Omnissa Newsletter

Release Updates:

As part of our transition to Omnissa, App Volumes has been refreshed. This update introduces new visual elements and icons, along with significant improvements designed to enhance data visibility and streamline workflows. Additionally, the App Volumes installer has transitioned from 32-bit to 64-bit, aligning with modern system requirements.
MSI for Windows Endpoints
App Volumes now supports MSI-wrapped VHD packages, alongside traditional VHD and VMDK formats. This allows the App Volumes agent to operate independently within existing delivery infrastructures such as Workspace ONE UEM, Microsoft Intune, and Microsoft Configuration Manager. These MSIs streamline both the capture and uninstallation processes, reducing complexity and administrative effort. Additionally, leveraging Apps on Demand with MSIs enhances security by activating applications only upon launch, significantly reducing the attack surface.
App GUID Parameter for Application Capture and Application Import
Automated workflows can now specify an application unique identifier to associate packages by application. Administrators can import these packages into App Volumes Manager, where they will be automatically grouped by application, facilitating more organized and efficient application management.
Tagging for Azure Virtual Desktop Integration
Enhancements have been made to the Azure Virtual Desktop integration, allowing administrators to specify key-value pair tags that are utilized when creating or modifying app attach package resources.

Workspace ONE Secure Email Gateway 2.31

We are always working to improve Workspace ONE Secure Email Gateway with every release. There are no new features to introduce for this release.

Current Omnissa Security Advisories

OMSA-2024-0002 - Horizon Client for macOS addresses local privilege escalation vulnerabilities (CVE-2024-11467, CVE-2024-11468)

Impacted Products:
Omnissa Horizon Client for macOS
Please see the advisory here: https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf

Find all latest advisories in the Omnissa Security Response Center

Omnissa UX Research Opportunities:

Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
Interested in giving your opinion and making your voice heard? Check out what’s available!

No Research is running - see you in 2025!

KB Highlights & Announcements:

Preparing for Workspace ONE Modern SaaS Rollout (Managed Hosting / Dedicated Cloud Customers)

For Shared SaaS, environments have already been enabled or will be enabled automatically in the near future
Familiarize yourselves with upcoming changes with Modern SaaS, including changes in workflows, terminology, and known issues. (See – TechZone article here.)
Request environment migration with the Omnissa account team (CSM, TAM, AE, SE) once ready. The team will work internally to request an enablement week on your behalf.
Environment clean-up* (resources outside of tenant boundary e.g., global resources).

Remove/migrate invalid resources (apps, profiles, policies) from the console.
Remove/migrate invalid SGs.
Ensure all users/devices are at or under Customer/Partner OGs. If users exist above Customer/Partner OGs with devices enrolled, device enrollment may be required.
Validate Smart Group & app exclusion. See KB here.

Update Workspace ONE UEM to the latest version prior to Mod Stack enablement, minimum UEM 24.06.
Review the list of known issues and changes aggregated in the weekly newsletter below. Ensure resolutions/workaround are implemented as applicable.
Develop a testing plan post migration and communicate with internal stakeholders.
KB Article Overview

Announcement & Updates

Known Issues – Resolved

Intelligent Hub for macOS must be upgraded to version 24.07.1 to prevent macOS Profile removal from being blocked with Mod Stack (Resolved in macOS Hub 24.07.1+)
Profiles Assigned Through Freestyle Workflows Installed on Unintended Devices (6000667) (Resolved in UEM 24.06.0.13+)
macOS Profiles shows “Installed but not assigned” and contains profile duplicates (6000682) (Resolved in macOS Hub 24.07.2+)

Known Issues - Ongoing

Action Required during UEM upgrade for Tunnel deployments (6000694)

We introduced updates to Tunnel certificate management which necessitated new upgrade procedure requirements starting with UEM 2306. As a result of these changes there are steps after the UEM upgrade that must be completed. This applies to both Basic and Cascade mode deployments and is independent of the UAG (Tunnel Server) version.
Symptoms:

If the step outlined in the Resolution section is not performed immediately after the UEMupgrade, end-users may receive an “Access Denied” error on their Tunnel clients and will be unable to connect to the Tunnel server. The following error will be logged in the Tunnel.log file depending on you mode of deployment.

Accessing Omnissa product downloads not listed on the Omnissa Customer Connect portal; Omnissa licensing for Horizon (6000691)

Access. If you have an active support agreement and need access to an Omnissa product not available on the Omnissa Customer Connect Download pages, please follow the process outlined below (“Solution”).
Licensing. Upcoming Horizon releases will leverage the new Omnissa license (now in Preview). If you intend to use the upcoming Horizon version, please update your current license to the Omnissa license now in preparation for the transition.

Workspace ONE UEM – Modern SaaS Architecture Rollout – January Update (6000206)

Update – January 6, 2024: The teams at Omnissa are coming out of the freeze period and placing heavy focus on continuation of the Modern Stack rollout. As we align timings you will see this KB continue to be updated. Additionally it is important to call out that as part of Modern Stack enablement environments will be patched to the latest patch available so be on the lookout for those notifications. Lastly, the team is investigating how we can further increase communication scope with in console banners as various stages of Modern Stack enablement occur.

Known issue with False Positive Side-Loaded Application Threat Detections by Workspace ONE Mobile Threat Defense (WS1 MTD) (6000715)

We have identified a known issue where applications installed from the Play Store on the Work Profile and Personal Profile on Android 14 & 15 devices are being detected as side loaded applications.
Our investigation revealed that when the application is installed from the Play Store in the Personal Profile and then subsequently installed from the Managed Play Store in the Work Profile, Android is not reporting a value for the Installer for the Work Profile installation.
Therefore, Workspace ONE Mobile Threat Defense is unable to determine that the Installer is a trusted one and will flag the app as a sideloaded Application

Workspace ONE UEM - Windows & MacOS Agents executable internet connectivity requirements. (6000661)

This article aims to cover the agents and executables that require network access to connect to SaaS Services for Workspace ONE UEM functionality to work as expected.
As part of functionality, the agents and executables may need outbound access to endpoints on Workspace ONE SaaS Services.

CRSVC-55166 – Resource Name not Visible in Device Troubleshooting Logs (6000714)

Application or profile name is not displayed under the ‘Event Data’ column and in ‘Event Data’ details in the Device Troubleshooting logs for certain device events such as Compliance Profile actions, installation or removal actions taken by admin from the UEM Console or by the end user from the Intelligent Hub. Instead of resource name, ‘Resource Uuid’ is displayed for such events (refer Fig 2 & 3).

Dependent artifact package name changes in Workspace ONE SDK 24.11 for Android (6000713)

The artifact package name has been changed as part of the Workspace ONE SDK 24.11 for the Android rebranding release.

Note - If you are not using any of these packages explicitly in your build system grade files, then no action is needed

Automatic Group Sync does not sync users in nested user groups when Conditional Group Sync is enabled (6000706)

Automatic Group Sync performed by Sync Directory Group scheduler job does not sync the users in nested user groups when Conditional Group Sync is enabled.
When Conditional Group Sync is enabled, Automatic Group Sync checks the last modified time of each user group and performs sync if the last modified time is newer than the last sync time.
On the Directory Service side, if the admin is not modifying or adding/removing members in the parent group but is doing so for the nested child user groups, the last modified time does not change. As the result, when Conditional Group Sync is enabled, Automatic Group Sync does not sync the parent group and the changes the admin made in the child groups are not reflected in the parent group on UEM Console.

Active-Passive Changes for Assist Service (6000712)

This document outlines the process for updating the active and inactive states for servers in the WS1-Assist service. The script provided can be used to toggle server status, making the specified server Active while turning off other relevant servers, marking them as Inactive. Additionally, it ensures that the Inactive servers have their services or servers turned off are stopped.

The updated Omnissa branding is not visible in browsers. (6000711)

During an active Assist session, browsers display outdated icons and the previous color scheme.
Clear the browser's cache to ensure the updated branding is reflected.

Horizon 8 2212.x Product Portfolio ESB (Extended Support Branch) Support Timeline Extended by 6 Months (6000697)

This article provides comprehensive information about the support timeline extension for the Horizon 8 2212 Extended Service Branch (ESB).
The support timeline for the Horizon 8 2212 ESB product portfolio has been extended by 6 months. This extension ensures continued support for customers who rely on these versions for their critical operations.

High Priority KBs:

Omnissa new world link directory
For an overview about links to customer portals and relevant information follow the above link.
System Migration Changes Impacting Workspace ONE and Horizon Customers (97841)
The end-user computing (EUC) division of Broadcom will transition from VMware-hosted systems to EUC-hosted systems in April and May 2024. This transition is part of our preparation to become a standalone entity following the acquisition of EUC by KKR.

Recently updated or added KBs (Links)

Digital Workspace Techzone, Blog, Community and YouTube Updates

3rd Party Blog Updates & Industry News

Edwin de Bruin: Omnissa AppVolumes 2412.. with (offline) physical endpoint support!

Beta, Lab and Tech Preview Updates

>>> New Betas starting in January 2025 <<<

Sign up or LogIn [HERE] to get access to the latest Beta versions.

Latest Patch & Seed Script Updates:

OS Updates Seed Script

Seed iOS 18.2.1
Last Update: CW02

Seed Script for latest Device Model Information

Seed Script to support

iPad mini 7th Generation and 2024 iMac, MacBook Pro and Mac mini

Last update: CW45

Workspace ONE UEM 23.02

Patch Level 23.02.0.52
PPAT-17448 - Tunnel client not reconnecting once the device regains compliance.
MACOS-4942 - Smart group assignment for the macOS internal app fails to be assigned for a couple of users’ devices.
CRSVC-51130 - Add code block on the UEM side to block Conditional access configured at any other customer OG if it is already configured for once customer OG within same UEM environment.
AMST-42076 - Time zone displayed in Scripts tab is different from the Execution logs.
Last Update: CW38

Workspace ONE UEM 23.06

Patch Level 23.06.0.43
SINST-176422 - Backport .NET 8 to UEM 2306.
AAPP-18024 - Fix data duplication in vppAssetManagementEventData.
Last Update: CW50

Workspace ONE UEM 23.10

Patch level 23.10.0.42

RUGG-13370 - Unable to save Schedule type Condition when the schedule date is in the year 2025 or later.
RUGG-13232 - Product search (/products/search) and Product extensive search (/products/extensivesearch/) APIs are returning a default policy UUID(0000-000) instead of the actual Device Policy UUID.
RUGG-12961 - UEM-Console - Finnish special vowels are not loading in the DDUI while reloading/editing the profile.
PPAT-18289 - Device-initiated sync of Tunnel Device Traffic Rules pulling cached policy and not new policy.
ARES-31047 - Launcher Profile configured with Custom Lookup fields failing to install on devices.
AMST-42501 - ModStack - Firewall Profile failing to install on Windows 11 systems.
AGGL-17940 - Android Apps lose assignments after being renamed.

Last Update: CW02

Workspace ONE UEM 24.02

Patch Level: 24.2.0.23

UM-8892 - Admin group creation UI fails to save when locale is non-English.
RUGG-13304 - Relay servers were unable to connect to the Console when the default Mac address was used in the discovery text.
RUGG-13280 - Manual Sort is not working for the manifests in Files or Actions component.
RUGG-13278 - Export functionality for the assigned device list in a Product is not working.
RUGG-13256 - Page crashing while re-processing the product on devices.
RUGG-13040 - Products being pushed to unintended devices when assignment rules have integer-based custom attributes.
FCA-208683 - Intelligence opt-in flow showing error screen after the first step
FCA-208159 - Remove setting for enabling in-product support from the console.
ESI-399 - Console enrolls device with token registered to another user.
CRSVC-56124 - Make previous supported versions compatible to auto-update ACC.
CRSVC-55376 - ITrafficThrottling does not appear to be registered correctly for Device Management - Mutual TLS CFG.
CRSVC-52195 - Fix Windows certificate sample sorting to avoid duplicate key error.
ARES-28716 - iOS Public App Search shows Page Not Found error when switching country.
AMST-42501 - Firewall Profile failing to install on Windows 11 systems.
AMST-42060 - Queue is backing up frequently.
AAPP-18323 - Cannot install user-based VPP app on Device that are user enrolled.
AAPP-18090 - VPP apps install delay.

Last Update: CW51

Workspace ONE UEM 2406

Patch level 24.06.16 (SaaS Only)

FS-6560 - ‘Failed’ sensor status incorrectly parsed by workflow as ‘condition not met’.
AMST-42620 - Add logs to OS update alert flow for better diagnostic support.
AAPP-17804 - Admin account stuck in “DELETE IN PROGRESS” state, needs to be deleted from the console.
AMST-42637 - Baseline and Sensor are not assigned when user signs in as AD user on Win PC and the PC moves to a different Organization Group.
RUGG-13344 - Branding changes for Products RelayServer Defdoc.
CRSVC-54749 - Change Organization Group results in Troubleshooting log missing.
FCA-208380 - Custom message template not getting selecting correctly for Admin activation.
AAPP-18397 - DEP Await Configuration ends prematurely before device is fully configured.
CRSVC-56607 - Event Subscription API not working for “Device Unenrolled Enterprise Wipe” event.
AAPP-18449 - Incorrect profile sampling between user and device channel with Shared iPad.
ARES-30530 - Installed App Version missing under ‘Apps Status’ column on Device Details Apps tab for Public apps.
ARES-31047 - Launcher Profile configured with Custom Lookup fields failing to install on devices.
ARES-30902 - On a few devices, highest managed version of Internal apps getting installed instead of the assigned version.
CRSVC-55958 - On workflow deletion, resource installed as part of the workflow also is removed if there is no direct assignment.
AGGL-14086 - Profiles are sent to incorrect channel with Shared iPad for Education on Mod Stack.
ARES-31019 - Status of installed profiles shown as ‘Installed but not assigned’ on Device Details Profiles tab.
CRSVC-55227 - Update Entrust CA integration to use V9 as default irrespective of the URLs.
CRSVC-52195 - User cert samples for SMIME certs are not visible on UEM for Windows machines.
FS-6765 - Workflow step status page crashes for the failed workflow.

Last Update: CW52

Simon Elberts

Search This Blog

Omnissa Newsletter - Week 2

Comments

Post a Comment