EUC Newsletter - Week 5

Weekly highlight:

Horizon Cloud Service Next-Gen - Release 2401

New Features

Horizon Edge

  • An additional private endpoint has been added to each Horizon Edge in Microsoft Azure to ensure the resiliency of the connection to Horizon Control Plane from the Horizon Edge Gateway.
    Horizon Agent Auto Update
  • With Horizon Plus or Universal license, administrators can now activate the Agent Auto Upgrade feature for their Horizon 8 edges. This allows administrators to keep the Horizon Agent versions updated for their Horizon 8 Edge. 

Desktops and Applications

  • Pools
    • During pool creation, before provisioning any virtual machines, connectivity is checked between the desktop subnets (selected during pool creation) and Active Directory.  If the validation fails, a warning notification appears in the notification center. 
  • Pool Groups
    • Published applications delivered from multi-session pool groups can now be defined manually if not detected by the automatic scan. Start Folder and Parameter options can also be set for both automatically scanned and manually defined applications.
    • Automatically scanned applications in multi-session pool groups are now grouped by name and publisher. Administrators are responsible for ensuring that the same version of an application is installed in each of the VMs that are part of a given pool group.

Image Management

  • Administrators can use markers to link image versions to desktop pools, making updates straightforward. By re-associating the marker with a new image version, admins can easily refresh all pools, automating the process. This feature, initially on Microsoft Azure, is now extended to Horizon 8 on-prem capacity as tech-preview only.

Universal Broker

  • Cloud Entitlement On-Ramp - End-users connecting to Horizon 8 can now see entitlements from both Horizon 8 and Horizon Cloud Service and can seamlessly launch their desktops and applications. End-users can continue to use the same URL to connect and they do not need to re-authenticate to Horizon Cloud Service when launching cloud-hosted resources. Horizon 8 must be connected to the Horizon Control Plane to enable this feature. Currently, this feature is only supported for users of Horizon Client for Windows 2312 or later.
  • Administrators can now provide a custom fully-qualified domain name (FQDN) for the Client Access URL field. End-users can connect to this URL from Horizon Client to access their desktops and applications.

Resolved Issues

  • (HV-72071) The agent update process on dedicated desktops fails with a timeout error when desktops are on Horizon Agent version or
    • The Horizon Universal Console allows you execute agent updates from the Pool Groups page. See Update Horizon Agent Software on Dedicated Desktops VMs. When you perform the update on agent version or, the activity logs report that the agent update failed. 
    • This issue is resolved.

Release Updates Week 05-24

New Apple Builds Are Now Available

New builds of the following software are now available:

  • macOS 14.4 Sonoma Beta 1 (23E5180j)
  • watchOS 10.4 Beta 1 (21T5185g)

Workspace ONE Boxer for Android 24.01

  • Health Check Improvements
  • The app will now conduct more inspections to identify problems that could hinder user productivity and inform the user what action steps can be performed.
    • Users can resolve more issues such as those related to the Zoom Integration on their own.
    • Push notifications health check is improved and made more actionable for the user.
  • Quality Improvements

Workspace ONE Boxer for iOS 24.01.1

  • Quality improvements and crash fixes

Workspace ONE Digital Experience for macOS 23.11

  • Experience Management for macOS now supports macOS Sonoma 14.

VMware Unified Access Gateway 2312

  • VMware Unified Access Gateway 2312 provides the following new features and enhancements:

    • TLS 1.3 is now supported in FIPS mode. Note that Connection Server 2312 does not yet support TLS 1.3, and TLS 1.2 should still be enabled until a future Connection Server release.

    • Introduced communityName parameter for SNMPv1+SNMPv2 configuration

    • SAML identity provider metadata (used for supporting Horizon client user authentication) can now be viewed, edited, and deleted from Admin UI and REST API.

    • The metadata for the Identity Provider information can now be edited and deleted within the Admin UI.

    • Details of the TLS certificate installed on admin and internet interfaces can now be viewed on the Admin UI.

    • Added option to set DisableHTMLAccess for Horizon Settings during PowerShell deployment. This may be used to block browsers from accessing Horizon virtual desktops and applications.

    • Added configuration headersToBeLogged for adding specific HTTP headers to be included in default log level. This parameter may be used to specify headers like X-Forwarded-For to be added to the esmanager.log.

    • Enhanced adminreset command to support configuration of allowed host headers

    • Disk space usage statistics are now collected periodically and included in the log archive for troubleshooting purposes.

    • Log level can now be modified on a single Tunnel server.

      Example: vpnreport log --level=3 --duration=30

    • vpnstats now report MFA information. The following items are added: MFA enablement and JWT enablement status.

    • Logging improvements.

    • Updates to Photon OS package versions and Java versions.

EUC UX Research Opportunities  

  • Our goal is to gather insight into user behaviorsmotivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
  • Interested in giving your opinion and making your voice heard? Check out what’s available!
  • Bonus: We give VMware swag to Customers who participate (smile) 

Opportunity #1

  • EUC Product/Feature: Experience Mgmt (DEEM/DEX)
  • Topic: EUC Design is making a variety of changes to DEX and wants to hear your opinion about whether it’s going in the right direction! Some changes include enhancing ROI visibility and expediting issue resolution. Get a sneak peak at early wireframes of these new tools.
  • Opportunity Type: Variety of 60-minute, 1x1 conversations and focus groups via Zoom.
  • Sign Up Link: HERE

KB Highlights & Announcements Week 05-24: 

Security Enhancements in Unified Access Gateway (UAG) version 2312 and beyond (96373)

  • UAG introduced few enhancements as part of the 2312 release for improved security.
    This document describes these security changes along with remediation steps to correct older settings and configurations.

[CRSVC-45792] Android devices on Hub 20.X cannot check into UEM (96365)

  • Android devices still using unsupported versions of Intelligent Hub - specifically, Hub 20.11 and older - cannot check into Workspace ONE UEM environments upgraded to the following releases and their respective patch versions:
    • 23.10 (all builds)

Change of the search bar location in Intelligent Hub for Windows (96347)

  • On January 26th 2024, as part of our ongoing effort to modernize the end-user experience, the search bar location in Intelligent Hub for Windows will be moved from the center location to the top left. There will be no loss in functionality.

Removal of the scripts execution overview page (95948)

  • Due to an architectural change, we needed to temporarily remove the Hyperlink for Scripts to view the execution overview.
    The data got queried from Search Hub and will be moved to Open Search. Until the data is available in Open Search, the hyperlink will be disabled. 

Enforcement of Enrollment Restriction Policies on Device Check-Out (96325)

  • Enrollment restriction policies configured as either Organization Group defaults or mapped to specific User Groups will now be enforced when end users check-out devices in a Check-in Check-out (CICO) scenario. In the past, these restrictions were applied only during the device staging process at enrollment, and they weren't enforced during the device check-out to end users. This posed security risks, allowing ineligible users to check-out devices and gain access to resources they were not entitled to.

[AAGNT-199197] Recurring Event Action only applies Custom Settings once (96266)

  • When an Event Actions is installed on an Android device with:

    • Condition: Recurring Schedule
    • Action: Apply Custom Settings
    Intelligent Hub only executes the action (Apply Custom Settings) once - specifically, at the first scheduled execution time in the Condition. At any subsequent scheduled times in the Condition, Intelligent Hub will not execute the Apply Custom Settings action. 

High Priority KBs 

Recently updated or added KBs (Links) 

Digital Workspace Techzone, Blog and YouTube Updates 

3rd Party Blog Updates & Industry News 

Patch & Seed Script Updates Week 05-24 

  • Workspace ONE UEM 23.06
    • Patch Level
    • MACOS-4247: macOS profile keeps spinning for XML, Rollback, More actions action buttons.

    • MACOS-4227: Auto-join gets automatically selected in macOS network profile.

    • MACOS-4224: Unable to add version to macOS profile due to Login Window payload.

    • MACOS-4221: macOS update management does not work when Install Action is “Install Later”.

    • CMSVC-17522: Unable to create smart group through API when the smart group name contains double-byte symbol or number.

    • ARES-27485: Adding a newer version of an app through APIs removes app config KVPs for the previous version.

    • AGGL-16344: Unable to send application configuration for internal app.

    • AAPP-16867: Unable to delete ABM stale record from Enrollment lifecycle page.

    • AAPP-16866: SSO extension payload has multiple issues.

    • Last Update: CW05

  • Workspace ONE UEM 23.10
    • Patch Level:
    • UM-8578: Admin role not auto filled in DDUI when adding Admin manually.

    • MACOS-4245: macOS restriction payload automatically adds Activity Monitor to Allowed Apps in the Launch Restrictions.

    • MACOS-4223: Unable to add version to macOS profile due to login window payload.

    • MACOS-4222: macOS update management does not work when the install action is “Install Later”.

    • MACOS-4140: Auto-join gets automatically selected in the macOS network profile.

    • CMSVC-17486: Unable to push iOS update, page was crashing and getting error.

    • ARES-27254: Fix application segment data mismatch from Apple devices.

    • AMST-40371: Wifi Certificates were not getting auto renewed.

    • AMST-40346: Sensor and Script - Remove search Hub dependency.

    • AAPP-16828: Fix duplicate entry for setting value creation in the credential payload.

    • AAPP-16737: Native CICO was not updating the User List.

    • Last Update: CW05