Weekly highlight: Horizon Cloud Service next-gen 2308 (Aug 2023) - Edge Gateways for Horizon Edges in Microsoft Azure can now have a proxy configured for outbound traffic. Existing Horizon Edge Gateways can be edited to add a proxy. Note that when a proxy configuration is changed, the Horizon Edge Gateway is redeployed.
- Administrators no longer need to enter an FQDN or configure a DNS record for the FQDN when deploying new Horizon Edge Gateways. Existing Horizon Edge Gateways will continue to use the FQDN configured when they were deployed.
- Horizon Universal Console
- The Learning Center is now available from the Horizon Universal Console to provide access to announcements, walkthroughs, and other resources for help on demand. Access the Learning Center any time using the blue hexagon icon in the bottom right of the screen. In Updates, see what’s new in Horizon. Use Guides to view contextual tips and step-by-step guidance for onboarding and other key workflows. Useful Links brings all our customer resources together in a single place for easier access. New content is added regularly.
- Horizon Gateway Appliances
- The external Azure Load Balancer for Unified Access Gateways can now be deployed with a private IP address. This type of deployment allows a third-party Network Virtual Appliance (NVA) to be placed in front of the Unified Access Gateways.
- Note: Source IP affinity is used on the Azure Load Balancer to persist sessions from the same client through the same Unified Access Gateway. NVAs that do not support passing through the client source IP cause all traffic to be routed to a single Unified Access Gateway.
- Desktops and Applications
- Multi-session pool groups now support rolling maintenance. Maintenance can be scheduled to occur at a specific time or can be configured to occur after a specified number of total sessions have completed on a VM.
- Administrators now have the option to allow VMware Operators to directly request a Horizon Agent DCT log bundle from virtual machines in Microsoft Azure. This feature streamlines the process of gathering log files from VMs for troubleshooting purposes. Customers can opt-out of this feature anytime. A notice about this feature is presented the next time a customer logs in to the Horizon Universal Console.
- Administrators now receive email and in-app notifications when Active Directory accounts or credentials are nearing expiration.
- A customized client access URL subdomain can now be configured for your tenant. The resulting URL is in the format of <custom_subdomain>.vmwhorizon.com.
- Identity and Access Management (IAM)
- Active Directory domains can now be configured to use LDAPS. Existing domains can be changed to LDAPS.
Release Updates Week 35: New Apple Builds Are Now Available New builds of the following software are now available: - macOS 14 Sonoma Beta 7 (23A5337a)
Workspace ONE Intelligent Hub for Android 23.08 (staged) - Experience Improvements in Mobile Threat Defense for Phishing and Content Protection
- Bug Fixes
Workspace ONE Boxer for iOS 23.08 - Quality improvements and crash fixes
Workspace ONE Boxer for Android 23.08 - Quality improvements and crash fixes
Workspace ONE Intelligent Hub for Windows 23.02.7 - In this release, we’ve made a few updates containing general quality and performance improvements with no new features.
Unified Access Gateway 2306.1 - VMware Unified Access Gateway 2306.1 provides the following enhancement:
- Support hostname based identifiers in SAML metadata and assertion. A new toggle Enable Host Based Issuer is added in the SAML Settings > SAML Identity Provider Settings to configure this feature.
- Bug Fixes
VMware EUC Security Advisories: - VMSA-2023-0019 - CVSSv3 7.5 - VMware Tools updates address a SAML Token Signature Bypass Vulnerability (CVE-2023-20900)
- VMware Tools contains a SAML token signature bypass vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
- A malicious actor with man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations.
- To remediate CVE-2023-20900 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.
KB Highlights & Announcements Week 35: Introducing the Workspace ONE Learning Center: Your Gateway to Seamless Learning (94251) - We're thrilled to unveil the Workspace ONE Learning Center – a game-changing resource hub now available in Workspace ONE Cloud. At VMware, we're committed to empowering your journey with Workspace ONE, and this Learning Center is designed to be your go-to destination for on-demand, immersive learning.
ESC-41157: UEM - LDAP Sync stuck at the initialized or in Progress (94181) - VMware team has identified an issue where scheduled auto LDAP sync will stuck at the initialized or in progress without completion.
- This is only impacting Saas UEM environment.
- An update was made to the SaaS platform to mitigate impact of a code-signing certificate expiration (KB 93877 ) and thus ensure service uptime. This resulted in an application code issue which causes intermittent failure of the LDAP sync workflow. This issue will be addressed through a patch update to Workspace ONE UEM. This patch has been released, customers may schedule a patch upgrade as needed.
- This issue is resolved in the upcoming Workspace ONE UEM release.
High Priority KBs - Introducing Workspace ONE (WS1) UEM Next-Gen SaaS
VMware is excited to announce that the resource management & tracking improvements, the first major feature-based milestone in the Workspace ONE UEM Modernization Journey, is now available for customer testing. These improvements will be enabled in limited testing environments (CN135) starting on Thursday August 24, 2023. - [Resolved] SINST-176145 - Multiple Workspace ONE UEM application pools and services may not start once stopped (93877)
Workspace ONE UEM services and application pools may fail to start once stopped. This issue is typically observed alongside the following error message in the service's log - [RESOLVED] SINST-176160 - Workspace One UEM - Unable to edit existing or create new DDUI profiles. (93911)
Upon deploying the patches noted in KB 93877, you may experience an error when creating or editing DDUI device profiles (iOS, macOS, Android Enterprise) in the Workspace ONE UEM Console. - VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
Recently updated or added KBs (Links) Digital Workspace Techzone, Blog and YouTube Updates 3rd Party Blog Updates & Industry News Beta, Lab and Tech Preview Updates WS1 Intelligent Hub 23.08 for iOS - HUBI-9383: People Search employee ID is not showing under the employee’s name
- HUBI-8840: Branding not applying to Help screens
- HUBI-9951: Terms of Use Acceptance overlaps the Decline butto
WS1 Content 23.09 for iOS - Support additional number of tabs for viewing file
- Support multiple attachment in MSG file
Sign up or LogIn [HERE] to get access to the latest Beta versions. August Software Releases Patch & Seed Script Updates Week 35-2023 - OS Updates Seed Script
- Seed Script for latest Device Model Information
- Workspace ONE UEM 22.10
- Patch level 22.10.0.22
- AAPP-15902: Internal iOS app details display incorrect Bundle Identifier.
- AMST-38845: Reduce traffic of empty sample for winRT devices.
- FCA-205278: Device Search API is not returning Wi-Fi SSID in the response.
- CRSVC-37275: Changes for correcting AppSequence workflow type in 2210.
- AGGL-14559: Remove unwanted calls that are made to play.google.com when user saves a new application or edits the application assignment.
- FS-3226: iOS and Android Workflows getting struck in 'InProgress' status.
- CRSVC-37376: While creating new Compliance policy under view Device Assignment page pressing enter is saving the compliance policy.
- PPAT-14136: Post Migration to AWS CloudFront - Tunnel Configuration Page does not load.
- SINST-176112: Airwatch API Gateway file copy failed during deployment.
- AAPP-15940: Device snc should not queue Remove Provisioning Profile Command if PP is shared by other assigned apps.
- https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2210/rn/vmware-workspace-one-uem-2210-release-notes/index.html
- Last Update: CW24
|
Comments
Post a Comment