Omnissa EUC Newsletter - Week 36


 

 

 

 Upcoming Events 

Event

Link and description

Speakers

Date

Mastering User Experience Monitoring in Horizon

https://broadcom.zoom.us/webinar/register/WN_lwmcTV6rSvaFD6scpwxMRw#/registration

In today’s fast-paced digital workspace, ensuring a seamless and efficient user experience is paramount. Join us for an engaging session at the EUC TechInsights Webinar, where we will explore the latest innovations in monitoring Omnissa Horizon and accurately measuring user experiences. This session is designed for IT professionals, system administrators, and EUC specialists seeking to optimize their virtual desktop infrastructure (VDI) environments. We'll also dive into powerful new features, including: - RDSH application support - GPO load time breakdown for Horizon sessions - App Volumes integration - And more Don’t miss this opportunity to stay ahead of the curve in end-user computing. Whether you’re managing a small deployment or a large-scale Horizon environment, this session will equip you with the knowledge to ensure your users have the best possible experience.

Michael Young

SME Digital Workspace at Omnissa

Sep 24, 2024 10:00 AM CET

Omnissa Tech Deep Dive - Workspace ONE UEM Windows Baselines and Profiles

https://community.omnissa.com/events/event/14-omnissa-tech-deep-dive-workspace-one-uem-windows-baselines-and-profiles/

Please join us live for the first ever Omnissa Tech Deep Dive session stream!

Omnissa subject matter experts with over 100 years of combined EUC technical experience will share detailed information on Baselines and Profiles, which option to choose for any scenario, security impact, and then a console view of validation and reports.

After the deep dive, your questions will be answered live and include how-to instructions within the console and/or hand-drawn diagrams. We're excited to interact with you, so please come with all your questions on Workspace ONE UEM Windows Baselines and Profiles!

Sep 12, 2024 3:00 PM

Omnissa ONE

Omnissa customers, partners and end-user computing experts will soon convene at our new flagship, in person event – Omnissa ONE.

From employee experience to management and security, the future of digital work starts here. Register in one of three locations.

Register here

Shankar Iyer

Chief Executive Officer

Rob Ruelas

Senior Vice President, Revenue

Renu Upadhyay

Senior Vice President, Marketing

Bharath Rangarajan

Senior Vice President, Product

And others..

23rd October – 24th October 2024

Amsterdam

September 26, 2024

Tokyo

September 30 – October 1, 2024

Dallas

VMUG

Watch On-Demand webcasts here.

Register for upcoming live webcasts here.

Register for Regional VMUG events here.

Release Updates Week 36-24: 

Workspace ONE Access

  • Renewed App Policy Association Interface in Workspace ONE Access

App access policy assignment now has a new UI and improved workflow. The new policy assignment is now independent of the policy creation flow, allowing app assignment without editing a policy. The new UI lists apps with additional fields, supports multi-selection of apps for assignment, shows policy assignment conflicts, and offers better search and filtering.

  • New Settings to Grant Omnissa Technical Support Access to Workspace ONE Access

New settings are now available to securely grant the Omnissa technical support team access to the Workspace ONE Access admin console to resolve or debug technical issues. You can now control when to allow the Omnissa technical support team access to your Workspace ONE Access admin console and can determine the role and duration of the access. By default, Omnissa support team’s access to your console is turned off.

  • Enhanced Availability and Faster Launches for Horizon Apps

Horizon connection servers now use a single service provider metadata across all servers in a Horizon pod. This enhancement significantly reduces metadata refresh time, leading to faster app launches and improved overall availability.

This enhancement is available with Workspace ONE Access Cloud, Workspace ONE Access connector 24.07 and later versions, and Horizon 8.13 and later versions.

Workspace ONE Hub Services

  • Notification Deletion Now Available for Hub Services Admins

The Hub Services admin console now includes the ability for admins to delete previously sent notifications. Admins with super admin role can utilize this feature to remove notifications that were sent in error, contained incorrect information, or were distributed with ill intent. This deletion functionality ensures that admins can quickly and effectively retract messages that should no longer be visible to end-users, thereby maintaining the accuracy and integrity of communication within the platform.

  • Workspace ONE Intelligent Hub App Now Visible in the Hub Services App Catalog

The Workspace ONE Intelligent Hub app, when assigned through Workspace ONE UEM, will now be displayed in the Hub Services app catalog. Previously, the Intelligent Hub app did not appear in the catalog, limiting visibility to end-users. With this update, users can manually trigger updates to the Hub app, which is especially useful if there are issues with auto-pushed updates.

If admins prefer to revert to the previous behavior where the Hub app is hidden from end-users, they can utilize the Exclude Apps functionality to remove it from view. For more details on that, refer to the documentation topic Selectively Exclude Apps From Users in Intelligent Hub  Catalog

Workspace ONE Hub 24.07 for macOS

What’s new:

  • HUBM-8404 Drop Support for macOS 11
  • HUBM-8416 Firewall status reporting for macOS Sequoia
  • HUBM-8169 Updated to the latest network framework for the command module.
  • Bug Fixes:
    • HUBM-8107 Unable to request macOS Hub logs
    • HUBM-8247 macOS Hub does not prompt the user to log out to encrypt disk
    • HUBM-8306 Non-optional profiles show the remove button
    • HUBM-8310 [ZOOM] macOS Hub Hung State
    • HUBM-8414 Several devices are showing 3-4 scripts in the scripts tab when there should be 15 or more displayed
    • HUBM-8546 Transmit/sample intervals are not updated for the sensors whenever there is a change in the UEM
    • HUBM-8569 Parallel Download never retried on network reconnection
    • HUBM-8017 App status changing from installed to Not installed, awaiting install on device
    • HUBM-8643 [Verizon] Application Status Reporting Discrepancy
    • HUBM-8631 Application installation skipped from Munki if a user is in the login window (during DEP setup)
    • HUBM-8604 Removing all the sensors from the console, does not remove them from the device or the device's sensor tab on the console

Workspace ONE Hub 24.07 for Android

  • What's New
    • End-user threat response actions for Workspace ONE Mobile Threat Defense (MTD)
    • Device chip status shown in Hub now takes both UEM compliance and Workspace ONE MTD threat status (when activated) into consideration
  • Resolved Issues
    • HUB-10996: Due date formatting improvements
    • HUB-10827: Accessibility Improvements
    • HUB-11005: SDK profile custom setting for third party application overrides MTD configuration causing MTD deactivation
    • AAGNT-199891: Enrollment stuck if user sends Hub to the background during user authentication
    • AAGNT-199833: StageNow Enrollment for Zebra Android 14 devices stuck if device goes to sleep
    • AAGNT-199778: Removing Custom Settings profile with WS ONE Tunnel settings clears Tunnel app configuration 

Workspace ONE Tunnel for Android 24.08

  • We've introduced a Managed Configuration (KVP) which changes the cleanup behavior of Tunnel's VPN interface on a server timeout or disconnect event. This may be useful for applications that leverage bypass flows or rely heavily on UDP, such as VOIP applications.
  • To enable this feature, add the following KVP to the ‘CustomSettings’ payload for the Tunnel app. The custom settings payload is available under the Application Configuration section for the Tunnel application.

KVP: DisableInterfaceReset | Value: true

Default Value: false

  • This workflow will be enabled by default in an upcoming release of the Android Tunnel client.

Workspace ONE UEM Console 2406

  • Workspace ONE UEM Console 2406 is available to Shared SaaS customers as of September 2, 2024!   Rollouts to Shared SaaS environments will begin in the coming days.
  • We’re delighted to announce the rollout of our Modern SaaS Architecture

Our teams are quickly progressing with the Modern SaaS Architecture rollout, which will be introduced to your environments in the coming months. The next generation of Workspace ONE features are set to revolutionize the way you interact with our platform, delivering unparalleled performance, scalability, and user experience. Here’s a quick look at what’s in store:

    • Resource Delivery Optimization: We’ve optimized our platform for enhanced performance. With Resource Delivery Optimization and Desired State Management powering these improvements, resource delivery is set to be faster than ever while introducing an improved experience for monitoring deployment progress. For more information on monitoring deployment progress, see Monitoring Deployment of Applications and Profiles.
    • Device List View Performance Enhancements: We’ve significantly improved performance for the admin experience, ensuring the Device List View screen and global search for devices load seamlessly in just seconds, even in large environments.
    • Global Search for Devices: We’ve enhanced global search. You can now find devices by simply entering the search string - no wildcards (*) needed. Additionally, the ‘Search in List’ seamlessly redirects to the Device List View, automatically filtering it based on the search string.
    • Scalability: The Modern Stack Services are built to effortlessly to scale with your growing needs, whether you’re a small startup or a large enterprise. From handling increased device traffic to accommodating expanding use cases, our Modern Stack services are designed to adapt and thrive alongside your business.
    • Continuous Integration / Continuous Deployment (CICD): CICD speeds up the feature development process and allows you to access features, bug fixes, and security patches faster. The development and deployment velocity increase is coupled with the enhancement and addition of automated quality gates for an overall improved software experience.
    • Windows Multi-User: Workspace ONE will by default be able to manage Windows devices with multiple users, modifying the enrolled user based on who has successfully logged in last. This enhancement simplifies the administrative process and improves the overall management of Windows devices within an organization, but be sure to use device assigned resources where applicable!
    • Workspace ONE Mobile Threat Defense: We are introducing console support for smart group based configuration of Workspace ONE Mobile Threat Defense. You can now deploy Workspace ONE Mobile Threat Defense to your iOS and Android devices using smart groups. This allows you to more seamlessly rollout Mobile Threat Defense in your environment and easily configure different policies for various categories of users and devices as needed. Refer to Workspace ONE Intelligent Hub release notes for Android and iOS for Intelligent Hub support and GA announcement.
    • Freestyle for Mobile (Limited Availability): Administrators can now create powerful orchestration workflows to deploy applications and profiles to mobile devices (iOS and Android) with much greater granular control. This enables customization for all resource deployments and significantly streamlines device onboarding. Freestyle achieves this through new attribute controls such as profile or application presence, limiting by device model and OS version, and even making workflow decisions based on compromised status. Besides onboarding, Freestyle adds value to Tunnel, Launcher, certificate management, corporate Wi-Fi, and mobile SSO deployments making them more efficient.
    • Apple Declarative Device Management (iOS): Workspace ONE UEM now supports creating and managing Declarations via Declarative Device Management. Creating and managing Declarations is just as easy as configuring Profiles. For a list of supported Declarative Configurations and Assets, as well as an overview of Declarative Device Management, see Declarative Device Management.
    • Android Management API support for Work Profile: Administrators can now manage Work Profiles on personally-owned devices using the Android Management API (AMAPI). For more information, see Android Management API.
    • Linux Application Management: We are introducing the ability to manage applications on enrolled Linux endpoints. This includes installing, updating, and removing native applications by uploading .deb or .rpm files into Workspace ONE UEM.
  • Android
    • Want to control the Device Brightness on your Android devices?

Whether for battery life improvements or security measures, you can now control the device brightness on your Android devices. The two new Launcher display settings Set Device Brightness and Select Brightness Level with an adjustment control lets you manually set a minimum and maximum brightness level. For more information, see Advanced Launcher Settings.

    • Coming Soon: Bringing you the Better Together Android Enrollment Updates

Google’s Better Together for Enterprise initiative rolls out soon and will change the way you enroll and register Android devices with Workspace ONE UEM. These updates from Google allows better cross-platform experiences between Android and Chrome OS, more differentiation between employee-owned and corporate owned devices, and enhanced Google Workspace Integration. We are coming up with the first step of integrating this new initiative into our systems, i.e updating The Google EMM Registration Flow. For more information, see Registering Android with Workspace ONE UEM.

  • Console
    • Idle Session Timeout to include Customer and Partner OGs, with Inherit Setting

We’ve implemented Session Timeout configuration at a non-global OG level to enable customers to customize the configuration. From Session Management page in Settings, you can now configure Idle Session Timeout to customer and partner organization groups and apply it to child OGs with a default inheritance. For more information, see Session Management Settings.

    • Announcing Limited Availability of new intuitive page navigation for Workspace ONE UEM

We are introducing a new page navigation for Workspace ONE UEM. This new design is more intuitive for administrators, categorising similar functions together in the same main menu buttons. For more information, see the KB article.

  • Freestyle Orchestrator
    • Create new freestyle workflows only at the customer organization groups or below

New workflows can only be created at Customer Organization Groups or below. The New and Import buttons are deactivated at the non-qualifying OGs. For additional details, see Freestyle workflows only at Customer Organization Group or below.

  • iOS
    • We’ve added Rapid Security Responses to Compliance Policies

Compliance Policies now support Rapid Security Responses when configuring Compliance Rules based on the OS Version. Rapid Security Responses are treated as a distinct OS Version and obey the existing logical operators for Compliance evaluation. For example, iOS 17.0 < iOS 17.0 (a) < iOS 17.1. Refer to Compliance Policies for iOS Devices for more information on Rapid Security Responses.

    • We’ve added new Restrictions Keys

We have added new Restrictions keys that were introduced in iOS 17.2 and iOS 17.5. Such as:

    • Allow live voicemail (iOS 17.2 Supervised)
    • Force eSIM preservation on erase (iOS 17.2 Supervised)
    • Allow app installation from websites (iOS 17.5 Supervised)

For more information, see iOS Device Profiles.

  • Tunnel
    • We’ve updated Tunnel administration for enterprise management and monitoring capabilities (Limited Availability)

If you have multiple networks to manage or use cases for distinct organizations, you can now easily set up and manage multiple Tunnel environments in a single organization group. This simplifies the integration and distribution of apps and profiles and consolidates the view of their deployment. This update is part of the navigation updates to UEM and also includes new updates to Tunnel’s navigation and health metrics for monitoring your Tunnel deployment. For more information, refer to the KB article.

  • Windows
    • Check out more new Windows Security Baseline templates

We have added new templates for creating Microsoft and CIS Baselines for Windows 11 23H2. For more information, see Creating Baselines with a Template.

Workspace ONE Cloud Admin Hub 24.09.05

  • The Role Based Access Control feature is generally available (GA).
    • As an Organization Owner, you can add and manage your administrator’s Workspace ONE Intelligence and Workspace ONE UEM role assignments in Workspace ONE Cloud Admin Hub, provisioning a way for you to provide granular service access.
    • Seamlessly manage both federated and external administrators, and manage admin group role assignments. 
    • You can find the new page in Workspace ONE Cloud Admin Hub at Accounts > Administrators.
    • Find documentation at Roles Based Access Control.

Workspace ONE ITSM Connector - 6.0.0

  • As of this release, ITSM Connector is compatible with ServiceNow’s new UI Service Operations Workspace(SoW).

Now, incidents opened, viewed, and worked within the SoW will have all of the investigation and remediation capabilities of the ITSM Connector including:

    • Username/Serial Number Search
    • Device Information
    • Remote Assist
    • Clear/Change passcode
    • Install Apps/Profiles/Products
    • Execute Scripts/Workflows
    • All other features available in Version 5.5.0 (released in July 2024)

Omnissa Identity Service September 2024

  • Password Grant Flows

When a Workspace ONE UEM tenant is integrated with Omnissa Identity Service, end users are redirected to your Identity Provider (IdP) for SAML authentication when enrolling or checking out devices. A SAML-redirection is not possible on the device or client in some authentication flows. The Password Grant Flow feature, when enabled, allows SCIM-provisioned users to authenticate against your IdP when SAML-redirection is not available. Additionally, it enables certain basic user authentication flows. See Support for Certain Workspace ONE UEM Username and Password-based Flows for details of these flows. Also see Configure Workspace ONE UEM Settings for Identity Services for information on how to configure the new Password Grant setting.

VMware EUC Security Advisories: 

VMSA-2024-2018 - VMware Fusion

  • VMware Fusion update addresses a code-execution vulnerability (CVE-2024-38811)

Find latest advisories in the Omnissa Security Response Center

EUC UX Research Opportunities: 

  • Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
  • Interested in giving your opinion and making your voice heard? Check out what’s available!

WS1 Intelligence - Device Health/Refresh Dashboard

  • About: Dashboard to provide IT Admins with a comprehensive overview of their device fleet's health/refresh status. This will help to identify devices due for a refresh or suggest alternate next steps for their hardware and streamline the device refresh process. If you’re involved in managing physical devices and/or apps this is for you!
  • Opportunity: 5-minute drag and drop exercise where you’ll get a list of use cases and asked to sort which are a Must Have, Nice-to-Have, or a Wow Factor.
  • TAKE THE ACTIVITY HERE

KB Highlights & Announcements Week 36-24: 

StageNow barcode enrollment error due to special characters on Workspace ONE Zebra (2960289)

  • An issue has been discovered with certain special characters, including “@”, “/”, “\”, “:”, “;”, “,”, “?”, “$”, “&”, “=”, “+”, "!" within the Relay Server configuration for StageNow barcode enrollment.
  • If you have any special characters in the Relay Server > Device Connection for staging configuration, you will experience issues with StageNow barcode enrollment.

StageNow currently is not compatible with these special characters, resulting in an error display on the device after scanning the StageNow barcode for enrollment with Workspace ONE UEM. 

Event ID 1500 log spew in Windows VDI VMs Event Viewer (2147744)

A log spew of Event ID 1500 with the following general description can be seen in Event Viewer of Windows VDI VMs.

The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy.

High Priority KBs: 

Recently updated or added KBs (Links) 

Digital Workspace Techzone, Blog and YouTube Updates 

3rd Party Blog Updates & Industry News 

Sign up or LogIn [HERE] to get access to the latest Beta versions.


Patch & Seed Script Updates Week 36-24 

OS Updates Seed Script

  • iOS 17.6.1 (21G101), tvOS 17.6.1 (21M80)
  • Last Update: CW34

Seed Script for latest Device Model Information

  • Seed Script to support new iPad Air M2 and iPad Pro M4 models
  • Last update: CW30

 

Workspace ONE UEM 22.12

  • Patch Level 22.12.0.48
  • ARES-29546 - App details view page crashes when clicked on filters.
  • UM-8986 - With Read-only admin we are able to add admin account through batch import.
  • Last Update: CW28

 

Workspace ONE UEM 23.02

  • Patch Level 23.02.0.50
  • AMST-41536 - Redirect blob download request from DS to CDN when a branch is disabled.
  • Last Update: CW32

 

Workspace ONE UEM 23.06

  • Patch Level 23.06.0.40
  • MACOS-4881 Cannot Save any modified or new System extension macOS profiles
  • AMST-41994 Application installation status is not reporting correctly on UEM
  • Last Update: CW36

 

Workspace ONE UEM 23.10

  • Patch Level: 23.10.0.31
  • FCA-206903 - Push notification does not leave the log in the EventLog when the HUB service is enabled.
  • FCA-207109 - TOU list view miscounts number users when multiple language versions are set.
  • CRSVC-50186 - Prevent certificate from changing not in use status for 48 hours.
  • AMST-42013 - Seeding - latest SFD 23.10.3 build to UEM - 2310 release.
  • AMST-41960 - Application installation status is not reporting correctly on UEM.
  • AGGL-17044 - Highly intermittent failures in smart group reconciliation for Zebra devices where Make/Model criteria is used.
  • AGGL-16399 - Fix integration tests which are using deprecated API endpoints.
  • FCA-208096 - PhysicalMemory values missing in UEM devices/search API call.
  • Last Update: CW36

Workspace ONE UEM 24.02

  • Patch Level: 24.2.0.12
    • UM-9060 - Rocket/Spaceman error when trying to cancel pending records in Batch Status page.
    • UM-9042 - Editing an Admin account deactivates it.
    • PPAT-17120 - Tunnel test Connection Failed.
    • MACOS-4362 - Multiple certificates installed on device enrollment in mod enabled environment.
    • MACOS-3910 - Smart group assignment for the macOS internal app fails to be assigned for a couple of users devices. .
    • FS-5811 - Incoherence of devices number related to a specific Smart Group.
    • CRSVC-51417 - Modstack migration status alert not working.
    • CRSVC-50027 - Add Organization Group check to CA flow which sends unenrollment and non compliant for existing lingering devices for Microsoft tenant.
    • CRSVC-50025 - Add code block on UEM side to block Conditional access configured at any other customer OG if its already configured for once customer OG within same UEM environment.
    • ARES-29831 - Clicking on Internal App Name in Resources > Native > Internal Results in Spaceman Error.
    • ARES-29786 - Evaluated device details are getting listed under the Installed but not assigned tab after doing a refresh.
    • ARES-29785 - ‘Export’ from the Installed but not assigned tab in the Profile DT page shows “Something Unexpected Happened”.
    • ARES-29230 - When adding a new version of an app, during the completion criteria when pushing Add, an alert appears saying Leave or Cancel.
    • ARES-29119 - Application_Uuid is missing while running API call.
    • ARES-28503 - Summary tab is reporting incorrect number of installed profiles for macOS platform.
    • ARES-28364 - All system installed apps are getting listed in Managed app tab.
    • ARES-28244 - When we add 2 or more Geo fencing locations to the profile, only 1 Geo location is seen in UI.
    • ARES-27051 - Rule action isn’t reflecting on the autocomplete field type (default).
    • AMST-41872 - Seed Windows Hub 24.4.6.0 x86 Patch3 to UEM console - 2402.
    • AMST-41785 - Application is Getting re-install on click of publish button click in assign popup without doing anything.
    • AGGL-17149 - Android Restrictions JSON Exceeds Memcached Limit.
    • AGGL-17093 - Delete AMAPI Profile Owner enrolled Android device.
    • AAPP-17770 - iOS: Unable to retrieve the email address in “local identifier” for VPN profile.
    • AAPP-17695 - Improve logging on Apple notification API.
    • AAPP-16916 - Refreshing AppleCare Warrantly information is throwing error “PleaseCheckGSXSettings” for all Apple Devices.
    • Last Update: CW34

Workspace ONE UEM 2406

  • Initial Release
  • Last Update: CW36

 

 

 

 


Comments