EUC Newsletter - Week 7

Weekly highlight: Workspace ONE UEM 2310 GA Would you like to check the Device Registration Status for Conditional Access? We report that in Device Details page. You can now refer Device Details page on the console to check if the registration was successful and plan further actions such as pushing the desired apps to the devices. Check out Azure conditional access and Google's context aware access information in Device Details. For more information, see Other Integrations with Directory Services. Rugged We've now enabled Agent or Hub Upgrade File-Action upload in partner type OGs too. Prior to this feature, you could upload Workspace ONE Intelligent Hub Packages only in Global and Customer organization group types. But now, you can upload an AirWatch MDM Agent (also known as Workspace ONE Intelligent Hub) to a partner type organization group. For more information, see Upload a Workspace ONE Intelligent Hub APF File, Upgrade File-Action. Android Compromised Device Detection with Play Integrity API. Workspace ONE UEM can use Play Integrity API to obtain further information about an Android device’s integrity and determine if the device is compromised. Play Integrity API replaces Google’s SafetyNet Attestation API. It works together with the compromised device detection capabilities in Workspace ONE SDK to better protect endpoints and protected resources. iOS Deploying iOS profiles is now easier and faster with the new data-driven user interface. We have completed the rollout of our new Data-Driven User Interface (DDUI) user experience for iOS profiles. This functionality will now be enabled by default starting with Workspace ONE UEM 2310. We've a new iOS 17 Restriction profile key. We have implemented the new “Allow iPhone Widgets on Mac” Restriction profile key that was introduced with iOS 17. This key can be used to prevent iPhone widgets on a Mac that have signed into the same Apple ID for iCloud. macOS We’ve enhanced macOS profiles. We have added new configuration profile payload keys introduced in macOS 14 Sonoma to the Workspace ONE Console UI. Newly supported keys can be found in the payloads listed below. For more information, see macOS Device Profiles. Restrictions SSO Extension Disk Encryption Passcode DNS Settings Linux We’ve introduced new device commands. Workspace ONE UEM now supports Device Reboot, Device Lock, and Full Device Wipe commands for Linux endpoints. IT administrators can now have a little more control, and in the case of Device Wipe, there are additional security controls for devices. Experience the new Data-driven UI for profiles. Like other platforms UEM supports, Linux has migrated to the new DDUI framework for profiles. Although functionality is identical, the UI has changed and provides a mechanism to add new profile features at a more rapid pace. Windows Software Distribution(SFD) now downloads links on-demand. We've enhanced the way SFD manages downloads. When the download URL link you received through an earlier install command expires, you are no longer required to resend an application install command to get a new download link. Now, on a need-basis, the Software Distribution (SFD) can send a request to the Workspace ONE UEM server for a new download link. Check out Device Updates to monitor windows updates progress. We have improved device updates reporting. With this limited availability feature, you can filter or search Windows devices with different versions in the organization group or child organization. You can easily go through the Device or Update Overview to see if the latest quality updates have been delivered to each device and take further action. For more information, see Resources - Device Updates. Track Workflow Status in Provisioning Tool You can now detect and track the status of Freestyle Workflows through Provisioning Tool. Each workflow will be tracked in the UI and the system will not complete processing (Green Screen) until all the workflows are complete. Check out more new Windows Security Baseline templates We have added new templates for creating CIS Windows Benchmarks. Both Windows 10 22H2, and Windows 11 22H2 were added. For more information, see Creating Baselines with a Template. Freestyle Quick and easy profile and app removal for Windows devices. You can now create a workflow for one-time removal of an application and/or profile from a device. After the workflow is deployed on the device, the app or profile is uninstalled successfully. Explore the new Freestyle templates. Workspace ONE UEM Freestyle templates are now available in Workspace ONE Cloud Marketplace. Utilize these templates to get started with the most common use cases. Documentation and Links: Release Notes Download Link

Upcoming EUC Events Release Updates Week 07-24:  New Apple Builds Are Now Available iOS and iPadOS 17.4 Beta 3 (21E5200d) macOS 14.4 Sonoma Beta 3 (23E5196e) tvOS 17.4 Beta 3 (21L5212d) watchOS 10.4 Beta 3 (21T5202e) visionOS 1.1 Beta 2 (21O5188c) Workspace ONE Intelligent Hub for iOS 24.01 This release of Intelligent Hub for iOS includes bug fixes to enhance your Hub experience. Resolved Issues HUBI-10720: Branding fixes for Bookmarks and TOTP account forms VMware Workspace ONE Secure Email Gateway 2.29.0 Support for TLS 1.3 in FIPS mode SEG 2.16 and later already support TLS 1.3 in non-FIPS mode. Workspace ONE Intelligent Hub for macOS 24.01 Third Party Integrations: Upgrade Firebase, Alamofire, MSAL, EULA EULA updates - A new version of the VMware General Terms has been added. The following Hub Health attributes are added: Time of last Hub-targeted WS1 command Is Hub on latest seeded version? Version of Workflow Engine installed VMware EUC Security Advisories: --- no new EUC VMSA --- EUC UX Research Opportunities   Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions. Interested in giving your opinion and making your voice heard? Check out what’s available! Bonus: We give swag to Customers who participate   Opportunity #1 EUC Product/Feature: WS1 UEM Topic: Get a sneak peak at early wireframes of new designs for App Deployment and Security tools, including Vulnerability Management shared at Explore 2023! Opportunity Type: Variety of 60-minute, 1x1 conversations and focus groups via Zoom. Sign Up Link: HERE Opportunity #2 EUC Product/Feature: WS1 UEM, Horizon, and Intelligence Topic: How AI can work alongside you as you’re getting onboarded to WS1 or while you’re using it daily? For example, what if it could help you create a new cert authenticated Wi-Fi policy, query, or widget? What if you could ask it to show you the number of new enrollments in your deployment?  Opportunity Type: Variety of 60-minute, 1x1 conversations and focus groups via Zoom. Sign Up Link: HERE Opportunity #3 EUC Product/Feature: Experience Mgmt (DEEM/DEX) Topic: EUC Design is making a variety of changes to DEX and wants to hear your opinion about whether it’s going in the right direction! Some changes include enhancing ROI visibility and expediting issue resolution. Get a sneak peak at early wireframes of these new tools. Opportunity Type: Variety of 60-minute, 1x1 conversations and focus groups via Zoom. Sign Up Link: HERE KB Highlights & Announcements Week 07-24: Silent Hub upgrade failing while in Headless state (96514) Some users may experience an issue where the automatic update for the macOS Intelligent Hub software does not complete successfully when their device is not actively in use or is logged out. Steps to Reproduce: Ensure your device is enrolled in an environment where a higher version Intelligent Hub version is available for update. Schedule the update for the Intelligent Hub to a time in the near future. Log out from your user account and leave the device without any activity. Make the most of Freestyle- Best practices and tips (96222) For optimum utilization of Freestyle workflows, we suggest some best practices that you can follow: Freestyle in UEM 1. The best use of workflows is for use-cases that need sequencing multiple actions or targeting devices granularly. For simple deployment of resources, continue to use direct app/profile/script deployment. Note: Avoid having overlap smart group assignments for workflows and direct app/profile/script deployment. 2. When trying to reduce overall workflow execution time, adjust workflow settings to minimize timeouts & Retry intervals for workflow steps. It's a good idea to set these retry intervals to 0 when testing a workflow for the first time. If you further want to cater these settings to the specific resource (available for Apps & profiles for Windows, Apps for Mac), you do have an option on the step level to edit these settings.  Freestyle workflows only at Customer Organization Group or below (96279) Currently, Freestyle Orchestrator exists in both UEM and Intelligence. While they are functionally similar in their ability to orchestrate a sequence of actions, each covers unique use cases. The long-term goal for Freestyle is to offer a unified platform for all automation across EUC. To accomplish this, we are combining the capabilities of Freestyle in UEM and Freestyle in Intelligence. As a result of the Unified Orchestrator project, the Freestyle UI will no longer be present in Workspace ONE UEM, and existing workflows will be migrated over to Freestyle in Intelligence. This will allow admins to create workflows that leverage both UEM and Intelligence core competencies like: On-device condition evaluation and action execution Desired state management Acting on data from the Intelligence Data Platform, DEEM, DEX, etc. Sending actions to Workspace ONE services (e.g. Intelligent Hub) and 3rd party services (e.g. Slack) End Of General Availability of the Free vSphere Hypervisor (ESXi 7.x and 8.x) (2107518) VMware vSphere Hypervisor (free edition) is no longer available on the VMware website As part of the transition of perpetual licensing to new subscription offerings, the VMware vSphere Hypervisor (Free Edition) has been marked as EOGA (End of General Availability). At this time, there is not an equivalent replacement product available. For further details regarding the affected products and this change, we encourage you to review the following blog post: https://blogs.vmware.com/cloud-foundation/2024/01/22/vmware-end-of-availability-of-perpetual-licensing-and-saas-services/ High Priority KBs  End of Life Announcement for the Legacy App Catalog in Workspace ONE UEM for SaaS UEM Customers (95774) We are announcing the End of Life (EOL) for the UEM Legacy Catalog for UEM SaaS customers only at this time. If you are a On-Premises UEM Customer, this notice does not impact you at this time, further communications will follow for timelines on migrating On-Premises UEM Customers to the Intelligent Hub App Catalog. Workspace ONE UEM - Updated requirements for on-premise cumulative patches (94706) The base GA version for current Workspace ONE UEM releases is being revised through updated installers. On-premise customers will need to consume a revised installer for a given major version before any future cumulative patches can be deployed for that major version. These revised installers are required to address compatibility issues with regular cumulative patches. Introducing Workspace ONE (WS1) UEM Next-Gen SaaS VMware is excited to announce that the resource management & tracking improvements, the first major feature-based milestone in the Workspace ONE UEM Modernization Journey, is now available for customer testing. These improvements will be enabled in limited testing environments (CN135) starting on Thursday August 24, 2023. Getting Ready for Android 14 (2023) Getting Ready for Apple Major OS Releases 2023 Recently updated or added KBs (Links)  Removal of Allocation Counts for Volume Purchase Program (VPP) Apps with Workspace ONE (2960978) - expected to land around end of Q2/2024 Silent Hub upgrade failing while in Headless state (96514) End Of General Avalailability of the free vSphere Hypervisor (ESXi 7.x and 8.x) (2107518) Freestyle workflows only at Customer Organization Group or below (96279) Announcing General Availability of VMware Workspace ONE UEM Console 2310 (96527) VMware Best Practices Update – Workspace ONE UEM SaaS SMTP Settings – updated recommendation for customers to transition to DMARC SMTP protocol by March 29th, 2024 (96400) VMware Tunnel Client - Support for Standalone enrollment (88311) Make the most of Freestyle- Best practices and tips (96222) [CRSVC-45792] Android devices on Hub 20.X cannot check into UEM (96365) Licensing for vSphere Desktop 5.5, 6.x, 7.x, and 8.x (2132201) Initializing Cloud Pod Architecture fails with the error "InvalidState: Local LDAP indicates the PodFederation is initialized, but no Global LDAP instance can be found" (2112753) MS Teams Optimization Feature Compatibility Matrix for Horizon 7 and Horizon 8 Recent Releases. (86475) Digital Workspace Techzone, Blog and YouTube Updates  Unlocking 4 new custom widget improvements in Workspace ONE Intelligence Enterprise Strategy Group survey highlights key app delivery and management challenges Unpacking Horizon 8 2312: New features deliver advances in performance, security, operations, and experience 3rd Party Blog Updates & Industry News  vmvirtual.blog: Configure Proxy Server for Horizon for SAML integration cloudworkspace.blog: How to enable the FPS indicator in VMware Horizon February Software Releases System Component Release Announcement Release Date Android Hub 24.01 Release Notes 07.02.24 Android Send 24.01 Release Notes 05.02.24 Android Boxer 24.01 Release Notes 05.02.24 Android Zebra MX Service 6.0 Release Notes 06.02.24 Android SDK 24.01 Release Notes 06.02.24 iOS WebSDK 24.02 Release Notes (Internal) 12.02.24 iOS Hub 24.01 Release Notes 12.02.24 Backend Console Installer 23.10 Release Notes 13.02.24 Patch & Seed Script Updates Week 07-24 OS Updates Seed Script Most recent update: Apple Seed Scripts iOS 17.3.1 (21D61),macOS Sonoma 14.3.1 (23D60) https://resources.workspaceone.com/view/rywydmj6ghb9nmch4ywq/en Last Update: CW07 Seed Script for latest Device Model Information Seed Script to support macOS model - MacBook Pro (14-inch, M3, Nov 2023) - Mac15,3 https://resources.workspaceone.com/view/x8kn6bslt67vwvlgx4ld/en Last update: CW49 Workspace ONE UEM 22.09 Patch Level 22.9.0.45 CRSVC-43327: Increased CPU usage by CiscoISE App pool. AGGL-16159: Android VPN profile shows "Failed to save profile" error when trying to modify the profile or add a version to the profile. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2209/rn/vmware-workspace-one-uem-2209-release-notes/index.html#resolved-issues-22904-patch-resolved-issues Last Update: CW50 Workspace ONE UEM 22.10 Patch level 22.10.0.37 RUGG-12627: Add support for pull relay server discovery with IP as discovery text. CRSVC-42822: Secure Channel - Cannot find the original signer issue. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2210/rn/vmware-workspace-one-uem-2210-release-notes/index.html Last Update: CW47 Workspace ONE UEM 22.12 Patch Level 22.12.0.41 CRSVC-45849: Secure channel failure with Android Intelligent Hub 20.X. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2212/rn/vmware-workspace-one-uem-2212-release-notes/index.html#Resolved%20Issues-22.12.0.04%20Patch%20Resolved%20Issues Last Update: CW07 Workspace ONE UEM 23.02 Patch Level 23.02.0.38 AAPP-16872: Unable to Clear Activation Lock on iOS devices. AAPP-16896 Copying iOS DDUI profile where the context is unknown causes error. AAPP-16897: Correcting the existing profile context data. ARES-27450: Certain macOS devices seen with Windows internal apps assigned. CRSVC-45850: Secure Channel Failure with Workspace ONE Intelligent Hub for Android. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2302/rn/vmware-workspace-one-uem-2302-release-notes/index.html#Resolved%20Issues Last Update: CW06 Workspace ONE UEM 23.06 Patch Level 23.06.0.21 AAPP-16910: Device attribute phone number modified on Wi-Fi iPads with no sim card. AAPP-16937 iOS Mobileconfig upload results in DDUI blank page. FCA-207099: Terms of Use displaying Unicode value when declined. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2306/rn/vmware-workspace-one-uem-2306-release-notes/index.html#Patch%20Resolved%20Issues Last Update: CW07 Workspace ONE UEM 23.10 Patch Level: 23.10.0.4 UM-8426: User group sync select by DN was throwing error. FCA-205246: Terms of use displaying unicode value when declined. CRSVC-42335: Stale DSM override records not being cleaned up due to exception. AAPP-16792: VppSyncAssets API throwing error with VppV2 featureflag enabled. INTEL-56281: Add device Azure registration status support in ETL V1. AAPP-16829: Device attribute phone number modified on WiFi iPads with no SIM card. AAPP-16892: iOS Updates - Eligible device models are blank. AAPP-16682: Unable to view assignment on shared iPad for business for supported profiles. AAPP-16834: VppV2 deviceId changing to null on clicking sync assets after VppV2 migration is completed. AAPP-16633: Unable to delete ABM stale record from the Enrollment lifecycle page. UM-8646: Implement brokerID in Workspace ONE UEM. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2310/rn/vmware-workspace-one-uem-2310-release-notes/index.html#Resolved%20Issues Last Update: CW07