EUC Newsletter - Week 27

 

Upcoming EUC Events 

Event	Link and description	Speakers	Date
Omnissa Live	[Sign Up Here] Join us in the next step of our journey as we launch Omnissa, formerly VMware’s End User Computing Business. We’re excited to share our plans with you and our global community of customers, partners, and industry experts. Together we are shaping the future of digital work!	Shankar Iyer, Renu Upadhyay, Bharath Rangarajan	July 23rd, 17:00 CET
Unlocking Seamless Experiences with Digital Employee Experience (DEX)	Boost Employee Productivity and Optimize IT Costs with Omnissa’s AI-powered DEX Solution! Omnissa, currently the End-User Computing division at Broadcom®, is revolutionizing DEX with our AI-driven solution. Our comprehensive DEX solution provides deep insights and automated remediations, accelerating issue resolution and driving better employee and IT experiences! Join our webinar June 27th at 11AMCDT to learn more.	Recording to be published.	27th of June
VMUG	Watch On-Demand webcasts here. Register for upcoming live webcasts here. Register for Regional VMUG events here.
End User Computing Webinars	Sign up for upcoming webcasts and watch VMware On-Demand webcasts here.

Release Updates Week 27-24:

General availability of Windows 11 23H2 baseline templates for Microsoft and CIS L1/L2:

 

VMware Workspace ONE Intelligent Hub 23.10.9 for Windows

• Resolved Issues:

• HUBW-15415 Improved App signing to ensure the security and integrity of Workspace ONE binaries
• HUBW-15407 [SFD] - Fallback to CDN/DS URL when branch cache is disabled on the device.
• HUBW-15372 Fixed DSM Sync issues preventing AccessToken refresh
• HUBW-15368 Fixed DeviceGateway APIs being called with empty guid as DeviceUUID
• HUBW-15272 Resolved intermittent Windows Hub UI process crash issues
• FS-5788 FreeStyle Workflow deadlocks when there are multiple profile installation steps are scheduled in sequence
• CRSVC-48947 23.10 - Update DeployCmdexecutor to make the timeout configurable
• AMST-41488 Redirect blob download request from DS to CDN when branch is disabled

VMware Workspace ONE XR Hub 24.06

What's New?

• Exit Kiosk Mode on Meta Quest devices using an Admin PIN Code
• Give admins and users option to cache username on login page
• Option to start XR Hub in passthrough mode on devices that support passthrough.
• Added support for CloudXR 4.0

Tech Preview

• Support for Kiosk Mode for Meta Quest devices – see known issues
• Support for XR Hub Cloud Link for Horizon/CloudXR integration

Known Issues

• Using Workspace ONE Access to publish CloudXR applications (using a machines IP address) can cause a 30 second delay in launching the CloudXR application from XR Hub.
• Kiosk mode is in Tech Preview for Meta Quest devices as Meta does not support a native Kiosk Mode for Meta Quest devices. 
• VMware implements some of the typical Kiosk mode functionality for Meta Quest devices with XR Hub, but the following limitations should be noted:

• Kiosk Mode requires “developer mode” physical access to the device to run ADB commands.
• XR Hub requires delegated administration rights from Workspace ONE UEM.
• There might be a delay between device boot and triggering of kiosk mode.
• Access to Wi-Fi and Bluetooth settings are blocked after kiosk mode is triggered.

Resolved Issues

• Meta Quest 3 controllers now appear when using a Meta Quest 3
• Fixed an issue where a restart caused XR Hub to get stuck on the loading screen
• Fixed an issue where the user menu could get stuck open
• Fixed an issue where the keyboard language setting did not match the devices chosen language setting.
• Improved general performance and stability
• Addressed several security issues related to an older version of Unity

VMware EUC Security Advisories: 

OMSA-2024-0001 - VMware Workspace ONE UEM vulnerability - Moderate severity

• A vulnerability affecting Workspace ONE UEM endpoints was responsibly reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
• Workspace ONE UEM endpoints contain an information exposure vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8.
• A malicious actor with network access to the Workspace One UEM may be able to perform an attack resulting in an information exposure.
• To remediate CVE-2024-22260 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' in the OMSA

EUC UX Research Opportunities: 

• Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
• Interested in giving your opinion and making your voice heard? Check out what’s available!

Workspace One: Filter Redesign

• About: The placement of filters and where they’re located on the page is getting refreshed.
• What: Play with a clickable prototype on your own time in Maze, a user testing tool. It will record your audio and computer screen while you tell us what you think.
• SIGN UP HERE

KB Highlights & Announcements Week 27-24:

The new standalone software company Omnissa is here!

• With the announcement that our acquisition by KKR is complete*, Omnissa is born.

We are now an independent software company, with a unique combination of talent, technology and ecosystem assets exclusively focused on empowering transformative workspace experiences for customers and partners around the world.

With KKR’s backing, we now have the agility, the commitment and the investment to assume our position as the marquee software company defining and leading this $26 billion market opportunity.

This moment has been more than two years in the making and I am proud to be surrounded by a highly experienced management team who worked tirelessly to realize our shared vision.

[CRSVC-49001] - macOS Freestyle Workflows not getting assigned. (6000055)

• When enrolling the device, it is not being assigned to the workflow promptly. Sometimes, the assignment process takes several hours. 
• Even after assignment, the workflow execution and status update take a significant amount of time to appear in the device details workflow.
• The following error may also be observed in the Workspace One Intelligent Hub log:

• 2024-05-27 14:51:08.020770+0530 0x582f Error 0x0 1195 0 hubd: (Bootstrapper) [com.vmware.hub.bootstrapp

Best Practices & Limitations for developing iOS applications leveraging per app VPN using Workspace ONE Tunnel (6000053)

• Use high level "connect by name" APIs like URLSession
• To support VPN On Demand you must use some sort of connect by name API. These includes CFSocketStrea and anything layered on top of that (including URLSession). Doing separate resolve then connect is usually more work and is incompatible with VPN On-Demand.

• Note: BSD Sockets does not have a connect by name API. Therefore, try to avoid using these if your app is going to leverage Workspace ONE per-app Tunnel solution.

EVC Mode compatibility with Horizon Edge Gateway appliance (6000051)

• Kubernetes pods fails to initialize in Horizon Edge Gateway appliance when its deployed in lower EVC modes. 
• Following error registered in Kubernetes pod logs. 

  "Fatal glibc error: CPU does not support x86-64-v2" 

How to Set OneDrive (Automatically signin) as Default save location for Office Application when using Horizon Published App (6000052)

• Accessing OneDrive as a default save location for the Office application in the RDSH application uses Dynamic Environment Manager (DEM) to persist the registry settings in all farm nodes.

List of Public Portal URLs after VMware EUC transition

Service	Old Link	New Link
CustomerConnect	http://customerconnect.vmware.com	customerconnect.omnissa.com
CSP	http://cloud.vmware.com	connect.omnissa.com
Documentation	http://docs.vmware.com	docs.omnissa.com
KB	http://kb.vmware.com	kb.omnissa.com
Techzone	techzone.vmware.com	techzone.omnissa.com
MyLearn	http://mylearn.vmware.com	https://learning.omnissa.com/learn
MyWorkspaceONE	my.workspaceone.com	my.workspaceone.com
Horizon Launcher	launch.vmware.com	launch-horizon.omnissa.com
Horizon ControlPlane	cloud.horizon.vmware.com	tbd
EUC Beta Portal	beta-ea.vmware.com/	tbd
Aha! Feature Requests	wsone.ideas.aha.io	wsone.ideas.aha.io
Status WorkspaceONE	status.workspaceone.com/	status.workspaceone.com/
Omnissa PartnerConnect	vmware.com/partners/work-with-vmware/partner-connect.html	omnissa.my.site.com/partnerconnect
Product Lifecycle Matrix	lifecycle.vmware.com/	docs.omnissa.com/bundle/Product-Lifecycle-Matrix/page/lifecyclematrix.html
Omnissa Community Forum		community.omnissa.com/
Developer Portal	developer.vmware.com	developer.omnissa.com
ConfigMax Recommended configuration limits for VMware products		configmax.omnissa.com
Interoperability Matrix	interopmatrix.vmware.com	interopmatrix.omnissa.com/Interoperability

High Priority KBs: 

• System Migration Changes Impacting Workspace ONE and Horizon Customers (97841)
  The end-user computing (EUC) division of Broadcom will transition from VMware-hosted systems to EUC-hosted systems in April and May 2024. This transition is part of our preparation to become a standalone entity following the pending acquisition of EUC by KKR.
• End of Life Announcement for the Legacy App Catalog in Workspace ONE UEM for SaaS UEM Customers (95774)
  We are announcing the End of Life (EOL) for the UEM Legacy Catalog for UEM SaaS customers only at this time. If you are a On-Premises UEM Customer, this notice does not impact you at this time, further communications will follow for timelines on migrating On-Premises UEM Customers to the Intelligent Hub App Catalog.
• Workspace ONE UEM - Updated requirements for on-premise cumulative patches (94706)
  The base GA version for current Workspace ONE UEM releases is being revised through updated installers. On-premise customers will need to consume a revised installer for a given major version before any future cumulative patches can be deployed for that major version. These revised installers are required to address compatibility issues with regular cumulative patches.
• Introducing Workspace ONE (WS1) UEM Next-Gen SaaS
  VMware is excited to announce that the resource management & tracking improvements, the first major feature-based milestone in the Workspace ONE UEM Modernization Journey, is now available for customer testing. These improvements will be enabled in limited testing environments (CN135) starting on Thursday August 24, 2023.

Recently updated or added KBs (Links) 

• [CRSVC-49001] - macOS Freestyle Workflows not getting assigned. (6000055)
• Devices are stuck at Await Configuration for Apple Business Manager (ABM) devices (6000045)
• Best Practices & Limitations for developing iOS applications leveraging per app VPN using Workspace ONE Tunnel (6000053)
• VMware Workspace ONE Monthly Maintenance FAQ (2960724)
• Workspace ONE UEM Modernization - Tenant ID association and Customer-type Organization Group requirements (85987)
• EVC Mode compatibility with Horizon Edge Gateway appliance (6000051)
• Managing Horizon 8 images in Horizon Cloud Service Next-Gen (6000040)
• Unified Access Gateway(UAG):Lifecycle support policy for VMware Unified Access Gateway (2147313)
• How to Set OneDrive (Automatically signin) as Default save location for Office Application when using Horizon Published App (6000052)
• What Two -Factor Authentication Application can I use for Customer Connect and VMware Cloud Services? (74684)

Digital Workspace Techzone, Blog and YouTube Updates 

• Configuring Workspace ONE UEM API with PKCS12 Certificates
• The new standalone software company Omnissa is here!

3rd Party Blog Updates & Industry News 

• Businesswire: Omnissa is Now an Independent Software Company and Digital Workspace Leader with the Closing of Acquisition by KKR
• Patrick Zoeller: Improving MFA with Workspace ONE Access and User Choice of Authentication Method

Beta, Lab and Tech Preview Updates 

Workspace ONE XR Hub 24.06

• What’s new

• Exit Kiosk Mode on Meta Quest devices using an Admin PIN Code (requires a restart)
• Improved Meta Quest Kiosk Mode
• Give admins and users option to cache username on login page
• Option to start XR Hub in passthrough mode on devices that support passthrough.
• Added support for NVIDIA CloudXR 4.0

WS1 Intelligent Hub 24.06 for Android

• What’s New:

• Support for management of Zebra devices on Android 14
• Deep Linking Improvements
• HUB-9606 - Close Application TOU gaps with respect to legacy catalog
• HUB-9596 - Support Enrolment Terms of Use in Hub app
• AAGNT-197629 Upgrade Target SDK for Android Hub to 34
• AAGNT-199801 - Phone number does not show in Console
• HUB-10749 - Ability to hide Share Logs option in Hub MTD Dual Enrollment

WS1 Intelligent Hub 24.06 for iOS

• EOL Notice - The Legacy Catalog in UEM for SaaS UEM Customers will be EOGS on August 31, 2024 and EOL on October 31, 2024. Please see KB for details. https://kb.omnissa.com/s/article/95774

• If you are using the App Catalog in Intelligent Hub then you are already migrated and no action is needed. Please note this is for all platforms (iOS, Android, macOS, Windows)

• Support for Application Terms of Use (configured by your admin)
• Bug Fixes

• HUBI-11310: Icons for Web Apps configured in Access are not showing in the Catalog
• HUBI-11295: Branding updates for dark mode logos configured in UEM SDK settings.

WS1 Content 24.07 for Android

• Show file and folder path in search results

Sign up or LogIn [HERE] to get access to the latest Beta versions.

July Software Releases  

System	Component	Release	Announcement	Release Date
Windows	Hub	23.10.9	Release Notes	03.07.24
Android	XR Hub	24.06	Release Notes	04.07.24

Patch & Seed Script Updates Week 27-24

OS Updates Seed Script

• Most recent update: Android 15
• Last Update: CW24

Seed Script for latest Device Model Information

• Seed Script for latest Device Model Information Seed Script to support new MacBook Air M3 model Mac15,2 models
• Last update: CW11

 

Workspace ONE UEM 22.12

• Patch Level 22.12.0.47
• AGGL-16968: Redirect to Google in EMM Registration fails.
• CRSVC-47384: Able to silently modify the host value when sending out API test requests.
• Last Update: CW27

 

Workspace ONE UEM 23.02

• Patch Level 23.02.0.47
• CMCM-190982: Optimize user repository creation during content sync.
• CMCM-190965: Fixed content dashboard outdated data issue.
• Last Update: CW26

 

Workspace ONE UEM 23.06

• Patch Level 23.06.0.34
• UM-8872 - “Invalid Data Entered” when editing and saving Admin account - Phone Number value.
• FCA-207768 - PhysicalMemory values missing in UEM devices or search API call. 
• AMST-41469 - Actual file version is not updating when adding new version for Windows app.
• PPAT-17067 - Tunnel config XML is blank due to incorrect FE certificate mapping.
• UM-8988 - With read-only admin we are able to add admin account through batch import.
• AMST-41128 - Proxy settings not included in Windows profile XML file if configured in WiFi payload. 
• AGGL-16897 - FCM API deprecation updates.
• Last Update: CW26

 

Workspace ONE UEM 23.10

• Patch Level: 23.10.0.22
• PPAT-16819 - Update page size to 500 in tunnel configuration export.
• CRSVC-48864 - Unable to save the syslog settings with the hostname.
• AGGL-17049 - FCM not clearing passcode in direct boot mode.
• Last Update: CW27

Workspace ONE UEM 24.02

• Patch Level: 24.2.0.9

• MACOS-4565 - Evaluated device is showing up in the Pending tab.
• CRSVC-49317 - Add logging to help troubleshoot QueryBuilder issue with schema CurrentTimeStamp not found.
• CRSVC-48291 - When compliance policy is deactivated install action is not created.
• CRSVC-46068 - CellTrust integration was not working.
• CRSVC-48188 - Change the state of HighPrecisionAPIUsageTrackingFeatureFlag to Production.
• ARES-28829 - [DTUI-APPS/Profiles] Sorting needs to be enabled or disabled in grid columns as per requirement document.
• ARES-29163 - Exporting from DT screens for apps and profiles missing pop-up indicating the export has completed successfully.
• ARES-28338 - System application App status showing as installed but unassigned on Windows. 
• AMST-41410 - Update labels to single user mode.
• AMST-41374 - Return whether device OG is changed after checkout as part of Checkout API response. 
• AMST-41349 - Device reassignment failed with error “User Authentication Failed”. 
• UM-8753 - Authentication response security option in SAML. 
• AMST-41160 - Pre-load device state with required segments in the vIDM settings endpoint handler to avoid multiple calls.
• AMST-41153 - Optimize the non-credential user SP to load all the information required.
• AMST-41225 - Reduce the number of samples that are scheduled post-checkout.
• AMST-41158 - Remove seeded SCEP command queueing in MU checkout flow. 
• AMST-41249 - App installations with a “RAM Required” field set on the UEM side was causing multiple installation failures.
• AMST-41101 - Arm64 hub was not getting published to the device when version mismatch was present.
• LUEM-853 - All the Linux devices get the same lookup value for sensors.
• Last Update: CW26