Weekly highlight: Release Updates Week 47: Workspace ONE Tunnel for Android 23.09 (staged) - Phishing and Content Protection is enforced for all applications on the device (or container) independent of the Full-Device or Per-App Tunnel-VPN mode.
- Technical Preview: Block Private DNS
- We have noticed that with recent Android OS updates, the Private DNS setting on the device is set to 'Automatic' by default. This setting encrypts all DNS requests from the device.
- This includes DNS requests from applications and to destinations that are configured for Tunnel.
- As a result, the Tunnel client is unable to process these DNS requests and the user is unable to access internal resources.
- To ensure users can access internal resources and private DNS continues to function for non-Tunnel workflows, we are introducing the ability to block Private DNS requests for requests that are managed by Tunnel.
- This is implemented via the following KVP:
- KVP: BlockPrivateDNS | Type: Boolean | Default Value: False
- Set this value to True to block all Private DNS requests. This is implemented by blocking all TLS DNS requests over port 853.
- It is expected that the OS will default back to DNS over UDP over port 53.
VMware Horizon Clients 2309.1 Workspace ONE Web for Android 23.11 - ABRW-175422: Custom icon for Bookmarks
- Ability to customize personal bookmarks icon on device.
- ABRW-175466: Bottom panel icon gets greyed out after changing theme from System Default(dark) to Light mode
- ABRW-175648: JavaScript window.close() not getting called because of blocked screen
- Other bug fixes and quality improvements
Workspace ONE Content for iOS 23.11 - Preserve PDF Bookmarks - Ability to preserve bookmarks for a document, when a new version of that PDF document is updated.
- Bug Fixes and Improvements
- ISCL-183281 Not able to Zoom In/Out while taking Photos or Videos through camera
- ISCL-183280 Incorrect drop down list values shown when the values are depended on previous drop down
- ISCL-183324 File specific - App crashing while applying filters for excel files
KB Highlights & Announcements Week 47: Unable to edit roles for Cloud Services Administrators in Workspace ONE UEM 23.06 (95700) - In Workspace ONE Unified Endpoint Management (UEM) 23.06 environments, when an administrator navigates to Accounts > Administrators > List view, the option to modify an admin account where the Source is ‘Cloud Service’ is disabled. Roles will not be editable for administrators added from ‘Cloud Service’ Source.
- Currently, administrators can only assign Basic (Read-Only) or Admin (Console Administrator) level roles within VMware Cloud Services (VCS) for Cloud Administrators at Identity & Access management > Active Users. VCS does not currently support other UEM system roles or custom roles.
VMware Workspace ONE Hub for macOS | Workspace ONE Admin Assistant for macOS Update Endpoints (82032) - Users attempting to access or update the VMware AirWatch Agent and VMware AirWatch Admin Assistant may experience failures or errors.
- Inability to download or upIdate these applications using previous URLs, leading to potential disruptions in service or application functionality.
- VMware recommends all customers download the latest versions of these applications from the following new URLs:
Announcement: End of Availability (EOA) for VMware Secure Access (95651) - VMware is streamlining and simplifying its product offering in order to deliver more value to its customers. As part of this, VMware is announcing End of Availability (EOA) for VMware Secure Access starting January 31st, 2024.
- For customers who are currently looking at Secure Access as a remote access solution, VMware can provide two options:
- VMware SD-Access (formerly branded as VMware SD-WAN Client) is a replacement solution for customers who are looking for a remote access solution for remote workers that is based on the principles of ZTNA.
- VMware Workspace ONE Tunnel is part of the Workspace ONE portfolio for endpoint security and zero trust access.
Pull Relay Servers are losing connection to UEM Console following relay servers reboot (95704) - In UEM version 22.3.0.54 or later if the Pull Relay Server is rebooted it is not able to connect back to the UEM console. The Status indicator for the Relay server in the console would show a warning symbol in this case of a lost connection.
- There was a security patch for Pull Relay servers pushed to UEM version 22.3.0.54 or later. This security patch led to an issue with Pull Relay Servers where an IP or Mac address only was used as the discovery text. This would lead to the Pull Relay server losing connection to the UEM console when restarted.
Announcing End of General Support for the 'Network Access Control (NAC)' setting in the Workspace ONE SDK (95722) - The Workspace ONE SDK will no longer offer support for the ability to restrict network access. Specifically the Network Access Control (NAC) setting in the SDK profile will no longer be supported. This change will be reflected in the releases of the Workspace ONE SDK for iOS and Android that will happen after May 1st 2024.
- This NAC setting may remain available in the Workspace ONE UEM Console UI even after the EOGS date, however it will be removed in a future version of Workspace ONE UEM.
High Priority KBs - Workspace ONE UEM - Updated requirements for on-premise cumulative patches (94706)
The base GA version for current Workspace ONE UEM releases is being revised through updated installers. On-premise customers will need to consume a revised installer for a given major version before any future cumulative patches can be deployed for that major version. These revised installers are required to address compatibility issues with regular cumulative patches. - Introducing Workspace ONE (WS1) UEM Next-Gen SaaS
VMware is excited to announce that the resource management & tracking improvements, the first major feature-based milestone in the Workspace ONE UEM Modernization Journey, is now available for customer testing. These improvements will be enabled in limited testing environments (CN135) starting on Thursday August 24, 2023. - [Resolved] SINST-176145 - Multiple Workspace ONE UEM application pools and services may not start once stopped (93877)
Workspace ONE UEM services and application pools may fail to start once stopped. This issue is typically observed alongside the following error message in the service's log - [RESOLVED] SINST-176160 - Workspace One UEM - Unable to edit existing or create new DDUI profiles. (93911)
Upon deploying the patches noted in KB 93877, you may experience an error when creating or editing DDUI device profiles (iOS, macOS, Android Enterprise) in the Workspace ONE UEM Console. - VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
Recently updated or added KBs (Links) Digital Workspace Techzone, Blog and YouTube Updates 3rd Party Blog Updates & Industry News November Software Releases
Patch & Seed Script Updates Week 47-2023 - OS Updates Seed Script
- Seed Script for latest Device Model Information
- Workspace ONE UEM 23.02
- Patch Level 23.02.0.30
- CRSVC-42824: Secure Channel - Cannot find the original signer issue.
- SINST-176239: Workspace ONE UEM Patch installer 22.12.0.31 fails at Cert Installer execution.
- AAPP-16647: Unable to install VPN profile on iOS devices.
- AAPP-16653: Show or hide a field which is dependent on different fields out of which one is set.
- AAPP-16650: Action parameter section sequencing is not correct.
- FS-4566: macOS workflow stuck waiting on profiles.
- CRSVC-43330: Increased CPU usage by CiscoISE app pool.
- RUGG-12628: Add support for pull relay server discovery with IP as discovery text.
- AAPP-16684: Workspace ONE UEM unable to edit approved SIM for some devices.
- CRSVC-41111: Cisco ISE API account password expiration.
- AAPP-16639: VPN IKEv2 payload dropdown values were changing to default value after adding a version.
- AMST-39887: Removing Windows update profile does not remove configured policies.
- CRSVC-39018: Convert StartRowCount datatype to bigint from int for Purge Statistics table.
- FS-4602: macOS workflow status does not update without a manual query.
- FS-4727: Seed Mac workflow host in canonical release 23.02.
- AMST-40140: If the "Managed Applications" payload is configured in Windows profile, checkbox size in other payloads will become huge
- https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2302/rn/vmware-workspace-one-uem-2302-release-notes/index.html#Resolved%20Issues
- Last Update: CW47
- Workspace ONE UEM 23.06
- Patch Level 23.06.0.11
- AAPP-16712: Correcting the existing profile context data.
- CRSVC-43754: Android shared device mode app configuration was not completing.
- RUGG-12629: Add support for pull relay server discovery with IP as discovery text.
- CMCM-190730: Status of document in content detail report was not corrected.
- CRSVC-43331: Increased CPU usage by CiscoISE app pool.
- AMST-40139: If the "Managed Applications" payload is configured in Windows profile, checkbox size in other payloads will become huge.
- ARES-26622: Device logs not uploaded to console.
- CRSVC-42825: Secure Channel - Cannot find the original signer issue.
- CRSVC-42774: Navigating to app events gives spaceman error.
- ARES-26909: Sync should queue install commands when there are already pending commands for other devices and previous status is pending release.
- FS-4728: Seed Mac workflow host in canonical release 23.06.
- AAPP-16685: Workspace ONE UEM unable to edit approved SIM for some devices.
- https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2306/rn/vmware-workspace-one-uem-2306-release-notes/index.html#Patch%20Resolved%20Issues
- Last Update: CW47
|
Comments
Post a Comment