EUC Newsletter - Week 13

Weekly highlight:

Workspace ONE UEM Cloud 2402

  • VMware Workspace ONE UEM Cloud 2402 is available to Shared SaaS customers as of March 26, 2024!   Rollouts to Shared SaaS environments will begin in the coming days.
  • KB Announcement: Announcing SaaS Availability of VMWare Workspace ONE UEM Cloud 2402 (97099)
  • What's New
    • Legacy APIs
      We are removing legacy Workspace ONE UEM APIs
      To enhance performance and security, we have improved our Workspace ONE UEM APIs. We are removing legacy APIs that were previously marked for deprecation. To learn more about the End of Life of deprecated Workspace ONE UEM APIs, refer to the KB article here.
    • Android
      We've deprecated a few Firebase Cloud Messaging (FCM) APIs
      Workspace ONE UEM uses Firebase Cloud Messaging to communicate with devices. Starting from June 2023, Google announced deprecation of several FCM APIs that are used by Workspace ONE UEM to communicate with Intelligent Hub. For more information, see Android Settings for Workspace ONE Intelligent Hub.
    • VMware Workspace ONE UEM End of Availability for Samsung E-FOTA
      With the introduction of Samsung Knox E-FOTA One, Samsung firmware updates has moved into a separate console, which is managed by Samsung. If you are using Samsung E-FOTA for MDM in the Workspace ONE UEM console, refer to the Migration Guide, or reach out to Samsung about migrating to Knox E-FOTA One. 
    • Directory Services
      Overcome random MAC address challenges with Cisco Identity Services Engine (ISE) 3.1+ and Workspace ONE UEM integration
      End user devices can now securely connect to network resources, even with randomized MAC addresses, by integrating Workspace ONE UEM with Cisco Identity Services Engine (ISE) 3.1+, which we are providing as a limited availability feature.
    • Freestyle
      Stay informed with the limitations to create Freestyle workflows at customer organization groups or below
      New workflows can only be created at the customer organization groups or below. The ‘New’ and ‘Import’ buttons are deactivated at the non-qualifying OGs. For additional details, see Freestyle workflows only at Customer Organization Group or below.  
    • iOS
      We've added a new Restrictions key for third-party app stores
      We have added a new Restrictions key to allow or block app installation from alternative marketplaces.
    • Control Lost Mode via REST API
      We have added a new REST API to enable or disable Lost Mode for iOS devices. 
    • macOS
      Enhance your device safety by turning on Activation Lock protection
      Workspace ONE UEM provides the option to turn on Activation Lock on devices while you configure your Device Enrollment Program profile.

Upcoming EUC Events


Link and description



EUC TechInsights Recordings

Sander Noordijk

Laurens van Duijn

Pim van de Vis


EUC Customer Success Quarterly Webcast Series

Next EUC Customer Success Quarterly Webcast

Session 1— Windows Modern Management

Session 2— Digital Employee Experience

Watch our latest webcasts:
Managing, Automating, and Supporting a Frontline Device Fleet
What’s New with Horizon Cloud Service next-gen and Improving VMware Horizon User Experience with Workspace ONE Intelligence
Windows 10 Multi-User Support for UEM & Revolutionize your IT Environment with Freestyle Orchestrator

Watch all additional previous webcasts On-Demand here.

Cris Lau

George Gritten


TIME: 8:30 AM PT

DURATION: 90 Minutes

VMware Digital Workspace Virtual Customer Success Roundtable

Next VMware Digital Workspace Virtual Customer Success Roundtable Coming Soon!


Watch On-Demand webcasts here.

Register for upcoming live webcasts here.

Register for Regional VMUG events here.

End User Computing Webinars

Sign up for upcoming webcasts and watch VMware On-Demand webcasts here

Release Updates Week 13-24: 

Workspace ONE Intelligent Hub for Android 24.02

  • Bug fixes and app improvements
  • Resolved Issued
    • AAGNT-199215: Intelligent Hub does not handle multiple Find Device commands gracefully
    • AAGNT-198447: Less restrictive restrictions taking precedence over more restrictive one

Workspace ONE Tunnel for Android 24.01

  • New Tunnel Broadcast
    The Tunnel application will broadcast a message when it is in Ready state. In this state the VPN interface is established, and Tunnel is in Connection Available state. This broadcast message may be used by other applications as an input for their workflows
  • General Availability: Block Private DNS
    We have noticed that with the recent Android OS updates, the Private DNS setting on the devices is set to ‘Automatic’ by default. This setting encrypts all DNS requests from the device, which may impact DNS requests from applications and destinations that are managed by the Tunnel.

VMware EUC Security Advisories: 

---no new VMSA this week---

EUC UX Research Opportunities: 

  • Our goal is to gather insight into user behaviorsmotivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
  • Interested in giving your opinion and making your voice heard? Check out what’s available!

Opportunity #1

  • EUC Product/Feature: WS1 Intelligence / Workspace One 

  • Topic: Play with a clickable prototype of a new capability where custom alerts would inform Admins when key metrics/attributes change in real time. For example – create a custom alert for when a Dashboard reaches a certain threshold or set a custom alert that would trigger a Freestyle workflow.

  • Opportunity Type: 10-minute usability test via Maze, a user testing tool. It will record your audio and computer screen. 

Opportunity #2

  • EUC Product/Feature: WS1 UEM
  • Topic: Play with a clickable prototype of a vulnerability remediation tool, which Admins can use to manage security concerns and threats for their UEM fleet.
  • Opportunity Type: 45-minute, 1x1 conversation via Zoom.
  • Sign Up Link: HERE

Opportunity #3

  • EUC Product/Feature: WS1 UEM
  • Topic: Get a sneak peak at early wireframes of a new feature for Admins to deploy apps to devices in segments.
  • Opportunity Type: 45-minute, 1x1 conversations via Zoom
  • Sign Up Link: HERE


KB Highlights & Announcements Week 13-24: 

Issue with DEM FTA and Default Browser settings post applying Feb24/March24 Monthly windows patches(KB5035845) (97169)

  • The Microsoft Windows Updates for February and March 2024 break the roaming of a user's default browser and .pdf file type association in VMware Dynamic Environment Manager. The roaming of other file-type associations and protocols is not affected.
  • The DEM log file shows the following error messages:
    [ERROR] Error 5 deleting sub key for default application file type associations item '.pdf'
    [ERROR] Error 5 deleting sub key for default application protocols item 'http'
    [ERROR] Error 5 deleting sub key for default application protocols item 'https'
  • The user's default web browser and .pdf file type association are reset to defaults.
  • Currently, there is no resolution. The DEM engineering team is aware of the issue and is working with Microsoft for a permanent fix.

Microsoft Store Apps stop working in VDI after applying Microsoft Monthly Patch (KB5034763) (97111)

  • A breaking change in Microsoft KB5020276 broke the flow of booting into OOBE and launching an Encrypted PPKG from the Regional screen for Windows 10 and Windows 11.  Microsoft will not fix this functionality since it was a security related fix.   The Workspace ONE team will fix this functionality in a future release, but a workaround is provided here.

Microsoft Store Apps stop working in VDI after applying Microsoft Monthly Patch (KB5034763) (97111)

  • After updating Microsoft Monthly patches(KB5034763) on non-persistent VDIs, the Microsoft Store apps, such as Office 365, Teams, Power BI, etc., stop working.
    Store apps like Outlook and Teams show the HTTP 404 Error message on Launch.
  • Occurs when the cache is built for the user by Windows 10 patch updates because the apps are unable to load the online authentication component

[AAGNT-198447] Least restrictive Android Restrictions take precedence (96686)

  • When multiple Android Restrictions profiles are pushed to a device, Intelligent Hub should apply the most restrictive option for each setting out of the installed Profiles. However, for certain settings in the Android Restrictions profile, the least restrictive value is unexpectedly taking precedence.
  • For the settings below, if two Restrictions profiles are pushed - one with these set to True and the other with these set to False - Intelligent Hub will not force the screen on. 

Workspace ONE Dropship Provisioning Online Agent is failing with HTTP Transport Error (97071)

  • The Dropship Online Provisioning Agent is currently returning HTTP transport errors for all released versions when establishing a connection with the Online Provisioning Service (OPS).  This is preventing devices from being provisioned in Dropship Online.  
  • The error when looking in the Event Viewer | Applications and Services Logs | AirwatchProvisioning-Agent 
  • A new version of the Provisioning Agent is being worked on and will be ready soon.  It will be placed on the download sites as well as the auto-update servers. This KB will be updated as well with the download link. Please subscribe to this page to receive updated information.

High Priority KBs: 

Recently updated or added KBs (Links) 

Digital Workspace Techzone, Blog and YouTube Updates 

3rd Party Blog Updates & Industry News 


March Software Releases   





Release Date




Release Notes





Release Notes





Release Notes



macOS Tunnel


Release Notes





Release Notes



WS1 UEM Cloud


Release Notes


AndroidHub24.02Release Notes27.03.24


Patch & Seed Script Updates Week 13-24 





  • Workspace ONE UEM 23.10
    • Patch Level:
    • CRSVC-46849: Update EJBCA integration to accommodate breaking change in EJBC 8.0 and above.

    • AMST-40526: Drop Ship - Device registration allows the same serial number registration from parent and child OG.

    • CMSVC-17671: SmartGroupSearch - V2 intermittent failure due internal server error.

    • AAPP-17074: On demand VPP assignments are installing on devices automatically.

    • AMST-40687: Unable to save profile with two certificates, error: Save Failed. Invalid Certificate.

    • AMST-39272: Windows SAL sampling improvements.

    • Last Update: CW13