Weekly highlight: Support for PKCE and OAuth 2.0 Public Clients PKCE (Proof Key for Code Exchange) is an extension to OAuth 2.0 Authorization Code flow that helps in securing OAuth tokens from CSRF and code injection attacks. OAuth 2.0 public clients utilizing the Authorization Code Grant are susceptible to the authorization code interception attack. A communication path not protected by TLS is susceptible to this attack and an attacker can gain access to the authorization code and use it to obtain the access token. PKCE extension utilizes a dynamically created cryptographically random key to ensure proof of possession by the client. Workspace ONE Access supports enabling PKCE for OAuth 2.0 public clients and clients participating in Authorization Code flow.Along with PKCE support, Workspace ONE Access now supports creation of OAuth 2.0 public clients. Public clients are useful for applications running in a browser or on a mobile device that cannot keep their registered client secret safe. PKCE is enabled by default and is mandatory for all public clients created in Workspace ONE Access. User Choice of Authentication We are excited to announce the availability of User Choice of Authentication functionality with Workspace ONE Access. With this new feature, users will have the flexibility to choose from a set of authentication options presented to them for their second factor authentication.
This feature is particularly valuable in scenarios where users might not have access to their second factor authentication option, such as a smartphone for receiving push notifications. In such cases, users can seamlessly opt for an alternative method from the presented choices to successfully complete the login sequence.
Administrators will be able to configure policies to control the availability of various authentication choices for specific authentication requirements. Further, conditional access parameters such as network range, device specifications, device management state or user groups can be configured to secure and customize authentication experience for end users. This feature is available only with Workspace ONE Access SaaS. EUC UX Research Opportunities - Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
- Interested in giving your opinion and making your voice heard? Check out what’s available!
- Bonus: We give VMware swag to Customers who participate
Opportunity #1 - EUC Product/Feature: WS1 Cloud + WS1 UEM: Cross Platform Page Header Comparison Testing
- Topic: EUC Design is refreshing the header that appears at the top of each console and is looking for feedback on WHICH designs you prefer the most. The header typically shows which page you are on, has drop-down buttons like Actions and More, and other buttons like Refresh, Bookmark, and Add Widget.
- Opportunity Type: 60-minute, 1x1 conversation via Zoom where we will walk through different design iterations of potential Page Headers.
- Sign Up Link: HERE
Opportunity #2 - EUC Product/Feature: Horizon Cloud Service Next-Gen
- Topic: Next Gen sends notifications/alerts within the app and via email – EUC Design wants to better understand how well that experience is going and whether those notifications are helpful. Do you want some muted or to opt-out of? Receive via Slack/Teams instead of email?
- Opportunity Type: Variety of 60-minute, 1x1 conversations and focus groups via Zoom.
- Sign Up Link: HERE
KB Highlights & Announcements Week 03-24: VMware named a Leader in The Forrester Wave: Unified Endpoint Management, Q4 2023 report Restricted Enrollment Agent (REA) certificates on ChromeOS (96207) - Currently, REA (restricted enrollment agent) based certificates with Microsoft ADCS certificate authorities are not supported on ChromeOS due to technical limitations.
Workspace ONE UEM - Devices enrolled to a staging user may be dissociated from the staging user when the user's Organization Group is deleted (96206) - Devices enrolled to a staging user may be dissociated from the staging user when the user's Organization Group is deleted. This can lead to the affected device not being associated with any user. Devices affected in this manner will have to be re-enrolled to restore functionality.
High Priority KBs - End of Life Announcement for the Legacy App Catalog in Workspace ONE UEM for SaaS UEM Customers (95774)
We are announcing the End of Life (EOL) for the UEM Legacy Catalog for UEM SaaS customers only at this time. If you are a On-Premises UEM Customer, this notice does not impact you at this time, further communications will follow for timelines on migrating On-Premises UEM Customers to the Intelligent Hub App Catalog. - Workspace ONE UEM - Updated requirements for on-premise cumulative patches (94706)
The base GA version for current Workspace ONE UEM releases is being revised through updated installers. On-premise customers will need to consume a revised installer for a given major version before any future cumulative patches can be deployed for that major version. These revised installers are required to address compatibility issues with regular cumulative patches. - Introducing Workspace ONE (WS1) UEM Next-Gen SaaS
VMware is excited to announce that the resource management & tracking improvements, the first major feature-based milestone in the Workspace ONE UEM Modernization Journey, is now available for customer testing. These improvements will be enabled in limited testing environments (CN135) starting on Thursday August 24, 2023.
Recently updated or added KBs (Links) Digital Workspace Techzone, Blog and YouTube Updates 3rd Party Blog Updates & Industry News Beta, Lab and Tech Preview Updates WS1 Intelligent Hub 24.01 for iOS - (Beta) macOS's Intelligent Hub sidebar is coming to iPadOS versions of Hub.
- HUBI-10720: Branding fixes for Bookmark and TOTP account forms.
WS1 Intelligent Hub 24.01 for Android - Blocking all Android (Legacy) enrollments: Enrollment in Android (Legacy) mode is now blocked for all Android devices. See Action Required: Retiring Android Legacy Device Management (95399)
- Enhancement to Shared Device Mode registration: Users can now complete Azure AD conditional access Shared Device Mode registration by tapping ‘Connect Now’ from the remediation screen if the device is targeted for Shared mode.
- Removed the VMWare Workspace ONE App to Intelligent Hub App Migration capabilities: End of Support Life for the VMware Workspace ONE Application has been announced a while back (https://kb.vmware.com/s/article/80208). Starting this release, Intelligent Hub app has removed the capability to migrate VMWare Workspace ONE App to Intelligent Hub App.
- Encryption Recovery Key: In this release, we are bringing the ability for end users to get their Encryption Recovery Key for their macOS (FileVault) and Windows (Bitlocker, etc) devices from their mobile device. To use this functionality, view your Mac or Windows device from your Support tab and tap on the Encryption field. This must be enabled by your administrator.
WS1 Boxer 24.01 for iOS - What's New - Beta Only
StandBy Calendar widget: - Users can now stay on top of their schedules by adding the Boxer calendar widget to StandBy screen.
- StandBy calendar widget is displayed when the device is charging, positioned on its side and is unlocked.
- If widgets are enabled in the console, the StandBy widget can be activated from the device settings, like all other widgets.
- Support for .msg files preview
- Users can now access and preview .msg email attachments directly from their email thread, without the need for external applications.
- Health Check Improvements
- When ENS address is not available in the console the health check status is updated to Moderate (yellow).
- The health check badge counter is being changed only when there are health stats that are "At Risk"(red).
- Quality improvements and crash fixes
- What's New
Propose new time - Instead of leading long conversations about the time of a meeting, all users will now be able to decline or accept a meeting tentatively and propose a new time to the organizer with a single click.
- Visual scheduler can be used to select an appropriate time slot.
- The availability of all invitees within someone’s organization is going to be visible so that the proposer of the new time can choose a slot that suits everyone’s schedule
- Pre-req: EAS v16.1+
- Support for .msg files preview
- Users can now access and preview .msg email attachments directly from their email thread, without the need for external applications.
- Health Check Improvements
- When ENS address is not available in the console the health check status is updated to Moderate (yellow).
- The health check badge counter is being changed only when there are health stats that are "At Risk"(red).
- Quality improvements and crash fixes
Sign up or LogIn [HERE] to get access to the latest Beta versions. Patch & Seed Script Updates Week 03-24 - Seed Script for latest Device Model Information
- Patch Level 23.06.0.17
- ARES-27253: Fix application segment data mismatch from Apple devices.
- CMSVC-17482: SmartGroup search in astro-air pages returns complete path of the organization group.
- CMSVC-17485: Unable to push iOS update page crashing and getting error.
- AMST-40277: Update installation did not resume after pausing the installation.
- AMST-40278: Update Rollback does not work as the update installation was not paused.
- CRSVC-44715: Compliance Policy Summary tab not showing correct device count for Compliant or Non-Compliant status when using Device Tags rule
- https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2306/rn/vmware-workspace-one-uem-2306-release-notes/index.html#Patch%20Resolved%20Issues
- Last Update: CW03
|
Comments
Post a Comment