Omnissa Newsletter - Week 05

 

 

Upcoming Omnissa Events

Release Updates: 

Recent Apple Updates

• Apple updates iOS, iPadOS, macOS, visionOS, watchOS, tvOS and Safari
  iOS 18.3, iPadOS 18.3, iPadOS 17.7.4, macOS 15.3, macOS 14.7.3, macOS 13.7.3, watchOS 11.3, tvOS 18.3, visionOS 2.3 and Safari 18.3
• What's new for enterprise in iOS 18
• What's new for enterprise in iPadOS 18
• What's new for enterprise in macOS Sequoia
• What’s new for enterprise in visionOS 2
• About watchOS 11 Updates
• About Apple TV 4K and Apple TV HD software updates
• Apple security releases

macOS Sequoia 15.3

• Apple Intelligence is turned on automatically after updating to macOS 15.3 or during device setup unless MDM skips the Apple Intelligence setup pane.
• MDM can require sign-in from a specified Workspace ID for requests to external intelligence integrations such as ChatGPT.
• MDM can disable transcription summarization in Notes.
• AirPlay connects successfully when using the built-in firewall and a content filter extension.
• Improves stability for apps over VPN connections when using the built-in firewall and a content filter extension.

 

iOS 18.3

• Apple Intelligence is turned on automatically after updating to iOS 18.3 or during device setup unless MDM skips the Apple Intelligence setup pane.
• MDM can require sign-in from a specified Workspace ID for requests to external intelligence integrations such as ChatGPT.
• MDM can disable transcription summarization in Notes.
• Improves reliability of SSO to prevent logins from timing out and falling back to username and password prompts.

 

Omnissa Unified Access Gateway 2412 

• Transition Update
• The transition from Broadcom to Omnissa is now complete. The Unified Access Gateway Admin user interface, configuration strings, and file paths have been updated to reflect the new Omnissa brand.
• As HTML Access is renamed to Web Client, the related keys and Admin UI settings on Unified Access Gateway are also renamed.
• Caution: Owing to the OS update, NIAP compliance is not certified and Automatic Patch Updates feature is not available on Unified Access Gateway 2412.
• Operating System Update
• Following the transition from Broadcom to Omnissa, the Unified Access Gateway now uses the AlmaLinux operating system. AlmaLinux is an open-source, community-driven Linux operating system. Unified Access Gateway 2412 uses AlmaLinux 9.2.
• Compatibility between ALMA 9.2 and ESXi (vSphere/vCenter)
• Unified Access Gateway 2412 supports vSphere 7.x and later only. See Omnissa Interoperability Matrix.
• Users can now configure Unified Access Gateway to perform OpenID Connect (OIDC) authentication. See OpenID Connect (OIDC).
• Administrators can now configure Gateway Specification that will allow only the required services for that specification type to run on the appliance. See Gateway Specification in Deploying to vSphere using the OVF Template Wizard.
• Security Improvements
• Added protection against user impersonation attack to ensure a desktop launch session is sent from the same client endpoint where it was generated when Unified Access Gateway is used with SAML authentication in Service Provider initiated mode.
• Added protection against SAML assertion replay attack to ensure that the SAML assertion issued by an Identity Provider can be used only once in its lifetime.
• In case of Smart card, RADIUS and RSA SecurID authentication, Unified Access Gateway issues a SAML assertion (containing the end user attributes) to Horizon Connection Server. Added support for encrypting this assertion.
• Change in the default value of SAML Authentication request signature algorithm from SHA-1 to SHA-256.
• On FIPS version of Unified Access Gateway, Extended Master Secret extension is mandatory for TLS 1.2 connections.
• Updates to TLS Ciphers. See System configuration.
• Added compatibility with Horizon Connection Server's support for handling encrypted SAML assertion, issued by Identity Providers. See Encrypted assertion between Unified Access Gateway and auth methods.
• On the Upload Identity Provider Metadata section of the Admin UI, you can now view all the uploaded certificates present in the Identity Provider metadata.
• Logging improvements.
• Updates to OS package versions and Java component versions.
• Resolved Issues

Horizon 2412 

• Note: The Horizon 2412 release is NOT an ESB release
• Rebranding Changes
  As part of Omnissa’s divestiture from Broadcom, the Horizon 8 2412 release includes significant updates to reflect the new Omnissa brand. These changes impact various components such as UI elements, folder structures, registries, APIs, ADAM database, SDKs, and more.
  For detailed information about rebranding changes and areas of impact, see Omnissa Knowledge Base (KB) article 6000681.
• Upgrading Changes
  For upgrades to Horizon 8 2412, review these important considerations:
  Beginning with the Horizon 8 2412 release, there is a new licensing module for term and perpetual licenses. Review the License Activation section in these release notes for details.
  It is very important for you to thoroughly review KB 6000681 before starting your Connection Server upgrade. To ensure compatibility with existing system components, third-party integrations, and automated workflows, follow the recommendations outlined in that KB 6000681, and in Upgrading to Omnissa Horizon 8 2412 and Later
  Omnissa recommends that you validate the upgrade in a UAT environment before deploying it to your production environment.
• Horizon 8 version 2412 includes the following new features/enhancements.
• License Activation
  Following Omnissa’s divestiture from Broadcom, this release introduces a new licensing module for term and perpetual licenses. While existing license keys remain supported, we strongly recommend activating Horizon 8 2412 with a new Omnissa license if you are using a term or perpetual license.
• The new Omnissa Horizon license key is available through the Customer Connect portal. A banner notification will prompt you to upgrade to the new Omnissa license, and you will have 60 days to complete this transition. Failure to update the license keys within this period will result in Horizon Console entering degraded mode.
• Additionally, starting with this release, the 15-day grace period for subscription licenses has been removed. If you activate a subscription license in Horizon 8 without Horizon Edge, you must reactivate it every 90 days to maintain full functionality. However, licenses will be automatically activated if you are using Horizon Edge.
• The Licensing and Usage screen in Horizon Console includes a field for the Subscription End Date. When data becomes available from the Horizon Control Plane, this field will display the end date of the subscription license. Otherwise, this field will display “N/A”.
• Horizon Connection Server
• With Horizon 8 2412, administrators can now monitor the local and global schema master (FSMO) availability for Connection Servers before attempting upgrades, and ensure that upgrade tasks no longer get stuck or failed due to schema master unavailability.
• Administrators can now increase the NVIDIA Frame Rate Limiter parameter (pciPassthru0.cfg.frl_config) value and persist it across Instant Clone VMs. This is useful when working with graphics-intensive applications.
• This release enhances the Horizon Lifecycle Management APIs by implementing additional pre-checks for Horizon Connection Server installations and upgrades, ensuring your Horizon environment is ready for upgrades and new features. The Horizon Terraform providerincludes these same pre-check enhancements.
• Horizon Connection Server now supports dual IDP metadata files, enabling seamless updates and uninterrupted authentication. If one file expires or becomes invalid, the system switches to the second without disruption. This enhancement ensures reliability, simplifies metadata management, and reduces downtime for continuous, secure user authentication.
• Horizon Connection Server enhances pool management performance by ensuring tasks no longer get stuck and allowing VDIs in maintenance status to resync properly. A common JMS topic is now used for agent notifications and HAControl. Frequent notifications from the agent caused misrouting, leading to missing HA messages and retry issues. This issue is now resolved, and the high transaction volume in the same topic will no longer result in POD outages due to JMS flow-control delays.
• Horizon Console
• Administrators can now configure a custom port for the Admin console, moving away from the default port 443. This update enables smart card authentication for administrators, enhancing security while preserving seamless user access. Organizations gain added flexibility to align the Admin portal with their specific security requirements.
• Horizon 2412 now includes the “Required Encryption Assertion” option for SAML Authenticators. The UI has been updated to feature a checkbox in the Add/Edit SAML Authenticator flows.
• Administrators can now see the number of monitors and DPI scaling factor of each monitor in a Blast session from the Horizon Help Desk Tool instead of logging in to a user session or checking the logs.
• There is a new LDAP setting (pae-ic-SysprepDomainJoinEnabled) for customers having multi-site and multi-domain environments in past releases (see this blog). This enabled administrators to leverage Microsoft Sysprep guest customization to perform domain join to avoid instant clone customization errors. With this feature, administrators can turn on this setting from the Horizon console without the need to tweak the LDAP settings.
• Virtual Desktops and Applications
• You can configure the reconnection behavior for published applications launched in nested mode. A global setting prevents Horizon Clients connected to the “first hop” VDI session from reconnecting to any published applications directly. As a result, you can lock published applications launched in nested mode from direct reconnection and only allow them to be reconnected as part of the “second hop” session. For more information, see Omnissa Knowledge Base (KB) article 80509.
• Administrators can use Horizon Console or Horizon REST API to move published applications between farms. This removes the need to recreate published applications when, for example, moving to a newer farm to leverage a new Windows Server version. Additionally, since the published applications remain unchanged, end-user shortcuts and favorites are preserved.
• Administrators now have an option to terminate active sessions while performing restart and shutdown operations on virtual machines.
• Horizon Agent for Windows
• Horizon Agent is supported on Windows 11 2024 Update (also known as Windows 11, version 24H2).
• Starting with this release, user domain information is now collected and sent to Omnissa Intelligence when you have enabled the Horizon Agent Monitoring Service (hzMonService) to monitor Horizon Agent on Windows desktops and your deployment is integrated with Horizon Cloud Service - next-gen.
• Starting with this release, additional metrics for Horizon Blast protocol are sent to Omnissa Intelligence when you have enabled the Horizon Agent Monitoring Service (hzMonService) to monitor Horizon Agent on Windows desktops and your deployment is integrated with Horizon Cloud Service - next-gen. The additional metrics sent to Omnissa Intelligence as Horizon Session metrics are:
• Max Session Bandwidth: The maximum bandwidth for a Horizon Blast session. The default is 1 Gbps.
• Min Session Bandwidth: The minimum bandwidth reserved for a Horizon Blast session. The default is 256 kbps.
• Estimated Bandwidth (kbps): The maximum bandwidth used by all Horizon Blast session services, such as display, keyboard-and-mouse, file transfer, clipboard, etc.
• Bandwidth Usagen (kbps): Realtime bandwidth usage in a Horizon Blast session.
• RTT (kbps): Round trip time for network packets between the client and the agent.
• Horizon Agent for Linux
• This release adds support for SUSE 15 SP6. Debian 11.x support is updated to 11.11, and Debian 12.x support is updated to 12.7.
• This release drops support for SUSE 15 SP4 and Debian 10.13.
• With improved startup performance, Linux desktops take less time to start up and become available.
• Remote Desktop Features
• Screen Sharing Support for Chrome and Edge C in Browser Content Redirection: Starting with Horizon 2412, Browser Content Redirection (BCR) now supports screen-sharing capabilities on Windows clients using Chrome and Edge C. This enhancement allows you to share your screen during web conferencing sessions on UC applications like Microsoft Teams, Zoom, and Cisco Webex, providing a smoother experience for media-intensive applications.
• Browser Content Redirection From Linux Desktops: Users can now perform browser content redirection from Linux desktops with a Chrome browser.
• Hide the Horizon Chrome Client After Launch: Administrators can now configure the Horizon Chrome Client to automatically hide after launching a remote desktop or published application.
• Individual Application Sharing on Linux Endpoints: End users on Linux endpoints in Horizon VDI/Session mode can now share individual applications or windows during Microsoft Teams screen-sharing sessions.
• Horizon 8 and Amazon WorkSpaces Core
• Horizon 8 on Amazon WorkSpaces Core now supports FIPS (Federal Information Processing Standard) 140-2 compliant algorithms. To set up Horizon 8 in FIPS mode, you must first enable FIPS mode in the Windows environment. Then you install all the Horizon 8 components in FIPS mode. Refer to the installation documentation for more information about installing Horizon 8 components in FIPS mode: Overview of Setting Up Horizon 8 in FIPS Mode.
• Beginning with Horizon 8 2406, customers can use the Amazon WorkSpaces Windows Server 2019 or 2022 Public BYOP Bundle with Horizon 8. This can be used to create a custom Server OS image for Single Session desktops or be used for Manual Farms. Using the Public BYOP bundle can save time if a Windows 10 or 11 operating system is not required to be imported.
• Beginning with Horizon 8 2412, Horizon 8 on WorkSpaces Core now supports Manual Farms, Multi-session Hosts, and Published Desktops and Applications with Windows Server 2019 and 2022. The Microsoft Server Operating System can be customer provided, or an AWSPublic Bring your own Protocol (BYOP) Server bundle.
• Administrators can now specify the idle timeout to automatically suspend a machine when configuring a dedicated Power Optimized pool. Pools of dedicated Power Optimized workspaces that are suspended with the idle timeout feature will be resumed (unsuspended) when the entitled user reconnects. This helps to reduce overall costs of Power Optimized workspaces when not required.
• A Horizon 8 pod residing outside of Amazon can now be configured to use Amazon WorkSpaces Core for desktop compute. Connection Servers installed outside of EC2 must use an IAM User to provide long-term credentials with Access Keys.
• Administrators are now able to update the bundle in use by a Power Optimized pool through the Horizon console. New workpaces in the pool will be provisioned using the updated bundle.
• Administrators can see the image being used by the current pool bundle when reviewing the Pool summary page. This helps with tracking of image versions in bundle updates for both Always on and Power Optimized pools.
• Omnissa Workspace ONE Experience Management
• When the Horizon Monitoring feature is installed, Horizon Agent for Windows now collects and sends client-side data from disconnected sessions to Experience Management for Horizon (also known as DEEM).

 

Workspace ONE Boxer 25.01 for Android | staged

• Quality improvements and crash fixes
• BINXA-20575 - [Visual scheduler] Availability of all invitees is not visible when specific contact is invited
• BINXA-20736 - [Email Attachments] Encrypted attachment can't be decrypted in external app after download it in Boxer
• BINXA-20788 - [Calendar] Unable to edit meeting invite after creating a new calendar invite on a Boxer application

 

Workspace ONE Boxer 25.01 for iOS

• Quality improvements and crash fixes
• BINXI-24121 [Email View] - Email does not render correctly in specific cases
• BINXI-24180 [Calendar Search] - Incorrect screen displayed for Calendar Search in the Workspace ONE Boxer application when Stage Manager is enabled in the iPad device
• BINXI-24273 [Zoom] - Workspace ONE Boxer and Zoom integration fails

 

Horizon Cloud Service - next-gen, January 30, 2025 - Service Release 2501

• Horizon Universal Console
• The Horizon Universal Console has been updated to reflect the Omnissa brand.
• Desktops and Applications
• Pools
• Columns in the VMs tab on the Pool and Pool Group detail pages are now filterable and sortable, making it easier to manage pools with a large number of VMs. Please note that the Assigned Users column is not yet filterable and sortable and will be addressed in a future update.
• (Limited Availability) The pool-based application scan feature released in Service Release 2409 is being enabled for all customers over the coming months. Once enabled, for multi-session pool groups, the list of installed applications available when creating and editing a pool group is now based on scans of deployed VMs from the underlying pools. This allows you to publish installed applications that have been deployed to VMs after their creation. You can continue to install applications on images and they will also be available when creating and editing a pool group.
• Identity and Access Management
• Horizon Cloud can now leverage Omnissa Identity Service to integrate with Microsoft Entra ID to sync users and groups and configure federation for end users. In the Omnissa Connect console, select End User Management, configure integration with Entra ID, select Horizon, and add necessary information to your Horizon Cloud Control Plane next-gen to complete the integration.
• The service is available for tenants with no previous configuration of Identity Management in the Horizon Cloud Control Plane next-gen.
• Image Management
• The image version details page now shows a list of all Horizon 8 pools that use that image.
• Policy Management
• Workspace ONE Access Conditional Access policies are now supported on individual apps and desktops. Administrators can configure policies in Access and assign them to apps and desktops for granular access control. Optionally, Horizon Clients can be forced to redirect to Workspace ONE Access to launch applications.
• Horizon Clients on mobile devices (iOS and Android) will not be able to connect to an environment where redirection is enforced to Workspace ONE Access.
• Support for mobile clients will be added in the future.

Universal Broker

• Repeated launch failures will now cause affected VMs in floating pools to be deprioritized for session allocation during brokering to maximize availability of resources and minimize connection errors for end users.
• Released Versions
• The following binaries were delivered with this release:
• Horizon Agents Installer (HAI) 24.4.0.12996446484 | 30 JAN 2025

 

Current Omnissa Security Advisories 

<<<No New OMSAs this week>>>

Find all latest advisories in the Omnissa Security Response Center

 

Omnissa UX Research Opportunities: 

• Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
• Interested in giving your opinion and making your voice heard? Check out what’s available!

 

KB Highlights & Announcements: 

Update Apple Push Notification service server certificate before February 24, 2025 (on-prem only) (6000733)

• February 24, 2025. To maintain MDM connectivity, this new root certificate must be added to the trust store on Workspace ONE UEM Console and Device Services servers for on-premises deployments.
• For more information on Apple’s announcement, please see Apple’s Push Notification service server certificate update.
• Note: For SaaS-hosted environments, this change will be handled by Omnissa internally, and no further action is required.

 

Rebranding Changes in Omnissa Horizon Products (6000681)

• As part of Omnissa’s launch as an independent company, we are undergoing a necessary rebranding process across our product lines. This includes significant updates to the Horizon 8 product family starting with the Horizon 8 2412 (8.14) Release. These changes impact various components.  In addition, a new licensing module is being previewed.  This would impact any customer who uses a license key for their Omnissa products.   
• Given the scope of these updates, we want to ensure that all our customers and partners are aware of the potential impacts. We recommend you review the details outlined in this document and create appropriate upgrade plans. If you have automations leveraging the Horizon APIs, please be sure to test your integrations for compatibility with the upcoming changes. 
• It is important to note that these changes will impact Horizon 8 2412 (8.14) as well as all future releases.   
• The upgrade to Horizon 8 2412 or later from a previous version is likely to require more oversight and review than the typical upgrade.  Please plan accordingly.  
• Further Horizon related Rebranding Change KBs
• Rebranding Changes in Omnissa - Virtual Channel SDK, Horizon Client, UAG and App Volumes (60007
• Rebranding Changes in Omnissa Horizon Products - Horizon Agent (6000745)
• Rebranding Changes in Omnissa Horizon Products- Dynamic Environment Manager (6000742)
• Rebranding Changes in Omnissa Horizon Products - ThinApp (6000744)

 

Security scan for Horizon Edge Gateway version 2412 and later (6000739)

• Many Omnissa customers conduct vulnerability scans on the Horizon Edge Gateway appliance and subsequently contact support with questions about the issues detected. To ensure you obtain the most precise scan results, please review the following details.
• Starting with Horizon Edge Gateway version 2412, the appliance operates on the AlmaLinux platform. Since Omnissa utilizes a long-term support edition rather than the standard community AlmaLinux, specific procedures must be followed to achieve reliable scan results.
• Currently, only the OpenSCAP tool or TuxCare’s scanner can generate accurate assessments. This document provides a step-by-step guide for performing a scan using OpenSCAP, a free security auditing tool, specifically designed for Horizon Edge Gateway.

 

• Security scanning of Linux on Unified Access Gateway (UAG) version 2412 and beyond (6000738)
• Many Omnissa customers scan the UAG appliance and contact support with inquiries about the vulnerabilities they find from these scans. To help ensure that you are getting the best results from these scans, see the information below. 
• For UAG version 2412 and higher, the UAG appliance is built on the Alma Linux operating system. Because Omnissa uses a long-term support version, and not the standard community Alma, special instructions are required to get accurate scans of the operating system.  
• At this time, only OpenSCAP or Tuxcare’s scanner product will produce accurate results. This document outlines the steps required to produce a scan using the free tool OpenSCAP. For easier consumption, a customized solution is developed that downloads the required input OVAL file, executes the OpenSCAP scan, processes the result and generates a consumer friendly CSV report. The instructions below are tailored for UAG. 

 

• Horizon Agent 2412 and App Volumes 2410 or Earlier: Published Apps on Demand Issues (6000741)
• When Horizon Agent version 2412 or later is installed alongside App Volumes Agent version 2410 or earlier, functionalities such as Published Apps on Demand, which require an interaction between Horizon Agent and App Volumes, stop working.
• After launching the application, the following error message is displayed in the Omnissa Horizon Client console:

“The application could not be launched, possibly because it is missing or misconfigured. Contact your administrator for more information.”

 

• Best Practices for Upgrading Workspace ONE Access (6000734)
• This document provides best practices and critical information for upgrading the Workspace ONE Access from version 23.09 to 24.07, as well as considerations for future upgrades (e.g., 24.07 to 24.12).

 

• [Modern Architecture] Devices Removed from Assignment Groups with "Enterprise Version" Filter (6000730)
• The Enterprise Version filter, an Android-only filter in Assignment Groups, reached End of Availability in March of 2022. Since then, Workspace ONE UEM administrators have been advised to update any Assignment Groups (AKA Smart Groups) that use the Enterprise Version filter to instead use the OEM & Model filter introduced in Workspace ONE UEM 2105. As of March 2022, no new versions have been added to the Enterprise Version filter.  
• When the Workspace ONE UEM modern architecture is enabled in an environment on Workspace ONE UEM 2406 or higher, devices may lose applications and profiles that are assigned to them using Assignment Groups with the Enterprise Version filter. Specifically, if a device upgraded to an Enterprise Version that has not been added to this filter, the device will be removed from any Assignment Groups that use this filter. As such, resources assigned to the device using this Assignment Group will be removed.
• This issue mainly affects Zebra devices. 

 

Preparing for Workspace ONE Modern SaaS Rollout (Managed Hosting / Dedicated Cloud Customers)

• For Shared SaaS, environments have already been enabled or will be enabled automatically in the near future
• Familiarize yourselves with upcoming changes with Modern SaaS, including changes in workflows, terminology, and known issues. (See – TechZone article here.)​
• Request environment migration with the Omnissa account team (CSM, TAM, AE, SE) once ready. The team will work internally to request an enablement week on your behalf.​
• Environment clean-up* (resources outside of tenant boundary e.g., global resources).​
• Remove/migrate invalid resources (apps, profiles, policies) from the console.​
• Remove/migrate invalid SGs.​
• Ensure all users/devices are at or under Customer/Partner OGs. If users exist above Customer/Partner OGs with devices enrolled, device enrollment may be required.​
• Validate Smart Group & app exclusion. See KB here.​
• Update Workspace ONE UEM to the latest version prior to Mod Stack enablement, minimum UEM 24.06.​
• Review the list of known issues and changes aggregated in the weekly newsletter below. Ensure resolutions/workaround are implemented as applicable.​
• Develop a testing plan post migration and communicate with internal stakeholders.​
• KB Article Overview
• Announcement & Updates​
• Administration changes for Workspace ONE UEM Modern SaaS Architecture | Omnissa​
• Workspace ONE UEM – Modern SaaS Architecture Rollout – December Update (6000206)​
• Tagging Operations Behavior Change in Mod Stack Enabled Environments​
• Smart Group exclusions now managed at version level in modern SaaS architecture enabled Workspace ONE UEM Environments (6000662)​
• Application and Profile management restricted to Customer Organization Group (and Partner Organization Group) or below in Modern SaaS architecture enabled UEM environments (6000196)​
• Introducing WS1 UEM Next-Gen SaaS: Device List View, Resource Delivery and Deployment Tracking Modernization Improvements in Tech Preview Environment CN135 (94042)​
• Modernization Update: Consolidated Modernized Services for Hosted SaaS (91520)​
• Known Issues – Resolved​
• Intelligent Hub for macOS must be upgraded to version 24.07.1 to prevent macOS Profile removal from being blocked with Mod Stack (Resolved in macOS Hub 24.07.1+)​
• Profiles Assigned Through Freestyle Workflows Installed on Unintended Devices (6000667)(Resolved in UEM 24.06.0.13+)​
• macOS Profiles shows “Installed but not assigned” and contains profile duplicates (6000682)(Resolved in macOS Hub 24.07.2+)​
• [Modern Architecture] ChromeOS Device Sync fails (6000731)
• ARES-28824 – Known Issue with Sorting Applications on Device Details Page with Modern SaaS Archi
• Known Issues - Ongoing​
• ARES-28824 – Known Issue with Sorting Applications on Device Details Page with Modern SaaS Architecture Enabled UEM Environments (6000670)​
• Evaluated device count higher than Assigned count in Deployment Tracking for Modern SaaS architecture enabled UEM Environments (6000191)​
• Known issues of Product Provisioning in the UEM modernized stack (6000686)​
• Workspace ONE UEM – Modern Stack Device-Based Events are not exported via Syslog Integration (6000677)​
• ARES-30657 – For some internal apps, devices receive lower app version instead of the highest assigned version in modern-architecture enabled UEM environments (6000718)
• FileVault Recovery Keys are missing for macOS devices after Modern Stack Migration (6000719)
• FileVault Disk Encryption Pop Up for macOS Devices after Modern Stack Update (6000722)
• [Modern Architecture] Devices Removed from Assignment Groups with "Enterprise Version" Filter (6000730)

 

 

High Priority KBs: 

• Omnissa new world link directory
  For an overview about links to customer portals and relevant information follow the above link.
• System Migration Changes Impacting Workspace ONE and Horizon Customers (97841)
  The end-user computing (EUC) division of Broadcom will transition from VMware-hosted systems to EUC-hosted systems in April and May 2024. This transition is part of our preparation to become a standalone entity following the acquisition of EUC by KKR.

Recently updated or added KBs (Links) 

• Update Apple Push Notification service server certificate before February 24, 2025 (on-prem only) (6000733)
• Rebranding Changes in Omnissa Horizon Products (6000681)
• Rebranding Changes in Omnissa - Virtual Channel SDK, Horizon Client, UAG and App Volumes (60007
• Rebranding Changes in Omnissa Horizon Products - Horizon Agent (6000745)
• Security scan for Horizon Edge Gateway version 2412 and later (6000739)
• Rebranding Changes in Omnissa Horizon Products- Dynamic Environment Manager (6000742)
• Rebranding Changes in Omnissa Horizon Products - ThinApp (6000744)
• Security scanning of Linux on Unified Access Gateway (UAG) version 2412 and beyond (6000738)
• Horizon Agent 2412 and App Volumes 2410 or Earlier: Published Apps on Demand Issues (6000741)
• [Modern Architecture] Devices Removed from Assignment Groups with "Enterprise Version" Filter (6000730)
• Best Practices for Upgrading Workspace ONE Access (6000734)
• Workspace ONE UEM – Modern SaaS Architecture Rollout – January Update (6000206)
• Upcoming Workspace ONE UEM AWS(Amazon Web Services) Datacenter migrations (6000144)

 

Digital Workspace Techzone, Blog, Community and YouTube Updates 

• The AI world shaken by DeepSeek: protecting managed mobile devices with Workspace ONE UEM
• Windows OS Optimization Tool for Horizon Guide
• Using Horizon to Access Physical Windows Machines
• Windows Security Baseline for feature release 24H2

 

3rd Party Blog Updates & Industry News 

• Jeroen J.V Lebon: Driving Innovation in Modern Workspace Management: Omnissa Workspace ONE Now Supports Windows Server
• World of EUC: A chat with Omnissa (Podcast)

 

Beta, Lab and Tech Preview Updates 

WS1 Intelligent Hub 25.01 for Android 

• Improvements to Intelligent Hub notifications in Android notification drawer. All unread notifications posted by Intelligent Hub are now shown in the Android notification drawer in a group. Previously, only the latest notification was shown.  
• Default Samsung KNOX License Key now supports premium features. During enrollment of Samsung devices, Intelligent Hub activates a KNOX License Key to enable Samsung-specific enterprise features. The default key that Hub activates now supports premium features. Organizations can now leverage features in the KNOX Service Plugin application that previously required a custom KNOX Platform for Enterprise key. If organizations push their custom KNOX License Key through Workspace ONE UEM (whether through Intelligent Hub Settings or through KNOX Service Plugin), Intelligent Hub will continue to activate this custom key. 
• Improvements to the Enrollment Terms of use allowing users to see their previously accepted Terms of Use as well as see the title defined from UEM for the Terms of Use instead of a generic title 
• Bug Fixes 
• AAGNT-200603: When a product is re-pushed, Intelligent Hub re-downloads apps that are already installed

 

Sign up or LogIn [HERE] to get access to the latest Beta versions.

 

January Software Releases 

 

System	Component	Release	Announcement	Release Date
Backend	Assist	24.08.02	Release Notes	02.01.25
Backend	SEG	2.31	Release Notes	07.01.25
Backend	Intelligence	25.01.13	Release Notes	13.01.25
Android	Zebra MX Service	6.2	Release Notes	14.01.25
Horizon	Horizon Cloud Service Next Gen	January 16	Release Notes	16.01.25
iOS	Content	24.11.2	Release Notes	20.01.25
iOS	Web SDK	24.11.1		22.01.25
Windows	Hub	24.04.14	Release Notes	23.01.25
Backend	Omnissa Intelligence	25.01.21	Release Notes	21.01.25
Backend	ITSM Connector for ServiceNow	7.0	Release Notes	20.01.25
Backend	Omnissa Identity Services	January 2025	Release Notes	21.01.25
Backend	Hub Services Cloud	February 2025	Release Notes	23.01.25
Backend	WS1 Access Cloud	February 2025	Release Notes	23.01.25
Backend	UAG	2412	Release Notes	28.01.25
Horizon	Server Components and Clients	2412	Horizon Connection Server and Agent	28.01.25
Android	Boxer	25.01	Release Notes	staged
iOS	Boxer	25.01	Release Notes	29.01.25
Windows	Assist	24.11.1	Release Notes	28.01.25
Horizon	Horizon Cloud Service Next Gen	January 30	Release Notes	31.01.25

 

Latest Patch & Seed Script Updates: 

OS Updates Seed Script

• Seed iOS 18.3 GA (22D63)
• Last Update: CW05

 

Seed Script for latest Device Model Information

• Seed Script to support 
• iPad mini 7th Generation and 2024 iMac, MacBook Pro and Mac mini
• Last update: CW45

 

Workspace ONE UEM 23.02

• Patch Level 23.02.0.52
• PPAT-17448 - Tunnel client not reconnecting once the device regains compliance. 
• MACOS-4942 - Smart group assignment for the macOS internal app fails to be assigned for a couple of users’ devices. 
• CRSVC-51130 - Add code block on the UEM side to block Conditional access configured at any other customer OG if it is already configured for once customer OG within same UEM environment. 
• AMST-42076 - Time zone displayed in Scripts tab is different from the Execution logs.
• Last Update: CW38

 

Workspace ONE UEM 23.06

• Patch Level 23.06.0.45
• PPAT-17066 - Tunnel Standalone Profile page fails to load if Tunnel Health is down.
• AAPP-18090 - VPP apps install delay fixed.
• AAPP-17804 - Admin account was stuck in “Delete In Progress” state and must be deleted from the console.
• Last Update: CW05

 

Workspace ONE UEM 23.10

• Patch level 23.10.0.43
• RUGG-13303 - Organization Group change for Zebra Printers does not automatically update the SmartGroup subscriptions.
• MACOS-5322 - MacOS devices not completing enrollment as expected and Getting stuck on “waiting for management” server while DEP enrollment.
• ARES-30902 - Devices failing to install Internal App within 24 hours of receiving install instructions may install latest version afterwards.
• Last Update: CW03

 

Workspace ONE UEM 24.02

• Patch Level: 24.2.0.23
• UM-8892 - Admin group creation UI fails to save when locale is non-English.
• RUGG-13304 - Relay servers were unable to connect to the Console when the default Mac address was used in the discovery text.
• RUGG-13280 - Manual Sort is not working for the manifests in Files or Actions component.
• RUGG-13278 - Export functionality for the assigned device list in a Product is not working.
• RUGG-13256 - Page crashing while re-processing the product on devices.
• RUGG-13040 - Products being pushed to unintended devices when assignment rules have integer-based custom attributes.
• FCA-208683 - Intelligence opt-in flow showing error screen after the first step
• FCA-208159 - Remove setting for enabling in-product support from the console.
• ESI-399 - Console enrolls device with token registered to another user.
• CRSVC-56124 - Make previous supported versions compatible to auto-update ACC.
• CRSVC-55376 - ITrafficThrottling does not appear to be registered correctly for Device Management - Mutual TLS CFG.
• CRSVC-52195 - Fix Windows certificate sample sorting to avoid duplicate key error.
• ARES-28716 - iOS Public App Search shows Page Not Found error when switching country.
• AMST-42501 - Firewall Profile failing to install on Windows 11 systems.
• AMST-42060 - Queue is backing up frequently.
• AAPP-18323 - Cannot install user-based VPP app on Device that are user enrolled.
• AAPP-18090 - VPP apps install delay.
• Last Update: CW51

 

Workspace ONE UEM 2406

• Patch level 24.6.0.19
• AAPP-17804 - Admin account stuck in “Delete in Progress” state, needs to be deleted from the console.
• AGGL-17006 - Inconsistent device check-in or Consuming-commands by Android devices.
• MACOS-5409 - Network profile on macOS has incorrect XML when using data-driven UI.
• MACOS-5427 - Device details or profiles tab was not listing the profiles unless the end user performs device synchronization.
• MACOS-5408 - Disk encryption profile is incorrectly delivered to excluded devices.
• ARES-31412 - Previously managed profiles that were deleted through script before uninstallation from all the devices were reported as managed profiles on the device that still have the profile installed.
• MACOS-5443 - Handle timeout issues when using macOS Hub versions less than 24.07.3 with Modern Architecture.
• MACOS-5344 - Payload UUIDs were not created for macOS disk encryption profiles when using data-driven UI.
• ARES-30610 - Purchased app license summary UI is overlapping with ‘Redeemed’ column.
• AMST-42780 - Seed SFD 23.10.6 to UEM 23.10.
• AAPP-18455 - Unable to save mail configuration on iOS (Declarative Device Management).
• Last Update: CW05

 

Disclaimer

Please note: All information in this Newsletter is statically copied from various sources. Once published, these sources won’t be checked and the Newsletter won’t be updated retrospectively. In case of doubts, always check and refer to the linked source in Omnissa Docs, Techzone or Knowledgebase.