EUC Newsletter 2024 Week 39

Upcoming Events 

Event	Link and description	Speakers	Date
Omnissa ONE	Omnissa customers, partners and end-user computing experts will soon convene at our new flagship, in person event – Omnissa ONE.From employee experience to management and security, the future of digital work starts here. Register in one of three locations. https://www.omnissa.com/omnissaone-amsterdam-reg/	Shankar IyerChief Executive OfficerRob RuelasSenior Vice President, RevenueRenu UpadhyaySenior Vice President, MarketingBharath RangarajanSenior Vice President, ProductAnd others..	23rd October – 24th October 2024Amsterdam September 26, 2024Tokyo September 30 – October 1, 2024Dallas
VMUG	Watch On-Demand webcasts here.Register for upcoming live webcasts here.Register for Regional VMUG events here.

Release Updates Week 39-24: 

Workspace ONE Hub 24.07.1 for macOS

• Bug fixes and performance improvements

• HUBM-8277: Unmanaged profile erroneously removal.
• HUBM-8262: DSM expected behavior improvements.
• HUBM-8676: Addresses macOS 15 application pop up notifications.

Workspace ONE Cloud Admin Hub 24.09.05

• The Role Based Access Control feature is generally available (GA).

• As an Organization Owner, you can add and manage your administrator’s Workspace ONE Intelligence and Workspace ONE UEM role assignments in Workspace ONE Cloud Admin Hub, provisioning a way for you to provide granular service access.
• Seamlessly manage both federated and external administrators, and manage admin group role assignments.
• You can find the new page in Workspace ONE Cloud Admin Hub at Accounts > Administrators.
• Find documentation at Roles Based Access Control.

Omnissa Intelligence 24.09.23

• In this release, we’ve made a few updates containing general quality and performance improvements with no new features.
• Resolved Issues
• INTEL-62277: Fixed an issue where the Reports scheduler unexpectedly triggered downloads for times in the past.

Workspace ONE Boxer 24.09 for iOS

• Ability to “Reply To” and “Forward” emails received as .eml attachments

• Users are now able to reply to/forward emails that they receive as .eml attachments.
• The feature is controlled through application-level boolean KVP EnableAttachedMessageInteraction. The default value is false.
• When EnableAttachedMessageInteraction = true a reply button in .eml files is presented.
• When Reply, Reply All, or Forward are selected, the email is loaded in a new compose screen like when a regular email is replied or forwarded.
• All the attributes of the .eml attachment are preserved in the new email.
• Quality improvements and crash fixes

Workspace ONE Boxer 24.09 for Android (staged)

• Ability to “Reply To” and “Forward” emails received as .eml attachments

• Users are now able to reply to/forward emails that they receive as .eml attachments.
• The feature is controlled through application-level boolean KVP EnableAttachedMessageInteraction . The default value is false.
• When EnableAttachedMessageInteraction = true a reply button in .eml files is presented.
• When Reply, Reply All, or Forward are selected, the email is loaded in a new compose screen like when a regular email is replied or forwarded.
• All the attributes of the .eml attachment are preserved in the new email.
• Deprecation of the Debug menu

• Users won’t be able to access the debug menu anymore.
• “Attachments New UI” setting is moved in Settings → Advanced → Enable features.
• “Enable verbose debug logging” is moved in Settings → Advanced (Section “Other“).
• Quality improvements and crash fixes

VMware EUC Security Advisories: 

>>> No new Security Advsisories this week <<<

Find latest advisories in the Omnissa Security Response Center

EUC UX Research Opportunities: 

• Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
• Interested in giving your opinion and making your voice heard? Check out what’s available!

WS1 Intelligence – Device Health/Refresh Dashboard

• About: Dashboard to provide IT Admins with a comprehensive overview of their device fleet’s health/refresh status. This will help to identify devices due for a refresh or suggest alternate next steps for their hardware and streamline the device refresh process. If you’re involved in managing physical devices and/or apps this is for you!
• Opportunity: 5-minute drag and drop exercise where you’ll get a list of use cases and asked to sort which are a Must Have, Nice-to-Have, or a Wow Factor.
• TAKE THE ACTIVITY HERE

KB Highlights & Announcements Week 39-24: 

macOS Hub 24.07.1 not installing on enrollment (24.07.1.263) (6000198)

• After enrolling macOS devices into Workspace ONE UEM, installation requests for the macOS Agent (Intelligent Hub) are failing when targetted latest version 24.07.1.263.
• Although the InstallEnterpriseApplication request is processed during initial enrollment, the installation fails due to a hash mismatch between the installed .pkg file and the manifest verification.

Application and Profile management restricted to Customer Organization Group (and Partner Organization Group) or below in Modern SaaS architecture enabled UEM environments (6000196)

• With Modern SaaS architecture enabled in Workspace ONE UEM environments, tenancy boundary restrictions for Application and Profile management will now be more strictly enforced. As a result, Application and Profile management will only be allowed at the qualifying Organization Group hierarchies – Customer Organization Group (or levels beneath it) and the Partner Organization Group (or levels beneath it).
• We have identified that some of our SaaS customers have Applications and Profiles at non-qualifying Organization Group hierarchies. With the introduction of the Modern SaaS architecture, such resources can no longer be managed. New installations of these resources will cease, and any existing resources will be uninstalled from devices, potentially causing disruptions if not addressed.

CRSVC-52748: iOS Intelligent Hub gets stuck in authentication loop (6000201)

• Workspace ONE Intelligent Hub for iOS will become stuck in an authentication loop after user enters credentials at login screen. 
• After the successful login, Intelligent Hub creates a session token. Intelligent Hub then uses the session token to make a request to the UEM server to provision additional resources. The UEM server performs validation against this request. Improper validation logic assumes criteria not yet satisfied, which leads to an error code sent to Intelligent Hub. Upon receiving this error code, Intelligent Hub deems the session token as invalid, and prompts the login screen to acquire a new session token.

Multi-User Checkout Attributes Limitation in Workspace ONE UEM 24.06 (6000202)

• With the introduction of the new Windows Multi User feature in Workspace ONE UEM 24.06, admins now have the ability to configure silent checkout attributes for easier mapping based on their requirements.
• However, we’ve identified an issue in the current release affecting two specific UEM User attributes:

• EmployeeID
• Email Address

These attributes cannot be used for silent checkout mapping in this release.

Managing Compliance Profile Versions in Workspace ONE UEM (6000200)

• Workspace ONE UEM allows customers to enforce device compliance by creating and applying compliance profiles through compliance policies. These Profiles ensure that devices adhere to specific organizational policies by applying the relevant settings based on their compliance status. When a new version of a compliance profile is created, it is intended to update the settings for devices with the previous profile version installed. However, due to the current design, devices do not automatically receive updates associated with the new profile version. Therefore, additional actions are required to ensure compliance and maintain device security.

Horizon Desktop in Agent Unreachable status (58943)

• Horizon Desktop in Agent Unreachable status from Horizon View Admin page
• In the Horizon Desktop debug log file, it contain messages similar like below:

2018-09-25T14:35:23.990+08:00 DEBUG (07A8-09AC) <Thread-2> [JmsManager] Unable to connect to JMS server xxxxxxxxx com.vmware.vdi.agent.messageserver.JmsManager.connect(SourceFile:372)
javax.jms.InvalidSelectorException: <(InfrastructureZone is null or InfrastructureZone = ‘site1’) AND(ServerDn is null or ServerDn = ”)AND(ServerPoolDn is null)AND
(IncludeAsyncSessions is null or IncludeAsyncSessions = ‘true’)>: Illegal character <‘>

High Priority KBs: 

• Omnissa new world link directory
  For an overview about links to customer portals and relevant information follow the above link.
• System Migration Changes Impacting Workspace ONE and Horizon Customers (97841)
  The end-user computing (EUC) division of Broadcom will transition from VMware-hosted systems to EUC-hosted systems in April and May 2024. This transition is part of our preparation to become a standalone entity following the pending acquisition of EUC by KKR.
• End of Life Announcement for the Legacy App Catalog in Workspace ONE UEM for SaaS UEM Customers (95774)
  We are announcing the End of Life (EOL) for the UEM Legacy Catalog for UEM SaaS customers only at this time. If you are a On-Premises UEM Customer, this notice does not impact you at this time, further communications will follow for timelines on migrating On-Premises UEM Customers to the Intelligent Hub App Catalog.
• Workspace ONE UEM – Updated requirements for on-premise cumulative patches (94706)
  The base GA version for current Workspace ONE UEM releases is being revised through updated installers. On-premise customers will need to consume a revised installer for a given major version before any future cumulative patches can be deployed for that major version. These revised installers are required to address compatibility issues with regular cumulative patches.
• Introducing Workspace ONE (WS1) UEM Next-Gen SaaS
  VMware is excited to announce that the resource management & tracking improvements, the first major feature-based milestone in the Workspace ONE UEM Modernization Journey, is now available for customer testing. These improvements will be enabled in limited testing environments (CN135) starting on Thursday August 24, 2023.

Recently updated or added KBs (Links) 

• macOS Hub 24.07.1 not installing on enrollment (24.07.1.263) (6000198)
• Application and Profile management restricted to Customer Organization Group (and Partner Organization Group) or below in Modern SaaS architecture enabled UEM environments (6000196)
• CRSVC-52748: iOS Intelligent Hub gets stuck in authentication loop (6000201)
• Multi-User Checkout Attributes Limitation in Workspace ONE UEM 24.06 (6000202)
• Upcoming Changes to Android Public Applications (93986)
• Managing Compliance Profile Versions in Workspace ONE UEM (6000200)
• Android Management API Support in Workspace ONE UEM (6000185)
• How to Manually Force Sync Active Directory (AD) User Attributes (6000182)
• Azure Conditional Access for On-prem customers needs public Console URL (82555)
• Horizon Desktop in Agent Unreachable status (58943)
• Omnissa Horizon ADMX template download location (6000192)
• Advance Deprecation Announcement for Horizon View API and Replacement with REST API (6000139)
• Omnissa Horizon Connection Server Reinstallation Process (6000190)
• [Resolved] – Workspace ONE UEM – Registering a new device in Self-Service Portal not working with “Save Failed” e
• Evaluated device count higher than Assigned count in Deployment Tracking for Modern SaaS architecture enabled U
• End of Life Announcement for the Legacy App Catalog in Workspace ONE UEM for SaaS UEM Customers (95774)

Digital Workspace Techzone, Blog and YouTube Updates 

• The Latest Features with Experience Management 2407 for Horizon
• Managing the Apple macOS Sequoia Upgrade with Workspace ONE UEM
• Reducing Rollout Risks with Automated Deployment Rings in Workspace ONE Intelligence
• Omnissa DEX Solution for Third-Party Managed Windows Devices
• Configuring Windows Baselines and Profiles: Workspace ONE Technical Walkthrough
• Managing Updates for Windows Devices: Workspace ONE Operational Tutorial
• Configuring High Availability in Unified Access Gateway: Omnissa Workspace ONE Operational Tutorial
• Configuring the Content Gateway Edge Service: Workspace ONE Operational Tutorial
• Desktop Lifecycle Management

3rd Party Blog Updates & Industry News 

• WorldWide Technologies: The Impact of AI on EUC – Series

• The Tireless Admin
• Physical Endpoints
• User Experience and Productivity
• VDI
• Ralf Gegg: From IGEL Disrupt 2024 to Omnissa ONE, Amsterdam

Beta, Lab and Tech Preview Updates 

WS1 Intelligent Hub 24.09 for Android 

• Disable Factory Reset Protection on corporate-owned devices. Organizations can now disable factory reset protection on corporate-owned devices using a Custom Settings profile. With this profile, if end users add a personal Google account to the device and said device is factory reset from the bootloader, factory reset protection will not take effect. Organizations will not have to authenticate with the personal Google account in order to set up and re-enroll. For information on how to configure the Custom Settings profile, please see(Hub 24.09 Beta) Disable Factory Reset Protection using Custom Settings guide in our Beta Community.
• Resolved Issues:
• HUB-11243: Password can’t be set when SSO is enabled

WS1 Tunnel for iOS

• TLS 1.3 Support
• Tunnel Gateway already supports TLS 1.3 starting UAG 2309

Improvements to Tunnel server connection behavior for bypass flows. This may be useful for applications that leverage bypass flows or rely heavily on UDP, such as VOIP applications.

Improved in-app troubleshooting support:

• Debug log timer
• Diagnostic log retrieval

Workspace ONE Content 24.09 for Android

• Apply visual effects to enhance the appearance of Live photos using Greyscale and Black & White filters.

Sign up or LogIn [HERE] to get access to the latest Beta versions.

September Software Releases  

System	Component	Release	Announcement	Release Date
Backend	Console SAAS	24.06	Release Notes	02.09.24
macOS	Hub	24.07	Release Notes	05.09.24
Android	Hub	24.07	Release Notes	05.09.24
Android	Tunnel	24.08	Release Notes	12.09.24
Backend	ITSM Connector for ServiceNow	6.0	Release Notes	05.09.24
Backend	Omnissa Identity Services	September 2024	Release Notes	05.09.24
iOS	Intelligence SDK	24.06	Intelligence SDK for iOS	06.09.24
Android	Intelligence SDK	24.06	Intelligence SDK for Android	06.09.24
Backend	WS1 Access Cloud	September 2024	Release Notes	05.09.24
Linux	Hub	24.08	Release Notes	11.09.24
Horizon	Horizon DaaS	9.2.3	Release Notes	11.09.24
ChromeOS	Tunnel	24.08	Release Notes	12.09.24
macOS	macOS Tunnel	24.08	Release Notes	17.09.24
Android	Web	24.08.1	Release Notes	18.09.24
macOS	Hub	24.07.1	Release Notes	23.09.24
Backend	WS1 Cloud Admin Hub	24.09.05	Release Notes	23.09.24
Backend	WS1 Intelligence	24.09.23	Release Notes	23.09.24
iOS	Boxer	24.09	Release Notes	26.09.24
Android	Boxer	24.09	Release Notes	staged

Patch & Seed Script Updates Week 39-24 

OS Updates Seed Script

• macOS 13.7.0(22H123), macOS 14.7.0(23H124)
• Last Update: CW38

Seed Script for latest Device Model Information

• Seed Script to support new iPad Air M2 and iPad Pro M4 models
• Last update: CW39

Workspace ONE UEM 23.02

• Patch Level 23.02.0.52
• PPAT-17448 – Tunnel client not reconnecting once the device regains compliance. 
• MACOS-4942 – Smart group assignment for the macOS internal app fails to be assigned for a couple of users’ devices. 
• CRSVC-51130 – Add code block on the UEM side to block Conditional access configured at any other customer OG if it is already configured for once customer OG within same UEM environment. 
• AMST-42076 – Time zone displayed in Scripts tab is different from the Execution logs.
• Last Update: CW38

Workspace ONE UEM 23.06

• Patch Level 23.06.0.41
• MACOS-4815 – macOS device model seeding API implementation. 
• CMSVC-18185 – Disable smart group tenancy correction support from UEM production environments.
• ARES-30025 – DDUI – Removing new smart group assignment clears existing smart groups.
• AMST-42069 – Time zone displayed in the Scripts tab is different from the Execution logs.
• AAPP-17951 – Update the VPP notification status sync job to discard the duplicate notifications.
• Last Update: CW38

Workspace ONE UEM 23.10

• Patch Level: 23.10.0.33
• CRSVC-51239 – Event notifications inheritance at sub child OG inheriting wrong rules.
• AMST-41345 – Large awwnsnotification message size causing process failures.
• ESI-201 – Devices not being moved to the correct OG by IP address.
• AMST-42115- Seeding – latest SFD 23.10.4 build to UEM – 2310.
• AMST-41802 – Time zone displayed in Scripts tab is different from the Execution logs.
• CMSVC-18184 – Disable Smart Group Tenancy Correction support from UEM production environments.
• AMST-42059 – Firewall profile failing to install on Windows 11 systems.
• CMSVC-17744 – Newly enrolled devices were not added to the Smart Group causing issues with assignments of resources.
• MACOS-4530 – macOS device model seeding API implementation.
• Last Update: CW38

Workspace ONE UEM 24.02

• Patch Level: 24.2.0.16

• CRSVC-51239 – Event notifications inheritance corrected for sub-child OG rules.
• AGGL-16861 – Correct OS update processing. 
• ESI-201 – Devices not being moved to the correct OG by IP address. 
• CMSVC-17744 – Newly enrolled devices were not added to the Smart Group causing issues with assignments of resources. 
• AMST-42116 – Seeding – latest SFD 23.10.4 build to UEM – 2402.
• FS-5716 – Windows app install failure.
• Last Update: CW38

Workspace ONE UEM 2406

• Patch Level: 24.6.0.3

• ARES-29481 – Device records gets removed from profile DT page after switch between Evaluated & Pending tab.
• ARES-29110 – Add a new section for “Installed but not assigned” devices and move them out from Evaluated tab.
• CMSVC-18195 – Add invalid Smart Group validation SmartGroupMigrationTool.
• ESI-111 – Admin is assigned Console Admin role when assigned both platform and UEM roles via RBAC Admin groups.
• AMST-41766 – Agent Settings Endpoint should return correct DeviceUuid.
• ARES-30099 – Application Removal Protection Error failing removal of applications from devices.
• ARES-30064 – Bulk application enrichment failing in migration tool.
• PPAT-17222 – Create Purge Job for tunnel.ManagedDeviceClientCertificateMap in revoke pending state.
• FS-5579 – Device Details TroubleShooting page failing to load.
• CMSVC-18184 – Disable Smart Group Tenancy Correction support from UEM production environments.
• MACOS-4606 – Don’t send sample for Asset and Profile when isValid is unknown.
• CRSVC-52794 – DSM Drift Telemetry in Incremental Hosting mode is emitting false positives in dual mode.
• ESI-186 – DST read after write issue of device records.
• AMST-41834 – Enable 3 Windows Modern Stack Rollout.
• MACOS-4701 – Evaluate the feature flag for faster delivery of DDM resources.
• ARES-29466 – Evaluated and Pending counts in deployment tracking are not updating after Smart Group rule change.
• CRSVC-51239 – Event Notifications Inheritance At Sub Child OG Inheriting Wrong Rules.
• AAPP-15763 – Eventdata getting truncated on UI.
• CMSVC-18146 – Fix Smart Group Type Mapping in Migration Tool.
• ESI-102 – Hub app doesn’t load mydevices in the support tab for user with large amount of devices.
• AAPP-17032 – Implement GET Book details API for Public/Purchased/Internal books.
• ARES-30008 – iOS Boxer account details are not populated automatically on fresh installs.
• ARES-29774 – ModStack deployment tracker (DT) screen shows a non-existent assignment to 150,000 devices.
• CRSVC-51231 – Move Event Log Service Export Feature Flag to roll out.
• ARES-29411 – Profile assignment page crashes and the admin gets a spaceman error page.
• ARES-30074 – Profile Search with Numbers results in Spaceman Error.
• AMST-41953 – Reassignment Admin Actions not getting displayed.
• AMST-41016 – Reenrolling a windows device to different tenant should have only one active record in DST.
• ARES-29304 – Remove customization API call made for Apps and Profiles DT devices grids.
• CMSVC-18149 – Retry deletion for Failed Smart Groups.
• AMST-42077 – Seed Windows Hub 24.4.10.0 x86.
• AMST-41653 – Seed Windows Hub 24.4.4.0 x86 Patch 2.
• AMST-41868 – Seed Windows Hub 24.4.6.0 x86 Patch 3.
• AMST-42088 – Seeding – latest SFD 23.10.4 build.
• PPAT-16931 – Tunnel Profile XML is missing some properties such as certs, DTR, and TunnelConfig endpoint details.
• CMSVC-18175 – Update Smart Group tool deletionjob, retrymigration, migration job frequency to 15 mins.
• CRSVC-52807 – Updated Seeded Mac Workflow Host in Canonical – 2406.
• ARES-30095 – User context profile version update shows as “out of date” in windows profiles.
• MACOS-4349 – Yaml Changes macOS Hardware Seeding.

Last Update: CW38

Disclaimer

Please note: All information in this Newsletter is statically copied from various sources. Once published, these sources won’t be checked and the Newsletter won’t be updated retrospectively. In case of doubts, always check and refer to the linked source in Docs, Techzone or Knowledgebase.