EUC Newsletter - Week 13

Weekly highlight: Workspace ONE UEM Cloud 2402 VMware Workspace ONE UEM Cloud 2402 is available to Shared SaaS customers as of March 26, 2024!   Rollouts to Shared SaaS environments will begin in the coming days. KB Announcement: Announcing SaaS Availability of VMWare Workspace ONE UEM Cloud 2402 (97099) What's New Legacy APIs We are removing legacy Workspace ONE UEM APIs Important: To enhance performance and security, we have improved our Workspace ONE UEM APIs. We are removing legacy APIs that were previously marked for deprecation. To learn more about the End of Life of deprecated Workspace ONE UEM APIs, refer to the KB article here. Android We've deprecated a few Firebase Cloud Messaging (FCM) APIs Workspace ONE UEM uses Firebase Cloud Messaging to communicate with devices. Starting from June 2023, Google announced deprecation of several FCM APIs that are used by Workspace ONE UEM to communicate with Intelligent Hub. For more information, see Android Settings for Workspace ONE Intelligent Hub. VMware Workspace ONE UEM End of Availability for Samsung E-FOTA With the introduction of Samsung Knox E-FOTA One, Samsung firmware updates has moved into a separate console, which is managed by Samsung. If you are using Samsung E-FOTA for MDM in the Workspace ONE UEM console, refer to the Migration Guide, or reach out to Samsung about migrating to Knox E-FOTA One.  Directory Services Overcome random MAC address challenges with Cisco Identity Services Engine (ISE) 3.1+ and Workspace ONE UEM integration End user devices can now securely connect to network resources, even with randomized MAC addresses, by integrating Workspace ONE UEM with Cisco Identity Services Engine (ISE) 3.1+, which we are providing as a limited availability feature. Freestyle Stay informed with the limitations to create Freestyle workflows at customer organization groups or below New workflows can only be created at the customer organization groups or below. The ‘New’ and ‘Import’ buttons are deactivated at the non-qualifying OGs. For additional details, see Freestyle workflows only at Customer Organization Group or below.   iOS We've added a new Restrictions key for third-party app stores We have added a new Restrictions key to allow or block app installation from alternative marketplaces. Control Lost Mode via REST API We have added a new REST API to enable or disable Lost Mode for iOS devices.  macOS Enhance your device safety by turning on Activation Lock protection Workspace ONE UEM provides the option to turn on Activation Lock on devices while you configure your Device Enrollment Program profile.

Upcoming EUC Events Event Link and description Speakers Date EUC TechInsights Recordings https://vmwaretv.vmware.com/channel/EUC+TECH+INSIGHTS/322091202 Sander Noordijk Laurens van Duijn Pim van de Vis - EUC Customer Success Quarterly Webcast Series Next EUC Customer Success Quarterly Webcast Session 1— Windows Modern Management Session 2— Digital Employee Experience https://www.vmware.com/learn/2381400_REG.html Watch our latest webcasts: •Managing, Automating, and Supporting a Frontline Device Fleet •What’s New with Horizon Cloud Service next-gen and Improving VMware Horizon User Experience with Workspace ONE Intelligence •Windows 10 Multi-User Support for UEM & Revolutionize your IT Environment with Freestyle Orchestrator Watch all additional previous webcasts On-Demand here. Cris Lau George Gritten 3/26/2024  TIME: 8:30 AM PT DURATION: 90 Minutes VMware Digital Workspace Virtual Customer Success Roundtable Next VMware Digital Workspace Virtual Customer Success Roundtable Coming Soon! VMUG Watch On-Demand webcasts here. Register for upcoming live webcasts here. Register for Regional VMUG events here. End User Computing Webinars Sign up for upcoming webcasts and watch VMware On-Demand webcasts here.  Release Updates Week 13-24:  Workspace ONE Intelligent Hub for Android 24.02 Bug fixes and app improvements Resolved Issued AAGNT-199215: Intelligent Hub does not handle multiple Find Device commands gracefully AAGNT-198447: Less restrictive restrictions taking precedence over more restrictive one Workspace ONE Tunnel for Android 24.01 New Tunnel Broadcast The Tunnel application will broadcast a message when it is in Ready state. In this state the VPN interface is established, and Tunnel is in Connection Available state. This broadcast message may be used by other applications as an input for their workflows General Availability: Block Private DNS We have noticed that with the recent Android OS updates, the Private DNS setting on the devices is set to ‘Automatic’ by default. This setting encrypts all DNS requests from the device, which may impact DNS requests from applications and destinations that are managed by the Tunnel. VMware EUC Security Advisories:  ---no new VMSA this week--- EUC UX Research Opportunities:  Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions. Interested in giving your opinion and making your voice heard? Check out what’s available! Opportunity #1 EUC Product/Feature: WS1 Intelligence / Workspace One  Topic: Play with a clickable prototype of a new capability where custom alerts would inform Admins when key metrics/attributes change in real time. For example – create a custom alert for when a Dashboard reaches a certain threshold or set a custom alert that would trigger a Freestyle workflow. Opportunity Type: 10-minute usability test via Maze, a user testing tool. It will record your audio and computer screen.  TEST LINK HERE → YOU CAN TAKE THIS IN YOUR OWN TIME! Opportunity #2 EUC Product/Feature: WS1 UEM Topic: Play with a clickable prototype of a vulnerability remediation tool, which Admins can use to manage security concerns and threats for their UEM fleet. Opportunity Type: 45-minute, 1x1 conversation via Zoom. Sign Up Link: HERE Opportunity #3 EUC Product/Feature: WS1 UEM Topic: Get a sneak peak at early wireframes of a new feature for Admins to deploy apps to devices in segments. Opportunity Type: 45-minute, 1x1 conversations via Zoom Sign Up Link: HERE   KB Highlights & Announcements Week 13-24:  Issue with DEM FTA and Default Browser settings post applying Feb24/March24 Monthly windows patches(KB5035845) (97169) The Microsoft Windows Updates for February and March 2024 break the roaming of a user's default browser and .pdf file type association in VMware Dynamic Environment Manager. The roaming of other file-type associations and protocols is not affected. The DEM log file shows the following error messages: [ERROR] Error 5 deleting sub key for default application file type associations item '.pdf' [ERROR] Error 5 deleting sub key for default application protocols item 'http' [ERROR] Error 5 deleting sub key for default application protocols item 'https' The user's default web browser and .pdf file type association are reset to defaults. Currently, there is no resolution. The DEM engineering team is aware of the issue and is working with Microsoft for a permanent fix. Microsoft Store Apps stop working in VDI after applying Microsoft Monthly Patch (KB5034763) (97111) A breaking change in Microsoft KB5020276 broke the flow of booting into OOBE and launching an Encrypted PPKG from the Regional screen for Windows 10 and Windows 11.  Microsoft will not fix this functionality since it was a security related fix.   The Workspace ONE team will fix this functionality in a future release, but a workaround is provided here. Microsoft Store Apps stop working in VDI after applying Microsoft Monthly Patch (KB5034763) (97111) After updating Microsoft Monthly patches(KB5034763) on non-persistent VDIs, the Microsoft Store apps, such as Office 365, Teams, Power BI, etc., stop working. Store apps like Outlook and Teams show the HTTP 404 Error message on Launch. Occurs when the cache is built for the user by Windows 10 patch updates because the apps are unable to load the online authentication component [AAGNT-198447] Least restrictive Android Restrictions take precedence (96686) When multiple Android Restrictions profiles are pushed to a device, Intelligent Hub should apply the most restrictive option for each setting out of the installed Profiles. However, for certain settings in the Android Restrictions profile, the least restrictive value is unexpectedly taking precedence. For the settings below, if two Restrictions profiles are pushed - one with these set to True and the other with these set to False - Intelligent Hub will not force the screen on.  Workspace ONE Dropship Provisioning Online Agent is failing with HTTP Transport Error (97071) The Dropship Online Provisioning Agent is currently returning HTTP transport errors for all released versions when establishing a connection with the Online Provisioning Service (OPS).  This is preventing devices from being provisioned in Dropship Online.   The error when looking in the Event Viewer | Applications and Services Logs | AirwatchProvisioning-Agent  "An HTTP transport occurred while attempting to communicate with DiscoveryService::SendRequestAndReceiveResponse 'https://awtrust-dropship-provisioning.awmdm.com/oemprovisioning/v1/devices/provisioning'. Unknown HResult Error code:0x 80072f8f" A new version of the Provisioning Agent is being worked on and will be ready soon.  It will be placed on the download sites as well as the auto-update servers. This KB will be updated as well with the download link. Please subscribe to this page to receive updated information. High Priority KBs:  End of Life Announcement for the Legacy App Catalog in Workspace ONE UEM for SaaS UEM Customers (95774) We are announcing the End of Life (EOL) for the UEM Legacy Catalog for UEM SaaS customers only at this time. If you are a On-Premises UEM Customer, this notice does not impact you at this time, further communications will follow for timelines on migrating On-Premises UEM Customers to the Intelligent Hub App Catalog. Workspace ONE UEM - Updated requirements for on-premise cumulative patches (94706) The base GA version for current Workspace ONE UEM releases is being revised through updated installers. On-premise customers will need to consume a revised installer for a given major version before any future cumulative patches can be deployed for that major version. These revised installers are required to address compatibility issues with regular cumulative patches. Introducing Workspace ONE (WS1) UEM Next-Gen SaaS VMware is excited to announce that the resource management & tracking improvements, the first major feature-based milestone in the Workspace ONE UEM Modernization Journey, is now available for customer testing. These improvements will be enabled in limited testing environments (CN135) starting on Thursday August 24, 2023. Getting Ready for Android 14 (2023) Getting Ready for Apple Major OS Releases 2023 Recently updated or added KBs (Links)  Workspace ONE Intelligent Hub is Here! (2960152) WS1 UEM Console Release and End of General Support Matrix (2960922) Announcing SaaS Availability of VMWare Workspace ONE UEM Cloud 2402 (97099) Workspace ONE Dropship Provisioning Online Agent is failing with HTTP Transport Error (97071) Mware Tunnel Client - Support for Standalone enrollment (88311) [AAGNT-198447] Least restrictive Android Restrictions take precedence (96686) Workspace ONE UEM - Encrypted PPKG installation flow through Windows OOBE Broken (97119) Horizon View Best Practices: Event Database (96864) Add exceptions for Android Internal and System Apps via WS1 (78590) How to update personal information in Cloud Services Platform (CSP) (2151068) New Microsoft Teams on Horizon VDI - Known Issues and resolutions (95838) Microsoft Store Apps stop working in VDI after applying Microsoft Monthly Patch (KB5034763) (97111) USB device is unexpectedly treated as though redirected under Storage Device Redirection (SDR) (97012) X server fails to start on Linux VM's in VMware Horizon (81704) Update Sequence for VMware vSphere 8.0 and Compatible VMware Products (89745) Digital Workspace Techzone, Blog and YouTube Updates  Sending Zoom Team Chat Messages using Freestyle in Workspace ONE Intelligence Beware of CryptoChameleon, the new phishing threat that uses social engineering to trick victims Demo: Horizon Web Client for End Users Demo: Using the Guided Root Cause Analysis Tool in Workspace ONE Experience Management Introducing Horizon Cloud Entitlement On-Ramp - New feature for Horizon Alert Me: new Tech Zone notification feature Enabling Workspace ONE Intelligence Managing Activation Lock on macOS Devices in Workspace ONE UEM Blocking Alternative App Marketplaces on iOS Devices with Workspace ONE UEM Using the New Lost Mode API on iOS Devices in Workspace ONE UEM Integrating Workspace ONE UEM and Cisco ISE v3.1 and beyond Empowering Self-Service: Harnessing Intelligent Hub Actions for Seamless User Experiences Measure content engagement and compliance: Workspace ONE Content integration with Intelligence Introducing enhanced integration between Cisco ISE and Workspace ONE Unified Endpoint Management New management capabilities now available for macOS Activation Lock in Workspace ONE 3rd Party Blog Updates & Industry News  EvenGooder: Let's Shoot Some Trouble! UAG Troubleshooter Microsoft Tech Accelerator: Microsoft Entra Internet Access: Unify Security Service Edge with Identity and Access Management   March Software Releases    System Component Release Announcement Release Date Android Boxer 24.02 Release Notes 04.03.24 Android Content 24.02 Release Notes 19.03.24 Android Hub 24.02 Release Notes staged macOS macOS Tunnel 24.01 Release Notes 21.03.24 Android Tunnel 24.01 Release Notes 26.03.24 Backend WS1 UEM Cloud 24.02 Release Notes 26.03.24 Android Hub 24.02 Release Notes 27.03.24   Patch & Seed Script Updates Week 13-24  OS Updates Seed Script Most recent update: iOS 17.4.1 (21E236), iOS 16.7.7 (20H330) https://resources.workspaceone.com/view/rywydmj6ghb9nmch4ywq/en Last Update: CW13 Seed Script for latest Device Model Information Seed Script for latest Device Model Information Seed Script to support new MacBook Air M3 model Mac15,2 models https://resources.workspaceone.com/view/x8kn6bslt67vwvlgx4ld/en Last update: CW11   Workspace ONE UEM 22.12 Patch Level 22.12.0.44 ARES-28093: Unable to view the XML file of specific iOS profiles if option to sign certificate is enabled https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2212/rn/vmware-workspace-one-uem-2212-release-notes/index.html#Resolved%20Issues-22.12.0.04%20Patch%20Resolved%20Issues Last Update: CW13   Workspace ONE UEM 23.02 Patch Level 23.02.0.41 CMSVC-17611                Inconsistence the device tag data upon re-enrollment CMEM-187009                Optimize Stored Procedure to avoid intermittent timeout CMCM-190931               Increase the maximum page size for managed content ds endpoint AMST-40590    Seeding - latest SFD 23.02 build to UEM 2306 and 2302 consoles AAPP-16995    Device Attribute Phone Number Modified on Wi-Fi iPads with no sim card https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2302/rn/vmware-workspace-one-uem-2302-release-notes/index.html#Resolved%20Issues Last Update: CW10   Workspace ONE UEM 23.06 Patch Level 23.06.0.26 CRSVC-47170: Update EJBCA integration to accommodate breaking change in EJBC 8.0 and above. AMST-40836: Drop ship device registration allows the same serial number registration from parent and child OG. CMSVC-17684: Renewal of macOS CLI enrollment triggers 'RemoveApplication' process. UM-8791: The “Organization Group” tab in the Administrator account was removed on the new DDUI from version 2210 onwards. AMST-40886: Windows SAL sampling improvements. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2306/rn/vmware-workspace-one-uem-2306-release-notes/index.html#Patch%20Resolved%20Issues Last Update: CW13   Workspace ONE UEM 23.10 Patch Level: 23.10.0.9 CRSVC-46849: Update EJBCA integration to accommodate breaking change in EJBC 8.0 and above. AMST-40526: Drop Ship - Device registration allows the same serial number registration from parent and child OG. CMSVC-17671: SmartGroupSearch - V2 intermittent failure due internal server error. AAPP-17074: On demand VPP assignments are installing on devices automatically. AMST-40687: Unable to save profile with two certificates, error: Save Failed. Invalid Certificate. AMST-39272: Windows SAL sampling improvements. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2310/rn/vmware-workspace-one-uem-2310-release-notes/index.html#Resolved%20Issues Last Update: CW13 Workspace ONE UEM 24.02 Patch Level: 24.2.0.0 Initial Release to Cloud https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2402/rn/vmware-workspace-one-uem-2402-release-notes/index.html Last Update: CW13