EUC Newsletter - Week 51

Weekly highlight:


VMware Workspace ONE UEM 2310 Release

Would you like to check the Device Registration Status for Conditional Access? We report that in Device Details page.

You can now refer Device Details page on the console to check if the registration was successful and plan further actions such as pushing the desired apps to the devices. Check out Azure conditional access and Google's context aware access information in Device Details. For more information, see Other Integrations with Directory Services.

  • Rugged

We've now enabled Agent or Hub Upgrade File-Action upload in partner type OGs too.

Prior to this feature, you could upload Workspace ONE Intelligent Hub Packages only in Global and Customer organization group types. But now, you can upload an AirWatch MDM Agent (also known as Workspace ONE Intelligent Hub) to a partner type organization group. For more information, see Upload a Workspace ONE Intelligent Hub APF File, Upgrade File-Action.

  • Android

Compromised Device Detection with Play Integrity API.

Workspace ONE UEM can use Play Integrity API to obtain further information about an Android device’s integrity and determine if the device is compromised. Play Integrity API replaces Google’s SafetyNet Attestation API. It works together with the compromised device detection capabilities in Workspace ONE SDK to better protect endpoints and protected resources.

  • iOS

Deploying iOS profiles is now easier and faster with the new data-driven user interface.

We have completed the rollout of our new Data-Driven User Interface (DDUI) user experience for iOS profiles. This functionality will now be enabled by default starting with Workspace ONE UEM 2310.

We've a new iOS 17 Restriction profile key.

We have implemented the new “Allow iPhone Widgets on Mac” Restriction profile key that was introduced with iOS 17. This key can be used to prevent iPhone widgets on a Mac that have signed into the same Apple ID for iCloud.

  • macOS

We’ve enhanced macOS profiles.

We have added new configuration profile payload keys introduced in macOS 14 Sonoma to the Workspace ONE Console UI. Newly supported keys can be found in the payloads listed below. For more information, see macOS Device Profiles.

  • Restrictions

  • SSO Extension

  • Disk Encryption

  • Passcode

  • DNS Settings

  • Linux

We’ve introduced new device commands.

Workspace ONE UEM now supports Device Reboot, Device Lock, and Full Device Wipe commands for Linux endpoints. IT administrators can now have a little more control, and in the case of Device Wipe, there are additional security controls for devices.

Experience the new Data-driven UI for profiles.

Like other platforms UEM supports, Linux has migrated to the new DDUI framework for profiles. Although functionality is identical, the UI has changed and provides a mechanism to add new profile features at a more rapid pace.

  • Windows

Software Distribution(SFD) now downloads links on-demand.

We've enhanced the way SFD manages downloads. When the download URL link you received through an earlier install command expires, you are no longer required to resend an application install command to get a new download link. Now, on a need-basis, the Software Distribution (SFD) can send a request to the Workspace ONE UEM server for a new download link.

Check out Device Updates to monitor windows updates progress.

We have improved device updates reporting. With this limited availability feature, you can filter or search Windows devices with different versions in the organization group or child organization. You can easily go through the Device or Update Overview to see if the latest quality updates have been delivered to each device and take further action. For more information, see Resources - Device Updates.

Track Workflow Status in Provisioning Tool

You can now detect and track the status of Freestyle Workflows through Provisioning Tool. Each workflow will be tracked in the UI and the system will not complete processing (Green Screen) until all the workflows are complete.

  • Freestyle

Quick and easy profile and app removal for Windows devices.

You can now create a workflow for one-time removal of an application and/or profile from a device. After the workflow is deployed on the device, the app or profile is uninstalled successfully.

Explore the new Freestyle templates.

Workspace ONE UEM Freestyle templates are now available in Workspace ONE Cloud Marketplace. Utilize these templates to get started with the most common use cases.



Release Updates Week 51

Workspace ONE XR Hub 23.11

  • Workspace ONE Unified Endpoint Management (UEM) logging integration

  • Workspace ONE Intelligence integration

  • HTC VIVE tutorial video access from the XR Hub Menu

  • Support for Pico CloudXR client with XR Hub

  • Various bug fixes and performance enhancements

  • Support for Meta Quest 3

Workspace ONE Web for Android 23.12 (staged)

  • ABRW-175689: Android Web does not show an actual favicon for specific Web pages on the bookmarks screen
  • Localization bug fixes
  • Quality and performance enhancements

Workspace ONE Web for iOS 23.12

  • Custom icon for bookmarks

    Ability to customize personal bookmarks icon on device.

VMware Workspace ONE Intelligent Hub for Windows 23.02.8

  • Resolved Issues
    • HUBW-13033: Interrogator sample is not being sent due to file not found exception
    • HUBW-12867: Changed the default behavior to no longer set the Powershell Execution policy when using a BranchCache profile.

Workspace ONE Tunnel for Windows 23.09

  • Improvements for syncing Device Traffic Rules.
    • DTR and Tunnel configuration updates will now be decoupled from certificate issuance management.
      • Tunnel certificates will not be regenerated when updating DTRs and Tunnel configuration.
      • There is no requirement to save or publish the Tunnel profile.
    • Periodic check-in interval with Workspace ONE APIs.
      • Every 4 hours and on App launch.
      • Ability for user to initiate on-demand sync from client.
  • Tunnel client authentication certificates are stored in the user certificate store.
    • Presently, both the Tunnel server certificate and the Tunnel client certificate are stored in the device certificate store.
    • Administrators now have an option to store the Tunnel client certificate in the user certificate store on the device.
      • This will limit Tunnel access only to enrolled user and restrict other logged-in users to the same machine from connecting via Tunnel.
      • The Tunnel server certificate will continue to be stored in the device certificate store.
    • Use the ‘User Profile’ option instead of the ‘Device Profile’ option to create a Windows Tunnel User profile.
      • For pre-logon workflow, it is required that the client certificate be available in the device certificate store and a ‘Device Profile’ is required.
  • Technical Preview:
    • Add the following key under the Custom Configuration section in the Windows Tunnel VPN profile.
    • Introducing performance improvements which enables optimized implementation for client <> server communication.
    • This optimization provides improvements to network throughput and smaller total memory footprint.
    • This improvement will be enabled by default in a future Tunnel release.
    • Technical Requirement:
        • Key: UseNativeDataPlane
        • Value: True
  • Resolved Issues

VMware EUC Security Advisories: 

--- no new EUC VMSA ---

KB Highlights & Announcements Week 51: 

Zebra devices running Android 10 may randomly boot into Android Rescue Party Mode.  (95990)

  • When receiving a system application update through Google Play, Zebra Android 10 devices may randomly boot into Android Rescue Party Mode.
  • Once the device restarts, the following message will be displayed:
    "Cannot load Android system. Your data may be corrupt. If you continue to get this message, you may need to perform a factory data reset and erase all user data stored on this device."
  • The user then has the options to Try Again or Factory Reset. The device will require a factory reset to resolve the issue at this time.  
  • This issue is currently being investigated by Google and Zebra to reach a resolution. Workaround in KB.

Workspace ONE UEM: End of Life of deprecated Workspace One UEM APIs (95397)

  • The Workspace ONE UEM team is consistently driving to improve and ensure that we are delivering a hardened and secure platform for all UEM customers. As part of delivering on that goal, the UEM team has targeted a large group of the current Workspace ONE UEM APIs with the intent to overall improve our API health.
  • The first major milestone of these changes is targeted at a key component of any API lifecycle, deprecating legacy APIs previously marked for deprecation. These APIs have held deprecated status for a considerable period, and the introduction of newer APIs has brought forth additional security requirements. In line with our commitment to enhancing the performance and security posture of Workspace ONE UEM APIs, we will remove these deprecated APIs and, where applicable, substitute them with improved alternatives.

End of General Support for Google Glass Devices in Workspace ONE UEM (95952)

  • Google’s Glass Enterprise Edition will reach End of General Support on April 1st, 2024 in Workspace ONE UEM. On this date, Workspace ONE UEM will no longer guarantee support for, provide enhancements for, or resolve issues related to new or currently-enrolled Google Glass devices. It is possible that existing devices may become unenrolled, lose connectivity to the console, or stop checking in after upgrading to a Workspace ONE UEM or Intelligent Hub version released after the End of General Support date.  

High Priority KBs 

Recently updated or added KBs (Links) 

Digital Workspace Techzone, Blog and YouTube Updates 

3rd Party Blog Updates & Industry News 

Beta, Lab and Tech Preview Updates 

WS1 Tunnel 24.01 for iOS

  • In this release, we’ve made updates containing general quality and performance improvements with no new features.

Sign up or LogIn [HERE] to get access to the latest Beta versions.

December Software Releases 

SystemComponentReleaseAnnouncementRelease Date
HorizonServer Components and Clients2212.2Horizon Server01.12.23
HorizonHorizon Cloud Service Next Gen2311Release Notes01.12.23
AndroidContent23.10.1Release Notesstaged
AndroidHub23.11Release Notesstaged
iOSContent23.11.2Release Notes08.12.23
LinuxHub23.11Release Notes11.12.23
macOSHub23.10Release Notes11.12.23
iOSHub23.11Release Notes12.12.23
AndroidLauncher23.11Release Notes12.12.23


23.02.8Release Notes18.12.23
WindowsTunnel23.09Release Notes20.12.23
BackendConsole SAAS23.10Release Notes20.12.23
iOSWeb23.12Release Notes21.12.23
AndroidWeb23.12Release Notesstaged
AndroidXR Hub23.11Release Notes21.12.23

Patch & Seed Script Updates Week 51-2023