Omnissa Newsletter - Week 45

 

Release Updates Week 45-24:

Workspace ONE Access

 

What’s New in November 2024

 

Conditional Access for Horizon Cloud Service Next-Gen apps and desktops

 

Omnissa Accesss conditional access is now available for Omnissa Horizon® Cloud Service Next-Gen apps and desktops. Conditional access allows organizations to use the context of a user or device such as the network range, group membership, or type of device to determine the user’s authentication requirements and application access rights.

 

Omnissa Access customers can implement conditional access rules for SaaS apps such as Workday and Salesforce or for virtual apps such as Horizon desktops or published apps. With this release, conditional access is now extended to Horizon Cloud Service Next-Gen apps and desktops as well.

 

Administrators can now set conditional access policies within the Access UI for their Horizon and Horizon Cloud Service Next-Gen desktops and apps. Horizon and Horizon Cloud Service Next-Gen will be able to enforce conditional policies when the user accesses entitlements through the Omnissa Workspace ONE® Intelligent Hub web client or through Horizon clients.

 

 

 

Workspace ONE Hub Services 

Enhancements to the Application Terms of Use for Hub Windows

 

The following improvements have been made to the Application Terms of Use functionality:

• Due Date Display: Pending Application TOU cards in the Hub app now display the due date, ensuring users are aware of the deadline to accept the TOU and take necessary action before the expiration.
• Dynamic TOU Title: The TOU title now accurately reflects the title set by the admin in the Workspace ONE UEM admin console, replacing the previous static, hard-coded title. This update ensures the displayed title matches what is configured in Workspace ONE UEM.

 

This enhancement requires Workspace ONE UEM version 2410 or higher.

 

Enhancements to the Enrollment Terms of Use for Hub Web and Windows

 

The following updates have been made to improve the Application Terms of Use (TOU) functionality:

• Access to Previously Accepted TOU: Users can now view previously accepted TOUs, which is beneficial for auditing and record-keeping.
• Dynamic TOU Titles: The TOU title now correctly reflects the title set by the admin in the Workspace ONE UEM console, replacing the old static, hard-coded title. This ensures that the displayed title is always aligned with the Workspace ONE UEM configuration.

 

This enhancement requires Workspace ONE UEM version 2410 or higher. 

Support for Custom Notification Expiry Dates

 

The Hub Services admin console now enables administrators to set custom expiry dates for notifications. Once the specified expiry date is reached, notifications are automatically removed from the end user’s view in both the For You and History sections. This feature allows administrators to better manage the visibility of notifications, ensuring that employees only see the most current and relevant information. By automatically clearing outdated messages, this enhancement helps reduce clutter and improves the overall user experience.

 

Support for Conditional Access for Horizon Cloud Service Next-Gen apps and desktops on Hub Web and Windows

 

The Hub Services app catalog on Hub Web and Windows now applies Omnissa Access conditional access policies to Omnissa Horizon Cloud Service Next-Gen applications and desktops. This ensures that user access is securely managed and aligned with your organization’s security requirements.

 

Hub Web now enforces Default Workspace ONE Access Login Policy

 

Previously, Hub Web did not enforce the default Omnissa Access login policies, potentially allowing attackers to bypass configured policies and gain unauthorized access to the Hub Services catalog. This issue has now been resolved by updating Hub Web to fully adhere to Omnissa Access login policies, ensuring enhanced security. As a result, users may notice changes in the Hub Web app’s behaviour.

 

 

Workspace ONE Identity Services

Workspace ONE Access

Workspace ONE Hub Services

Workspace ONE Access FedRAMP

 

DSaaS and On Prem Availability of Workspace ONE UEM 2406

• Resource Delivery Optimization: We’ve optimized our platform for enhanced performance. With Resource Delivery Optimization and Desired State Management powering these improvements, resource delivery is set to be faster than ever while introducing an improved experience for monitoring deployment progress. For more information on monitoring deployment progress, see https://docs.omnissa.com/bundle/MobileApplicationManagementVSaaS/page/TrackingAndMonitoringDeploymentOfApplicationsAndProfiles.html.
• Device List View Performance Enhancements: We’ve significantly improved performance for the admin experience, ensuring the Device List View screen and global search for devices load seamlessly in just seconds, even in large environments.
• Global Search for Devices: We’ve enhanced global search. You can now find devices by simply entering the search string - no wildcards (*) needed. Additionally, the ‘Search in List’ seamlessly redirects to the Device List View, automatically filtering it based on the search string.
• Scalability: The Modern Stack Services are built to effortlessly to scale with your growing needs, whether you’re a small startup or a large enterprise. From handling increased device traffic to accommodating expanding use cases, our Modern Stack services are designed to adapt and thrive alongside your business.
• Continuous Integration / Continuous Deployment (CICD): CICD speeds up the feature development process and allows you to access features, bug fixes, and security patches faster. The development and deployment velocity increase is coupled with the enhancement and addition of automated quality gates for an overall improved software experience.
• Windows Multi-User: Workspace ONE will by default be able to manage Windows devices with multiple users, modifying the enrolled user based on who has successfully logged in last. This enhancement simplifies the administrative process and improves the overall management of Windows devices within an organization, but be sure to use device assigned resources where applicable!
• Workspace ONE Mobile Threat Defense: We are introducing console support for smart group based configuration of Workspace ONE Mobile Threat Defense. You can now deploy Workspace ONE Mobile Threat Defense to your iOS and Android devices using smart groups. This allows you to more seamlessly rollout Mobile Threat Defense in your environment and easily configure different policies for various categories of users and devices as needed. Refer to Workspace ONE Intelligent Hub release notes for Workspace ONE Intelligent Hub for Android Release Notes and Workspace ONE Intelligent Hub for iOS Release Notes for Intelligent Hub support and GA announcement.
• Freestyle for Mobile (Limited Availability): Administrators can now create powerful orchestration workflows to deploy applications and profiles to mobile devices (iOS and Android) with much greater granular control. This enables customization for all resource deployments and significantly streamlines device onboarding. Freestyle achieves this through new attribute controls such as profile or application presence, limiting by device model and OS version, and even making workflow decisions based on compromised status. Besides onboarding, Freestyle adds value to Tunnel, Launcher, certificate management, corporate Wi-Fi, and mobile SSO deployments making them more efficient.
• Apple Declarative Device Management (iOS): Workspace ONE UEM now supports creating and managing Declarations via Declarative Device Management. Creating and managing Declarations is just as easy as configuring Profiles. For a list of supported Declarative Configurations and Assets, as well as an overview of Declarative Device Management, see https://docs.omnissa.com/bundle/ios-device-mgmtVSaaS/page/DeclarativeDeviceMgmt.html.
• Android Management API support for Work Profile: Administrators can now manage Work Profiles on personally-owned devices using the Android Management API (AMAPI). For more information, see https://docs.omnissa.com/bundle/android-device-managementVSaaS/page/AWT-AFWINTRODUCTION.html.
• Linux Application Management: We are introducing the ability to manage applications on enrolled Linux endpoints. This includes installing, updating, and removing native applications by uploading .deb or .rpm files into Workspace ONE UEM.
• Android Management
  Want to control the Device Brightness on your Android devices?
  Whether for battery life improvements or security measures, you can now control the device brightness on your Android devices. The two new Launcher display settings Set Device Brightness and Select Brightness Level with an adjustment control lets you manually set a minimum and maximum brightness level. For more information, see Workspace ONE Launcher Details
  Bringing you the Better Together Android Enrollment Updates
  Google’s Better Together for Enterprise initiative rolls out soon and will change the way you enroll and register Android devices with Workspace ONE UEM. These updates from Google allows better cross-platform experiences between Android and Chrome OS, more differentiation between employee-owned and corporate owned devices, and enhanced Google Workspace Integration. We are coming up with the first step of integrating this new initiative into our systems, i.e updating The Google EMM Registration Flow. For more information, see https://docs.omnissa.com/bundle/android-device-management/page/AndroidRegistrationRegisterAndroidwithWorkspaceONE.html.
• Admin Experience
  Idle Session Timeout to include Customer and Partner OGs, with Inherit Setting
  We’ve implemented Session Timeout configuration at a non-global OG level to enable customers to customize the configuration. From Session Management page in Settings, you can now configure Idle Session Timeout to customer and partner organization groups and apply it to child OGs with a default inheritance. For more information, see https://docs.omnissa.com/bundle/SystemSettingsVSaaS/page/SessionManagementSettings.html.
  New intuitive page navigation for Workspace ONE UEM (Limited Availability)
  We are introducing a new page navigation for Workspace ONE UEM. This new design is more intuitive for administrators, categorising similar functions together in the same main menu buttons. For more information, see the https://kb.omnissa.com/s/article/97771.
• Freestyle Orchestrator
  Create new freestyle workflows only at the customer organization groups or below
  New workflows can only be created at Customer Organization Groups or below. The New and Import buttons are deactivated at the non-qualifying OGs. For additional details, see https://kb.omnissa.com/s/article/96279.
• iOS Management
  We’ve added Rapid Security Responses to Compliance Policies
  Compliance Policies now support Rapid Security Responses when configuring Compliance Rules based on the OS Version. Rapid Security Responses are treated as a distinct OS Version and obey the existing logical operators for Compliance evaluation. For example, iOS 17.0 < iOS 17.0 (a) < iOS 17.1. Refer to Compliance Policies for iOS Devices for more information on Rapid Security Responses.
  We’ve added new Restrictions Keys
  We have added new Restrictions keys that were introduced in iOS 17.2 and iOS 17.5. Such as:
• Allow live voicemail (iOS 17.2 Supervised)
• Force eSIM preservation on erase (iOS 17.2 Supervised)
• Allow app installation from websites (iOS 17.5 Supervised)
  For more information, see https://docs.omnissa.com/bundle/ios-device-mgmtVSaaS/page/iOSProfileOverview.html.
• Tunnel
  We’ve updated Tunnel administration for enterprise management and monitoring capabilities (Limited Availability)
  If you have multiple networks to manage or use cases for distinct organizations, you can now easily set up and manage multiple Tunnel environments in a single organization group. This simplifies the integration and distribution of apps and profiles and consolidates the view of their deployment. This update is part of the https://kb.omnissa.com/s/article/97771 to UEM and also includes new updates to Tunnel’s navigation and health metrics for monitoring your Tunnel deployment. For more information, refer to the https://kb.omnissa.com/s/article/6000171.
• Windows Management
  Check out new Windows Security Baseline templates
  We have added new templates for creating Microsoft and CIS Baselines for Windows 11 23H2. For more information, see https://docs.omnissa.com/bundle/Windows_Desktop_Management/page/uemWindeskUsingBaselines.html.
  Device Updates dashboard to monitor windows updates progress
  Improved reporting on windows updates enables you to filter or search windows devices with different versions within the organization group or child organization. You can easily view the Device or Update Overview to see if the latest quality updates have been delivered to each device and take further action. For more information, see Windows Desktop Device Management
  Check out our new enhacement to Scripts tab
  A new force execute button is now available within the Device details > Scripts tab to allow for re-execution of scripts, as necessary.
  We’ve improved Last-Seen Time details
  Easily identify when devices are not properly checking in with the enhanced Last-Seen time within the Device Details page, which now provides details about both the Intelligent Hub last check-in and OMA-DM client last check-in times.

 

Horizon Cloud Service - next-gen, November 07, 2024 - Service Release 2410

• New Features
  This release includes various stability and backend changes as the product development teams continue work on endpoint migration and underlying API features and enhancements for future releases.
• Universal Broker
  The user connection rate per Horizon Edge has been updated to 30 per second. This is due to improvements in our connection flows and SSO performance.
• Resolved Issues
  (AVA-24229) Previously, when a user launched their entitled VDI desktop pool VMs multiple times, App Volumes applications were not always delivered or were delivered intermittently. The issue usually occurred when the user logged out of the launched VM and retried launching their desktop immediately. This issue has been resolved.

 

Omnissa Intelligence 24.11.04

• We’ve enhanced the joining of data for the Software Asset Management (SAM) feature currently in limited availability. You can now include the Product Name along with the Product ID and the Product in your tables using Software Application Catalog data and using Workspace ONE UEM > Apps as the data source.
• We’ve added a Manage Columns button to the top of the Report Preview for better usability. Arrange report columns in the preview to fit your use case.

 

Workspace ONE Tunnel 24.11 for Android | staged

• In this release, we've made a few updates containing general quality and performance improvements.

 

Workspace ONE Content for iOS 24.10

• Obfuscate screenshots and recordings if the admin disables the screenshot feature.
• Fixed Bugs

• ISCL-184027 - User is prompted multiple times for repository authentication
• ISCL-184016 - iOS content app crash while opening .msg file

 

New Apple Builds are now available

• iOS & iPadOS 18.2, Beta 2 (22C5125e)
• macOS 15.2 Sequoia, Beta 2 (24C5073e)
• tvOS 18.2, Beta 1 (22K5132e)
• visionOS 2.2, Beta 1 (22N5778f)
• watchOS 11.2, Beta 1 (22S5077d)

 

Current Omnissa Security Advisories

>>> No new Security Advisories this week <<<

Find latest advisories in the Omnissa Security Response Center

 

Omnissa UX Research Opportunities: 

• Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
• Interested in giving your opinion and making your voice heard? Check out what’s available!

Workspace One Access - Resources > Policies (REFRESHED DESIGN)

• About: The flow for adding and removing applications from a specific policy has been updated.
• Opportunity: 8-minute survey and clickable prototype activity. This won't require talking or typing, just multiple choice, AND you can do this in your own time.
• CLICKABLE PROTOTYPE HERE

Workspace One UEM - Compliance Policy (REFRESHED DESIGN)

• About: Provide feedback on an updated UEM Compliance Policy feature, including expanded capabilities and integrations.
• Opportunity: Variety of interactive group workshops and 1x1 conversations via Zoom. You’ll receive Omnissa swag upon completing the interviews.
• SIGN UP HERE

Workspace One UEM – Windows Server Management (NEW FEATURE)

• About: WS1 UEM is expanding into Windows Server Management, and wants to better understand what features could supercharge your operations - from enhanced security measures to intuitive dashboards that provide real-time insights.
• Opportunity: 5-minute survey with drag and drop activity. This won't require talking or typing, just multiple choice, AND you can do this in your own time.
• ACTIVITY HERE

Horizon Console – Refresh + Roadmap

• About: Research, Design and Product are developing improvement plans to the Horizon console, and want Admins to be a part of the roadmap and future vision.
• Opportunity: Variety of interactive group workshops and 1x1 conversations via Zoom. You’ll receive Omnissa swag upon completing the interviews.
• SIGN UP HERE

Managed Service Provider – Enhancements + Customization

• About: Research, Design and Product want to better understand areas of improvement and needs specifically of MSPs.
• Opportunity: Variety of interactive group workshops and 1x1 conversations via Zoom. You’ll receive Omnissa swag upon completing the interviews.
• SIGN UP HERE

 

KB Highlights & Announcements Week 45-24:

Workspace ONE UEM - Google issue with iOS device registration affecting Google BeyondCorp for Context-Aware access (6000388)

• iOS devices may not receive access to their enterprise data in Google Workspace applications after they’ve completed Google BeyondCorp registration. This issue is accompanied by the following symptoms:

• User has completed Google BeyondCorp registration on the device using Intelligent Hub and the Workspace ONE UEM console shows that the device is registered as expected (under Device Details> Summary)

• Enrollment and Compliance status updates are sent by Workspace ONE UEM to Google, successfully, as observed in the Conditional Access Log (Device Details> Conditional Access Log).

 

Omnissa Horizon Admin Console inaccessible after importing CA signed certificate (6000390)

• When you install a new CA-signed certificate or replace an existing CA-signed certificate, you are confronted with either "Error 404, Page not found" or a TLS error.
• In the debug log located at c:\program data\vmware\vdm\log you may see entries similar to the below.

 

CRSVC-53629 - Workspace ONE UEM - Devices assigned to a Compliance Policy with an Enterprise Wipe action may not receive assigned resources during enrollment (6000389)

• Devices may not receive their assigned resources (such as applications and profiles) after enrolling to Workspace ONE UEM when they are assigned to an active Compliance Policy which has Enterprise Wipe as one of its Actions and no resource-based Actions such as Block/Remove Profile(s)/Managed App(s).

 

High Priority KBs: 

• Omnissa new world link directory
  For an overview about links to customer portals and relevant information follow the above link.
• Workspace ONE UEM – Modern SaaS Architecture Rollout (6000206)
  Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including the new Modern Stack, will be deployed to UEM SaaS environments over the next several months. Also review: Introducing Workspace ONE (WS1) UEM Next-Gen SaaS.
• System Migration Changes Impacting Workspace ONE and Horizon Customers (97841)
  The end-user computing (EUC) division of Broadcom will transition from VMware-hosted systems to EUC-hosted systems in April and May 2024. This transition is part of our preparation to become a standalone entity following the pending acquisition of EUC by KKR.

Recently updated or added KBs (Links) 

• Workspace ONE UEM - Google issue with iOS device registration affecting Google BeyondCorp for
• Recovering a Cloud Pod Architecture pod (2080253)
• Omnissa Horizon Admin Console inaccessible after importing CA signed certificate (6000390)
• How to upgrade and downgrade license keys in Omnissa customer connect portal. (2006974)
• CRSVC-53629 - Workspace ONE UEM - Devices assigned to a Compliance Policy with an Enterprise Wipe action may not receive assigned resources during enrollment (6000389)
• Workspace ONE UEM – Modern SaaS Architecture Rollout – November Update (6000206)
• HW-214055: Workspace ONE Access 24.07 patches to fix upgrade issues and liquidate issue on th
• [Resolved] ARES-30274: Icons are not displayed in App catalog (6000218)
• Set roles & permissions in the Customer Connect portal (6000387)
• How to file a Support Request in Customer Connect portal (2006985)
• Add exceptions for Android Internal and System Apps via WS1 (78590)
• SINST-176422 & ARES-30052: Workspace ONE UEM Pathway to Address .NET Core 6 EOL (600036

 

Digital Workspace Techzone, Blog, Community and YouTube Updates 

• New integration of App Volumes and App attach
• Omnissa named a Leader in 2024 IDC MarketScape for Virtual Client Computing
• Secure BYOD Devices with Omnissa and Chrome Enterprise Device Trust
• Omnissa Horizon and VVF for VDI combined offerings explained

 

3rd Party Blog Updates & Industry News 

• AndroidAuthority: Google confirms Android 16 is coming earlier than usual, developer preview begins soon
• Jason Bayton: Android 15: What's new for enterprise?
• xtravirt: Updates from Omnissa ONE 2024, what’s on the horizon?

 

Beta, Lab and Tech Preview Updates 

>>> No new Beta releases this week <<<

 

Sign up or LogIn [HERE] to get access to the latest Beta versions.

Patch & Seed Script Updates Week 45-24

OS Updates Seed Script

• Seed macOS 15.1 (24B2083)
• Last Update: CW44

 

Seed Script for latest Device Model Information

• Seed Script to support

• iPad mini 7th Generation and 2024 iMac, MacBook Pro and Mac mini

• Last update: CW45

 

Workspace ONE UEM 23.02

• Patch Level 23.02.0.52
• PPAT-17448 - Tunnel client not reconnecting once the device regains compliance. 
• MACOS-4942 - Smart group assignment for the macOS internal app fails to be assigned for a couple of users’ devices. 
• CRSVC-51130 - Add code block on the UEM side to block Conditional access configured at any other customer OG if it is already configured for once customer OG within same UEM environment. 
• AMST-42076 - Time zone displayed in Scripts tab is different from the Execution logs.
• Last Update: CW38

 

Workspace ONE UEM 23.06

• Patch Level 23.06.0.41
• MACOS-4815 - macOS device model seeding API implementation. 
• CMSVC-18185 - Disable smart group tenancy correction support from UEM production environments.
• ARES-30025 - DDUI - Removing new smart group assignment clears existing smart groups.
• AMST-42069 - Time zone displayed in the Scripts tab is different from the Execution logs.
• AAPP-17951 - Update the VPP notification status sync job to discard the duplicate notifications.
• Last Update: CW38

 

Workspace ONE UEM 23.10

•Patch level 23.10.0.36

• PPAT-17066 - Improvement to prevent crash of DDUI profile page if tunnel health is down.
• UM-9174 - Unable to switch basic users to AD users through the User Migration tool.
• Last Update: CW41

 

Workspace ONE UEM 24.02

• Patch Level: 24.2.0.17+18

• 24.2.0.17
• UM-9294 - Attribute sync is failing post upgrade to 2402 console version.
• UM-9173 - Page crashes when trying to load user group list view page.
• UM-9083 - Issue with Directory Admin login after making any changes to the admin role or account.
• UM-9079 - Connections to LDAP/AD needs timeout.
• PPAT-17160 - Update UEM Tunnel Service to .NET 8.
• CRSVC-52975 - Request getting rejected in Boeing with 429 error.
• CRSVC-46583 - Migrate DSM service code to .NET 8.0.
• CMSVC-18231 - Smart group rules are being removed from evaluation flow during device event race condition.
• ARES-30227 - Add logs for adding profile assignment.
• ARES-30171 - Incorrect profile DT page counts of child OGs.
• ARES-29939 - Unable to save Boxer configuration in the UEM console (multiple customers).
• ARES-29837 - Update the version of .Net Referenced by Metadata Transform Service to 8.0.
• AMST-42162 - Seed Windows Hub 24.4.11.0 x86 and ARM64 MSI to the UEM console master.
• 24.2.0.18
• UM-9168 - Scim user API throws error while patching user data if the path is not supported and value is empty or null.
• AGGL-17044 - Highly intermittent failures in Smart Group Reconciliation for Zebra Devices where Make/Model criteria is used.
• UM-9174 - Unable to switch basic users to AD users through the User Migration tool
• PPAT-17066 - Improvement to prevent crash of DDUI profile page if tunnel health is down.
• CMCM-191091 - Duplicate entries returned for new folder resources created on the NFS repositories.
• CMCM-191121 - Content locker application shows foreign folder names and intermittent issues with files missing or displaced.
• ESI-109 - Improve logging for email notification flow.
• Last Update: CW42

 

Workspace ONE UEM 2406

• Patch Level: 24.6.0.10

• ARES-30516 - Profiles not installing for newly enrolled Work Profile Android devices.
• SINST-176475 - Hardening Backup Configuration Files Connection Strings.
• CMSVC-18409 - 24.6.0.X - Installer failed to stop AirWatchSmartGroupService.

• Last Update: CW45