EUC Newsletter - Week 5

Weekly highlight: Horizon Cloud Service Next-Gen - Release 2401 ​New Features ​Horizon Edge An additional private endpoint has been added to each Horizon Edge in Microsoft Azure to ensure the resiliency of the connection to Horizon Control Plane from the Horizon Edge Gateway. ​Horizon Agent Auto Update With Horizon Plus or Universal license, administrators can now activate the Agent Auto Upgrade feature for their Horizon 8 edges. This allows administrators to keep the Horizon Agent versions updated for their Horizon 8 Edge.  ​Desktops and Applications Pools During pool creation, before provisioning any virtual machines, connectivity is checked between the desktop subnets (selected during pool creation) and Active Directory.  If the validation fails, a warning notification appears in the notification center.  Pool Groups Published applications delivered from multi-session pool groups can now be defined manually if not detected by the automatic scan. Start Folder and Parameter options can also be set for both automatically scanned and manually defined applications. Automatically scanned applications in multi-session pool groups are now grouped by name and publisher. Administrators are responsible for ensuring that the same version of an application is installed in each of the VMs that are part of a given pool group. ​Image Management Administrators can use markers to link image versions to desktop pools, making updates straightforward. By re-associating the marker with a new image version, admins can easily refresh all pools, automating the process. This feature, initially on Microsoft Azure, is now extended to Horizon 8 on-prem capacity as tech-preview only. ​Universal Broker Cloud Entitlement On-Ramp - End-users connecting to Horizon 8 can now see entitlements from both Horizon 8 and Horizon Cloud Service and can seamlessly launch their desktops and applications. End-users can continue to use the same URL to connect and they do not need to re-authenticate to Horizon Cloud Service when launching cloud-hosted resources. Horizon 8 must be connected to the Horizon Control Plane to enable this feature. Currently, this feature is only supported for users of Horizon Client for Windows 2312 or later. Administrators can now provide a custom fully-qualified domain name (FQDN) for the Client Access URL field. End-users can connect to this URL from Horizon Client to access their desktops and applications. ​Resolved Issues (HV-72071) The agent update process on dedicated desktops fails with a timeout error when desktops are on Horizon Agent version 23.1.0.21792227 or 23.1.0.21478075 The Horizon Universal Console allows you execute agent updates from the Pool Groups page. See Update Horizon Agent Software on Dedicated Desktops VMs. When you perform the update on agent version 23.1.0.21792227 or 23.1.0.21478075, the activity logs report that the agent update failed.  This issue is resolved.

Release Updates Week 05-24:  New Apple Builds Are Now Available New builds of the following software are now available: macOS 14.4 Sonoma Beta 1 (23E5180j) watchOS 10.4 Beta 1 (21T5185g) Workspace ONE Boxer for Android 24.01 Health Check Improvements The app will now conduct more inspections to identify problems that could hinder user productivity and inform the user what action steps can be performed. Users can resolve more issues such as those related to the Zoom Integration on their own. Push notifications health check is improved and made more actionable for the user. Quality Improvements Workspace ONE Boxer for iOS 24.01.1 Quality improvements and crash fixes Workspace ONE Digital Experience for macOS 23.11 Experience Management for macOS now supports macOS Sonoma 14. VMware Unified Access Gateway 2312 VMware Unified Access Gateway 2312 provides the following new features and enhancements: TLS 1.3 is now supported in FIPS mode. Note that Connection Server 2312 does not yet support TLS 1.3, and TLS 1.2 should still be enabled until a future Connection Server release. Introduced communityName parameter for SNMPv1+SNMPv2 configuration SAML identity provider metadata (used for supporting Horizon client user authentication) can now be viewed, edited, and deleted from Admin UI and REST API. The metadata for the Identity Provider information can now be edited and deleted within the Admin UI. Details of the TLS certificate installed on admin and internet interfaces can now be viewed on the Admin UI. Added option to set DisableHTMLAccess for Horizon Settings during PowerShell deployment. This may be used to block browsers from accessing Horizon virtual desktops and applications. Added configuration headersToBeLogged for adding specific HTTP headers to be included in default log level. This parameter may be used to specify headers like X-Forwarded-For to be added to the esmanager.log. Enhanced adminreset command to support configuration of allowed host headers Disk space usage statistics are now collected periodically and included in the log archive for troubleshooting purposes. Log level can now be modified on a single Tunnel server. Example: vpnreport log --level=3 --duration=30 vpnstats now report MFA information. The following items are added: MFA enablement and JWT enablement status. Logging improvements. Updates to Photon OS package versions and Java versions. EUC UX Research Opportunities   Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions. Interested in giving your opinion and making your voice heard? Check out what’s available! Bonus: We give VMware swag to Customers who participate   Opportunity #1 EUC Product/Feature: Experience Mgmt (DEEM/DEX) Topic: EUC Design is making a variety of changes to DEX and wants to hear your opinion about whether it’s going in the right direction! Some changes include enhancing ROI visibility and expediting issue resolution. Get a sneak peak at early wireframes of these new tools. Opportunity Type: Variety of 60-minute, 1x1 conversations and focus groups via Zoom. Sign Up Link: HERE KB Highlights & Announcements Week 05-24:  Security Enhancements in Unified Access Gateway (UAG) version 2312 and beyond (96373) UAG introduced few enhancements as part of the 2312 release for improved security. This document describes these security changes along with remediation steps to correct older settings and configurations. [CRSVC-45792] Android devices on Hub 20.X cannot check into UEM (96365) Android devices still using unsupported versions of Intelligent Hub - specifically, Hub 20.11 and older - cannot check into Workspace ONE UEM environments upgraded to the following releases and their respective patch versions: 23.10 (all builds) 23.6.0.11+ 23.2.0.30+ 22.12.0.38+ 22.10.0.37+ 22.9.0.44+ 22.6.0.48+ Change of the search bar location in Intelligent Hub for Windows (96347) On January 26th 2024, as part of our ongoing effort to modernize the end-user experience, the search bar location in Intelligent Hub for Windows will be moved from the center location to the top left. There will be no loss in functionality. Removal of the scripts execution overview page (95948) Due to an architectural change, we needed to temporarily remove the Hyperlink for Scripts to view the execution overview. The data got queried from Search Hub and will be moved to Open Search. Until the data is available in Open Search, the hyperlink will be disabled.  Enforcement of Enrollment Restriction Policies on Device Check-Out (96325) Enrollment restriction policies configured as either Organization Group defaults or mapped to specific User Groups will now be enforced when end users check-out devices in a Check-in Check-out (CICO) scenario. In the past, these restrictions were applied only during the device staging process at enrollment, and they weren't enforced during the device check-out to end users. This posed security risks, allowing ineligible users to check-out devices and gain access to resources they were not entitled to. [AAGNT-199197] Recurring Event Action only applies Custom Settings once (96266) When an Event Actions is installed on an Android device with: Condition: Recurring Schedule Action: Apply Custom Settings Intelligent Hub only executes the action (Apply Custom Settings) once - specifically, at the first scheduled execution time in the Condition. At any subsequent scheduled times in the Condition, Intelligent Hub will not execute the Apply Custom Settings action.  High Priority KBs  End of Life Announcement for the Legacy App Catalog in Workspace ONE UEM for SaaS UEM Customers (95774) We are announcing the End of Life (EOL) for the UEM Legacy Catalog for UEM SaaS customers only at this time. If you are a On-Premises UEM Customer, this notice does not impact you at this time, further communications will follow for timelines on migrating On-Premises UEM Customers to the Intelligent Hub App Catalog. Workspace ONE UEM - Updated requirements for on-premise cumulative patches (94706) The base GA version for current Workspace ONE UEM releases is being revised through updated installers. On-premise customers will need to consume a revised installer for a given major version before any future cumulative patches can be deployed for that major version. These revised installers are required to address compatibility issues with regular cumulative patches. Introducing Workspace ONE (WS1) UEM Next-Gen SaaS VMware is excited to announce that the resource management & tracking improvements, the first major feature-based milestone in the Workspace ONE UEM Modernization Journey, is now available for customer testing. These improvements will be enabled in limited testing environments (CN135) starting on Thursday August 24, 2023. Getting Ready for Android 14 (2023) Getting Ready for Apple Major OS Releases 2023 Recently updated or added KBs (Links)  Security Enhancements in Unified Access Gateway (UAG) version 2312 and beyond (96373) [CRSVC-45792] Android devices on Hub 20.X cannot check into UEM (96365) 2024 VMware Workspace ONE UEM Maintenance (81448) Change of the search bar location in Intelligent Hub for Windows (96347) Upcoming Change for Workspace ONE UEM Enforcing Password Rotation on API Accounts used for Cisco ISE Integration (96028) Removal of the scripts execution overview page (95948) Enforcement of Enrollment Restriction Policies on Device Check-Out (96325) [AAGNT-199197] Recurring Event Action only applies Custom Settings once (96266) FAQ: Content Delivery Networks and Workspace ONE UEM Console (2960984) Recursive Unlock Feature with Screensaver (96381) Agent installation order for Horizon View, Dynamic Environment Manager, and App Volumes (2118048) Supported Operating Systems, Microsoft Active Directory Domain Functional Levels, and Events Databases for VMware Horizon 8 (78652) VMware Horizon Client for Windows crashes after prolonged use on Intel GPU devices. (89950) How to switch provisioning scheme for a VMware Horizon Instant Clone Pool or Farm (81026) Horizon Mac Client : PostScript (PS) and Encapsulated PostScript (EPS) printing may not work after upgrading to macOS 14. (94729) Factors that affect resolution time with Appvolume Appcapture Issues (82582) VMware Horizon Guidelines for Nested Mode in Horizon 8 (80509) Digital Workspace Techzone, Blog and YouTube Updates  Sending Return-to-Service Commands to iOS Devices with Workspace ONE UEM How to effectively support a multi-generational workforce in today’s workplaces: From Baby Boomers through Gen Z How To Optimize a Horizon Golden Image with the New Microsoft Teams Client Anywhere Workspace Frequently Asked Questions (FAQs) Streamlining Device Compliance and Tags with Workspace ONE UEM Learn how end-user computing streamlines healthcare data interoperability at the ViVE 2024 conference 3rd Party Blog Updates & Industry News  cloudworkspace.blog: VMware Horizon 2312 adds lossless support in the Blast protocol Even Gooder: Containerized Diagnostics For Unified Access Gateway With UAG Local Troubleshooter Patch & Seed Script Updates Week 05-24  OS Updates Seed Script  Most recent update: Seed Script for iOS 17.2.1 (21C66), iOS 16.7.4 (20H240), iOS 17.3.0 (21D5026f), tvOS 17.3.0 (21K5625e) and macOS Sonoma 14.2.1 (23C71) https://resources.workspaceone.com/view/rywydmj6ghb9nmch4ywq/en Last Update: CW51 Seed Script for latest Device Model Information Seed Script to support macOS model - MacBook Pro (14-inch, M3, Nov 2023) - Mac15,3 https://resources.workspaceone.com/view/x8kn6bslt67vwvlgx4ld/en Last update: CW49 Workspace ONE UEM 22.09 Patch Level 22.9.0.45 CRSVC-43327: Increased CPU usage by CiscoISE App pool. AGGL-16159: Android VPN profile shows "Failed to save profile" error when trying to modify the profile or add a version to the profile. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2209/rn/vmware-workspace-one-uem-2209-release-notes/index.html#resolved-issues-22904-patch-resolved-issues Last Update: CW50 Workspace ONE UEM 22.10 Patch level 22.10.0.37 RUGG-12627: Add support for pull relay server discovery with IP as discovery text. CRSVC-42822: Secure Channel - Cannot find the original signer issue. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2210/rn/vmware-workspace-one-uem-2210-release-notes/index.html Last Update: CW47 Workspace ONE UEM 22.12 Patch Level 22.12.0.40 ARES-26618: Uploading a duplicate Windows app is causing app already exists with this OG error message. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2212/rn/vmware-workspace-one-uem-2212-release-notes/index.html#Resolved%20Issues-22.12.0.04%20Patch%20Resolved%20Issues Last Update: CW51 Workspace ONE UEM 23.02 Patch Level 23.02.0.37 ARES-27506: Extended timeout for Internal Apps Delete. AGGL-16368: Fix data mismatch for user data in users and accounts segment of device state. ARES-27484: Adding a newer version of an app through APIs removes app config KVPs for the previous version. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2302/rn/vmware-workspace-one-uem-2302-release-notes/index.html#Resolved%20Issues Last Update: CW05 Workspace ONE UEM 23.06 Patch Level 23.06.0.19 MACOS-4247: macOS profile keeps spinning for XML, Rollback, More actions action buttons. MACOS-4227: Auto-join gets automatically selected in macOS network profile. MACOS-4224: Unable to add version to macOS profile due to Login Window payload. MACOS-4221: macOS update management does not work when Install Action is “Install Later”. CMSVC-17522: Unable to create smart group through API when the smart group name contains double-byte symbol or number. ARES-27485: Adding a newer version of an app through APIs removes app config KVPs for the previous version. AGGL-16344: Unable to send application configuration for internal app. AAPP-16867: Unable to delete ABM stale record from Enrollment lifecycle page. AAPP-16866: SSO extension payload has multiple issues. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2306/rn/vmware-workspace-one-uem-2306-release-notes/index.html#Patch%20Resolved%20Issues Last Update: CW05 Workspace ONE UEM 23.10 Patch Level: 23.10.0.2 UM-8578: Admin role not auto filled in DDUI when adding Admin manually. MACOS-4245: macOS restriction payload automatically adds Activity Monitor to Allowed Apps in the Launch Restrictions. MACOS-4223: Unable to add version to macOS profile due to login window payload. MACOS-4222: macOS update management does not work when the install action is “Install Later”. MACOS-4140: Auto-join gets automatically selected in the macOS network profile. CMSVC-17486: Unable to push iOS update, page was crashing and getting error. ARES-27254: Fix application segment data mismatch from Apple devices. AMST-40371: Wifi Certificates were not getting auto renewed. AMST-40346: Sensor and Script - Remove search Hub dependency. AAPP-16828: Fix duplicate entry for setting value creation in the credential payload. AAPP-16737: Native CICO was not updating the User List. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2310/rn/vmware-workspace-one-uem-2310-release-notes/index.html#Resolved%20Issues Last Update: CW05