EUC Newsletter - Week 12

Release Updates Week 12-24:  Workspace ONE Content for Android 24.02 Bug Fixes and general improvements. Workspace ONE Intelligent Hub for Android 24.02 (staged) Bug fixes and app improvements AAGNT-199215: Intelligent Hub does not handle multiple Find Device commands gracefully AAGNT-198447: Less restrictive restrictions taking precedence over more restrictive one Workspace ONE Tunnel for Android 24.01 (staged) In this release, we have made a few updates containing general quality and performance improvements with the following new features: New Tunnel Broadcast The Tunnel application will broadcast a message when it is in Ready state. In this state the VPN interface is established, and Tunnel is in Connection Available state.  This broadcast message may be used by other applications as an input for their workflows. To make use of this broadcast, ensure your application is registered to the following broadcast receiver: com.airwatch.tunnel.VPN_ACTIVE General Availability: Block Private DNS We have noticed that with the recent Android OS updates, the Private DNS setting on the devices is set to ‘Automatic’ by default.  This setting encrypts all DNS requests from the device, which may impact DNS requests from applications and destinations that are managed by the Tunnel. This release introduces a Managed Configuration (KVP) to manage Private DNS in the Work container. BlockPrivateDNS | Type: Boolean | Default Value: False Set this value to True to block Private DNS over port 853. The Android OS should default back to regular DNS over port 53. Note: Regardless of the Private DNS settings, DNS destined for your internal DNS is always encrypted by the Tunnel.  Workspace ONE Tunnel for macOS 24.01 Introducing Full-Device Tunnel mode for the macOS Tunnel client on MDM enrolled devices. This is in addition to existing support for Full Device Tunnel mode for Standalone enrollment. Refer to “How to configure the macOS Tunnel MDM VPN Profile for Full-Device Tunnel mode” for setup instructions. Note: This 24.01 macOS Tunnel application delivered through the Workspace ONE Resources Portal supports Full Device Tunnel mode for MDM and Standalone enrollment.  This is an update to the 23.01 macOS Tunnel client that supports Standalone enrollment only. Continue using the 22.04.3 macOS Tunnel client delivered through the App Store for all MDM Per-App Tunnel mode workflows.  22.04.3 macOS Client is available on the App Store as of today, March 21, 2024. Workspace ONE Dropship Provisioning Agent and Tool Updated bundle for Dropship Online that includes the new 3.2 Provisioning Agent and the 3.4 Version of the Provisioning Tool VMware EUC Security Advisories: ---no new VMSA this week--- EUC UX Research Opportunities   Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions. Interested in giving your opinion and making your voice heard? Check out what’s available! Opportunity #1 EUC Product/Feature: WS1 Intelligence Topic: Play with a clickable prototype of a new capability where custom alerts would inform Admins when key metrics/attributes change in real time.  For example – create a custom alert for when a Dashboard reaches a certain threshold or set a custom alert that would trigger a Freestyle workflow. Opportunity Type: 45-minute, 1x1 conversations via Zoom or a 10-minute usability test via Userzoom (which you can do in your own time). Sign Up Link: HERE Opportunity #2 EUC Product/Feature: WS1 UEM Topic: Get a sneak peak at early wireframes of new designs for adding applications from the Enterprise App Repository flow. Opportunity Type: 45-minute, 1x1 conversations via Zoom Sign Up Link: HERE KB Highlights & Announcements Week 12-24: Limited Availability: Workspace ONE Intelligence Data Explorer Data Explorer, released with limited availability, allows you to quickly and easily explore your data within Workspace ONE Intelligence.  Use this feature if you’re not familiar with the Intelligence data structure, don’t know where to begin, or are just looking for quick answers to commonly asked queries. The Data Explorer provides support for all data sources and fields. Workspace ONE Dropship Provisioning Online Agent is failing with HTTP Transport Error (97071) The Dropship Online Provisioning Agent is currently returning HTTP transport errors for all released versions when establishing a connection with the Online Provisioning Service (OPS).   This is preventing devices from being provisioned in Dropship Online.  The error when looking in the Event Viewer | Applications and Services Logs | AirwatchProvisioning-Agent  "An HTTP transport occurred while attempting to communicate with DiscoveryService::SendRequestAndReceiveResponse 'https://awtrust-dropship-provisioning.awmdm.com/oemprovisioning/v1/devices/provisioning'. Unknown HResult Error code:0x 80072f8f" A new version of the Provisioning Agent is being worked on and will be ready soon.  It will be placed on the download sites as well as the auto-update servers.  This KB will be updated as well with the download link. Please subscribe to this page to receive updated information. How to configure the macOS Tunnel MDM Profile for Full-Device Tunnel mode. (97056) Starting with the WS1 macOS Tunnel client 24.01, we are excited to introduce Full Device Tunnel mode on MDM enrolled devices. The following documentation will guide you through the set up of macOS Tunnel MDM Profile for Full Device Tunnel mode.  Legacy Multiuser enrolled devices are not supported in Multiuser with Modern Stack (96808) Legacy Multiuser (aka Phase One) was built on the legacy Workspace ONE architecture (SQL database).   As Workspace ONE transitions to a cloud first, microservice architecture, certain devices must be cleaned up in order to enable the modern stack. Devices enrolled using the Legacy Multiuser enrollment flow are not compatible with the new modern stack architecture.   If a Legacy Multiuser user device is enrolled and modern stack is enabled, the following issues will occur:  Device List View will not load Device details page will not load Unable to add/edit/delete scripts and sensors High Priority KBs  End of Life Announcement for the Legacy App Catalog in Workspace ONE UEM for SaaS UEM Customers (95774) We are announcing the End of Life (EOL) for the UEM Legacy Catalog for UEM SaaS customers only at this time.  If you are a On-Premises UEM Customer, this notice does not impact you at this time, further communications will follow for timelines on migrating On-Premises UEM Customers to the Intelligent Hub App Catalog. Workspace ONE UEM - Updated requirements for on-premise cumulative patches (94706) The base GA version for current Workspace ONE UEM releases is being revised through updated installers.  On-premise customers will need to consume a revised installer for a given major version before any future cumulative patches can be deployed for that major version.  These revised installers are required to address compatibility issues with regular cumulative patches. Introducing Workspace ONE (WS1) UEM Next-Gen SaaS VMware is excited to announce that the resource management & tracking improvements, the first major feature-based milestone in the Workspace ONE UEM Modernization Journey, is now available for customer testing.  These improvements will be enabled in limited testing environments (CN135) starting on Thursday August 24, 2023. Getting Ready for Android 14 (2023) Getting Ready for Apple Major OS Releases 2023 Recently updated or added KBs (Links)  Security Vulnerability: CVE-2017-5753, CVE-2017-5715 (Spectre), and CVE-2017-5754 (Meltdown) (2960568) Security Vulnerability: Public Disclosure – September 27 2018 (CVE-2018-6979) (2961698) VMware response to ‘L1 Terminal Fault’ (L1TF) Speculative-Execution vulnerabilities in Intel processors for VMware SaaS offerings: CVE-2018-3646 and CVE-2018-3620 (55808) VMware Best Practices Update – Workspace ONE UEM SaaS SMTP Settings – updated recommendation for customers to transition to DMARC SMTP protocol by March 29th, 2024 (96400) Workspace ONE Dropship Provisioning Online Agent is failing with HTTP Transport Error (97071) How to configure the macOS Tunnel MDM Profile for Full-Device Tunnel mode. (97056) Workspace ONE Assist Audit logs (96993) Legacy Multiuser enrolled devices are not supported in Multiuser with Modern Stack (96808) Send Ctrl+Alt+Del doesn't work after connecting to desktop with RDP protocol with 5.x client (76879) Information on Horizon 8 Extended Service Branch (ESB) including App Volumes and Dynamic Environment Manager (86477) VMware Horizon Guidelines for Nested Mode in Horizon 8 (80509) "Unable to process your request. Please try again" message appears when you select Certificate Management in Horizon Console (96372) Windows 10 Start menu, Search, Store Apps does not work to mouse clicks on linked-clone VDI with persistent disk (54877) Renew Kubernetes cluster certificates on Horizon 8 Edge Gateway (96275) Digital Workspace Techzone, Blog and YouTube Updates  Intelligence for Horizon - Powered by Workspace ONE Introducing Workspace ONE UEM Windows Multi-User Measure content engagement and compliance: Workspace ONE Content integration with Intelligence ViVE 2024: Why healthcare interoperability is key, and how we’re championing it Power Management on Horizon Cloud Service – next-gen Patch & Seed Script Updates Week 12-24 OS Updates Seed Script Most recent update: Apple Seed Scripts macOS Monterey 12.7.4 - 21H1123 , macOS Ventura 13.6.5 - 22G621 https://resources.workspaceone.com/view/rywydmj6ghb9nmch4ywq/en Last Update: CW11 Seed Script for latest Device Model Information Seed Script for latest Device Model Information Seed Script to support new MacBook Air M3 model Mac15,2 models https://resources.workspaceone.com/view/x8kn6bslt67vwvlgx4ld/en Last update: CW11 Workspace ONE UEM 22.09 Patch Level 22.9.0.45 CRSVC-43327: Increased CPU usage by CiscoISE App pool. AGGL-16159: Android VPN profile shows "Failed to save profile" error when trying to modify the profile or add a version to the profile. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2209/rn/vmware-workspace-one-uem-2209-release-notes/index.html#resolved-issues-22904-patch-resolved-issues Last Update: CW50 Workspace ONE UEM 22.10 Patch level 22.10.0.38 AAPP-16888: AWCP - Provisioning portal certificate signing request plist generation issue. CRSVC-44195: Correlation-ID header is missing from the Device State Migration tool to DST service. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2210/rn/vmware-workspace-one-uem-2210-release-notes/index.html Last Update: CW09 Workspace ONE UEM 22.12 Patch Level 22.12.0.43 AAPP-16989: App icons for some internal iOS apps are not displayed in UEM Console and Hub catalog. CRSVC-44196: Correlation ID header is missing from the Device State Migration tool to DST service. PPAT-16319: Issues with Tunnel certificate rotation. AAPP-16420: When CNS is configured for APNs, non-silent APNs is sent by manual Hub Query from UEM instead of silent APNs. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2212/rn/vmware-workspace-one-uem-2212-release-notes/index.html#Resolved%20Issues-22.12.0.04%20Patch%20Resolved%20Issues Last Update: CW09 Workspace ONE UEM 23.02 Patch Level 23.02.0.41 CMSVC-17611                Inconsistence the device tag data upon re-enrollment CMEM-187009                Optimize Stored Procedure to avoid intermittent timeout CMCM-190931               Increase the maximum page size for managed content ds endpoint AMST-40590    Seeding - latest SFD 23.02 build to UEM 2306 and 2302 consoles AAPP-16995    Device Attribute Phone Number Modified on Wi-Fi iPads with no sim card https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2302/rn/vmware-workspace-one-uem-2302-release-notes/index.html#Resolved%20Issues Last Update: CW10 Workspace ONE UEM 23.06 Patch Level 23.06.0.25 CRSVC-47214: API call invoked commands associated to an unknown admin account. CRSVC-47167: Object reference not set to an instance of an object error if SAN is not configured. ARES-28274: Prevent deletion of blob if it is connected to a resource. ARES-28152: Unable to add Dell command update v5.1.0 from EAR. ARES-28091: Unable to view the XML file of specific iOS profiles if option to sign certificate is enabled. ARES-28054: Web links report is empty. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2306/rn/vmware-workspace-one-uem-2306-release-notes/index.html#Patch%20Resolved%20Issues Last Update: CW12 Workspace ONE UEM 23.10 Patch Level: 23.10.0.8 MACOS-4345 Cannot Save any modified or new System extension macOS profiles CRSVC-47356                 Bulk SMS fails when notifying over 500 devices CRSVC-47215                 API Call Invoked Commands Associated to Unknown Admin Account CRSVC-47168                 Object reference not set to an instance of an object error if SAN is not configured CMSVC-17685                MacOS CLI based re-enrollment flow triggers remove application for the device ARES-28271    MacOS Credential Profile doesn't save Identity Preference and Certificate Preference Correctly in DDUI ARES-28153    Unable to add Dell Command Update v5.1.0 from EAR ARES-28090    Unable to view the XML file of specific iOS profiles if option to sign certificate is enabled. ARES-28067    Total Assigned Devices in Preview of profile assignment page does not work properly. ARES-28060    Database error while hitting the Devices Tab to check the devices assigned details on an app ARES-28055    Web links report is empty ARES-27075    Rule action isn't reflecting on the autocomplete field type (default) AMST-40821    Seeding - latest SFD 23.10 build to UEM 2310/2402/master releases https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2310/rn/vmware-workspace-one-uem-2310-release-notes/index.html#Resolved%20Issues Last Update: CW12