EUC Newsletter - Week 7

Weekly highlight:

Workspace ONE UEM 2310 GA

  • Would you like to check the Device Registration Status for Conditional Access? We report that in Device Details page.
    You can now refer Device Details page on the console to check if the registration was successful and plan further actions such as pushing the desired apps to the devices. Check out Azure conditional access and Google's context aware access information in Device Details. For more information, see Other Integrations with Directory Services.
  • Rugged
    We've now enabled Agent or Hub Upgrade File-Action upload in partner type OGs too.
    Prior to this feature, you could upload Workspace ONE Intelligent Hub Packages only in Global and Customer organization group types. But now, you can upload an AirWatch MDM Agent (also known as Workspace ONE Intelligent Hub) to a partner type organization group. For more information, see Upload a Workspace ONE Intelligent Hub APF File, Upgrade File-Action.
  • Android
    Compromised Device Detection with Play Integrity API.
    Workspace ONE UEM can use Play Integrity API to obtain further information about an Android device’s integrity and determine if the device is compromised. Play Integrity API replaces Google’s SafetyNet Attestation API. It works together with the compromised device detection capabilities in Workspace ONE SDK to better protect endpoints and protected resources.
  • iOS
    Deploying iOS profiles is now easier and faster with the new data-driven user interface.
    We have completed the rollout of our new Data-Driven User Interface (DDUI) user experience for iOS profiles. This functionality will now be enabled by default starting with Workspace ONE UEM 2310.
    We've a new iOS 17 Restriction profile key.
    We have implemented the new “Allow iPhone Widgets on Mac” Restriction profile key that was introduced with iOS 17. This key can be used to prevent iPhone widgets on a Mac that have signed into the same Apple ID for iCloud.
  • macOS
    We’ve enhanced macOS profiles.
    We have added new configuration profile payload keys introduced in macOS 14 Sonoma to the Workspace ONE Console UI. Newly supported keys can be found in the payloads listed below. For more information, see macOS Device Profiles.
    • Restrictions
    • SSO Extension
    • Disk Encryption
    • Passcode
    • DNS Settings
  • Linux
    We’ve introduced new device commands.
    Workspace ONE UEM now supports Device Reboot, Device Lock, and Full Device Wipe commands for Linux endpoints. IT administrators can now have a little more control, and in the case of Device Wipe, there are additional security controls for devices.
    Experience the new Data-driven UI for profiles.
    Like other platforms UEM supports, Linux has migrated to the new DDUI framework for profiles. Although functionality is identical, the UI has changed and provides a mechanism to add new profile features at a more rapid pace.
  • Windows
    Software Distribution(SFD) now downloads links on-demand.
    We've enhanced the way SFD manages downloads. When the download URL link you received through an earlier install command expires, you are no longer required to resend an application install command to get a new download link. Now, on a need-basis, the Software Distribution (SFD) can send a request to the Workspace ONE UEM server for a new download link.
    Check out Device Updates to monitor windows updates progress.
    We have improved device updates reporting. With this limited availability feature, you can filter or search Windows devices with different versions in the organization group or child organization. You can easily go through the Device or Update Overview to see if the latest quality updates have been delivered to each device and take further action. For more information, see Resources - Device Updates.
    Track Workflow Status in Provisioning Tool
    You can now detect and track the status of Freestyle Workflows through Provisioning Tool. Each workflow will be tracked in the UI and the system will not complete processing (Green Screen) until all the workflows are complete.
    Check out more new Windows Security Baseline templates
    We have added new templates for creating CIS Windows Benchmarks. Both Windows 10 22H2, and Windows 11 22H2 were added. For more information, see Creating Baselines with a Template.
  • Freestyle
    Quick and easy profile and app removal for Windows devices.
    You can now create a workflow for one-time removal of an application and/or profile from a device. After the workflow is deployed on the device, the app or profile is uninstalled successfully.
    Explore the new Freestyle templates.
    Workspace ONE UEM Freestyle templates are now available in Workspace ONE Cloud Marketplace. Utilize these templates to get started with the most common use cases.
    Documentation and Links:
  • Release Notes
  • Download Link

Upcoming EUC Events

Release Updates Week 07-24

New Apple Builds Are Now Available

  • iOS and iPadOS 17.4 Beta 3 (21E5200d)
  • macOS 14.4 Sonoma Beta 3 (23E5196e)
  • tvOS 17.4 Beta 3 (21L5212d)
  • watchOS 10.4 Beta 3 (21T5202e)
  • visionOS 1.1 Beta 2 (21O5188c)

Workspace ONE Intelligent Hub for iOS 24.01

  • This release of Intelligent Hub for iOS includes bug fixes to enhance your Hub experience.
  • Resolved Issues
    • HUBI-10720: Branding fixes for Bookmarks and TOTP account forms

VMware Workspace ONE Secure Email Gateway 2.29.0

  • Support for TLS 1.3 in FIPS mode
    • SEG 2.16 and later already support TLS 1.3 in non-FIPS mode.

Workspace ONE Intelligent Hub for macOS 24.01

  • Third Party Integrations: Upgrade Firebase, Alamofire, MSAL, EULA
  • EULA updates - A new version of the VMware General Terms has been added.
  • The following Hub Health attributes are added:
    • Time of last Hub-targeted WS1 command
    • Is Hub on latest seeded version?
    • Version of Workflow Engine installed

VMware EUC Security Advisories:

--- no new EUC VMSA ---

EUC UX Research Opportunities  

  • Our goal is to gather insight into user behaviorsmotivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
  • Interested in giving your opinion and making your voice heard? Check out what’s available!
  • Bonus: We give swag to Customers who participate (smile) 

Opportunity #1

  • EUC Product/Feature: WS1 UEM
  • Topic: Get a sneak peak at early wireframes of new designs for App Deployment and Security tools, including Vulnerability Management shared at Explore 2023!
  • Opportunity Type: Variety of 60-minute, 1x1 conversations and focus groups via Zoom.
  • Sign Up Link: HERE

Opportunity #2

  • EUC Product/Feature: WS1 UEM, Horizon, and Intelligence
  • Topic: How AI can work alongside you as you’re getting onboarded to WS1 or while you’re using it daily? For example, what if it could help you create a new cert authenticated Wi-Fi policy, query, or widgetWhat if you could ask it to show you the number of new enrollments in your deployment? 
  • Opportunity Type: Variety of 60-minute, 1x1 conversations and focus groups via Zoom.
  • Sign Up Link: HERE

Opportunity #3

  • EUC Product/Feature: Experience Mgmt (DEEM/DEX)
  • Topic: EUC Design is making a variety of changes to DEX and wants to hear your opinion about whether it’s going in the right direction! Some changes include enhancing ROI visibility and expediting issue resolution. Get a sneak peak at early wireframes of these new tools.
  • Opportunity Type: Variety of 60-minute, 1x1 conversations and focus groups via Zoom.
  • Sign Up Link: HERE

KB Highlights & Announcements Week 07-24:

Silent Hub upgrade failing while in Headless state (96514)

  • Some users may experience an issue where the automatic update for the macOS Intelligent Hub software does not complete successfully when their device is not actively in use or is logged out.
  • Steps to Reproduce:
    • Ensure your device is enrolled in an environment where a higher version Intelligent Hub version is available for update.
    • Schedule the update for the Intelligent Hub to a time in the near future.
    • Log out from your user account and leave the device without any activity.

Make the most of Freestyle- Best practices and tips (96222)

  • For optimum utilization of Freestyle workflows, we suggest some best practices that you can follow:
    Freestyle in UEM
    1. The best use of workflows is for use-cases that need sequencing multiple actions or targeting devices granularly. For simple deployment of resources, continue to use direct app/profile/script deployment.
    Note: Avoid having overlap smart group assignments for workflows and direct app/profile/script deployment.
    2. When trying to reduce overall workflow execution time, adjust workflow settings to minimize timeouts & Retry intervals for workflow steps. It's a good idea to set these retry intervals to 0 when testing a workflow for the first time.
    If you further want to cater these settings to the specific resource (available for Apps & profiles for Windows, Apps for Mac), you do have an option on the step level to edit these settings. 

Freestyle workflows only at Customer Organization Group or below (96279)

  • Currently, Freestyle Orchestrator exists in both UEM and Intelligence. While they are functionally similar in their ability to orchestrate a sequence of actions, each covers unique use cases.
  • The long-term goal for Freestyle is to offer a unified platform for all automation across EUC. To accomplish this, we are combining the capabilities of Freestyle in UEM and Freestyle in Intelligence. As a result of the Unified Orchestrator project, the Freestyle UI will no longer be present in Workspace ONE UEM, and existing workflows will be migrated over to Freestyle in Intelligence. This will allow admins to create workflows that leverage both UEM and Intelligence core competencies like:
    • On-device condition evaluation and action execution
    • Desired state management
    • Acting on data from the Intelligence Data Platform, DEEM, DEX, etc.
    • Sending actions to Workspace ONE services (e.g. Intelligent Hub) and 3rd party services (e.g. Slack)

End Of General Availability of the Free vSphere Hypervisor (ESXi 7.x and 8.x) (2107518)

High Priority KBs 

Recently updated or added KBs (Links) 

Digital Workspace Techzone, Blog and YouTube Updates 

3rd Party Blog Updates & Industry News 

February Software Releases

SystemComponentReleaseAnnouncementRelease Date
AndroidHub24.01Release Notes07.02.24
AndroidSend24.01Release Notes05.02.24
AndroidBoxer24.01Release Notes05.02.24
AndroidZebra MX Service6.0Release Notes06.02.24
AndroidSDK24.01Release Notes06.02.24
iOSWebSDK24.02Release Notes (Internal)12.02.24
iOSHub24.01Release Notes12.02.24
BackendConsole Installer23.10Release Notes13.02.24

Patch & Seed Script Updates Week 07-24

  • Workspace ONE UEM 23.10
    • Patch Level:
    • UM-8426: User group sync select by DN was throwing error.

    • FCA-205246: Terms of use displaying unicode value when declined.

    • CRSVC-42335: Stale DSM override records not being cleaned up due to exception.

    • AAPP-16792: VppSyncAssets API throwing error with VppV2 featureflag enabled.

    • INTEL-56281: Add device Azure registration status support in ETL V1.

    • AAPP-16829: Device attribute phone number modified on WiFi iPads with no SIM card.

    • AAPP-16892: iOS Updates - Eligible device models are blank.

    • AAPP-16682: Unable to view assignment on shared iPad for business for supported profiles.

    • AAPP-16834: VppV2 deviceId changing to null on clicking sync assets after VppV2 migration is completed.

    • AAPP-16633: Unable to delete ABM stale record from the Enrollment lifecycle page.

    • UM-8646: Implement brokerID in Workspace ONE UEM.

    • Last Update: CW07