Omnissa EUC Newsletter - Week 37

 

Upcoming Events 

Event	Link and description	Speakers	Date
Mastering User Experience Monitoring in Horizon	[Register Here] In today’s fast-paced digital workspace, ensuring a seamless and efficient user experience is paramount. Join us for an engaging session at the EUC TechInsights Webinar, where we will explore the latest innovations in monitoring Omnissa Horizon and accurately measuring user experiences. This session is designed for IT professionals, system administrators, and EUC specialists seeking to optimize their virtual desktop infrastructure (VDI) environments. We'll also dive into powerful new features, including: - RDSH application support - GPO load time breakdown for Horizon sessions - App Volumes integration - And more Don’t miss this opportunity to stay ahead of the curve in end-user computing. Whether you’re managing a small deployment or a large-scale Horizon environment, this session will equip you with the knowledge to ensure your users have the best possible experience.	Michael Young SME Digital Workspace at Omnissa	Sep 24, 2024 10:00 AM CET
Can You Spot the Phish?	[Register Here] Have your employees ever fallen for a phishing link from an executive or their reporting manager? What are the chances someone will click on a real phishing link? Join John Ethridge, Omnissa Workspace ONE Mobile Threat Defense Specialist and Andrew Olpin, Director of Sales Engineering from Lookout to learn how to protect your employees. This expert panel will share use cases, threat intelligence and discuss tactics and techniques hackers use in phishing campaigns. The panel will wrap up with tips on how organizations can tighten mobile security with Workspace ONE Mobile Threat Defense. #PhishingAwareness #CyberSecurity	John Ethridge: Workspace ONE Mobile Threat Defense Specialist, Omnissa; Andrew Olpin: Director of Sales Engineering, Lookout	Sep 24 2024, 7:00pm CEST
A Blueprint for Bouncing Back: Strengthening Business Resilience with the Omnissa Platform	[Register Here] When unexpected hits, will your business bend or break? In an era where disruptions can threaten the stability of any organization, continuity is essential. Join us to learn how the Omnissa Platform enhances business resilience and ensures continuous operations. We’ll explore innovative features so you can prepare for uncertainties, recover swiftly from disruptions, and maintain operational excellence. Whether you're aiming to fortify your current strategy or develop a new digital resilience plan, this session will equip you with the knowledge and tools to build a future-proof enterprise.	Bryan Vest, Product Marketing Manager	Sep 26 2024, 7:00pm CEST
Omnissa ONE	Omnissa customers, partners and end-user computing experts will soon convene at our new flagship, in person event – Omnissa ONE. From employee experience to management and security, the future of digital work starts here. Register in one of three locations. Register here	Shankar Iyer Chief Executive Officer Rob Ruelas Senior Vice President, Revenue Renu Upadhyay Senior Vice President, Marketing Bharath Rangarajan Senior Vice President, Product And others..	23rd October – 24th October 2024 Amsterdam September 26, 2024 Tokyo September 30 – October 1, 2024 Dallas
VMUG	Watch On-Demand webcasts here. Register for upcoming live webcasts here. Register for Regional VMUG events here.

Release Updates Week 37-24: 

Workspace ONE Intelligent Hub 24.08 for Linux

• Proxies Profile - With this release, proxy settings can be configured for enrolled Linux devices via a Workspace ONE UEM profile. This includes the ability to set a network proxy and global http proxy including the ability to set exceptions within the UEM profile. See the documentation for important notes and caveats.
• Support for Prompting User for Group ID during enrollment (Organizational Group) - With this release, a user can be prompted with available enrollment OGs during command line enrollment. To enable this, in Workspace ONE UEM, select "Prompt User To Select Group ID" under Settings > Device & Users > General > Enrollment > Grouping > Group ID Assignment Mode.
• Added support for reporting device UDID with ws1HubUtil - The Device UDID can now be retrieved device side by sending the following command: ws1HubUtil status --deviceinfo
• Bug Fixes

Workspace ONE Access Cloud September 2024

• Renewed App Policy Association Interface in Workspace ONE Access

App access policy assignment now has a new UI and improved workflow. The new policy assignment is now independent of the policy creation flow, allowing app assignment without editing a policy. The new UI lists apps with additional fields, supports multi-selection of apps for assignment, shows policy assignment conflicts, and offers better search and filtering.

• New Settings to Grant Omnissa Technical Support Access to Workspace ONE Access

New settings are now available to securely grant the Omnissa technical support team access to the Workspace ONE Access admin console to resolve or debug technical issues. You can now control when to allow the Omnissa technical support team access to your Workspace ONE Access admin console and can determine the role and duration of the access. By default, Omnissa support team’s access to your console is turned off. 

• Enhanced Availability and Faster Launches for Horizon Apps

Horizon connection servers now use a single service provider metadata across all servers in a Horizon pod. This enhancement significantly reduces metadata refresh time, leading to faster app launches and improved overall availability.

This enhancement is available with Workspace ONE Access Cloud, Workspace ONE Access connector 24.07 and later versions, and Horizon 8.13 and later versions.

• Workspace ONE Access Connector 24.07

Workspace ONE Access connector 24.07 is compatible with Workspace ONE Access Cloud, Workspace ONE Access On-premise 24.07, and Workspace ONE Access for FedRAMP.

• Resolved Issues for Connector 24.07

This connector release includes the following resolved issues:

• HW-200932: Resolved an issue where Active Directory over IWA directory sync was failing with safeguard violations. A configurable option for comparing only attributes for updates during directory sync is now available.
• HW-200972: Prevent parallel sync if both People Search photo sync and directory sync are configured for the same time.
• HW-204691: Resolved an issue with directory sync exiting due to communication channel errors. A configurable parameter is available to set the number of hours after which scheduled sync starts automatically if the directory sync service exits due to unexpected communication channel errors.

Horizon DaaS 9.2.3

• Support for Windows 11 and vTPM
  Windows 11-based Assignments with vTPM are now supported with Full Clone and Instant Clone Assignments.
• Dynamic NVidia vGPU card and profile support
  This release supports importing infrastructure with previously unsupported NVidia hardware, and automatically detecting the vGPU profiles available on that vCenter cluster.
• vGPU frame buffer quota management
  With this release, the possibility to partition vGPU frame buffer has been added. This function effectively limits the tenant to consume all vGPU capacity available on a cluster.

Workspace ONE Intelligence SDK 24.6.0 for iOS

• API deprecations and additions
• Location Data improvements

Workspace ONE Intelligence SDK 24.6.0 for Android

• Charging state change events now include a full Battery sample (data is stored within the Intelligence SDK > Battery subcategory)
• Carrier name is now supported with Network samples (data is stored within the Intelligence SDK > Network subcategory)
• An API now exists that allows the consuming application of the Intelligence SDK to read the DEX Telemetry that is locally stored
• Opt-Int and Out status APIs have been refactored to separate SDK and Telemetry Feature interaction

Workspace ONE Tunnel for Android 24.08

• We've introduced a Managed Configuration (KVP) which changes the cleanup behavior of Tunnel's VPN interface on a server timeout or disconnect event. This may be useful for applications that leverage bypass flows or rely heavily on UDP, such as VOIP applications.
• To enable this feature, add the following KVP to the ‘CustomSettings’ payload for the Tunnel app. The custom settings payload is available under the Application Configuration section for the Tunnel application.

KVP: DisableInterfaceReset | Value: true

Default Value: false

• This workflow will be enabled by default in an upcoming release of the Android Tunnel client.

Workspace ONE Tunnel for ChromeOS 24.08

• In this release, we’ve made a few updates containing general quality and performance improvements.

VMware EUC Security Advisories: 

>>> No new Security Advsisories this week <<<

Find latest advisories in the Omnissa Security Response Center

EUC UX Research Opportunities: 

• Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
• Interested in giving your opinion and making your voice heard? Check out what’s available!

WS1 Intelligence - Device Health/Refresh Dashboard

• About: Dashboard to provide IT Admins with a comprehensive overview of their device fleet's health/refresh status. This will help to identify devices due for a refresh or suggest alternate next steps for their hardware and streamline the device refresh process. If you’re involved in managing physical devices and/or apps this is for you!
• Opportunity: 5-minute drag and drop exercise where you’ll get a list of use cases and asked to sort which are a Must Have, Nice-to-Have, or a Wow Factor.
• TAKE THE ACTIVITY HERE

KB Highlights & Announcements Week 37-24: 

Apple Business Manager Update - Updated agreements

• On September 16, 2024, Apple will post updated agreements to Apple Business Manager. Once posted, an administrator will need to sign in to Apple Business Manager and accept the following agreements before you can enroll new devices or deploy new apps.
• For more information see the Apple Support article If Apple Business Manager, Apple Business Essentials, or Apple School Manager asks you to approve new terms and conditions.

Tagging Operations Behavior Change in Mod Stack Enabled Environments (6000180)

• With the introduction of “Mod Stack”, also known as Modern Architecture of UEM, Tagging operations (Add Tag to Device, Remove Tag from Device) behave slightly different compared to the previous architecture in terms of the subsequent actions of installing/removing resources like Apps, Profiles, etc.
• Previously, Tagging operations against devices will also result in a smart group membership update on the spot, subsequently a sync operation occurs, and as a result of it, commands to install/remove resources will be generated, and a push notification is also generated along with the commands.
• In Mod Stack environment, due to the Pull model design principle, which allows for significant performance benefits, UEM will not perform Smart Group update right away. Instead, the Smart Group evaluation will occur at the next check-in, also at the same time, Desired State Management will kick in to install/remove resources as necessary at that check-in session.

Android Management API Support in Workspace ONE UEM (6000185)

• This article provides an overview of supported functionality for Android devices managed using Android Management API in Workspace ONE UEM. Android Management API is a new approach to managing Android devices, and more information is available in our AMAPI Beta announcement. Android Management API is supported alongside Custom DPC, the traditional way of managing Android devices. As these two approaches are supported side by side, the features supported in each can vary. This article tracks what is supported in Android Management API and what releases of Workspace ONE UEM introduce new functionality.
• Note that Android Management API is only supported on Workspace ONE UEM environments that have our modern architecture enabled. For more information on our modern architecture, see related resources at the end of this article.

Unable to Inherit Lightweight Directory Access Protocol (LDAP) Settings from Top to Child Organization Group (OG) (50121199)

• Users unable to inherit Lightweight Directory Access Protocol (LDAP) settings from top to child organization group (OG). There is a directory configuration saved at the top OG. If you attempt to inherit Directory settings in child OG, the following error is received, "Save Failed Current LDAP definition has associated users / user groups."

Managing invalid Smart Groups in UEM (6000174)

• As we move forward with the rollout of the highly anticipated Modernized UEM SaaS Architecture, we're committed to making sure that our customers experience a smooth transition to the new system. During this preparation, our teams identified a few Smart Groups with invalid criteria in some customers’ environments.
• An Invalid Smart Group (invalid SGs) means it has at least one of the following invalid criteria.

1. Tags are added as criteria in the Smart Group, but no tags are currently on the selected list.
2. Organization Group is added as criteria in the Smart Group, but no specific Organization Group was added to the list.
3. User Group is added as criteria in the Smart Group, but no specific User Group was added to the list.

• These invalid SGs could see deviations in the devices assigned after migrating to the new UEM architecture. This could lead to discrepancies in the resources installed on these devices. This article will guide you in resolving these invalid Smart Groups.

Enable Screen Time Feature for Workspace ONE iOS devices with restrictions (50121176)

• iOS 12 introduced the Screen Time feature. Post-enrollment, you may see that this function is restricted on managed iOS devices.

In iOS 12 or later, if this setting is unchecked on the UEM console, this disables the "Enable ScreenTime" option in the ScreenTime UI in Settings and disables ScreenTime if already enabled.

• Note: For this restriction to take effect, it requires a supervised device, which is available in iOS 8 and later.
• Disclaimer: Omnissa  is not responsible for the reliability of any data, opinions, advice, or statements made on third-party websites. Inclusion of such links does not imply that Omnissa endorses, recommends, or accepts any responsibility for the content of such sites.

Omnissa Boxer Configuration when Google Play is Restricted (50121061)

• To configure Omnissa Boxer for end-users with no access to Google Play, first publish VMware Boxer as an internal application. This can be done using the Boxer APK from the My Workspace ONE portal. Next, you should add Omnissa Boxer as a public application in the console and configure the email settings here as required. The public application deployment type should be set to "on demand." Make sure that you assign the internal application and the public application to the same Assignment Group. 

High Priority KBs: 

• Omnissa new world link directory
  For an overview about links to customer portals and relevant information follow the above link.
• System Migration Changes Impacting Workspace ONE and Horizon Customers (97841)
  The end-user computing (EUC) division of Broadcom will transition from VMware-hosted systems to EUC-hosted systems in April and May 2024. This transition is part of our preparation to become a standalone entity following the pending acquisition of EUC by KKR.
• End of Life Announcement for the Legacy App Catalog in Workspace ONE UEM for SaaS UEM Customers (95774)
  We are announcing the End of Life (EOL) for the UEM Legacy Catalog for UEM SaaS customers only at this time. If you are a On-Premises UEM Customer, this notice does not impact you at this time, further communications will follow for timelines on migrating On-Premises UEM Customers to the Intelligent Hub App Catalog.
• Workspace ONE UEM - Updated requirements for on-premise cumulative patches (94706)
  The base GA version for current Workspace ONE UEM releases is being revised through updated installers. On-premise customers will need to consume a revised installer for a given major version before any future cumulative patches can be deployed for that major version. These revised installers are required to address compatibility issues with regular cumulative patches.
• Introducing Workspace ONE (WS1) UEM Next-Gen SaaS
  VMware is excited to announce that the resource management & tracking improvements, the first major feature-based milestone in the Workspace ONE UEM Modernization Journey, is now available for customer testing. These improvements will be enabled in limited testing environments (CN135) starting on Thursday August 24, 2023.

Recently updated or added KBs (Links) 

• Tagging Operations Behavior Change in Mod Stack Enabled Environments (6000180)
• Android Management API Support in Workspace ONE UEM (6000185)
• Omnissa Tunnel Proxy End of Support Life Announcement (87345)
• Unable to Inherit Lightweight Directory Access Protocol (LDAP) Settings from Top to Child Organization Group (OG) (50121199)
• Enable Screen Time Feature for Workspace ONE iOS devices with restrictions (50121176)
• Announcing Updates to the Page Navigation in the Workspace ONE UEM Console (97771)
• Replacement of the Windows Multi User Phase 1 feature (6000165)
• Omnissa Boxer Configuration when Google Play is Restricted (50121061)
• Error: "Logon failure: the user has not been granted the requested logon type at this computer" in Horizon Dass (2108331)
• Event ID 1500 log spew in Windows VDI VMs Event Viewer (2147744)
• Error "The handle is invalid" will be shown when user operate redirected printers very fast (60218)
• Support and Configuration of New Teams as a Published App (97785)
• In-product feedback(IPF) feature discontinued in Horizon Releases (97293)
• Managing invalid Smart Groups in UEM (6000174)
• Announcement: End of Life (EOL) for VMware Secure Access (6000166)
• Test connection for syslog is successful, however no logs seen in SIEM server (6000183)

Digital Workspace Techzone, Blog and YouTube Updates 

• Securing Workspace ONE UEM Windows Devices via Baselines and Profiles
• Software Update Enforcement for iOS Devices in Workspace ONE UEM

3rd Party Blog Updates & Industry News 

• Ruben Spruijt: Ruben's EUC Industry Bento Box - September 2024

Beta, Lab and Tech Preview Updates 

WS1 Boxer 24.09 for iOS

• Reply To and Forward emails, received as .eml attachments

• Users are now able to reply to/forward emails that they receive as .eml attachments.
• The feature is controlled through application-level boolean KVP EnableAttachedMessageInteraction . The default value is false.
• When EnableAttachedMessageInteraction = true a reply button in .eml files is presented.
• When Reply, Reply All, or Forward are selected, the email is loaded in a new compose screen like when a regular email is replied or forwarded.
• All the attributes of the .eml attachment are preserved in the new email.

• Quality improvements and crash fixes

WS1 Boxer 24.09 for Android

• Reply To and Forward emails, received as .eml attachments

• Users are now able to reply to/forward emails that they receive as .eml attachments.
• The feature is controlled through application-level boolean KVP EnableAttachedMessageInteraction . The default value is false.
• When EnableAttachedMessageInteraction = true a reply button in .eml files is presented.
• When Reply, Reply All, or Forward are selected, the email is loaded in a new compose screen like when a regular email is replied or forwarded.
• All the attributes of the .eml attachment are preserved in the new email.

• Debug menu is depricated

• Users won’t be able to access the debug menu anymore.
• “Attachments New UI” setting is moved in Settings → Advanced → Enable features.
• “Enable verbose debug logging” is moved in Settings → Advanced (Section “Other“).

• Bugs Fixed

• BINXA-20176[Email Search] There are no search results when queries are made with Chinese letters
• BINXA-20189[UI/UX] Incorrect error message "Save attachment failed" appears when saved draft with attachment is opened

Sign up or LogIn [HERE] to get access to the latest Beta versions.

September Software Releases  

System	Component	Release	Announcement	Release Date
Backend	Console SAAS	24.06	Release Notes	02.09.24
macOS	Hub	24.07	Release Notes	05.09.24
Android	Hub	24.07	Release Notes	05.09.24
Android	Tunnel	24.08	Release Notes	12.09.24
Backend	ITSM Connector for ServiceNow	6.0	Release Notes	05.09.24
Backend	Omnissa Identity Services	September 2024	Release Notes	05.09.24
iOS	Intelligence SDK	24.06	Intelligence SDK for iOS	06.09.24
Android	Intelligence SDK	24.06	Intelligence SDK for Android	06.09.24
Backend	WS1 Access Cloud	September 2024	Release Notes	05.09.24
Linux	Hub	24.08	Release Notes	11.09.24
Horizon	Horizon DaaS	9.2.3	Release Notes	11.09.24
ChromeOS	Tunnel	24.08	Release Notes	12.09.24

Patch & Seed Script Updates Week 37-24 

OS Updates Seed Script

• iOS 17.7.0 (21H16), iOS 18.0.0(22A3354), tvOs 18.0.0(22J357), macOS 15.0.0 (24A335), visionOs 2.0.0 (22N320)
• Last Update: CW37

Seed Script for latest Device Model Information

• Seed Script to support new iPad Air M2 and iPad Pro M4 models
• Last update: CW30

 

Workspace ONE UEM 23.02

• Patch Level 23.02.0.50
• AMST-41536 - Redirect blob download request from DS to CDN when a branch is disabled.
• Last Update: CW32

 

Workspace ONE UEM 23.06

• Patch Level 23.06.0.40
• MACOS-4881 Cannot Save any modified or new System extension macOS profiles
• AMST-41994 Application installation status is not reporting correctly on UEM
• Last Update: CW36

 

Workspace ONE UEM 23.10

• Patch Level: 23.10.0.32
• PPAT-17434 - Tunnel client not reconnecting once device regains compliance.
• FCA-207834 - Pendo account ID being incorrectly captured as the same across multiple customer Organization Groups.
• ARES-29486 - APIs for uploading the logs using Multipart and fetching LUT fails if Workspace ONE apps are not assigned to Organization Group.
• ARES-27803 - Device Security Posture report profile “Pending Installs” count inconsistency.
• Last Update: CW37

Workspace ONE UEM 24.02

• Patch Level: 24.2.0.13 + 14 + 15

• Patch 13
• FCA-207518 - Alignment is improper for workflow “name” field.
• CRSVC-52157 - Profile events are not emitting while triggering snapshot.
• CRSVC-51337 - Status is null in sample (Profile and Selective Profile List Sample).
• CRSVC-50493 - CRS update full state API request contract.
• ARES-29711 - Devices receive app assignments while in exclusion groups.
• ARES-29538 - Add a new section for “Installed but not assigned” devices and move them out from the Evaluated tab.
• AAPP-17458 - Improve ExternallyRedeemedLicense job to process the license in batches.
• AAPP-17220 - Update stored procedure to support V2 flow.
• Patch 14
• RUGG-13180 - Unable to sort manifests in products.
• RUGG-12991 - Unable to create a custom attribute with double-byte alphanumeric through API.
• PPAT-17434 - Tunnel client not reconnecting once device regains compliance.
• PPAT-17309 - Multi-Factor authentication in allowlist table for tunnel payload.
• MACOS-4394 - Getting incorrect XML request from Hub in checkin.
• FCA-208400 - CSP violation in bing endpoint.
• FCA-207895 - The UEM console requests an incorrect request at the landing page for the admin user who enables two-factor authentication and configures the landing page.
• ESI-111 - Admin is assigned Console Admin role when assigned both platform and UEM roles through RBAC admin groups.
• CRSVC-50186 - Prevent certificate from changing not in use status for 48 hours.
• ARES-30008 - Boxer account details are not populated automatically on fresh installs.
• ARES-29876 - On the console, receiving “page not found” error, ss attached, while clicking on Query button at the following path: Resources> Apps> Internal> 3CX Desktop App (or any other app for that matter)> Devices > Query.
• ARES-29304 - Remove customization API call made for Apps and Profiles DT devices grids.
• AMST-42040 - Seed Windows Hub 24.4.8.0 x86 Patch 4 to UEM console - 2406. 
• AMST-42025 - Update p2p branch cache log level. 
• AMST-42016 - Seeding - latest SFD 23.10.3 build to UEM - 2406 release. 
• AMST-41999 - The string “Multi-User” is hardcode on the device details page.
• AMST-41997 - Application installation status is not reporting correctly on UEM.
• AMST-41992 - Update p2p branch cache log level
• AMST-41960 - Application installation status is not reporting correctly on UEM.
• AMST-41868 - Seed Windows Hub 24.4.6.0 x86 Patch3 to UEM console master.
• AMST-41786 - Seeding - latest SFD 23.10.3 build to UEM master release.
• AMST-41764 - Sensor & Script: Remove Search Hub dependency from the APIs.
• AMST-41671 - The string “Multi-User” is hardcoded on the device details page.
• AMST-41446 - After removing the Windows update profile, some registry for updates remains on the device.
• AMST-41285 - Seed Windows Hub 24.4.2.0 x86 to UEM console master.
• AMST-40348 - Sensor and Script: Remove search Hub dependency. 
• AGGL-17307 - Fix integration tests that are using deprecated API endpoints.
• AGGL-17248 - To deploy apps through the new devicepolicy API, update autoupdatepriority value for apps to 0.
• AGGL-17234 - Fix Lookup field resolution for app configs when using new devices.
• AGGL-17200 - Internal apps are removed through Google EMM APIs during CICO with PlayEmmDeprecationForAppPublishFeatureFlag enabled.
• AGGL-17115 - Application configuration inconsistent behavior for check in check out user on Android devices.
• AGGL-16757 - Unable to click continue on Enrollment Configuration Wizard
• AGGL-16399 - Fix Integration tests that are using deprecated API endpoints.
• Patch 15
• FCA-208390 - The “Apply” button on Filters does not work when the devices list is opened from the Assignment Groups page.
• FCA-207834 - Pendo account ID being incorrectly captured as the same across multiple customer OGs.
• ESI-102 - Hub app does not load mydevices in the Support tab for users with large amount of devices.
• ESI-186 - DST read after write issue of device records.
• CMSVC-18184 - Disable Smart Group Tenancy Correction support from UEM production environments. 
• ARES-29486 - APIs for uploading the logs using Multipart and fetching LUT fails if WS1 apps are not assigned to OG.
• AMST-42084 - Seed Windows Hub 24.4.10.0 x86 to UEM console - 2402. 
• AMST-41802 - Time zone displayed in the Scripts tab is different from the Execution logs. 
• AMST-41953 - Reassignment admin actions were not being displayed. 
• AAPP-17923 - Update the VPP Notification Status Sync Job to discard the duplicate notifications.
• Last Update: CW37

Workspace ONE UEM 2406

• Initial Release
• Last Update: CW36