Omnissa Newsletter

Release Updates:

Horizon Cloud Service - next-gen January 16, 2025 - Service Release 2412

Provider Capacity

Horizon Cloud Service for Amazon Workspaces Core is now available under Limited Availability.

Customers can now register Amazon Workspaces Core as a provider and perform the Horizon Edge thin-edge infrastructure with pod-less deployments on AWS native infrastructure.
Customers can now deploy VM-based Horizon Edges on AWS. SSO is supported.
Customers can now deploy VM-based Unified Access Gateways (UAGs) on AWS.

Desktops and Applications

App Volumes

The Horizon Cloud Service - next-gen Access console now supports App Volumes as a published application type, enabling administrators to apply Workspace ONE conditional access policies to these applications. This enhancement allows for consistent access control across all published application types - manual, installed, and App Volumes packaged applications.

Pools

With Amazon Workspaces Core available under Limited Availability, administrators can now create the following pool types on Amazon Workspaces Core with SSO and GPU support: 1) Single-Session Dedicated with Windows 10/11 OS and Windows Server OS, 2) Single Session Floating with Windows 10/11 OS and Windows Server OS, and 3) RDSH Published Desktops with Windows Server OS.
With Amazon Workspaces Core available under Limited Availability, administrators can now add desktop pools from Azure and AWS to a single pool group. Entitlements will flow across the cloud providers.
With Amazon Workspaces Core available under Limited Availability, the supported power management modes are Always On and Automated Power Management.

Policy Management

Workspace ONE Access Conditional Access policies are now supported on individual apps and desktops. Administrators can configure policies in Access and assign them to apps and desktops for granular access control.

Horizon Clients on mobile devices (iOS and Android) will not be able to connect to an environment where redirection is enforced to Workspace ONE Access.
Support for mobile clients will be added in the future.

Horizon Subscription Management

License consumption metrics for concurrent user licenses are now also available on the Subscriptions tab of Horizon Universal Console for Horizon 8 deployments, which is in addition to the pre-existing availability of these metrics for Microsoft Azure deployments.

Image Management

The Image Management Service shall stop supporting operating system Windows 11 version 21H2 with this release as Microsoft has stopped supporting the same.
The Image Management Service now supports importing an image from a source VM running on an Azure dedicated host. After the VM is customized as per the business needs of the customer, the service is capable of publishing the same updated image to one or more Horizon Edges deployed on Microsoft Azure dedicated host infrastructure. The service also supports version management of the image. Note that the Copy as New Image and Copy as New Version actions are only supported in a shared host environment. It is not advised that you use the Copy as New Image, Copy as New Version, or Add a Version from custom SIG actions to create a cloned VM on a dedicated host.
With Amazon Workspaces Core available under Limited Availability, administrators can now import a workspaces core image.

Administrators can use Amazon WorkSpaces Core Custom Image to import an image that is in ready state. This method is recommended for windows server images and already prepared windows 10/11 BYOL Image.
Administrators can use Amazon EC2 Custom Instance to import an EC2 instance that was created from Windows 10/11 AMI. Horizon Cloud will convert the EC2 instance to Workspaces Core BYOL Image. This method is only for Windows 10/11 BYOL Image.

Horizon Edge

When selecting the single VM format for the Horizon Edge Gateway during Microsoft Azure edge deployment, the Kubernetes Pod and Service CIDR ranges can now be modified to avoid conflicts with your networking environment. Editing these ranges is optional and not recommended unless required to avoid a conflict.

Monitoring

With Amazon Workspaces Core available under Limited Availability, administrators can now monitor utilization and performance of their VMs and sessions running on Amazon Workspaces Core Capacity.

Helpdesk

With Amazon Workspaces Core available under Limited Availability, administrators can now see the user cards and entitlements for Amazon Workspaces Core desktops.

Omnissa Intelligence 25.01.13

Omnissa Intelligence SDK 24.11.0 for Android

Omnissa branding updates.
Critical cellular signal strength – automatically send a network event when a cellular signal strength of 1 is detecteded.
For details, access Omnissa Intelligence SDK 24.11.0 for Android

Omnissa Intelligence SDK 24.11.0 for iOS

Omnissa branding updates.
Events are now sent to Intelligence upon a change in network connection. For example, when a cell connection changes from 5G to 4G or from WiFi to cellular.
For details, access Omnissa Intelligence SDK 24.11.0 for iOS

Zebra MX Service v6.2 for Android- November 2024

Update Minimum SDK Version to 26 - The minimum SDK version for the application has been updated to 26. This update ensures compliance with modern Android security standards and leverages improvements in performance and stability. Users must ensure their devices are running on Android 8.0 (Oreo) or later to continue receiving updates and support.
Rebranding of MX Service to Omnissa - As part of the ongoing rebranding efforts, the MX service has been renamed to Omnissa across the entire platform. This includes updates to documentation, UI elements, and service names, providing a consistent brand identity moving forward..

Current Omnissa Security Advisories

OMSA-2024-0002 - Horizon Client for macOS addresses local privilege escalation vulnerabilities (CVE-2024-11467, CVE-2024-11468) (6000716)

Local privilege escalation (LPE) vulnerabilities in Omnissa Horizon Client for macOS were privately reported to the Omnissa Vulnerability Response Team (OVRT). Updates are available to remediate these vulnerabilities in impacted versions of the client.

Find all latest advisories in the Omnissa Security Response Center

Omnissa UX Research Opportunities:

Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
Interested in giving your opinion and making your voice heard? Check out what’s available!

No Research is running - see you in 2025!

KB Highlights & Announcements:

Important Information Regarding Horizon Licensing and vSphere Infrastructure Licensing for Horizon (6000014)

The End User Computing Division's transition from Broadcom to Omnissa operational systems is complete, and we are in the process of normalizing operations on those new systems.
During this period, customers should be aware of updated processes for obtaining licensing keys, including temporary keys, should they experience any impact on the operation of their Horizon licenses.
The purpose of this KB is to outline the updated Horizon licensing processes, potential impacts and steps to take if you are impacted.
These updates affect Horizon 8, Horizon Cloud, and the Horizon Control Plane platforms.
For Horizon customers, if you have any additional questions regarding Horizon and vSphere licensing that have not been answered here, you can now raise support requests using the new Omnissa Customer Connect portal. This is the fastest and most effective way to address your queries and issues.

Customer Connect URL - https://customerconnect.omnissa.com
You can alternatively reach out to us via phone Support Phone Numbers

HW-218488: Change of Omnissa Access certificate authentication service endpoint (6000720)

This article explains upcoming changes to the hostname for the Omnissa Access Certificate Authentication Service (CAS), which is used for Certificate Authentication (cloud deployment)and Mobile SSO (for Apple) authentication methods. These changes may affect device profiles and network configurations, such as firewalls and proxies, that rely on specific CAS hostnames for identity preferences and traffic filtering.

[Resolved] Intelligence Restrictions Revert After Save in Workspace ONE UEM 24.06.12 (6000721)

On December 13th, 2025, Workspace ONE UEM teams identified an issue affecting Intelligence Restrictions keys for iOS 18 and macOS 15 devices. This article explains the issue, its impact, and the resolution steps for affected environments using Workspace ONE UEM version 24.06.12. For more details on the new iOS 18 restrictions keys, see Apple’s official guide

ARES-30832 – Product Profiles Listed on Device Profiles List View (6000687)

In Workspace ONE UEM environments with modern SaaS architecture enabled, Product Provisioning profiles configured for Rugged devices are incorrectly listed in the Device Profiles list View (Resources → Profiles & Baselines → Profiles). The deployment tracking data for these profiles is incorrect and allows unintended actions, such as “Edit Profile” or “Deactivate,” which are not applicable for these profiles from the Device Profiles list view.

Product Version:

All UEM environments with modern SaaS architecture enabled, starting 2406 and onwards, are impacted.

HW-218488: Change of Omnissa Access certificate authentication service endpoint (6000720)

This article explains upcoming changes to the hostname for the Omnissa Access Certificate Authentication Service (CAS), which is used for Certificate Authentication (cloud deployment) and Mobile SSO (for Apple) authentication methods. These changes may affect device profiles and network configurations, such as firewalls and proxies, that rely on specific CAS hostnames for identity preferences and traffic filtering.
Who is Impacted?

Customers who meet the following criteria will be impacted by this change:
Certificate(cloud deployment) or Mobile SSO(For Apple) configurations are in use.
Proxy, firewall, or UEM configurations (such as macOS device profiles or browser configuration profiles) are set to use the existing hostname "cas-aws".

To maintain uninterrupted functionality, customers must update their configurations to accommodate the new CAS hostnames.

ARES-30657 – For some internal apps, devices receive lower app version instead of the highest assigned version in modern-architecture enabled UEM environments (6000718)

For a few internal managed apps, devices assigned to multiple versions of the app may receive a lower version instead of the highest assigned version.

Versions Impacted

All Workspace One UEM versions with modern architecture enabled, starting from 2406 onwards are impacted.

FileVault Recovery Keys are missing for macOS devices after Modern Stack Migration (6000719)

The Omnissa team has identified an issue in some Workspace ONE UEM environments that have undergone migration to the Modern Stack. In these environments, FileVault Recovery Keys for macOS devices are not displayed in the UEM console.
This issue has been addressed and will be resolved in an upcoming Workspace ONE UEM patch.

FileVault Disk Encryption Pop Up for macOS Devices after Modern Stack Update (6000722)

macOS users are experiencing pop-ups related to FileVault after their environment was updated to Modern Stack enabled.
This article aims to clarify the observed behavior, outline the cause, and provide guidance on the impact, resolution, and potential workarounds.
The pop-ups are related to updated workflows in the Modern Stack environment and involve FileVaultPRK.datescrow settings within the UEM database and notification settings for Login and Logout enforcement to trigger FileVault Disk Encryption.
These workflows may prompt users to log out or input credentials to complete FileVault setup or profile updates.

Workspace ONE SDK Plug-in build download (6000709)

Customers can use the below link to download the Workspace ONE SDK Plug-in builds:

Preparing for Workspace ONE Modern SaaS Rollout (Managed Hosting / Dedicated Cloud Customers)

For Shared SaaS, environments have already been enabled or will be enabled automatically in the near future
Familiarize yourselves with upcoming changes with Modern SaaS, including changes in workflows, terminology, and known issues. (See – TechZone article here.)
Request environment migration with the Omnissa account team (CSM, TAM, AE, SE) once ready. The team will work internally to request an enablement week on your behalf.
Environment clean-up* (resources outside of tenant boundary e.g., global resources).

Remove/migrate invalid resources (apps, profiles, policies) from the console.
Remove/migrate invalid SGs.
Ensure all users/devices are at or under Customer/Partner OGs. If users exist above Customer/Partner OGs with devices enrolled, device enrollment may be required.
Validate Smart Group & app exclusion. See KB here.

Update Workspace ONE UEM to the latest version prior to Mod Stack enablement, minimum UEM 24.06.
Review the list of known issues and changes aggregated in the weekly newsletter below. Ensure resolutions/workaround are implemented as applicable.
Develop a testing plan post migration and communicate with internal stakeholders.
KB Article Overview

Announcement & Updates

Known Issues – Resolved

Intelligent Hub for macOS must be upgraded to version 24.07.1 to prevent macOS Profile removal from being blocked with Mod Stack(Resolved in macOS Hub 24.07.1+)
Profiles Assigned Through Freestyle Workflows Installed on Unintended Devices (6000667)(Resolved in UEM 24.06.0.13+)
macOS Profiles shows “Installed but not assigned” and contains profile duplicates (6000682) (Resolved in macOS Hub 24.07.2+)

Known Issues - Ongoing

High Priority KBs:

Omnissa new world link directory
For an overview about links to customer portals and relevant information follow the above link.
System Migration Changes Impacting Workspace ONE and Horizon Customers (97841)
The end-user computing (EUC) division of Broadcom will transition from VMware-hosted systems to EUC-hosted systems in April and May 2024. This transition is part of our preparation to become a standalone entity following the acquisition of EUC by KKR.

Recently updated or added KBs (Links)

Digital Workspace Techzone, Blog, Community and YouTube Updates

3rd Party Blog Updates & Industry News

Alex_Muc: [Guide] First aid for bug reports
theDXT: Omnissa Horizon Client prefs.txt

Beta, Lab and Tech Preview Updates

WS1 Boxer 25.01 for Android

Quality improvements and crash fixes
Bugs Fixed

BINXA-20575 [Visual scheduler] Availability of all invitees is not visible when specific contact is invited
BINXA-20736 Encrypted attachment can't be decrypted in external app after download it in Boxer

WS1 Boxer 25.01 for iOS

Quality improvements and crash fixes
Bugs Fixed

BINXI-24121 Email not rendering correctly in specific cases
BINXI-24180 Fix search screen on iPad in Stage Manager

Sign up or LogIn [HERE] to get access to the latest Beta versions.

January Software Releases

System	Component	Release	Announcement	Release Date
Backend	Assist	24.08.02	Release Notes	02.01.25
Backend	SEG	2.31	Release Notes	07.01.25
Backend	Intelligence	25.01.13	Release Notes	13.01.25
Android	Zebra MX Service	6.2	Release Notes	14.01.25
Horizon	Horizon Cloud Service Next Gen	January 16	Release Notes	16.01.25

Latest Patch & Seed Script Updates:

OS Updates Seed Script

Seed iOS 18.2.1
Last Update: CW02

Seed Script for latest Device Model Information

Seed Script to support

iPad mini 7th Generation and 2024 iMac, MacBook Pro and Mac mini

Last update: CW45

Workspace ONE UEM 23.02

Patch Level 23.02.0.52
PPAT-17448 - Tunnel client not reconnecting once the device regains compliance.
MACOS-4942 - Smart group assignment for the macOS internal app fails to be assigned for a couple of users’ devices.
CRSVC-51130 - Add code block on the UEM side to block Conditional access configured at any other customer OG if it is already configured for once customer OG within same UEM environment.
AMST-42076 - Time zone displayed in Scripts tab is different from the Execution logs.
Last Update: CW38

Workspace ONE UEM 23.06

Patch Level 23.06.0.44

UM-9142 - OG Consolidation script execution failure due to incomplete LDAP sync job.
UM-9111 - Console event is not generated when an administrator account is deleted.
UM-9083 - Managed By Organization Group for administrator account changes when role assignments are modified.
UM-8878 - User provisioning through SCIM APIs may fail due to character length limitations.
UM-8753 - SAML authentication response validation is disabled for Omnissa Identity Services integration.
RUGG-13304 - Relay servers were unable to connect to the Console when default Mac address was used in the discovery text.
CRSVC-56124 - Make previous supported versions compatible to auto-update ACC.
ARES-29981 - Few apps cannot be assigned to newly enrolled devices after migrating from On-prem to SaaS environment.
ARES-25476 - Profile installation status inconsistent between Device Details Profiles tab and ‘View Devices’ screen for profiles installed through Workflows.
AMST-42510 - Removed URL encoding while uploading icon from EAR.
AMST-41549 - Remove the version check from the seeded apps in the mapping table.
AAPP-18323 - Unable to install User-Based VPP app on devices that are User enrolled.
AAPP-18094 - Fix to prevent returning process-related exceptions except UnAuthorized on Apple callback API.

Last Update: CW03

Workspace ONE UEM 23.10

Patch level 23.10.0.43

RUGG-13303 - Organization Group change for Zebra Printers does not automatically update the SmartGroup subscriptions.
MACOS-5322 - MacOS devices not completing enrollment as expected and Getting stuck on “waiting for management” server while DEP enrollment.
ARES-30902 - Devices failing to install Internal App within 24 hours of receiving install instructions may install latest version afterwards.

Last Update: CW03

Workspace ONE UEM 24.02

Patch Level: 24.2.0.23

UM-8892 - Admin group creation UI fails to save when locale is non-English.
RUGG-13304 - Relay servers were unable to connect to the Console when the default Mac address was used in the discovery text.
RUGG-13280 - Manual Sort is not working for the manifests in Files or Actions component.
RUGG-13278 - Export functionality for the assigned device list in a Product is not working.
RUGG-13256 - Page crashing while re-processing the product on devices.
RUGG-13040 - Products being pushed to unintended devices when assignment rules have integer-based custom attributes.
FCA-208683 - Intelligence opt-in flow showing error screen after the first step
FCA-208159 - Remove setting for enabling in-product support from the console.
ESI-399 - Console enrolls device with token registered to another user.
CRSVC-56124 - Make previous supported versions compatible to auto-update ACC.
CRSVC-55376 - ITrafficThrottling does not appear to be registered correctly for Device Management - Mutual TLS CFG.
CRSVC-52195 - Fix Windows certificate sample sorting to avoid duplicate key error.
ARES-28716 - iOS Public App Search shows Page Not Found error when switching country.
AMST-42501 - Firewall Profile failing to install on Windows 11 systems.
AMST-42060 - Queue is backing up frequently.
AAPP-18323 - Cannot install user-based VPP app on Device that are user enrolled.
AAPP-18090 - VPP apps install delay.

Last Update: CW51

Workspace ONE UEM 2406

Patch level 24.6.0.17

ARES-30565 - [Modernization] ‘Setting Group’ sub-filter within ‘Platform’ filter on Profile List View page is not filtering the profiles.
ARES-29118 - [Modernization] Error message seen while switching to ‘Excluded’ tab on Deployment Tracking page for an application that does not have assignments.
ARES-30486 - [Modernization] Failing to install Apps assigned through Workflows created using APIs.
ARES-30970 - [Modernization] For some profiles, unassigned smart groups are still visible under ‘Assignment Groups’ column on Profile List View.
ARES-30657 - [Modernization] Incorrect internal app versions are installed on devices when the app bundle version is alpha numeric.
ARES-30832 - [Modernization] Product Provisioning Profiles visible along with device profiles on Device Profiles List View.
AGGL-17940 - Android Apps lose assignments after being renamed.
MACOS-5026 - Apple devices not queried at scheduled intervals causing reporting errors.
ARES-31158 - Assignment updates and app republish results in ‘Save Failed’ error for a specific Android app in a Customer environment.
AMST-42692 - Change device to Multi-user notification has spelling error.
ARES-26698 - Deleting ‘On-Demand Rule’ section within VPN payload crashes the Profile payload page instead of deleting the rule.
ARES-30656 - Deleting an internal app version via APIs is incorrectly deactivating all the active versions of that application leading to the app being removed from devices.
CRSVC-56851 - Failed to sync entitlements after upgrading to Windows Hub 24.4.12.
FS-6597 - Investigate the OG delete blocked due to entries in workflowDeletedAssignment table.
CRSVC-56384 - macOS devices are not updating the correct list of certificates until a manual query is performed.
RUGG-13280 - Manual Sort is not working for the manifests in Files/Actions component.
RUGG-13232 - Product search (/products/search) and Product extensive search (/products/extensivesearch/) APIs are returning a default policy UUID(0000-000) instead of the actual Device Policy UUID.
CRSVC-56832 - Resource name missing from device troubleshooting logs for events related to apps and profiles configured through Mobile Workflows.
LUEM-931 - Unable to load Linux Profiles in UEM.
RUGG-13370 - Unable to save Schedule type Condition when the schedule date is in the year 2025 or later.
CRSVC-55376 - Update Mutual TLS implementation of Device Management Service with additional registered libraries.
AAPP-18469 - Uploaded mobileconfig’s no longer deploy successfully.
UM-9257 - User Group Batch Import - Issue with configuring management permissions for multiple OGs.

Last Update: CW03

Simon Elberts

Search This Blog

Omnissa Newsletter - Week 3

Comments

Post a Comment