Release Updates Week 43-24:
Conditional Access for Horizon Cloud Service Next-Gen apps and desktops
Omnissa Accesss conditional access is now available for Omnissa Horizon® Cloud Service Next-Gen apps and desktops. Conditional access allows organizations to use the context of a user or device such as the network range, group membership, or type of device to determine the user’s authentication requirements and application access rights.
Omnissa Access customers can implement conditional access rules for SaaS apps such as Workday and Salesforce or for virtual apps such as Horizon desktops or published apps. With this release, conditional access is now extended to Horizon Cloud Service Next-Gen apps and desktops as well.
Administrators can now set conditional access policies within the Access UI for their Horizon and Horizon Cloud Service Next-Gen desktops and apps. Horizon and Horizon Cloud Service Next-Gen will be able to enforce conditional policies when the user accesses entitlements through the Omnissa Workspace ONE® Intelligent Hub web client or through Horizon clients.
Google Chrome Enterprise Device Trust Signals Support
We are excited to introduce support for Google Chrome Enterprise Device Trust signals in Omnissa Access. This feature enables Omnissa to retrieve device security signals from Windows, MacOS and ChromeOS devices running the Google Chrome browser, providing enhanced security for unmanaged and third-party managed devices.
Key Features:
- Device Signal Verification: Verify the security posture of ChromeOS, Windows, and MacOS devices using Google’s Device Trust.
- Bring Your Own Device (BYOD) & Contractor Device Risk Management: Omnissa Access can now enforce conditional access rules based on device signals to manage risks posed by employee-owned or third-party devices, such as contractor use-cases.
Supported Signals:
- Disk Encryption: Ensures access is granted only to devices with encrypted drives
- Firewall Status: Only devices with active firewalls can access resources
- Screen Lock: Verifies devices have screen lock enabled before granting access
This integration simplifies security for BYOD and contractor devices through seamless posture verification without the requirement for these devices to be managed.
Omnissa Access Cloud and Hub Services available now in Singapore Region
Omnissa Access Cloud and Omnissa Workspace ONE® Hub Services are now available as a cloud service hosted in the Singapore region. Availability in the Singapore region improves performance and availability, and reduces latency for Access and Hub Services customers in the region. Expansion to the Singapore region is aimed at addressing the growing demand for Access and Hub Services in the region and regional customers can now meet the data residency and compliance requirements.
Entra ID MFA integration using RADIUS
Omnissa Access now supports integration with Microsoft Entra ID MFA as an additional authentication method using RADIUS integration. This option is available in addition to the federation-based Entra ID MFA integration and benefits customers who cannot use browser redirections during MFA. Users can log in to Omnissa Access using their existing authentication methods, and then can be authenticated with the Entra ID MFA without an additional Entra ID login prompt. This feature simplifies the user experience while adding the feature-rich Entra MFA capabilities to Omnissa Access authentication.
Enhancements to the Application Terms of Use for Hub Windows
The following improvements have been made to the Application Terms of Use functionality:
- Due Date Display: Pending Application TOU cards in the Hub app now display the due date, ensuring users are aware of the deadline to accept the TOU and take necessary action before the expiration.
- Dynamic TOU Title: The TOU title now accurately reflects the title set by the admin in the Workspace ONE UEM admin console, replacing the previous static, hard-coded title. This update ensures the displayed title matches what is configured in Workspace ONE UEM.
This enhancement requires Workspace ONE UEM version 2410 or higher.
Enhancements to the Enrollment Terms of Use for Hub Web and Windows
The following updates have been made to improve the Application Terms of Use (TOU) functionality:
- Access to Previously Accepted TOU: Users can now view previously accepted TOUs, which is beneficial for auditing and record-keeping.
- Dynamic TOU Titles: The TOU title now correctly reflects the title set by the admin in the Workspace ONE UEM console, replacing the old static, hard-coded title. This ensures that the displayed title is always aligned with the Workspace ONE UEM configuration.
This enhancement requires Workspace ONE UEM version 2410 or higher.
Support for Custom Notification Expiry Dates
The Hub Services admin console now enables administrators to set custom expiry dates for notifications. Once the specified expiry date is reached, notifications are automatically removed from the end user’s view in both the For You and History sections. This feature allows administrators to better manage the visibility of notifications, ensuring that employees only see the most current and relevant information. By automatically clearing outdated messages, this enhancement helps reduce clutter and improves the overall user experience.
Support for Conditional Access for Horizon Cloud Service Next-Gen apps and desktops on Hub Web and Windows
The Hub Services app catalog on Hub Web and Windows now applies Omnissa Access conditional access policies to Omnissa Horizon Cloud Service Next-Gen applications and desktops. This ensures that user access is securely managed and aligned with your organization’s security requirements.
Hub Web now enforces Default Workspace ONE Access Login Policy
Previously, Hub Web did not enforce the default Omnissa Access login policies, potentially allowing attackers to bypass configured policies and gain unauthorized access to the Hub Services catalog. This issue has now been resolved by updating Hub Web to fully adhere to Omnissa Access login policies, ensuring enhanced security. As a result, users may notice changes in the Hub Web app’s behaviour.
Workspace ONE Identity Services
- We are deprecating the Windows Approve Patch action in the Omnissa Workspace ONE UEM Workflow Connector.
- This change is required due to the deprecation of this functionality by Microsoft.
- With this change, you can no longer select the Approve Patch action when creating a new workflow or editing an existing workflow.
- Existing workflows containing this action will continue to execute, however, as described in the knowledge base article, this Approve Patch action is not supported by Microsoft and will not produce consistent results.
- Next steps:
- Review and plan: Assess your current use of the Windows Update approval functionality and identify any dependencies.
- Transition: Begin transitioning your update approval processes to the Windows best practice recommendation, the ring model. To learn more about the ring model, please read the Omnissa Tech Zone article, Managing Updates for Windows Devices: Workspace ONE Operational Tutorial.
- If your Omnissa Workspace ONE UEM Workflow Connector is unauthorized, the system now notifies you weekly.
- The system will send you both Email and In-App Notifications weekly, if the UEM Workflow Connector is not authorized.
- UEM Workflow Connectors are not authorized for various reasons. For example, expired passwords or incorrect connector configuration can cause this status.
- Leaving the connector in an unauthorized status results in the workflows leveraging this connector failing to execute.
- The notification contains instructions on how to fix the UEM Workflow Connector.
- We updated Table charts so that you can add up to three measures in custom widgets.
New Apple Builds Are Now Available
New builds of the following software are now available:
- iOS & iPadOS 18.2, Beta 1 (22C5109p)
- macOS 15.2 Sequoia, Beta 1 (24C5057p)
- tvOS 18.1, RC2 (22J580)
- Mac Evaluation Utility 4.6.3
- iOS & iPadOS 18.1, RC (22B82)
- macOS 15.1 Sequoia, RC (24B82)
- tvOS 18.1, RC (22J578)
- visionOS 2.1, RC2 (22N581)
- watchOS 11.1, RC (22R582)
- Additional content available:
- Mac Evaluation Utility 4.6.3
Workspace ONE Intelligent Hub 24.09.1 for Android
- This release includes bug fixes to enhance your Hub experience.
- AAGNT-200554 - Hub version 24.09.0.588 is failing product installs.
Workspace ONE Tunnel 24.08.1 for iOS
- In this release, we’ve made a few updates containing general quality and performance improvements with no new features.
- PPAT-17850 - Unable to connect to the Tunnel service on UAG deployments that make use of TLS Port Sharing for multiple edge services.
Current Omnissa Security Advisories
>>> No new Security Advisories this week <<<
Find latest advisories in the Omnissa Security Response Center
EUC UX Research Opportunities:
- Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
- Interested in giving your opinion and making your voice heard? Check out what’s available!
Workspace One Intelligence - AI and Playbooks (NEW FEATURE)
- About: To understand expectations and concerns with using AI in the Playbooks feature, and how much you’d trust it.
- Opportunity: Variety of interactive group workshops and 1x1 conversations via Zoom. You’ll receive Omnissa swag upon completing the interview.
- SIGN UP HERE.
KB Highlights & Announcements Week 43-24:
Redesigning the Omnissa Platform experience with a customer focus
- Born from a two-decades-long, rich legacy with thousands of customers, we embraced a new ownership and name on July 1, 2024, as Omnissa. This turning point marked an auspicious moment for a “redesign” — a strategic product-led initiative to introduce a fresh look and user experience for the Omnissa Platform, which features the industry-leading product suites Omnissa Workspace ONE® and Omnissa Horizon®.
- Dedicated to making digital work, work, the Omnissa Platform has undergone a significant transformation since its inception. This blog explains how we are reinventing the platform experience, and how these changes continue to reflect a deep commitment to customer value. I hope you will understand this evolution is much more than a mere change in logo; it encapsulates a journey of growth, adaptation, and reimagined purpose.
CrowdStrike and Omnissa partner to secure virtual and physical desktops
- AI-native cybersecurity and digital work platform integration delivers real-time threat detection and automated remediation to natively secure virtual and physical environments; optimizes work experience and productivity
- CrowdStrike (NASDAQ: CRWD) and Omnissa, a leading digital work platform company, today announced a collaboration to deliver real-time threat detection and automated remediation for Virtual Desktop Infrastructure (VDI) and physical desktop environments while improving customers’ digital work experience and productivity.
IT teams are challenged to manage both the complexity of hybrid work and employee expectations for a customized work experience. Millions of devices and applications are deployed to support workplace demands, increasing exposure to both new and more sophisticated cyber threats. Integrating the Omnissa Platform – built on Horizon® and Workspace ONE® – with the CrowdStrike Falcon® cybersecurity platform will combine the best of virtual desktop and app management, unified endpoint management (UEM), and endpoint security. This will empower organizations with greater threat visibility and interconnected threat detection and remediation for increased cyber resiliency in virtual environments.
- FAQ for Omnissa Horizon combined offering with VMware vSphere Foundation for VDI
Workspace ONE UEM: Kiosk Profile Limitations for Windows 11 (6000368)
- When attempting to deploy a multi-app kiosk profile via Workspace ONE UEM on Windows 11 devices, administrators encounter configuration failures, where profiles either do not load as expected or specific apps fail to launch. Users may also see default Windows menus and applications that were intended to be restricted by the kiosk.
Horizon CloudPod failed to join due to Server Unreachable error (6000370)
- When you attempt to join a Horizon cluster to another or to an existing CloudPod instance, you receive the error below.
- To determine the error, open adsi edit on the connection server you are currently on and connect to the local adam database.
- On the debug log on the remote server you attempted to connect to during the join, you will see that the process just stopped without error.
The debug logs are located in c:\program data\vmware\vdm\log and are date stamped.
[AAGNT-200554] Products fail to install on Android devices on Intelligent Hub 24.09 (6000366)
- When an Android device installs a Product containing either of the following manifest steps, Workspace ONE Intelligent Hub downloads a file as part of execution of the product manifest:
- A Files/Actions containing files
- An Application
- If an Android device on Workspace ONE Intelligent Hub 24.09 attempts to download Product files directly from Workspace ONE UEM or from a CDN, the file download will fail. The administrator will see that in the Workspace ONE UEM Console, the Product and job status for the device are “Non-compliant - Failed” and “Failed”, respectively.
- The error "Device with UDID ‘X’ is not registered for Remote Management" appears when initiating a Workspace One Assist session from the UEM Console.
- During device re-enrollment for Assist, the device's UDID was truncated, leading to registration check failures.
- A fix has been applied to all SaaS Assist instances. For On-Prem deployments, the fix will be included in the v24.08 release. This KB article will be updated accordingly.
High Priority KBs:
- Omnissa new world link directory
For an overview about links to customer portals and relevant information follow the above link. - Workspace ONE UEM – Modern SaaS Architecture Rollout (6000206)
Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including the new Modern Stack, will be deployed to UEM SaaS environments over the next several months. Also review: Introducing Workspace ONE (WS1) UEM Next-Gen SaaS. - System Migration Changes Impacting Workspace ONE and Horizon Customers (97841)
The end-user computing (EUC) division of Broadcom will transition from VMware-hosted systems to EUC-hosted systems in April and May 2024. This transition is part of our preparation to become a standalone entity following the pending acquisition of EUC by KKR. - End of Life Announcement for the Legacy App Catalog in Workspace ONE UEM for SaaS UEM Customers (95774)
We are announcing the End of Life (EOL) for the UEM Legacy Catalog for UEM SaaS customers only at this time. If you are a On-Premises UEM Customer, this notice does not impact you at this time, further communications will follow for timelines on migrating On-Premises UEM Customers to the Intelligent Hub App Catalog.
Recently updated or added KBs (Links)
- Device with UDID Not Registered for Remote Management Error in when initiating an Assist session (6000371)
- [AAGNT-200554] Products fail to install on Android devices on Intelligent Hub 24.09 (6000366)
- Workspace ONE UEM: Kiosk Profile Limitations for Windows 11 (6000368)
- Workspace ONE UEM - Configure Idle Session Timeout for Directory and Basic administrators (97395)
- HW-214055: Workspace ONE Access 24.07 patches to fix upgrade issues and liquidate issue on the DROP sequence
- Changing Root Password for Unified Access Gateway (UAG) (50121028)
- Upcoming Workspace ONE UEM AWS(Amazon Web Services) Datacenter migrations (6000144)
- [Resolved] iOS Tunnel 24.08 TLS Handshake failed (6000365)
- Horizon CloudPod failed to join due to Server Unreachable error (6000370)
- Omnissa Horizon Connection Server Reinstallation Process (6000190)
- How the TAP Program Partner Open Technical Case (6000369)
Digital Workspace Techzone, Blog and YouTube Updates
- Introducing Workspace ONE UEM Smart Group Based Configuration of Workspace ONE Mobile Threat
- CrowdStrike and Omnissa partner to secure virtual and physical desktops
- What Is Workspace ONE Unified Endpoint Management (UEM)?
- Enrolling Windows Devices using Command-Line
3rd Party Blog Updates & Industry News
- VDI Hub: Blast Configurator
- Crowdstrike: CrowdStrike and Omnissa Partner to Secure Virtual and Physical Desktops
Beta, Lab and Tech Preview Updates
- Screenshots and recordings will be obfuscated if the admin disables the screenshot feature.
- Bugs Fixed:
- ISCL-184027 - User is prompted multiple times for repository authentication
- ISCL-184016 - iOS content app crash while opening .msg file
WS1 Intelligent Hub 24.10 for iOS
- Legacy Catalog EOL Notice: The Legacy Catalog in UEM for SaaS UEM Customers will be EOGS on August 31, 2024 and EOL on October 31, 2024. Refer to KB article for details.
- Note: Workspace ONE Access is required for migration and if not already configured in your environment, you need to configure it. If you are using the App Catalog in Intelligent Hub, then you are already migrated and no action is needed. This applies for all platforms (iOS, Android, macOS, Windows).
- Support for deep linking into the All Apps Category. This allows for admins to deploy a web clip that deep links into the Intelligent Hub app and takes users to the All Apps screen like users were used to from the Legacy Catalog.
- wsonehub://apps/category?name=AllApps
- Support for deep linking to check in (log out) users in check-in/check-out scenarios. This allows admins to deploy a web clip that deep links into Intelligent Hub and trigger the log out process for users.
- wsonehub://logout
Sign up or LogIn [HERE] to get access to the latest Beta versions.
October Software Releases
System | Component | Release | Announcement | Release Date |
iOS | Hub | 24.08.1 | 30.09.24 | |
Android | Boxer | 24.09 | 01.10.24 | |
Backend | WS1 Intelligence | 24.09.30 | 30.09.24 | |
Android | Hub | 24.09 | staged | |
Android | Content | 24.09 | 15.10.24 | |
iOS | Boxer | 24.10 | 10.10.24 | |
iOS | Content | 24.08.1 | 10.10.24 | |
Windows | Tunnel Win10 | 24.08 | 10.10.24 | |
Backend | WS1 Intelligence | 24.10.07 | 07.10.24 | |
iOS | Web | 24.08 | 04.10.24 | |
iOS | Tunnel | 24.08 | 14.10.24 | |
Android | Zebra MX Service | 6.1 | 11.10.24 | |
Android | Hub | 24.09.1 | 21.10.24 | |
iOS | Tunnel | 24.08.1 | 18.10.24 | |
Backend | WS1 Intelligence | 24.10.21 | 21.10.24 | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Patch & Seed Script Updates Week 43-24
- iOS 18.0.1 (22A3370) and macOS 15.0.1 (24A348)
- Last Update: CW41
Seed Script for latest Device Model Information
- Seed Script to support
- iPhone 16
iPhone 16 Plus
iPhone 16 Pro
iPhone 16 Pro Max
- Last update: CW40
- Patch Level 23.02.0.52
- PPAT-17448 - Tunnel client not reconnecting once the device regains compliance.
- MACOS-4942 - Smart group assignment for the macOS internal app fails to be assigned for a couple of users’ devices.
- CRSVC-51130 - Add code block on the UEM side to block Conditional access configured at any other customer OG if it is already configured for once customer OG within same UEM environment.
- AMST-42076 - Time zone displayed in Scripts tab is different from the Execution logs.
- Last Update: CW38
- Patch Level 23.06.0.41
- MACOS-4815 - macOS device model seeding API implementation.
- CMSVC-18185 - Disable smart group tenancy correction support from UEM production environments.
- ARES-30025 - DDUI - Removing new smart group assignment clears existing smart groups.
- AMST-42069 - Time zone displayed in the Scripts tab is different from the Execution logs.
- AAPP-17951 - Update the VPP notification status sync job to discard the duplicate notifications.
- Last Update: CW38
•Patch level 23.10.0.36
- PPAT-17066 - Improvement to prevent crash of DDUI profile page if tunnel health is down.
- UM-9174 - Unable to switch basic users to AD users through the User Migration tool.
- Last Update: CW41
- Patch Level: 24.2.0.17+18
- 24.2.0.17
- UM-9294 - Attribute sync is failing post upgrade to 2402 console version.
- UM-9173 - Page crashes when trying to load user group list view page.
- UM-9083 - Issue with Directory Admin login after making any changes to the admin role or account.
- UM-9079 - Connections to LDAP/AD needs timeout.
- PPAT-17160 - Update UEM Tunnel Service to .NET 8.
- CRSVC-52975 - Request getting rejected in Boeing with 429 error.
- CRSVC-46583 - Migrate DSM service code to .NET 8.0.
- CMSVC-18231 - Smart group rules are being removed from evaluation flow during device event race condition.
- ARES-30227 - Add logs for adding profile assignment.
- ARES-30171 - Incorrect profile DT page counts of child OGs.
- ARES-29939 - Unable to save Boxer configuration in the UEM console (multiple customers).
- ARES-29837 - Update the version of .Net Referenced by Metadata Transform Service to 8.0.
- AMST-42162 - Seed Windows Hub 24.4.11.0 x86 and ARM64 MSI to the UEM console master.
- 24.2.0.18
- UM-9168 - Scim user API throws error while patching user data if the path is not supported and value is empty or null.
- AGGL-17044 - Highly intermittent failures in Smart Group Reconciliation for Zebra Devices where Make/Model criteria is used.
- UM-9174 - Unable to switch basic users to AD users through the User Migration tool
- PPAT-17066 - Improvement to prevent crash of DDUI profile page if tunnel health is down.
- CMCM-191091 - Duplicate entries returned for new folder resources created on the NFS repositories.
- CMCM-191121 - Content locker application shows foreign folder names and intermittent issues with files missing or displaced.
- ESI-109 - Improve logging for email notification flow.
- Last Update: CW42
- Patch Level: 24.6.0.6+7
- 24.6.0.6
- AAPP-18129 - Single app mode profile not installing on iOS devices.
- 24.6.0.7
- AAPP-18129 - Single app mode profile not installing on iOS devices.
- AAPP-18134 - Delayed UI reporting of profile or app installation statuses.
- Last Update: CW41
Comments
Post a Comment