EUC Newsletter - Week 51

Weekly highlight:    VMware Workspace ONE UEM 2310 Release KB-Post: Announcing SaaS Availability of VMWare Workspace ONE UEM Cloud 2310 (95988) Console Would you like to check the Device Registration Status for Conditional Access? We report that in Device Details page. You can now refer Device Details page on the console to check if the registration was successful and plan further actions such as pushing the desired apps to the devices. Check out Azure conditional access and Google's context aware access information in Device Details. For more information, see Other Integrations with Directory Services. Rugged We've now enabled Agent or Hub Upgrade File-Action upload in partner type OGs too. Prior to this feature, you could upload Workspace ONE Intelligent Hub Packages only in Global and Customer organization group types. But now, you can upload an AirWatch MDM Agent (also known as Workspace ONE Intelligent Hub) to a partner type organization group. For more information, see Upload a Workspace ONE Intelligent Hub APF File, Upgrade File-Action. Android Compromised Device Detection with Play Integrity API. Workspace ONE UEM can use Play Integrity API to obtain further information about an Android device’s integrity and determine if the device is compromised. Play Integrity API replaces Google’s SafetyNet Attestation API. It works together with the compromised device detection capabilities in Workspace ONE SDK to better protect endpoints and protected resources. iOS Deploying iOS profiles is now easier and faster with the new data-driven user interface. We have completed the rollout of our new Data-Driven User Interface (DDUI) user experience for iOS profiles. This functionality will now be enabled by default starting with Workspace ONE UEM 2310. We've a new iOS 17 Restriction profile key. We have implemented the new “Allow iPhone Widgets on Mac” Restriction profile key that was introduced with iOS 17. This key can be used to prevent iPhone widgets on a Mac that have signed into the same Apple ID for iCloud. macOS We’ve enhanced macOS profiles. We have added new configuration profile payload keys introduced in macOS 14 Sonoma to the Workspace ONE Console UI. Newly supported keys can be found in the payloads listed below. For more information, see macOS Device Profiles. Restrictions SSO Extension Disk Encryption Passcode DNS Settings Linux We’ve introduced new device commands. Workspace ONE UEM now supports Device Reboot, Device Lock, and Full Device Wipe commands for Linux endpoints. IT administrators can now have a little more control, and in the case of Device Wipe, there are additional security controls for devices. Experience the new Data-driven UI for profiles. Like other platforms UEM supports, Linux has migrated to the new DDUI framework for profiles. Although functionality is identical, the UI has changed and provides a mechanism to add new profile features at a more rapid pace. Windows Software Distribution(SFD) now downloads links on-demand. We've enhanced the way SFD manages downloads. When the download URL link you received through an earlier install command expires, you are no longer required to resend an application install command to get a new download link. Now, on a need-basis, the Software Distribution (SFD) can send a request to the Workspace ONE UEM server for a new download link. Check out Device Updates to monitor windows updates progress. We have improved device updates reporting. With this limited availability feature, you can filter or search Windows devices with different versions in the organization group or child organization. You can easily go through the Device or Update Overview to see if the latest quality updates have been delivered to each device and take further action. For more information, see Resources - Device Updates. Track Workflow Status in Provisioning Tool You can now detect and track the status of Freestyle Workflows through Provisioning Tool. Each workflow will be tracked in the UI and the system will not complete processing (Green Screen) until all the workflows are complete. Freestyle Quick and easy profile and app removal for Windows devices. You can now create a workflow for one-time removal of an application and/or profile from a device. After the workflow is deployed on the device, the app or profile is uninstalled successfully. Explore the new Freestyle templates. Workspace ONE UEM Freestyle templates are now available in Workspace ONE Cloud Marketplace. Utilize these templates to get started with the most common use cases.     Release Updates Week 51:  Workspace ONE XR Hub 23.11 Workspace ONE Unified Endpoint Management (UEM) logging integration Workspace ONE Intelligence integration HTC VIVE tutorial video access from the XR Hub Menu Support for Pico CloudXR client with XR Hub Various bug fixes and performance enhancements Support for Meta Quest 3 Workspace ONE Web for Android 23.12 (staged) ABRW-175689: Android Web does not show an actual favicon for specific Web pages on the bookmarks screen Localization bug fixes Quality and performance enhancements Workspace ONE Web for iOS 23.12 Custom icon for bookmarks Ability to customize personal bookmarks icon on device. VMware Workspace ONE Intelligent Hub for Windows 23.02.8 Resolved Issues HUBW-13033: Interrogator sample is not being sent due to file not found exception HUBW-12867: Changed the default behavior to no longer set the Powershell Execution policy when using a BranchCache profile. Workspace ONE Tunnel for Windows 23.09 Improvements for syncing Device Traffic Rules. DTR and Tunnel configuration updates will now be decoupled from certificate issuance management. Tunnel certificates will not be regenerated when updating DTRs and Tunnel configuration. There is no requirement to save or publish the Tunnel profile. Periodic check-in interval with Workspace ONE APIs. Every 4 hours and on App launch. Ability for user to initiate on-demand sync from client. Tunnel client authentication certificates are stored in the user certificate store. Presently, both the Tunnel server certificate and the Tunnel client certificate are stored in the device certificate store. Administrators now have an option to store the Tunnel client certificate in the user certificate store on the device. This will limit Tunnel access only to enrolled user and restrict other logged-in users to the same machine from connecting via Tunnel. The Tunnel server certificate will continue to be stored in the device certificate store. Use the ‘User Profile’ option instead of the ‘Device Profile’ option to create a Windows Tunnel User profile. For pre-logon workflow, it is required that the client certificate be available in the device certificate store and a ‘Device Profile’ is required. Technical Preview: Add the following key under the Custom Configuration section in the Windows Tunnel VPN profile. Introducing performance improvements which enables optimized implementation for client <> server communication. This optimization provides improvements to network throughput and smaller total memory footprint. This improvement will be enabled by default in a future Tunnel release. Technical Requirement: Key: UseNativeDataPlane Value: True Resolved Issues VMware EUC Security Advisories:  --- no new EUC VMSA --- KB Highlights & Announcements Week 51:  Zebra devices running Android 10 may randomly boot into Android Rescue Party Mode.  (95990) When receiving a system application update through Google Play, Zebra Android 10 devices may randomly boot into Android Rescue Party Mode. Once the device restarts, the following message will be displayed: "Cannot load Android system. Your data may be corrupt. If you continue to get this message, you may need to perform a factory data reset and erase all user data stored on this device." The user then has the options to Try Again or Factory Reset. The device will require a factory reset to resolve the issue at this time.   This issue is currently being investigated by Google and Zebra to reach a resolution. Workaround in KB. Workspace ONE UEM: End of Life of deprecated Workspace One UEM APIs (95397) The Workspace ONE UEM team is consistently driving to improve and ensure that we are delivering a hardened and secure platform for all UEM customers. As part of delivering on that goal, the UEM team has targeted a large group of the current Workspace ONE UEM APIs with the intent to overall improve our API health. The first major milestone of these changes is targeted at a key component of any API lifecycle, deprecating legacy APIs previously marked for deprecation. These APIs have held deprecated status for a considerable period, and the introduction of newer APIs has brought forth additional security requirements. In line with our commitment to enhancing the performance and security posture of Workspace ONE UEM APIs, we will remove these deprecated APIs and, where applicable, substitute them with improved alternatives. End of General Support for Google Glass Devices in Workspace ONE UEM (95952) Google’s Glass Enterprise Edition will reach End of General Support on April 1st, 2024 in Workspace ONE UEM. On this date, Workspace ONE UEM will no longer guarantee support for, provide enhancements for, or resolve issues related to new or currently-enrolled Google Glass devices. It is possible that existing devices may become unenrolled, lose connectivity to the console, or stop checking in after upgrading to a Workspace ONE UEM or Intelligent Hub version released after the End of General Support date.   High Priority KBs  End of Life Announcement for the Legacy App Catalog in Workspace ONE UEM for SaaS UEM Customers (95774) We are announcing the End of Life (EOL) for the UEM Legacy Catalog for UEM SaaS customers only at this time. If you are a On-Premises UEM Customer, this notice does not impact you at this time, further communications will follow for timelines on migrating On-Premises UEM Customers to the Intelligent Hub App Catalog. Workspace ONE UEM - Updated requirements for on-premise cumulative patches (94706) The base GA version for current Workspace ONE UEM releases is being revised through updated installers. On-premise customers will need to consume a revised installer for a given major version before any future cumulative patches can be deployed for that major version. These revised installers are required to address compatibility issues with regular cumulative patches. Introducing Workspace ONE (WS1) UEM Next-Gen SaaS VMware is excited to announce that the resource management & tracking improvements, the first major feature-based milestone in the Workspace ONE UEM Modernization Journey, is now available for customer testing. These improvements will be enabled in limited testing environments (CN135) starting on Thursday August 24, 2023. Getting Ready for Android 14 (2023) Getting Ready for Apple Major OS Releases 2023 Recently updated or added KBs (Links)  Workspace ONE Access: Deprecation of Cipher Suites and Hash Algorithm Support (94409) Zebra devices running Android 10 may randomly boot into Android Rescue Party Mode. (95990) WS1 UEM Console Release and End of General Support Matrix (2960922) Announcing SaaS Availability of VMWare Workspace ONE UEM Cloud 2310 (95988) vIDM 3.3.x vPostgres DB OAuth2RefreshToken table consumes most space on the appliance leading to service outages (87609) Workspace ONE UEM: End of Life of deprecated Workspace One UEM APIs (95397) End of General Support for Google Glass Devices in Workspace ONE UEM (95952) Autopilot Hybrid Join Best Practices (94477) 2024 VMware Workspace ONE UEM Maintenance (81448) [Android 14] Certain Android Profile settings cannot be changed once set (95776) Microsoft Teams: A screenshare shows a black screen instead of shared contents when using Horizon Client for Windows 2206 when optimized (89741) Unable to delete an application in AppVolumes Manager (89328) Unable to find a provisioning VM after a Manager Certificate Update. (84362) VMware App Volumes 2.18 Agent and Horizon 8 Interoperability (80917) VPX_TEXT_ARRAY table growing in size causes the vCenter Server database to run out of space (2005333) Supported Guest Operating Systems with VMware Horizon Cloud Service (78170) Horizon Windows client 8.10(2306) : Some specific type of headsets used by MS Teams optimization can cause a crash if HID is enabled for MS Teams (94211) Windows 10 multi-session does not trigger “All AppStacks attached” (83673) Skyline Advisor Pro Finding False Positive Tracking and Reporting (87532) Horizon Cloud on Azure Pod Manifest Support Plans (86476) Unified Access Gateway(UAG): High Availability | Source IP Affinity Recommendation with Horizon 8 (95901) Horizon View HTML Access : Clipboard Audit Feature may impact File Transfer and Clipboard Redirection (91330) Workspace ONE UEM enrolled devices are intermittently getting enterprise wiped when upgraded to iOS 17 (94814) The Impact of Microsoft Security Update (KB5014754) on Customers Utilizing TrueSSO and Certificate-Based Authentication, Including Smart Cards (91595) User engagement dashboard and directory sync status not showing up last sync activity for vIDM (84304) Digital Workspace Techzone, Blog and YouTube Updates  Workspace ONE Access On-Premises to Cloud Migration App Volumes Architecture Navigating the future of DaaS: 6 key trends and predictions for 2024 Learn how IT admins can improve user experience with DEX for Horizon Empower Frontline Workers Solution: Manage Empower Frontline Workers Solution: Stage 3rd Party Blog Updates & Industry News  Mobile-Jon: Securing Local Administrators with Workspace ONE Arkadiusz Krowczynski: Okta Device Access self-service password reset Arkadius Krowczynski: Okta Device Access Windows- number challenge childebrandt42: As Built Report for VMware Horizon Updates Beta, Lab and Tech Preview Updates  WS1 Tunnel 24.01 for iOS In this release, we’ve made updates containing general quality and performance improvements with no new features. Sign up or LogIn [HERE] to get access to the latest Beta versions. December Software Releases  System Component Release Announcement Release Date Horizon Server Components and Clients 2212.2 Horizon Server 01.12.23 Horizon Horizon Cloud Service Next Gen 2311 Release Notes 01.12.23 Android Content 23.10.1 Release Notes staged Android Hub 23.11 Release Notes staged iOS Content 23.11.2 Release Notes 08.12.23 Linux Hub 23.11 Release Notes 11.12.23 macOS Hub 23.10 Release Notes 11.12.23 iOS Hub 23.11 Release Notes 12.12.23 Android Launcher 23.11 Release Notes 12.12.23 Windows Hub 23.02.8 Release Notes 18.12.23 Windows Tunnel 23.09 Release Notes 20.12.23 Backend Console SAAS 23.10 Release Notes 20.12.23 iOS Web 23.12 Release Notes 21.12.23 Android Web 23.12 Release Notes staged Android XR Hub 23.11 Release Notes 21.12.23 Patch & Seed Script Updates Week 51-2023  OS Updates Seed Script  Most recent update: Seed Script for iOS 17.2.1 (21C66), iOS 16.7.4 (20H240), iOS 17.3.0 (21D5026f), tvOS 17.3.0 (21K5625e) and macOS Sonoma 14.2.1 (23C71) https://resources.workspaceone.com/view/rywydmj6ghb9nmch4ywq/en Last Update: CW51 Seed Script for latest Device Model Information Seed Script to support macOS model - MacBook Pro (14-inch, M3, Nov 2023) - Mac15,3 https://resources.workspaceone.com/view/x8kn6bslt67vwvlgx4ld/en Last update: CW49 Workspace ONE UEM 22.06 Patch Level 22.6.0.48 AMST-40091: UEM console fails to edit windows profiles the day after they were created onwards. CRSVC-42820: Secure Channel - Cannot find the original signer issue. CRSVC-43551: Increased CPU usage by CiscoISE App pool. SINST-176235: UEM Patch installer 22.12.0.31 fails at Cert Installer execution. UM-8411: Unblock the Auto/Manual syncs during Advanced Ldap Sync cycle failure https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2206/rn/vmware-workspace-one-uem-powered-by-airwatch-2206-release-notes/index.html#resolved-issues-226011-patch-resolved-issues Last Update: CW48 Workspace ONE UEM 22.09 Patch Level 22.9.0.45 CRSVC-43327: Increased CPU usage by CiscoISE App pool. AGGL-16159: Android VPN profile shows "Failed to save profile" error when trying to modify the profile or add a version to the profile. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2209/rn/vmware-workspace-one-uem-2209-release-notes/index.html#resolved-issues-22904-patch-resolved-issues Last Update: CW50 Workspace ONE UEM 22.10 Patch level 22.10.0.37 RUGG-12627: Add support for pull relay server discovery with IP as discovery text. CRSVC-42822: Secure Channel - Cannot find the original signer issue. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2210/rn/vmware-workspace-one-uem-2210-release-notes/index.html Last Update: CW47 Workspace ONE UEM 22.12 Patch Level 22.12.0.40 ARES-26618: Uploading a duplicate Windows app is causing app already exists with this OG error message. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2212/rn/vmware-workspace-one-uem-2212-release-notes/index.html#Resolved%20Issues-22.12.0.04%20Patch%20Resolved%20Issues Last Update: CW51 Workspace ONE UEM 23.02 Patch Level 23.02.0.33 RUGG-12724: Workspace ONE servers unable to connect to SFTP Relay server after the relay server SFTP settings were updated to disable SHA-1 key exchange. AMST-40134: Mac address is not visible for Wifi adaptor in the Network tab. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2302/rn/vmware-workspace-one-uem-2302-release-notes/index.html#Resolved%20Issues Last Update: CW51 Workspace ONE UEM 23.06 Patch Level 23.06.0.15 AGGL-15919: Global lock when stored procedure to mark snapshots as Obsolete is in flight AMST-40135: Mac address is not visible for wifi adaptor in network tab CRSVC-44392: Spaceman error appears at Summary tab in the Compliance wizard for Device Tags AAPP-16789: The description for Custom B2B apps is not shown in legacy and hub catalog AAPP-16742: Update Seed script to add BundleId for Journal App RUGG-12725: WS1 Servers Unable to Connect to SFTP Relay Server due to mandate to disable SHA-1 https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2306/rn/vmware-workspace-one-uem-2306-release-notes/index.html#Patch%20Resolved%20Issues Last Update: CW51