VMware EUC Newsletter - Week 20

  

 

             

 

                


Week 20 - 2023

 

 

 



 

 

 

Weekly highlight:

 

 

 

 

Workspace ONE Access May 2023

  • Workspace ONE Access Now Supports FIDO2 as Primary Authenticator
    Workspace ONE Access now allows FIDO2 authenticators to be configured as primary authenticators. Prior support of FIDO2 authentication was limited to step-up authentication. With this release, end users can authenticate into Workspace ONE Access using a FIDO2 authenticator. End users can also self-register a FIDO2 authenticator. Both platform authenticators (mobile devices, laptops etc. that support FIDO2) and third-party authenticators (Yubikey, USB secure devices etc.) are supported

 

Workspace ONE Hub Services May 2023

  • Hub Web App Catalog Supports VMware Horizon Cloud Service – next-gen
    With the May release, Workspace ONE Intelligent Hub Web supports Horizon entitlements in the Hub App Catalog for customers who use Horizon Cloud Service – next-gen integration. For more information about Horizon Cloud Service – next-gen, refer to Horizon release notes and documentation.

 

 

 

 

 

Release Updates Week 20:

New Apple Builds Are Now Available.

New builds of the following software are now available:

  • iOS 16.5 RC2 (20F66)
  • iPadOS 16.5 RC2 (20F66)
  • macOS 13.4 RC3 (22F66)

For additional information, known issues, and installation instructions, please review the release notes available in Feedback Assistant and on the AppleSeed web portal.

 

Workspace ONE Intelligent Hub for Linux 23.04.1

  • This release resolves two notable issues found since our last release
    • LAGNT-781 – Hub auto upgrade failing with 23.04.0.3
    • LAGNT-780 – High CPU usage post updating Hub to version 23.04.0.3

 

Workspace ONE Web for iOS 23.05

  • IBRW-174957 Legacy Code removed from Workspace ONE Web for iOS
  • Bug Fixes and Quality Improvements.

 

Workspace ONE Web for Android 23.05 (staged)

  • ABRW-174940: User Agent modification for Web
    • This implements a new user agent string for WS1 Web without any reference to Android System Webview and thus extends support for CWS integration
  • ABRW-175148: Improved the favicon fetch request in order not to fail on custom servers
    • Improvised the icon fetching mechanism from custom servers.
  • Bug Fixes

 

Workspace ONE Tunnel for iOS 23.01.1

  • Session MFA - Technical Preview
     We are happy to announce an exciting update to our Workspace ONE Tunnel solution. Workspace ONE Tunnel on iOS now supports Session MFA with SAML in Managed Mode. To facilitate user-interactive authentication for Tunnel, in addition to the existing certificate-based authentication, VMware is pleased to extend our Session Authentication feature to the iOS Tunnel client in Managed mode. This leverages your enterprise Identity Provider where you may also configure additional entitlement restrictions and Conditional Access policies. Session MFA is available for the Windows client in both Managed and Unmanaged modes and for the macOS client in Unmanaged mode.  This feature is also in Technical Preview for the Android client in Managed mode.
  • Workspace ONE Mobile Threat Defense - Integrated Phishing & Content Protection
    This Tunnel release supports a new feature, Phishing and Content Protection, which will be made available as part of the upcoming iOS HUB release.
  • Bug Fixes

 

Workspace ONE Tunnel for Android 23.01

  • Session MFA - Technical Preview
    We are happy to announce an exciting update to our Workspace ONE Tunnel solution. Workspace ONE Tunnel on Android now supports Session MFA with SAML in Managed Mode. To facilitate user-interactive authentication for Tunnel, in addition to the existing certificate-based authentication, VMware is pleased to extend our Session Authentication feature to the Android Tunnel client in Managed mode. This leverages your enterprise Identity Provider where you may also configure additional entitlement restrictions and Conditional Access policies. Session MFA is available for the Windows client in both Managed and Unmanaged modes and for the macOS client in Unmanaged mode. This feature is also in Technical Preview for the iOS client in Managed mode. 
  • Workspace ONE Mobile Threat Defense - Integrated Phishing & Content Protection
    This Tunnel release supports a new feature, Phishing and Content Protection, which will be made available as part of the upcoming Android HUB release.
  • Bug fixes

 

Workspace ONE Intelligent Hub for Android 23.04

  • Support for management of Zebra devices on Android 13
  • Configuration to hide Apps and Favorites Tab: Admins can now hide the Apps and/or Favorites tab in the Hub Android app if their use-case requires it, which was not supported earlier.  
  • Additional Device Attributes: The end users can now view additional device information like device model, device name, enrollment date, etc. for each of their enrolled devices from the device details screen. This features make it easy for the end users to share this information with their IT support when diagnosing/debugging an issue.  
  • Ability to Install Web Clips: Hub apps catalog now supports installing a web clip on to the user's device for faster access to the web application. 
  • Bug Fixes

 

Workspace ONE Intelligent Hub for Windows 23.02.3

  • DCP-4280 - This fix solves an issue with the DEEM client failing to upgrade properly from an earlier beta.
  • HUBW-9682 - This fix solves an issue where updates are reported with an incorrect status. This fix addresses a Microsoft issue with a WUA AP
  • DCP-4214 - This fix improves the Digital Employee Experience service resource use when deleting outdated data from the device

 

Workspace ONE Admin Assistant for macOS 23.03

  • In this release, we have updated the code for Munki, Swift, and Open SSL to ensure that our product is up-to-date with the latest technologies and security standards. These updates will improve the performance and stability of Admin Assistant and make it even more reliable for our users.
  • We are introducing a new versioning format for Admin Assistant that reflects the month and year of release. This new format will make it easier to keep track of which version you're using and help ensure that you're always running the latest and greatest version of Admin Assistant.
    • HUBM-6550 Munki has been updated to the latest version
    • HUBM-6551 Open SSL has been updated. 
    • HUBM-6580 Swift has been updated to Swift 5.
    • New releases of Admin assistant will follow year month format (example yy.mm 23.03)

 

 

EUC UX Research Updates & Opportunities 

Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.

Upcoming Opportunities - Who Wants To Join?

Interested in giving your opinion and making your voice heard? Check out what’s available!

  • Next-Gen Horizon Cloud Service Console - Usability Testing
    • Play with a prototype of a NEW design for onboarding to the new Next-Gen Horizon Cloud Service Console. How easy is it to use? What is missing?

·          

    • 60-minute 1x1 conversation via Zoom
    • Relevant for: Horizon IT Admins
      • Using Horizon 8 /Horizon Enterprise OR Microsoft Azure  
      • Using Horizon Cloud Service: First-Gen  
      • Evaluating/Using Horizon Cloud Service: Next-Gen   
    • Fielding: May 22 – June 2
    • Admins will receive VMware swag upon completing the 1x1 Zoom conversation!

SIGN UP HERE!

KB Highlights & Announcements Week 20:

Apps Tab not showing in Intelligent Hub 23.04 for iOS and Android (92418)

  • End users are not seeing the Apps Tab in Hub 23.04 when it was showing in Hub 23.03/23.03.1 and customers meeting any of the following conditions
    • UEM older than 20.08 (SaaS and On-Prem)
    • Access/Hub Services older than 21.08 (On-Prem)
    • Have not migrated their Workspace ONE UEM App Catalog settings to Hub Services (SaaS and On-Prem)
  • Changes related to a new feature that allows admins to hide the Apps Tab but still use other Hub Services features resulted in customers who meet any of the conditions in the above Symptoms section to no longer see the Apps Tab in Hub for iOS and Android.
  • iOS and Android Hub will be releasing 23.04.1 to remedy this issue

 

'Directory.ReadWrite.All' permission Update for AirWatch By VMware app on Azure portal (92325)

  • In April 2022 VMware removed the "Directory.ReadWrite.All" permission from the AirWatch by VMware app on Azure Portal - Link. This was removed as it was not a required permission for the controls and API calls that were integrated with Workspace ONE UEM.
  • As VMware continues to add additional features, functionality, and maintain compliance with the Microsoft best practices there is a need to re-add the "Directory.ReadWrite.All" permission back to the AirWatch by VMware App on the Azure Portal. This permission will be needed by the following configurations and will be enabled for both Microsoft Graph and Windows AAD:
    • Existing implementation of "InvalidateAllRefreshTokens"
    • Migration to RevokeSigninSessions Microsoft Graph API from the previous "InvalidateAllRefreshTokens" Azure Graph API per MSFT best practices.

 

Workspace ONE Intelligent Hub for Linux auto-upgrade fails in v23.04 (92320)

  • Version 22.06 of the Workspace ONE Intelligent Hub for Linux introduced the option for enrolled devices to periodically check for a new version and upgrade if/when one is available. In version 23.04 (build 23.04.0.3) of the WS1 Intelligent Hub there is a bug that prevents this functionality from working correctly.

 

[05/09/2023 & 05/16/2023] Unable to assign Android Public Applications in UEM Console (92301)

  • On 05/09/2023 and 05/16/2023, administrators were unable to modify the assignment of Android Public Applications on multiple Workspace ONE UEM environments. When attempting to access "Assign" window, the UEM Console would display an error page:
  • "An error has occurred"
     "Something unexpected happened. If the issue persists, please contact your IT administrator."
  • Workspace ONE UEM environments were affected between 8am and 1pm PDT on 05/09/23 and between 8am and 11am PDT on 05/16/23.
  • The issue is no longer affecting Workspace ONE UEM environments. The Workspace ONE team is investigating this further and will keep communicate updates through this article.

 

High Priority KBs

  • VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
    Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
  • Support Access Policies for Customers with Expired SaaS EUC Licenses (89494)
    In alignment with VMware's Corporate Standards and those of the industry as a whole, VMware customers who have purchased SaaS (Software-as-a-Service) licenses for EUC (End-User Computing) products can expect the behavior outlined in the KB regarding Support access when their subscription has a status of Active Pending Cancellation or Expired/Cancelled.
  • Supported Operating Systems, Microsoft Active Directory Domain Functional Levels, and Events Databases for VMware Horizon 8 (78652)
    Hybrid Domain Join:
    We are pleased to announce the testing phase for hybrid domain join has been completed and all Horizon 8 editions now support Hybrid join with the caveats outlined below
    • Horizon 8 now supports hybrid Microsoft AD / Azure AD - virtual desktops can now join both MSFT AD and AAD for unmanaged machines, automated full clones and instant clones.​​​​​​​
      • Prompt Azure PRT issuance: Azure PRT on VDI desktops enables end users to SSO into Azure AD assigned applications, hence timely issuance of Azure PRT is important.
        • Recommendation for Instant Clone Performance - ADFS: Azure Primary Refresh Token (PRT) issuance is much quicker (of the order of 2-3 minutes) when on-prem AD is connected to Azure AD using ADFS as compared to Azure AD Connect
        • Recommendation for persistent clones: Both ADFS and Azure AD Connect methods of connecting on-prem AD to Azure AD are suitable.
      • Hybrid Join Certificates are handled outside of the Horizon Suite by the chosen connectivity mechanism (ADFS or Azure AD connect)

 

Recently updated or added KBs (Links)

 

Digital Workspace Techzone, Blog and YouTube Updates

 

3rd Party Blog Updates & Industry News

 


 

May Software Releases


System

Component

Release

Announcement

Release Date

Android

Boxer

23.04

Release Notes

01.05.23

Backend

Photon OS

5.0

Release Notes

02.05.23

macOS

Hub

23.04

Release Notes

03.05.23

Android

SDK

23.04

Release Notes

05.05.23

Linux

Hub

23.04

Release Notes

05.05.23

Android

Hub

23.04

Release Notes

17.05.23

Android

Launcher

23.04

Release Notes

09.05.23

Android

Tunnel

23.01

Release Notes

17.05.23

iOS

Hub

23.04

Release Notes

11.05.23

Linux

Hub

23.04.1

Release Notes

12.05.23

iOS

Web

23.05

Release Notes

15.05.23

Android

Web

23.05

Release Notes

staged

iOS

Tunnel

23.01.1

Release Notes

15.05.23

Windows

Hub

23.02.3

Release Notes

17.05.23

macOS

Mac OS Admin Assistant

23.03

Release Notes

17.05.23

Backend

WS1 Access SaaS

May 2023

Release Notes

18.05.23

Backend

Hub Services SaaS

May 2023

Release Notes

17.05.23

 

Patch & Seed Script Updates Week 20-2023


 

 

 

 

 

 

 

  • Workspace ONE UEM 22.10
    • Patch Level 22.10.0.13
    • AAPP-15424: Post Console Upgrade from 22.06 to 22.09 VPP Assignment is not working as expected.
    • AAPP-15427: Beacon sample should trigger Device Info Sample but should not save OS data.
    • AMST-38336: Baseline compliance report generation on fully compliant devices refreshes the baseline policies and switches the status to Pending Install.
    • ARES-24501: Enterprise Application Repository is no longer able to add iTunes application.
    • FCA-204247: Console app pool is terminating with unhandled exception.
    • FCA-204891: Show success for change og of device even when it is prevented by tenancy restriction.
    • https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2210/rn/vmware-workspace-one-uem-2210-release-notes/index.html
    • Last Update: CW10

 

  • Workspace ONE UEM 22.12
    • Patch Level 22.12.0.15
    • FS-3214: Freestyle Orchestrator issue with workflows. Errors with script, profiles, and apps deployment when done in cascade.
    • AAPP-15867: Phase 1 of Rapid Security Response support.
    • CMSVC-16974: Unable to load assignment groups list view page and assignment groups in app assignments.

 

    •  

 


 

 

 

 

Comments