 for iOS Bug Fixes HUBI-9473 / ESC-37018 : Unable to enroll iOS devices when console URL is not publicly accessible   Workspace ONE Intelligent Hub 23.03 for Android (staged roll-out) What's New Hub one touch enrollment using Getwsone URL: Hub Android now supports one touch enrollment into the app when the app is downloaded and installed through a getwsone.com URL with additional parameters to provide server URL and group ID.  Hub now supports delegating additional management capabilities to other Android applications. In particular, Hub can now delegate the ability to collect Android Network Activity Logging in Work Profile and COPE modes, as well as the ability to collect Android Security Logs. For more information, please see Using Android Delegated Scope Management through Custom Settings. Fixed Bugs AAGNT-196681: WS ONE Access email autodiscovery fails, and users are still prompted to choose their domain AAGNT-196446: Hub notifications cannot be seen on Zebra Android 13 devices  AAGNT-196813 Clearing passcode and wipe while Hub is in Direct Boot mode fails AAGNT-196787 Knox restriction are not getting applied during Knox license failure due to network error AAGNT-196780 Hub performs KNOX KPE activation on Work Profile and COPE devices   AAGNT-196769 End users can initiate enrollment on personal devices that are already enrolled into Workspace ONE UEM Known Issues AAGNT-192575: Android 12 - TLS and PEAP Wi-Fi configured but not connected. AAGNT-193634: Android 11 - Android Enterprise user certificate deployment for Wi-Fi profiles not working as expected. AAGNT-196515: Applying application configuration to Internal Applications fails for devices in closed networks AAGNT-196786: Android 13 - Passcode prompt can be escaped and ignored during enrollment AAGNT-196794: Wi-Fi profile with credentials is failing to install on Android devices AAGNT-196843: On Vuzix devices, the Next button is not focusable in the email autodiscovery screen   Workspace ONE Boxer for Android 23.03.1 Quality improvements and crash fixes   Workspace ONE Boxer for iOS 23.03.1 Quality improvements and crash fixes   Workspace ONE Web for Android 23.04 ABRW-174914: Admin configuration to add a new Search Engine in WS1 Web This enables the Web admins to configure additional search engines (internal or external) in the Web. The configured search engines become available to the end users in the existing list of search engines, and they can choose to use them as needed. ABRW-174890: Device widget for WS1 Web Bookmarks Now users can add device widget that can list the bookmarks configured in WS1 Web. This allows users to launch Web apps faster in WS1 Web directly from device’s home screen hence providing quicker to access bookmarks. ABRW-174654: Support for dark mode on WS1 Web Android WS1 Web now supports dark mode on Android devices. Bug fixes and stability improvements   KB Highlights & Announcements Week 14: Removal of Windows VMware Airwatch Agent from Microsoft Store (91634) To ensure all our customers are using the latest versions of Intelligent Hub for Windows, VMware will be removing a non supported old version of Intelligent Hub, VMware AirWatch Agent (version 1.2.6), from the Microsoft Store on 15th of April 2023. [RESOLVED] ESC-37018: Unable to enroll iOS using latest VMware Hub version 23.03 (91684) Unable to enroll iOS using latest VMware Hub version 23.03 Users are stuck on the very first screen of the email / server detail page ERROR: [The supplied server URL is invalid. Please retry.] SMS Settings will be self-configurable for all customers in Workspace ONE UEM SaaS environments (91660) SMS Settings can be configured in the Workspace ONE UEM console to enable communication between Workspace ONE UEM and mobile devices using SMS, for purposes such as user or device activation messages. A small percentage of Workspace ONE UEM environments in SaaS have SMS Settings pre-configured by VMware for use. After March 31st, 2024, SMS settings pre-configured by VMware in SaaS will be removed. Workspace ONE UEM Modernization - Tenant ID and Customer Organization Group requirements for Smart Groups (87464) As a continuation of the effort to modernize the Workspace ONE UEM system from an interdependent model to a microservice-based system, there are new updates coming to the Assignment Group creation workflow in the UEM Admin console. With the implementation of the tenant level boundary using the Customer-type Organization Group (as specified in this KB), similar requirements will be placed on the creation of Assignment Groups and Smart Groups. In the future, Assignments Groups and Smart Groups can only be created at or below your Customer-type OG.   High Priority KBs [Action Needed] - Refresh Old Android Enrollment QR Codes VMware is making changes to enhance the security posture of cloud-based endpoints related to this enrollment method on March 1st, 2023. As a result of this change enrollment using some older QR codes may fail. As a resolution, new QR codes will need to be generated as replacements for affected QR codes. VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243) Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022). Support Access Policies for Customers with Expired SaaS EUC Licenses (89494) In alignment with VMware's Corporate Standards and those of the industry as a whole, VMware customers who have purchased SaaS (Software-as-a-Service) licenses for EUC (End-User Computing) products can expect the behavior outlined in the KB regarding Support access when their subscription has a status of Active Pending Cancellation or Expired/Cancelled.   Recently updated or added KBs (Links) Attachments cannot be dowloaded/opened in Workspace ONE Boxer on some Office 365 tenants (91653) Workspace ONE Access- Horizon Virtual app sync fails consistently (91648) AGENT_PENDING_EXPIRED - The pending session on machine has expired (90352) Build numbers and versions of VMware Horizon Connection Server (2143853) The Impact of Microsoft Security Update (KB5014754) on Customers Utilizing Certificate-Based Authentication, Including Smart Cards (91595) Microsoft Teams: Unoptimized fallback mode calls fail with a "Sorry we couldn't connect you" error (84205) Logging in to View Client using the Log in as current user option fails (91656) MS Teams Optimization Feature Compatibility Matrix for Horizon 7 and Horizon 8 Recent Releases. (86475) Configuring Access Point Name on Work Managed Android Devices through Custom Settings Profile (90991) SINST-176047: Workspace ONE UEM Upgrade Pathway to Address .NET Core Dependencies (91655) Discontinuation Notice for Unsupported VMware Identity Manager Connector (90808) SMS Settings will be self-configurable for all customers in Workspace ONE UEM SaaS environments (91660) Managing Horizon 8 Gateway Services: Script to modify PCOIP and Blast Secure Gateway Services (91685) [AGGL-13986] "Allow silent access to apps" in Android Credentials Profile does not apply in UEM 2302 (91686) FS-3055: macOS devices unable to execute assigned Workflows or Script Resources (91698) [Resolved] HUBI-9473: Unable to enroll iOS devices with Workspace ONE Intelligent Hub 23.03 under certain scenarios (91684) Introducing Workspace ONE UEM 2302 (91720) iOS 16 privacy changes result in Friendly Name shown as "iPhone" upon device Check Out (89805) Workspace ONE UEM Modernization - Tenant ID and Customer Organization Group requirements for Smart Groups (87464) Horizon Cloud on Azure Pod Manifest Support Plans (86476)   Digital Workspace Techzone, Blog and YouTube Updates Why it pays to deliver your employee experience lifecycle with Workspace ONE What Is VMware App Volumes? Simple Enrollment Process for VMware Workspace ONE UEM VMware App Volumes for Microsoft Azure Virtual Desktop solution preview is now available for remote app streaming Using VMware Horizon Cloud Service - next-gen Using Automation to Create Optimized Windows Images for VMware Horizon VMs   3rd Party Blog Updates & Industry News Apple Support: What's new for enterprise in macOS Ventura 13.3 Kevin Ten Eyck: Role-Based Access Control for Hub Notifications is Here!     April Software Releases System Component Release Announcement Release Date Horizon Horizon Cloud Service Next Gen 2303 Release Notes 31.03.23 macOS Hub 2303 Release Notes 04.04.23 iOS Hub 2303 Release Notes 04.04.23 Android Hub 2303 Release Notes staged iOS Boxer 23.03.1 Release Notes 04.04.23 Android Boxer 23.03.1 Release Notes 05.04.23 iOS Hub 23.03.1 Release Notes 06.04.23 Android Web 23.04 Release Notes staged Backend Console SAAS 23.02 Release Notes 06.04.23   Patch & Seed Script Updates Week 14-2023 OS Updates Seed Script  Most recent update: iOS 16.4.0 (20E246) tvOS 16.4.0 (20L497) iOS 15.7.4 (19H321) macOS Ventura 13.3.0 (22E252) macOS Monterey 12.6.4 (21G526) macOS Big Sur 11.7.5 ( ... https://resources.workspaceone.com/view/rywydmj6ghb9nmch4ywq/en Last Update: CW12 Seed Script for latest Device Model Information Seed Script for latest Device Model Information ... Seed new ipad pro models for 2022 ... iPad Pro 11" 4th gen iPad Pro 12.9" 6th gen https://resources.workspaceone.com/view/x8kn6bslt67vwvlgx4ld/en Last update: CW01   Workspace ONE UEM 21.05 Patch Level: 21.5.0.67 CMEM-186704: PowerShell failing: "User credential of the remote PowerShell server contains the special characters." https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2105/rn/Workspace-ONE-UEM-2105-Release-Notes.html#21-5-0-66-patch-resolved-issues-resolved Last Update: CW39   Workspace ONE UEM 21.09 Patch Level: 21.9.0.49 CRSVC-35970: Refactor EventLogService to use concurrent bag AMST-38501: I should be able to configure a windows credentials profile for certificate targetted to intermediate store https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2109/rn/Workspace-ONE-UEM-2109-Release-Note.html#21-9-0-41-patch-resolved-issues-resolved Last Update: CW13   Workspace ONE UEM 21.11 Patch Level: 21.11.0.59 CRSVC-35971: Refactor EventLogService to use concurrent bag AMST-38502: I should be able to configure a windows credentials profile for certificate targetted to intermediate store Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2111/rn/vmware-workspace-one-uem-powered-by-airwatch-2111-release-notes/index.html#resolved-issues-2111043-patch-resolved-issues Last Update: CW13   Workspace ONE UEM 22.03 Patch Level 22.3.0.45 RUGG-11907: Dollar($) character is removed from Allowlist specific Android Activities on reopening the profile MACOS-3664: Decouple code changes to seed new MAC models CMEM-186809: [H1 WS1 UEM] RCE via powershell session name value https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2203/rn/vmware-workspace-one-uem-powered-by-airwatch-2203-release-notes/index.html#resolved-issues-223028-patch-resolved-issues Last Update: CW14   Workspace ONE UEM 22.06 Patch Level 22.6.0.30 AAPP-15585: ABM device does not update with the second enrolled user status after re-enrollment from the first user to the second user. AAPP-15610: APNs samples notifications consumption rate is aligned with scheduler frequency causing queue pile up. ARES-24644: Public app uninstall API is not working for systems apps, but UI is working. FCA-205025: Device preview on DLV grid shows incorrect device records. MACOS-3662: Decouple code changes to seed new MAC models. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2206/rn/vmware-workspace-one-uem-powered-by-airwatch-2206-release-notes/index.html#resolved-issues-226011-patch-resolved-issues Last Update: CW14   Workspace ONE UEM 22.09 Patch Level 22.9.0.20 AMST-38366: Seed 22.06.20 SFD to UEM console. AMST-38395: Gateway throttling for managed apps sample. ARES-24728: Android App publish failed with dup key violation on dbo.#AppdeploymentStatus'. AAPP-15380: Credentials fail to save profile on re-publish. AGGL-13792: [UEM Console - Google] Some Pixel models are inconsistently mapped to a different model causing incorrect Smart Group reconciliation. AGGL-14043: Unable to upload Calculator application from internal apps section. AMST-38341: Antivirus and Firewall status are periodically failing https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2209/rn/vmware-workspace-one-uem-2209-release-notes/index.html#resolved-issues-22904-patch-resolved-issues Last Update: CW11   Workspace ONE UEM 22.10 Patch Level 22.10.0.13 AAPP-15424: Post Console Upgrade from 22.06 to 22.09 VPP Assignment is not working as expected. AAPP-15427: Beacon sample should trigger Device Info Sample but should not save OS data. AMST-38336: Baseline compliance report generation on fully compliant devices refreshes the baseline policies and switches the status to Pending Install. ARES-24501: Enterprise Application Repository is no longer able to add iTunes application. FCA-204247: Console app pool is terminating with unhandled exception. FCA-204891: Show success for change og of device even when it is prevented by tenancy restriction. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2210/rn/vmware-workspace-one-uem-2210-release-notes/index.html Last Update: CW10   Workspace ONE UEM 22.12 Patch Level 22.12.0.9 SINST-176073 Create custom action to remove older DLL from tunnel and MTS folder for patch PPAT-13022    .NET Core version Upgrade to latest version for Tunnel Microservice MACOS-3659  Decouple code changes to seed new MAC models CRSVC-35063  dbo.API_DeviceEventLogSearch_V2 SP timing out in CN1506 ARES-24824    Unable to add a SG to a workflow for internal app ARES-24647    Public app uninstall API is not working for systems apps, but UI is AGGL-14128    Update Metadata Transform Service to .NET 6 AAPP-15611    APNs samples notifications consumption rate is aligned with scheduler frequency causing queue pile up. AAPP-15109    ABM device doesn't update with the second enrolled user status after re-enrollment from first user to second user. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2212/rn/vmware-workspace-one-uem-2212-release-notes/index.html#Resolved%20Issues-22.12.0.04%20Patch%20Resolved%20Issues Last Update: CW14