Omnissa Newsletter 2025 Week 28

bkruit

Upcoming Omnissa Events

EventLink and descriptionSpeakersDate
“Walk This Way” webinar series: Horizon on NutanixWe are excited to invite you to our exclusive Solutions webinar series, “Walk This Way” with WWT and Omnissa, where we will explore the latest trends and innovations in Digital Employee Experience (DEX)Apps on Demand, and Horizon. Join us for insightful discussions and expert insights across four engaging sessions.👉 Register here: Welcome! You are invited to join a webinar: Walk This Way Webinar Series by WWT and Omnissa. After registering, you will receive a confirmation email about joining the webinar.   17 July7 PM – 8 PM CEST
1 PM – 2 PM EDT
10 AM – 11 AM PDT
Omnissa Tech Deep Dive: Windows device provisioningWhat’s the difference between Drop Ship Online vs. Offline and which to use when?  What’s a PPKG file? This tech deep dive session will clearly explain and demonstrate the behind-the-scenes activities that enable provisioning new Windows devices.
Join our subject matter experts @Jo Harder and @Joshua Spencer for some valuable tech content!👉 Register here: Omnissa Tech Deep Dive: Windows device provisioning		Jo Harder,
Joshua Spencer		23 July5 PM – 6 PM CEST
11 AM – 12 PM EDT
8 AM – 9 AM PDT
Omnissa Tech Deep Dive: Horizon 8 and Nutanix AHV hypervisorIn this session, you’ll get a technical overview of how Horizon 8 integrates with the Nutanix AHV platform. We’ll walk you through the key features and architecture of AHV, explore why it’s a strategic choice for hypervisor support, and share Omnissa’s vision and launch plans around this integration.Whether you’re already working with Horizon or just beginning to explore hypervisor options, this event will give you the context and confidence to understand how Horizon 8 fits into the Nutanix ecosystem—and what it means for your environment moving forward.👉 Register here: Omnissa Tech Deep Dive: Horizon 8 and Nutanix AHV hypervisor! 28 August5 PM – 6 PM CEST
11 AM – 12 PM EDT
8 AM – 9 AM PDT 
Omnissa ONE returns in 2025 SAVE THE DATEOmnissa ONE Global
Las Vegas, Cosmopolitan Hotel
Sept 15th – Sept 17th👉 More information and registration: Omnissa ONE 2025.Omnissa ONE EMEA
Amsterdam, Maritim Hotel Amsterdam
Oct 7th – Oct 9th Omnissa ONE Japan
Tokyo, ANA InterContinental Hotel 
Nov 17th – Nov 19th 		  

Release Updates:

Shared SaaS Availability of Workspace ONE UEM 2506

What’s New in this Release

Android Management

Experience seamless single sign-in and sign-out with Microsoft Entra for shared Android devices
You now have the advantage of a smooth single sign-in and sign-out process for applications that support the Microsoft Authentication Library (MSAL) on shared Android devices using the Workspace ONE Launcher. This feature supports first-party Microsoft applications such as Teams and any third-party applications that integrate MSAL and support Microsoft’s Shared Device Mode.

To use this feature, organizations must configure devices to use Check-in/Check-out (CICO) with Workspace ONE Launcher. Users authenticate with Microsoft Entra to check out the shared device. Users only need to launch supported MSAL-enabled apps to start using them. When users log out of Workspace ONE Launcher, they are automatically signed out of these applications. Additionally, this feature provides an alternative to the Workspace ONE Mobile SSO for organizations that cannot federate Microsoft Entra with Workspace ONE Access or cannot use Workspace ONE Tunnel as their VPN client.

Remotely deliver certificates to your device using SCEP payload
A new SCEP payload is now available in Android Custom DPC profiles. Push this profile to enable the remote delivery of certificates to your device from your certificate authority using the SCEP protocol. The Intelligent Hub obtains an SCEP challenge from Workspace ONE UEM, securely generates a private key on the device, and acquires the certificate from your certificate authority. The Hub then adds the certificate to the Android Keystore, where other applications on the device can access it. Silently granting applications access to these certificates is supported. Workspace ONE UEM currently does not support the use of the SCEP payload for configuring Wi-Fi with certificate-based authentication.

Configure Access Point Names (APNs) for work managed Android devices
A new Access Point Name (APN) payload is now available in Android Custom DPC profiles. Push this profile to remotely add APNs for mobile networks to Android devices. Additionally, you have the option to mandate that your Work Managed devices utilize only managed APN settings. This allows organizations to easily deploy private APNs to better secure access to corporate resources over mobile networks. This is supported on Android 9.0 and higher that are enrolled in Work Managed mode.

Android Management Mode Filter for Smart Groups
You can now create Smart Groups that capture Android devices with a specific Android Management Type (Custom DPC vs AMAPI) and Android Management Mode (Work Profile, Work Managed, or COPE). 

Certificate Management

Integrate OID-SID and SAN into certificate templates
To meet the updated certificate requirements, we have enhanced certificate templates within Workspace ONE UEM to include OID-SID Extension and support for SID values in the SAN field.

  • When assigning a certificate to a user in Active Directory (AD), it is essential to format the certificate entry using one of the strong formats.
  • Ensure that the Security Identifier (SID) is selected in the Active Directory Certificate Services (ADCS) certificate template. The Certificate Signing Request (CSR) must contain the OID-SID key-value pair and this extension is present in the generated certificates.
  • Alternatively, the same value can be submitted in the SAN field and is the primary implementation for SCEP-based certificates.

For more information, see Certificate-based authentication changes on Windows domain controllers.

Integrate DigiCert ONE with Workspace ONE UEM for enhanced security
Workspace ONE administrators can now set DigiCert ONE as a trusted certificate authority within UEM. Following this, they can create a certificate template and utilize the profile’s credential payload to issue and deploy certificates. This integration significantly enhances stability, security, and authentication, facilitating the effective use of certificates across various domains, including Public Key Infrastructure (PKI) and S/MIME.

Freestyle Orchestrator

Streamline onboarding entitlements in workflows
Onboarding entitlements within workflows allow administrators to prioritize resources essential for onboarding, which take precedence over other resource assignments. This is available only for Windows. For more information, see Onboarding Workflows.

Enhance device onboarding through offline domain join within workflows
You can now incorporate the domain joining process into workflow systems, enhancing the onboarding process for devices and allowing devices to join a domain before other resources are deployed. This is available only for Windows. For more information, see Offline Domain Join in Workflows

In-line Sensor evaluation: A better way to use Sensors within workflows
Sensors are now assessed at their step within the workflow rather than at the beginning of workflow execution. This approach enables administrators to monitor sensor values within the workflow as needed instead of re-using the value stored from evaluations done prior to the start of execution.

Enhanced reporting for application deployments within Freestyle Orchestrator
Gain better visibility into application deployment outcomes with improved reporting capabilities for Windows devices. When app deployments are triggered from Freestyle workflows, you’ll now receive detailed status updates, clear failure reasons, and timestamp enrichments.

Workflow Engine Enhancements
The workflow engine has undergone a significant backend enhancement with an upgrade to .NET 8.

iOS Management

Enhance device security with Managed Device Attestation
Managed Device Attestation is available for devices running iOS 16, iPadOS 16.1 or later with Apple Silicon or A11 Bionic chip or newer. This feature offers robust verification of the device’s properties, which are essential for trust evaluation. This cryptographic declaration of device properties is based on the security of the Secure Enclave and the Apple’s attestation servers. By leveraging attributes such as Serial Number, UDID, and OS version, Managed Device Attestation enhances trust evaluations for devices enrolled through Automated Device Enrollment or profile-based device enrollment. For more information, see Managed Device Attestation.
This feature is currently being rolled out as a Limited Availability feature and is planned for General Availability in an upcoming 2506 patch. If you’re interested in early access, don’t hesitate to get in touch with your account team.

After device wipe, return to service easily with automated reprovisioning process
With this exciting new feature, organizations can easily wipe all user data from a managed iOS device and get the device back into service without needing administrators to physically handle it. Workspace ONE UEM supports Return to Service functionality for iOS 17 devices, allowing MDM to add an enrollment and Wi-Fi profile to the device wipe command. This automated process eliminates the need for manual Wi-Fi configuration by administrators post-Device Wipe. For more information, see Return to Service.

Easily release a device from Apple Business Manager and Workspace ONE UEM
You can release corporate iPhones and MacBooks from Apple Business Manager or Apple School Manager if they’ve been sold, lost, are beyond repair, or when an employee moves on from your organization. With Workspace ONE UEM, you can now release devices using the Enterprise Wipe, Device Wipe, and Delete Device actions. For more information, see Release a Device.

Enhance Apple Books delivery with Modern SaaS Architecture
The delivery of Apple Books (internal and public, not VPP books) now leverages our Modern SaaS Architecture to significantly improve delivery performance. Read more about our new architecture here.

Launcher

Custom XML Settings Integrated into the Console

Some settings introduced to Workspace Launcher can only be configured through XML pushed through the Custom Settings profile. We have configured these settings as native features or settings in the Launcher profile payload.

The following features have been integrated into the Launcher profile:

  • Speed Lock
  • Dynamic App Availability
  • Show Logout Button from Guest Mode
  • Require Tunnel before Launcher

For more information, see Workspace Launcher product documentation.

Linux Management

Easily implement firewall rules on Linux devices
In addition to the recent profile releases, including Date/Time, Proxies, Passcode, and Restrictions, we are excited to introduce support for a Linux Firewall Profile. This new profile allows users to configure firewall rules that will be enforced on the device once assigned and deployed. For more information on profiles, see Linux Profiles.

Enhancements to Workspace ONE Sensors
To provide greater flexibility and choice, administrators now have the option to write Workspace ONE Sensors using Python 3, in addition to the existing option of using Bash. For more information, see Sensors for Linux Based Devices.

macOS Management

Enhance device security with Managed Device Attestation
Managed Device Attestation is available for devices running macOS 14 or later with Apple Silicon or A11 Bionic chip or newer. This feature offers robust verification of the device’s properties, which are essential for trust evaluation. This cryptographic declaration of device properties is based on the security of the Secure Enclave and Apple’s attestation servers. By leveraging attributes such as Serial Number, UDID, and OS version, Managed Device Attestation enhances trust evaluations for devices enrolled through Automated Device Enrollment or profile-based device enrollment. For more information, see Managed Device Attestation.
This feature is currently being rolled out as a Limited Availability feature and is planned for General Availability in an upcoming 2506 patch. If you’re interested in early access, don’t hesitate to get in touch with your account team.

Easily release a device from Apple Business Manager and Workspace ONE UEM
You can release corporate iPhones and MacBooks from Apple Business Manager or Apple School Manager if they’ve been sold, lost, are beyond repair, or when an employee moves on from your organization. With Workspace ONE UEM, you can now release devices using the Enterprise Wipe, Device Wipe, and Delete Device actions. For more information, see Release a Device.

Resource Management

Pending Actions visible for troubleshooting
When troubleshooting device issues, you now have the advantage of accessing Pending Actions. This feature provides a comprehensive list of planned resource installation and uninstallation commands for Apps, Profiles and Workflows on a device the next time it checks in. To view a device’s Pending Actions, go to Device Details, navigate to More > Troubleshooting, and then select the newly added Pending Actions tab.

Rugged Device Management

Relay Server Management enhanced with V2 APIs
As part of our continuous efforts to streamline and expand product provisioning, we are launching Relay Server V2 APIs. These are UUID-based endpoints supporting basic CRUD operations, advanced search(by name, type, status etc.), and a test connection API to verify relay server connectivity. The V2 APIs enable secure, fully automated, end-to-end management of relay servers. For more information, refer to the ‘RelayServersV2’ section of API help page.

tvOS Management

After device wipe, return to service easily with automated reprovisioning process
Workspace ONE UEM supports Return to Service functionality for tvOS 18 devices, allowing MDM to add an enrollment and Wi-Fi profile to the device wipe command. This automated process eliminates the need for manual Wi-Fi configuration by administrators post-Device Wipe. For more information, see Return to Service.

User Management

Streamline user group management using the latest REST APIs
A new set of REST APIs is now available to simplify group management. These APIs provide functionalities including creating user groups, updating their properties, and performing actions such as synchronization and merging, and deleting unwanted groups.

Directory Services migration to Omnissa Identity Service
With this Limited Availability feature, you can now integrate with the Omnissa Identity Service to migrate Directory Services from on-premises Active Directory (LDAP) to Entra ID (SCIM 2.0). The Omnissa Identity Service provides a seamless transition to Entra ID for user provisioning and authentication through a guided migration wizard. This is designed for users who are synced to UEM through LDAP-based integration with Active Directory.

Windows Management

Launch native and App Volumes MSI apps directly from Intelligent Hub for Windows
With this enhanced app catalog functionality, you can now launch native applications and App Volumes MSI apps directly from the Intelligent Hub app catalog in addition to the existing ability to launch Web and Horizon apps.

The key new features are as follows:

  • App Launch Support: Native apps and App Volumes MSI apps can now be launched from within the Hub catalog.
  • Admin Control: IT administrators can define custom launch commands for all applications in the app configuration within Workspace ONE UEM.
  • Improved User Experience: You no longer need to manually locate and open native apps post-installation; you can now launch them directly from the Hub interface.

Previously, users could install native applications through the Intelligent Hub, but launching them directly was not possible. Now, with launch commands configured in UEM, the Hub executes the command defined by the user, providing a seamless experience to both install and launch apps from a single interface. This enhancement simplifies app access and enhances productivity by reducing the number of steps required to open frequently used apps. For more information, see Installing Native Apps.

Default User Mode configuration during Windows device enrollment
Workspace ONE UEM now supports configuring the default user mode (Single User Mode or Multi User Mode) at the Organization Group (OG) level. This setting is automatically applied to Windows devices during enrollment through the Intelligent Hub client.

  • Configuration in UEM console (Requires UEM version Calypso or later): Administrators can define the default user mode in the UEM console under the OG settings. The available options include:
  • Single User Mode
  • Multi User Mode
  • Hub behavior during enrollment (Requires Hub version 24.10.10+ or 25.06.x):
  • During the enrollment process, the Windows Intelligent Hub queries the UEM console for the default user mode setting.
  • The retrieved mode is validated and stored locally by the Hub.
  • Based on the setting, the Hub configures the Windows device accordingly.

Manage Intelligent Hub application versions on Windows devices
The Technical Preview feature, Intelligent Hub Application Version Control allows administrators to manage precise control over version of the Intelligent Hub is installed on Windows devices, supporting both Win32 and ARM platforms. You can now deploy Intelligent Hub updates independently of Workspace ONE UEM console upgrades and gain direct access to Beta builds without manual download or upload steps. Unified version control is available for both Intel/AMD (Win32) and ARM-based Windows devices.

Once enabled, the setting Intelligent Hub Automatic Updates will be renamed to Use Intelligent Hub Version Control, and a new section for Intelligent Hub Target Seeding will allow version assignment at the Organizational Group level. The key capabilities include:

  • You can now assign specific versions to production OG to ensure consistency, while using the latest GA or Beta version in a test OG for validation.
  • Instant application of changes to newly enrolled devices (including OOBE and Autopilot) with existing devices auto-updating within 48 hours.
  • Downgrades are not supported for devices already running newer versions.

If Intelligent Hub Automatic Updates were previously enabled, the new setting defaults to Latest available. In contrast, if automatic updates were deactivated, the new version control setting will also remain in a disabled state.

Note: This feature requires Workspace ONE UEM version 2506 or later.

Faster SFD delivery and installation through the Intelligent Hub
Workspace ONE now supports a faster and more efficient installation of the Software Distribution Framework (SFD) by shifting the process from the traditional OMA-DM channel to a Hub-based installation. With this enhancement, SFD is bundled with Hub and is installed immediately after enrollment, enabling earlier application deployment and improving overall device readiness. We’ve made the following improvements:

  • SFD is now installed through the Intelligent Hub, independent of the OMA-DM workflow.
  • Installation occurs immediately after enrollment as the SFD package is part of the Intelligent Hub, reducing delays in the provisioning process.
  • Applications can start installing sooner, accelerating time-to-productivity.
  • Devices reach a usable state faster, enhancing the end-user experience.

Note: This feature requires Workspace ONE UEM version 2506 or later and Hub version 25.06.x.

Enhanced Offline Domain Join (ODJ) configuration
The Offline Domain Join (ODJ) configuration process has been significantly enhanced to improve reliability and flexibility, particularly in Autopilot Hybrid Join scenarios. Configuring Offline Domain Join is no longer tied to the device enrollment process. It can now be applied at any time, significantly reducing the risk of failures caused by race conditions or timeouts during Autopilot enrollments. With this update, ODJ can also be configured as a step within the Freestyle workflows, especially the new Onboarding workflows introduced recently, enabling IT teams to properly sequence and stage devices before they reach end users. This ensures a smoother onboarding experience and more consistent device readiness. For more information, see Offline Domain Join in Workflows.

Administrators can now deploy ODJ even after a device has been moved to a different Organizational Group (OG), including child OGs. Additionally, to maintain naming consistency, a device’s computer name will only change if it is not already joined to a domain.

Note: This feature requires Workspace ONE UEM version 2506 or later and Hub version 25.06.x.

Improvements in logging and troubleshooting
This release introduces several powerful enhancements to improve visibility, streamline troubleshooting, and reduce time-to-resolution for both end users and administrators.

  • Log submission from Intelligent Hub: Users can now send logs directly to Workspace ONE UEM from the Hub Support tab, with two new options added alongside the existing Collect Logs feature:
  • Send Hub Logs to UEM: Automatically uploads all Intelligent Hub-related logs to the UEM console. Logs are accessible under Device Details > Attachments > Documents.
  • Send Other Logs to UEM: Sends logs from DEEM, Workspace ONE Assist, and Workspace ONE Tunnel to the same location in the UEM console. Users receive a confirmation once the log upload is complete, improving transparency and support efficiency.
  • Application deployment event logging: To enhance visibility into application deployment, Intelligent Hub now sends detailed application deployment event summaries to the UEM console under Device Details > Troubleshooting > Event Logs.These event logs include data on detection statuses, Pre-condition checks, Exit codes and more helping administrators quickly identify the causes of application installation and uninstallation failures.
  • Filter logs by duration and component : Administrators can now filter collected logs based on timeframe and log source, making it easier to isolate relevant data during troubleshooting.
  • Timeframe Filters: All logs, or logs from the last 1, 3, 7, or 14 days.
  • Component Filters: Hub (Logs from Intelligent Hub, App Deployment Agent, Provisioning Agent, Factory Provisioning, and MDM), System (Windows and PCRefresh logs), Other (Logs from Assist, DEEM Telemetry Agent, and Workspace ONE Tunnel)

Note: This feature requires Workspace ONE UEM version 2506 or later and Hub version 25.06.x.

Enhanced processor architecture selection for app deployment
This new feature provides administrators with granular control over app distribution based on processor architecture. Previously, administrators could only select one option among 32-bit, 64-bit, and ARM64 as the ‘Supported Processor Architecture’ during app deployment. UEM will then determine the distribution to device architectures in the backend, limiting flexibility. Key capabilities include:

  • Multi-Selection Option: Administrators can now select multiple processor architectures during app deployment. The available options include 32-bit, 64-bit, ARM32, and ARM64.
  • Granular Control: This enhancement allows for more precise control over app distribution. For example,
  • Distribute a 32-bit app ‘X’ to devices with 32-bit and 64-bit architectures only, excluding ARM64.
  • Distribute a 64-bit app ‘Y’ to devices with 64-bit and ARM64 architectures, utilizing x64 emulation for compatibility.

Note: This feature requires Workspace ONE UEM version 2506 or later and Hub version 25.06.x.

Support for Administrative Template (ADMX) with profiles
With this Technical Preview feature, Workspace ONE UEM now supports Administrative Template (ADMX), providing a unified and scalable way to manage Windows policies across the device fleet. With this feature, you can manage all administrative templates for Windows 10, Windows 11, and Windows Server directly from the UEM console. You are provided with Pre-Uploaded ADMX templates for common applications, including those for Microsoft Office, Omnissa Horizon, Google Chrome, Mozilla Firefox, and more.

Note: Reapplying baselines will reset policies applied though the ADMX profiles. The capability for Baselines and ADMX profiles to coexist seamlessly will be introduced when this feature becomes Generally Available. If you currently have baselines configured, refrain from using this feature.

General Availability of Workspace ONE Web 25.06 for Android

New Features

  • Enhancements to UI for a modern and intuitive user experience, with a refreshed URL address bar and bottom navigation options.
  • Support the “Find in Page” feature, allowing users to search for specific text within PDF documents.
  • Ability to Show Notification only once. See Show Notification Prompt Once.
  • Ability to disable the “Introducing Widgets” pop-up. See Allow Widgets Popup.

Minimum Requirements

Resolved Issues

We are always working to improve Workspace ONE Web with every release. There are no major bug fixes to report.

Known Issues

We have not identified any notable known issues in this release. If you are facing any problems, feel free to reach out to our support team.

General Availability of Workspace ONE Intelligent Hub 24.11.3 for macOS

New Features

  • This release introduces essential updates to accommodate the web domain change associated with the Omnissa branding.

With Omnissa branding, the web domain for Workspace ONE products has changed. This release includes the necessary modifications to support the new web domain, ensuring seamless communication between the Workspace ONE Intelligent Hub for macOS and select backend services.

  • This release also includes crash fixes to improve your Intelligent Hub experience.

Minimum Requirements

Following are the minimum requirements:

  • Intelligent Hub for macOS 24.11.3 is only compatible with UEM version 2410 and later.
  • macOS version 12 or later is required to install Intelligent Hub version 24.11.3.
  • On-Demand Workflow Completion, Scripts, and Freestyle Orchestrator require Workflow Engine 23.02.1+ to be installed.

Download Instructions

  • If devices are enrolled to Workspace ONE UEM 2402 or later, enable the Automatic Updates in UEM console. Even if devices have a previous version of the Workspace ONE Intelligent Hub installed, this new version of the Intelligent Hub application seamlessly updates over the existing application version without disrupting the functionality.
  • Automatic Updates are enabled by default. You can enable Automatic Updates in the UEM Console at Settings > Devices & Users > Apple > Apple macOS > Intelligent Hub Settings.

Note: Workspace ONE Intelligent Hub 24.11.3 is not available at GetWSONE.com at this time.

Resolved Issues

  • None.

Known Issues

  • If you experience any issues during the Hub upgrade process, please refer to the workaround provided in the KB article. If you are facing any problems, feel free to reach out to our support team.

General Availability of Workspace ONE Content 25.06 for Android

New Features

Minimum Requirements

Resolved Issues

Note

The numbers included before the resolved issues are used for internal issue tracking.

  • ASCL-180233 – Navigation issue in content app while opening a screenshot.

Known Issues

We have not identified any notable known issues in this release. If you are facing any problems, feel free to reach out to our support team.

Current Omnissa Security Advisories

Find all latest advisories in the Omnissa Security Response Center

Omnissa UX Research Opportunities: 

  • Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
  • Interested in giving your opinion and making your voice heard? Check out what’s available!

Help Omnissa filter out the noise – literally!

  • About: Test and compare 4 different concepts for filtering data.
  • Opportunity: 5-minute interaction where you’ll get to play with different clickable prototype concepts and rate them on a series of attributes. This won’t require talking or typing, just multiple choice, AND you can do this in your own time.
  • Who is this relevant for: ANYONE
  • Choose your favorite filter pattern HERE → available until end of day 7/14

KB Highlights & Announcements:

  •  

Preparing for Workspace ONE Modern SaaS Rollout (Managed Hosting / Dedicated Cloud Customers)

  • For Shared SaaS, environments have already been enabled or will be enabled automatically in the near future
  • Familiarize yourselves with upcoming changes with Modern SaaS, including changes in workflows, terminology, and known issues. (See – TechZone article here.)​
  • Request environment migration with the Omnissa account team (CSM, TAM, AE, SE) once ready. The team will work internally to request an enablement week on your behalf.​
  • Environment clean-up* (resources outside of tenant boundary e.g., global resources).​
  • Remove/migrate invalid resources (apps, profiles, policies) from the console.​
  • Remove/migrate invalid SGs.​
  • Ensure all users/devices are at or under Customer/Partner OGs. If users exist above Customer/Partner OGs with devices enrolled, device enrollment may be required.​
  • Validate Smart Group & app exclusion. See KB here.​
  • Update Workspace ONE UEM to the latest version prior to Mod Stack enablement, minimum UEM 24.10.​
  • Review the list of known issues and changes aggregated in the weekly newsletter below. Ensure resolutions/workaround are implemented as applicable.​
  • Develop a testing plan post migration and communicate with internal stakeholders.​
  • KB Article Overview
  • Announcement & Updates​

High Priority KBs: 

Recently added KBs (Links) 

Recently updated KBs (Links)

Community and YouTube Updates 

3rd Party Blog Updates & Industry News 

Beta, Lab and Tech Preview Updates 

Currently available:

Coming soon:

  • Identity Services – Migration to Entra ID for UEM* (Limited Availability) – Early July

Past Omnissa Event Recordings

Omnissa Online Recording of Omnissa Online Event: YouTube RecordingVarious 
Omnissa Tech Deep Dive: Bringing VDI goodies to your physical desktops and laptopsWe invite you to a demo-packed session, where you will learn how to bring the benefits of App Volumes and DEM (Dynamic Environment Manager) to your physical Windows devices.This brings the same benefits and features you know from your Horizon VDI environments to your desktops and laptops. You have full control over the application lifecycle, ensuring the best user experience and more! Omnissa Tech Deep Dive: Bringing VDI goodies to your physical desktops and laptopsPim van de VisJun 18
Unified Windows Management: Windows Server Management (Beta) and Windows Multi-user in Workspace ONE UEMThis webcast will focus on the Omnissa Workspace ONE Windows Server Management Beta and Windows Multi-user management support.Unified Windows Management: Windows Server Management (Beta) and Windows Multi-user in Workspace ONE UEMGrischa Ernst, Product Line ManagerCamille Debay, Product Line Manager – Windows ManagementSaurabh Jhunjhunwala, Staff Customer Success Engineer17 June  
Omnissa Tech Deep Dive: Bringing VDI goodies to your physical desktops and laptopsWe invite you to a demo-packed session, where you will learn how to bring the benefits of App Volumes and DEM (Dynamic Environment Manager) to your physical Windows devices.This brings the same benefits and features you know from your Horizon VDI environments to your desktops and laptops. You have full control over the application lifecycle, ensuring the best user experience and more!
Omnissa Tech Deep Dive: Bringing VDI goodies to your physical desktops and laptops		Pim Van De Vis, Customer Success Engineer18 June
Omnissa Tech Deep Dive: Enrich your access policies with more data for better security @Peter Björk will cover the security capabilities in the Omnissa platform, real-time and continuous data sharing, and access decisions based on more data about the user, devices, and session.Omnissa Tech Deep Dive: Enrich your access policies with more data for better securityPeter BjörkApr 16 2025
Increase the value of your Omnissa deployment with advanced data and automation: powered by Intelligence and Freestyle OrchestratorJoin us to discover how Omnissa Intelligence and Omnissa Freestyle Orchestrator can help you unlock advanced data insights and automation, maximizing the value of your Omnissa deployment.Increase the value of your Omnissa deployment with advanced data and automation: powered by Intelligence and Freestyle OrchestratorEvan HurstNigitha AlugubelliMitch BerkApr 2 2025

Latest Patch & Seed Script Updates:

OS Updates Seed Script

  • Most recent update :
  • macOS 26 beta 2 (25A5295e)
  • visionOS 26 beta 2 (23M5279f)
  • tvOS 26 beta 2 (23J5295e)
  • iPadOS 26 beta 2 (23A5276f)
  • iOS 26 beta 2 (23A5276f)
  • Last Update: CW26

Device Model Seed Script

  • Seed Script to support
  • iPad Air 11-inch (M3) Wi-Fi
  • Last update: CW26

Workspace ONE UEM 23.10

  • Patch level 23.10.0.52
  • AGGL-18082 – Move Google API calls from Entity Reconcile Service to Integration Service for events like User Group Edited.
  • Last Update: CW25

Workspace ONE UEM 24.02

  • Patch Level: 24.2.0.33
  • AAPP-19421 – Enhancements to dissociation logic for Apple VPP.
  • AAPP-19167 – Denied URLs is blank when editing an iOS Content Filter profile.
  • Last Update: CW27

Workspace ONE UEM 2406

  • Patch level 24.6.0.40

All Environments

  • ESI-392 – Spoofed credentials caused device re-enrollment errors.
  • AAPP-19421 – Improvements to dissociation logic for Apple VPP.
  • Last Update: CW26

Workspace ONE UEM 2410

  • Patch level 24.10.0.18

All Environments

  • AGGL-18935 – Add index for geofencing query to reduce memory waits.
  • MACOS-5913 – Adding the rebranded bundle-id of Hubd process to Intelligent Hub settings profile.
  • FCA-210730 – API MDD/devices/search should not throw 404 if some of the devices are not found.
  • RUGG-13690 – Exception in products cutover flow for WinMo devices when the FF is disabled.
  • FS-7926 – Freestyle Orchestrator Application Version Exists Condition Fails with UI Error (24.10 Patch 15, Mod-Stack).
  • CRSVC-63160 – Include offline checkin resource types for requests to IH DSM from drift evaluation service.
  • AGGL-17539 – Metrics are not getting parsed properly by telegraf.
  • AAPP-19505 – Profile samples fails to update when queried.
  • CMEM-187179 – The SEG installer navigation link is broken in Add Email Configuration Wizard Settings.
  • CRSVC-64697 – Update Digicert profile fetch version.

Modernized Environment

  • MACOS-5913 – Adding the rebranded bundle-id of Hubd process to Intelligent Hub settings profile.
  • FCA-210730 – API mdm/devices/search should not throw 404 if some of the devices are not found.
  • CRSVC-63160 – Include offline check-in resource types for requests to Intelligent Hub DSM from drift evaluation service.
  • CRSVC-64697 – Update Digicert profile fetch.
  • Last Update: CW28

Workspace ONE UEM 2506

  • Patch level 25.06.0.0

Admin Experience

  • FCA-205420: EnrollmentUserCredentials lookup value in message template generates message preview in bad formatting.
  • FCA-206116: Console events do not log some Admin Role Events.
  • FCA-207442: SSP testCookie is set while JavaScript implementation without explicitly defining the attributes.
  • FCA-207572: Device List View filter for internal storage does not display actions in the UI.
  • FCA-207745: UEM console sends email notifications for account modifications when the home button is pressed using the new deployment method.
  • FCA-207895: UEM console makes an incorrect request at landing page for the admin user who enables 2FA and configures landing page.
  • FCA-208029: EID Value and Phone Number are not getting populated for iPad devices.
  • FCA-208136: The API call “DeviceExtensiveSearchAsync” does not work properly with multiple filters.
  • FCA-208232: “POST /devices/gps/search” API call does not honour date ranges.
  • FCA-208380: Custom message template for Admin Activation is not getting selected correctly.
  • FCA-208389: WS1 API request continuously fails with a 500 internal server error for mdm/devices/search endpoint.
  • FCA-208390: The “Apply” button on filters does not work when devices list is opened from Assignment Groups page.
  • FCA-208419: NetworkInfoSearch API is not using the steps that appear in the official documentation.
  • FCA-208708: Administrator Password Reset Email is not appearing as a customizable message template.
  • FCA-208958: A DOM-based cross-site scripting (XSS) in onmodalexit query parameter leads to full ATO/environment compromise.
  • FCA-209732: When hovering over devices from Device List View (Layout → Custom), a blinking popup makes it harder to use right-click options (UEM 2410).
  • FCA-209861: Admin Account Settings > Notifications does not show the “Maintenance and Upgrade” option when “AdminSaaSNotificationsDLManagementFeatureFlag” is enabled.
  • FCA-209869: ‘Query Device’ action is not working for a bulk selection of devices on the list view.
  • FCA-209873: Images vanish from custom message templates after they are saved.
  • FCA-209897: Filtering for ‘Container’ as a management mode is also returning ‘Hub Registered’ devices on the Device List View.
  • FCA-209901: Event log incorrectly displaying “sysadmin” as the admin when ‘Find Device’ action is performed on an Android device.
  • FCA-209920: Intelligent Hub is redirecting to the login screen when an admin updates the IP address, when user name by IP range is enabled.
  • FCA-209970: The Device List View OS version filter does not work for iOS devices.
  • FCA-210004: Bulk Action for ‘Delete Device’ results in a “Save Failed” error.
  • FCA-210023: Event data opens an error screen in the Device Details > Troubleshooting tab.
  • FCA-210177: Unable to reset the password of a basic admin account in UEM with MFA enabled.
  • FCA-210276: Admin role comparison does not work.
  • FCA-210331: UAT environments migrated to the new Access URLs without Access being ready for new Access endpoint URL usage.
  • FCA-210440: The /devices/extensivesearch API in MDM API V1 does not filter device records with MAC address.
    Android Management
  • AGGL-17018: CICO with Launcher Apps are not always removed when combined with App assignments.
  • AGGL-17044: Android devices are intermittently not added to Smart Groups that filter by manufacturer and model.
  • AGGL-17096: “IsEncrypted” API call for Android is not working.
  • AGGL-17113: VPN profile URL whitelist does not get applied through profile UI.
  • AGGL-17115: Application configuration shows inconsistent behavior for Check-in and Check Out users on Android devices.
  • AGGL-17575: Android Credentials profile becomes corrupted when adding a version if “Allow silent app access” is enabled.
  • AGGL-17940: Android apps are removed from devices when renamed by administrator.
  • AGGL-18098: When rebooting devices from UEM Console, an incorrect warning message appears.
  • AGGL-18123: Workspace ONE UEM may fail to configure per-app VPN with Tunnel for Android devices.
  • AGGL-18137: Android Enterprise Factory Reset Protection profile is not prompting option to remove FRP prior to wiping device.
  • AGGL-18264: Android Legacy profiles are incorrectly installing on Android Enterprise devices.
  • AGGL-18400: Last Reboot is not reported or is reported inaccurately in UEM console.
  • AGGL-18561: Unable to Override Privacy Settings.

Assist

  • AET-18974: Assist Chat features are not visible when the Session is launched from RemoteManagementV1/V2 Controller MDM API.
  • Core Platform
  • CRSVC-50701: Enhanced logging functionality now obfuscates full API key entries.
  • CRSVC-51190: The targeted logging test fails with an error even after it is re-enabled with the right password and later disabled it.
  • CRSVC-53629: Resource delivery is blocked by Compliance Policy with Enterprise Wipe action.
  • CRSVC-57801: Compliance policy evaluation has been enhanced to immediately reflect updates to policy rules.
  • CRSVC-58522: Failed to fetch metadata from the server for workflows, causing delays in resources delivery.
  • CRSVC-60875: Device Wipe Log does not load successfully.
  • CRSVC-62002: Attempts to enable device-based targeted logging are failing.
  • CRSVC-62148: Administrator at a child OG is unable to re-evaluate Compliance Policies managed by a parent OG.
  • CRSVC-62531: Workspace ONE DB upgrade maintenance schema conflict resulting in job failure.
  • CRSVC-62714: Cross-tenant IDOR allows uploading the MIME Sign-in certificate not belonging to the tenant for an iOS exchange resource.
  • CRSVC-62832: ‘ConnectSync’ webhook event is not showing on UEM console under Event notifications list.

Enrollment

  • ENRL-4305: Enrolment blocked by server timeout in customer’s OGs in UEM console.
    Enrollment and Service Integrations
  • ESI-103: Tags are not getting assigned for devices being enrolled through Dropship Provisioning.
  • ESI-554: Registered device records have incorrect user info link.

Freestyle Orchestrator

  • FS-5588: Workflows install retired app version.
  • FS-5716: Windows application installation fails with an error.
  • FS-6560: ‘Failed’ sensor status incorrectly parsed by workflow as ‘condition not met’.
  • FS-7790: Workflow completion rate drastically dropped upon update.

iOS Management

  • AAPP-17070: In an iOS desktop device profile with DDUI, aw-tag for Allow Find My Device is incorrectly located.
  • AAPP-17815: Custom Command shows ‘Pending’ under the Troubleshooting tab in Device Details.
  • AAPP-17981: Notifications are not sent upon successful installation of iOS update.AAPP-18028: ABM resources don’t get installed upon enrollment.
  • AAPP-18183: Personal or User-installed apps display in console even though privacy settings aren’t enabled for it.
  • AAPP-18397: DEP Await Configuration ends prematurely before the device is fully configured.
  • AAPP-18577: Per App rules for iOS VPN profile are enabled by default when adding a new version of the profile.
  • AAPP-18578: Schedule OS Update commands in queueing state are not removed when the device is excluded from the Smart Group.
  • AAPP-18601: Unable to edit iOS profiles.
  • AAPP-18837: Supervised iOS devices cannot be deleted.
  • AAPP-18840: The count of ‘Not encrypted devices’ is not matching in the Device Dashboard and Device list view pages.
  • AAPP-18864: Repeated UserList sample processing leads to DB CPU spike.
  • AAPP-18868: Enhanced Single App Mode to Address Support for native Apple Applications.
  • AAPP-18903: App installation fails when VPP licenses request is not confirmed as complete.
  • AAPP-19172: Cannot update iOS Devices due to page not found error.
  • AAPP-19307: Unable to enroll the iOS 18.5 devices when enrollment restriction policy is set to iOS 18.4.1.
  • AAPP-19353: When trying to manually trigger an installation as a UEM admin for select vpp applications, you get a “access denied” gray banner.

Launcher

  • LAUN-21: Customize Single App Floating Button should not be displayed when profile type is multi-app or template.LAUN-22: Launcher layout page is not scrollable when many apps are added.
  • LAUN-54: Adding apps to an existing Launcher profile under Products fails.
  • LAUN-58: Globalization Failure on Latest Canoncial.
  • LAUN-61: Editing attributes of an app on the launcher profile canvas allows changing the application ID to an already existing different app bundle ID.
  • LAUN-63: Web Links with the same name prevent Android Enterprise Launcher canvas from changing and saving the proper link.

macOS Management

  • MACOS-5322: macOS devices are not completing enrollment as expected and get stuck on “waiting for management” server while DEP enrollment.
  • MACOS-5408: Disk encryption profiles are incorrectly delivered to excluded devices.
  • MACOS-5594: Privacy preferences profile fails to install on macOS devices.
  • MACOS-5817: Re-enrolled macOS device is not installing profiles unless device record is deleted prior to re-enroll.

Resource Management

  • ARES-28988: Application’s User Ratings list cannot be exported by a UEM admin.
  • ARES-29119: Application_UUID is missing in response of GET API mdm/devices/{deviceUuid}/apps/search for Windows and Mac devices.
  • ARES-29230: Alert to ‘Leave’ or ‘Cancel’ configuration is received when adding criteria under ‘When to Call Install Complete’ in Deployment Options for Windows apps.
  • ARES-29493: BIOS Password Profiles are not applied to devices when deployed via workflows.
  • ARES-29876: Getting “page not found” error, when you click Query button at Resources > Apps > Internal > 3CX Desktop App > Devices.
  • ARES-29939: Unable to save the iOS Boxer application configuration when the ‘Enable FastSync’ App Policy is applied.
  • ARES-30062: Exporting the list of evaluated devices from an Application’s Deployment Tracking page results in a failed export.
  • ARES-30074: A Spaceman error occurs while searching for a number on Profile List View page.
  • ARES-30565: ‘Setting Group’ sub-filter within ‘Platform’ filter on Profile List View page does not filter the profiles.
  • ARES-30844: Filtering devices by installation status details or last action fails on the Internal App Deployment Tracking page.
  • ARES-30919: Profile not being removed from device when ‘Remove’ action is performed from Device Details Profiles tab.
  • ARES-30935: Admin is unable to view iOS profiles if any of their payload values have white spaces.
  • ARES-30970: For some profiles, unassigned smart groups are still visible under ‘Assignment Groups’ column on Profile List View.
  • ARES-31047: Launcher Profile configured with Custom Lookup fields fails to install on devices.
  • ARES-31178: ‘Installed but not assigned’ status is incorrectly highlighted in red for seeded apps like Launcher on Device Details Apps summary page.
  • ARES-31350: Deleting a child OG crashes Profile List View of parent OG if a Smart Group of child OG was assigned to a profile existing at Parent OG.
  • ARES-31581: ‘Distribution’ tab on Windows Internal app Assignment page is missing several options when editing assignments from Deployment Tracking page.
  • ARES-31813: Saving SDK profile shows error has occurred but entered details are still present when the profile is opened for viewing.
  • ARES-32056: Opening or editing Android Enterprise profiles displays error if DDUI is enabled in the UEM environment.
  • ARES-32065: Incorrect total profile count is sometimes displayed on the Device Profiles list.
  • ARES-32251: Profiles on Device Details Profiles tab are listed in reverse alphabetical order.
  • ARES-32296: Unable to apply Dependency App filter for Windows Internal apps on Internal App List View page.
  • ARES-32356: While publishing a VPP app, device preview page displayed ‘Added’ devices even when no changes are made to the assignment.
  • ARES-32372: Inactive profiles are sometimes not visible on Profile List view.
  • ARES-32380: Admin at child OG receives a ‘Door Locked’ error while accessing Deployment Tracking page of an app added at parent OG.
  • ARES-32467: ‘View’ instead of ‘Assign’ displayed against internal app versions on App List View even when no direct or workflow assignments exist.
  • ARES-32641: When trying to delete the profiles, it gives a ‘Door Locked’ error.
  • ARES-32708: A few profiles are not visible on Device Profiles list in Partner enabled UEM environments.
  • ARES-32733: Force removal of Internal app from Device Apps list sometimes gives ‘Door Locked’ error.
  • ARES-32773: A duplicate entry is sometimes present on Device Apps list with status as Installed but not assigned for app installed via Workflow.
  • ARES-32924: Sometimes, assigned apps are not visible in Intelligent Hub app catalog.
  • ARES-33156: An error is displayed when editing profiles that have excluded Smart Groups but no assigned Smart Groups.

Rugged Device Management

  • RUGG-13452: Pull service configuration file fails to download in OGs with trailing spaces in the OG name.
  • RUGG-13523: Zebra printer enrollment does not honor SiteURL overridden on child organization groups and uses values at Global.

Tunnel

  • PPAT-17434: Tunnel client not reconnecting once device regains compliance.
    User Management
  • UM-9541: Cross-tenant IDOR allows viewing email message templates that do not belong to us.
  • UM-9640: Unable to add devices on Productivity Organization Group.

Windows Management

  • AMST-41583: Compliance status for firewall does not show correctly at the start of device.
  • AMST-41874: Unable to delete an OG, getting an error “Save Failed Delete Failed”.
  • AMST-41960: Application installation status is not reported correctly on UEM.
  • AMST-42059: Firewall Profile fails to install on Windows 11 systems.
  • AMST-42286: EAR update notifications are not working.
  • AMST-42316: Device unassigned from SG still shows Sensor data for the excluded devices.
  • AMST-42458: Certificate profiles are not installing with optional assignment while leveraging the Modern SaaS Architecture.
  • AMST-42513: Shared Device Log page does not show correct count and page numbers.
  • AMST-42613: ARM64 OOBE enrolled Windows devices stuck in Pending Hub state.
  • AMST-42648: Devices getting enrolled with Container type management.
  • AMST-42717: PPKG disappear in UEM but shows in DB.
  • AMST-42753: API/system/users/delete fails with 500 error if action exceeds 30 sec timeframe for completion.
  • AMST-42758: Friendly name is not updated when Windows staging enrolled device is checked out by a designate user.
  • AMST-42785: The Compromised Status shows as unknown after Modstack.
  • AMST-42826: Windows device does not check in after receiving WNS notification.
  • AMST-42846: Smart Group device count is not updated until the Smart Group is re-saved manually.
  • AMST-42971: ARM64 devices are unable to use Registry detection criteria.
  • AMST-42987: AirWatch CA certificate is not getting installed with manual push of the SCEP profile.
  • AMST-43082: AppX app deployment is not working after Hub and SFD were upgraded in UEM 24.2.0.18.
  • AMST-43251: Certificates are retained on devices after profile removal.
  • AMST-43407: Admin account stuck in DELETE IN PROGRESS state when trying to remove the admin.
  • Last Update: CW28


Disclaimer

Please note: All information in this Newsletter is statically copied from various sources. Once published, these sources won’t be checked and the Newsletter won’t be updated retrospectively. In case of doubts, always check and refer to the linked source in Omnissa Docs, Techzone or Knowledgebase.

Leave a Reply

Your email address will not be published. Required fields are marked *