EUC Newsletter - Week 14

Weekly highlight: Workspace ONE UEM - Configure Idle Session Timeout for Directory and Basic administrators (97395) Workspace ONE UEM 2302 introduced security measures affecting Basic and Directory Administrator settings as noted on KB 90067, among which was a lowering of the timeout for Idle Sessions to 15 mins across all environments. The lowered timeout value impacted usability of the Console negatively and contributed to poor user experience. To address the feedback received on this subject, we are introducing an enhancement to allow more granular control over the Idle Session Timeout value applied to Directory and Basic administrators of your organization. Details of the enhancement and availability across environments, are noted below.

Release Updates Week 14-24: VMware Workspace ONE Intelligent Hub for macOS 24.01.1 Crashes fixes and performance improvements. Resolved Issues HUBM-8080 - Applications installed by macOS Hub are getting removed from the device. New Apple Builds Are Now Available New builds of the following software are now available: iOS and iPadOS 17.5 Beta 1 (21F5048f) macOS 14.5 Sonoma Beta 1 (23F5049f) tvOS 17.5 Beta 1 (21L5543d) watchOS 10.5 Beta 1 (21T5545f) visionOS 1.2 Beta 1 (21O5555e) Workspace ONE Tunnel for Windows 24.01 Performance optimizations for client-server communication, improved network throughput, and reduced memory footprint. Workspace ONE Tunnel for Android 24.01.1 In this release, we’ve made a few updates containing general quality and performance improvements with no new features. Resolved Issues PPAT-16597: Race condition during device check-in may cause Tunnel to block network connectivity and cause issues with device check-out. Workspace ONE Content for iOS 24.02.1 Bug fixes and general improvements Workspace ONE Content for Android 24.02.1 Bug fixes and general improvements VMware EUC Security Advisories:  ---no new VMSA this week--- EUC UX Research Opportunities:  Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions. Interested in giving your opinion and making your voice heard? Check out what’s available! Opportunity #1 Build Custom Alerts in Workspace One! What: Play with a clickable prototype and tell us what you think. How: On your own time in Maze, a user testing tool. It will record your audio and computer screen. Time: It can take up to 10 minutes. TEST LINK HERE KB Highlights & Announcements Week 14-24: Horizon admin console is not loading after upgrading to 2312 (97455) In Horizon Connection Server, you see these errors similar to : 2024-03-12T19:53:17.208-07:00 WARN  (1CF4-25A8) <ws_tomcatservice_init> [SharedCredManager] Certificate CertificateId:[issuer=CN=xxxxxx.certsso.vdi.vmware.com,serial=59648306213191121459708101582141891896]: wrong subject: 'xxxxxx.certsso.vdi.vmware.com' 2024-03-12T19:53:17.271-07:00 INFO  (1CF4-25A8) <ws_tomcatservice_init> [SharedCredManager] Removed unusable certificate CertificateId:[issuer=CN=xxxxxx.certsso.vdi.vmware.com,serial=59648306213191121459708101582141891896] 2024-03-12T19:53:17.271-07:00 DEBUG (1CF4-25A8) <ws_tomcatservice_init> [SharedCredManager] Imported 1 signing certificates and 0 encryption certificates from LDAP, total=2 2024-03-12T19:53:17.271-07:00 DEBUG (1CF4-25A8) <ws_tomcatservice_init> [SharedCredManager] Choosing preferred credential 2024-03-12T19:53:17.271-07:00 ERROR (1CF4-25A8) <ws_tomcatservice_init> [SharedCredManager] Cannot initialise shared credentials manager: No valid certificates exist 2024-03-12T19:53:17.287-07:00 DEBUG (1CF4-25A8) <ws_tomcatservice_init> [SharedCredManager] Cannot initialise shared credentials manager com.vmware.vdi.logger.Logger.debug(Logger.java:44) com.vmware.vdi.sharedcredman.SharedCredException: No valid certificates exist com.vmware.vdi.sharedcredman.SharedCredException: No valid certificates exist at com.vmware.vdi.sharedcredman.SharedCredManager.a(SourceFile:732) at com.vmware.vdi.sharedcredman.SharedCredManager.a(SourceFile:732) at com.vmware.vdi.sharedcredman.SharedCredManager.e(SourceFile:377) at com.vmware.vdi.sharedcredman.SharedCredManager.e(SourceFile:377) at com.vmware.vdi.sharedcredman.SharedCredManager.initAndRegister(SourceFile:145) at com.vmware.vdi.sharedcredman.SharedCredManager.initAndRegister(SourceFile:145) 2024-03-12T19:53:17.287-07:00 DEBUG (1CF4-25A8) <ws_tomcatservice_init> [SharedCredManager] Deregistering shared credentials manager .. In-product feedback(IPF) feature discontinued in Horizon Releases (97293) As part of the VMware by Broadcom - EUC separation, we have decided to remove the  IPF from Horizon Admin Console as it is an in-house tool made by VMware by Broadcom. Any new releases from 2312.1 onwards will not have the support for the IPF feature in the Horizon. For older releases before 2312, the Feedback option will be present, but the functionality will not work as the Lumos Feedback Service will be turned off. USB device is unexpectedly treated as though redirected under Storage Device Redirection (SDR) (97012) Customers would like to use USB device on Horizon agent via USB redirection. But USB redirection will not work as message comes up on Horizon Client stating that "Already Redirected by Exclusive Sharing". This indicates that the relevant USB device is redirected under Storage Device Redirection ("SDR"), which is available after Horizon 8 2206. But in actual, SDR is not configured in Horizon client and the relevant USB is not redirected under SDR. Current implementation of SDR makes use of Drive Letter to judge status of USB device. In case that USB media is mounted on "D" Drive at client PC and if Horizon client fails in reading physical volume information, then current implementation considers that this as redirected under SDR. Therefore customers is not able to share the relevant USB media via USB redirection with agent. Upcoming Changes to Firebase Cloud Messaging for Android (2024) (97418) On June 20th, 2023, Google announced the deprecation of several APIs used by applications to integrate with Firebase Cloud Messaging (FCM), the default push notification service used by Workspace ONE UEM to communicate with Intelligent Hub on Android. Google will begin taking the deprecated APIs offline in June 20th, 2024. Organizations may need to update Workspace ONE UEM are required to continue using FCM for real-time device management. Some of the security policies are not removed from the endpoint device after unassigning Workspace ONE UEM Windows 10/11 baselines. (97203) In a scenario where an endpoint device has a security policy with a “Not Defined” value, if this policy is configured from a baseline, after un-assigning the baseline, it does not revert to its original “Not Defined” value. This article describes how security policy with a “Not Defined” value is not reverted to its original value after the baseline is unassigned. Before applying the Windows baseline Microsoft tool, SecEdit.exe takes the backup of the security policies. When a baseline is unassigned, SecEdit.exe restores the original backup. SecEdit.exe does not take a backup of the security policies with “Not Defined” values. Hence, on restore, it does not restore policies with “Not Defined" values. Workspace ONE Content - Documents with RTL tables are not supported (93688) Workspace ONE Content does not allow users to edit the office documents which are having tables with RTL written text in them. This is a specific case when the documents contains tables having text in RTL format. These documents can be Word document, Powerpoint document, or any MS Office document. The editing is not supported because RTL rendering in table is not supported and hence these documents may tend to loose information if edited. High Priority KBs:  End of Life Announcement for the Legacy App Catalog in Workspace ONE UEM for SaaS UEM Customers (95774) We are announcing the End of Life (EOL) for the UEM Legacy Catalog for UEM SaaS customers only at this time. If you are a On-Premises UEM Customer, this notice does not impact you at this time, further communications will follow for timelines on migrating On-Premises UEM Customers to the Intelligent Hub App Catalog. Workspace ONE UEM - Updated requirements for on-premise cumulative patches (94706) The base GA version for current Workspace ONE UEM releases is being revised through updated installers. On-premise customers will need to consume a revised installer for a given major version before any future cumulative patches can be deployed for that major version. These revised installers are required to address compatibility issues with regular cumulative patches. Introducing Workspace ONE (WS1) UEM Next-Gen SaaS VMware is excited to announce that the resource management & tracking improvements, the first major feature-based milestone in the Workspace ONE UEM Modernization Journey, is now available for customer testing. These improvements will be enabled in limited testing environments (CN135) starting on Thursday August 24, 2023. Getting Ready for Android 14 (2023) Getting Ready for Apple Major OS Releases 2023 Recently updated or added KBs (Links)  Upcoming Changes to Firebase Cloud Messaging for Android (2024) (97418) Workspace ONE UEM: End of Life of deprecated Workspace One UEM APIs (95397) Workspace ONE UEM - Configure Idle Session Timeout for Directory and Basic administrators (97395) Upcoming Change for Workspace ONE UEM Basic Administrator Password & Session Policies (90067) Recommendation against using port 443 for Content-Gateway (94257) [Workspace ONE Content] Pre-requisites for background downloads to work in Content iOS app (94030) Workspace ONE Content - Documents with RTL tables are not supported (93688) Some of the security policies are not removed from the endpoint device after unassigning Workspace ONE UEM Windows 10/11 baselines. (97203) [CRSVC-44714] Missing SAN in EJBCA Certificate Template Causes Profile Installation Failures (96811) In-product feedback(IPF) feature discontinued in Horizon Releases (97293) Horizon admin console is not loading after upgrading to 2312 (97455) Thin or Zero Clients with USB printer redirection and VMware Integrated Printing (89812) USB device is unexpectedly treated as though redirected under Storage Device Redirection (SDR) (97012) Failed to connect to VDI with BLAST when UAG uses self-signed certificate and loadbalancer is between Client and UAG (95208) HTML5 Session Performance Issues with IE11 - slow to launch and refreshing the page can result in a white screen (85820) Horizon Upgrade Rollback when VMware Horizon service fails to stop (92685) Horizon Drag and Drop Feature do not function if Windows Drive redirection Group Policy is used (93132) Digital Workspace Techzone, Blog and YouTube Updates  Creating custom macOS security baselines with the macOS Security Compliance Project and Workspace ONE Can Root Cause Analysis (RCA) Be Done Faster? Distributing Scripts to macOS Devices: Workspace ONE Operational Tutorial 3rd Party Blog Updates & Industry News  Ruben Spruijt: Discover Digital User Experience (DEX) Matt Coppinger: Deploy and manage NVIDIA #Jetson based AI robotic devices Samsung: Knox cloud service 24.04   Beta, Lab and Tech Preview Updates  ---no new Beta releases this week--- Sign up or LogIn [HERE] to get access to the latest Beta versions. April Software Releases   System Component Release Announcement Release Date Windows Tunnel Win10 24.01 Release Notes 01.04.24 iOS Content 24.02.1 Release Notes 03.04.24 Android Content 24.02.1 Release Notes 03.04.24 macOS Hub 24.01.1 Release Notes 03.04.24 Android Tunnel 24.01.1 Release Notes 04.04.24   Patch & Seed Script Updates Week 14-24 OS Updates Seed Script Most recent update: iOS 17.4.1 (21E237) https://resources.workspaceone.com/view/rywydmj6ghb9nmch4ywq/en Last Update: CW14 Seed Script for latest Device Model Information Seed Script for latest Device Model Information Seed Script to support new MacBook Air M3 model Mac15,2 models https://resources.workspaceone.com/view/x8kn6bslt67vwvlgx4ld/en Last update: CW11   Workspace ONE UEM 22.12 Patch Level 22.12.0.44 ARES-28093: Unable to view the XML file of specific iOS profiles if option to sign certificate is enabled https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2212/rn/vmware-workspace-one-uem-2212-release-notes/index.html#Resolved%20Issues-22.12.0.04%20Patch%20Resolved%20Issues Last Update: CW13   Workspace ONE UEM 23.02 Patch Level 23.02.0.43 ARES-28053: Web links report is empty. AMST-40945: Increase application installation timeout. AMST-40942: Reduce unnecessary calls between UEM and OEM provisioning service. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2302/rn/vmware-workspace-one-uem-2302-release-notes/index.html#Resolved%20Issues Last Update: CW14   Workspace ONE UEM 23.06 Patch Level 23.06.0.27 AMST-40785: Windows BIOS profile missing custom BIOS Attributes after saving. PPAT-16520: Performance improvement in Tunnel sync endpoint. LUEM-843: Latest Hub version from server should contain build version. AMST-40943: Reduce unnecessary calls between UEM and OEM Provisioning Service. MACOS-4372: Environment unable to automatically install Intelligent Hub macOS application. AAPP-17132: Fix phone number data mismatch in default attribute segment of device state. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2306/rn/vmware-workspace-one-uem-2306-release-notes/index.html#Patch%20Resolved%20Issues Last Update: CW14   Workspace ONE UEM 23.10 Patch Level: 23.10.0.10 AMST-38952: Windows BIOS profile missing custom BIOS Attributes after saving. LUEM-835 Latest Hub version from server should contain build version. AMST-38933: Reduce unnecessary calls between UEM and OEM Provisioning Service. ARES-28244: When we add two or more Geofencing locations to the profile, only one Geo location displays in UI. AMST-40955: Unable to save iOS SDK profiles. AMST-40972: Profile with multiple Credential payloads is failing while adding new version. MACOS-4368: Environment unable to automatically install Intelligent Hub macOS application. RUGG-12568: Create additional logging for Smart Group removal flows. FS-5031: Cannot use negative integers in WorkFlow condition checks. CMCM-190922 Localization blocks upload of managed content. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2310/rn/vmware-workspace-one-uem-2310-release-notes/index.html#Resolved%20Issues Last Update: CW14 Workspace ONE UEM 24.02 Patch Level: 24.2.0.1 ARES-28448: On the App DT page, the alignment of the first device record is not proper, and some of the device details are getting overlapped. CRSVC-47469: Reset offline checkin job hydration status to support retrigger. RUGG-12963: Incorrect installation status for apps under Device details > Application page. AMST-40776: Incorrect target set for profiles when DSM overrides are created. CRSVC-47441: Change modern-stack orchestrator job to one min. CRSVC-47729: Compliance overrides to DSM migration not working. AMST-39074: WNS Details are not showing on the Network or Summary page. CRSVC-47761: Workflow migration to ES does not migrate the workflow choice set boolean correctly. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2402/rn/vmware-workspace-one-uem-2402-release-notes/index.html Last Update: CW14

Broadcom Inc. 3401 Hillview Ave. Palo Alto CA 94304 USA Copyright © 2024  Broadcom, Inc. All rights reserved. VMware is a registered trademark of VMware, Inc. The content and links in this email contain information intended solely for its named recipients and are not to be shared with third parties unless otherwise specified. Any information that you provide to VMware will be treated in accordance with our Privacy Policy. To unsubscribe please reply to this email.