Omnissa Newsletter 2025 Week 32

Upcoming Omnissa Events

Event	Link and description	Speakers	Date
Omnissa Tech Deep Dive: Horizon 8 and Nutanix AHV hypervisor	In this session, you’ll get a technical overview of how Horizon 8 integrates with the Nutanix AHV platform. We’ll walk you through the key features and architecture of AHV, explore why it’s a strategic choice for hypervisor support, and share Omnissa’s vision and launch plans around this integration.Whether you’re already working with Horizon or just beginning to explore hypervisor options, this event will give you the context and confidence to understand how Horizon 8 fits into the Nutanix ecosystem—and what it means for your environment moving forward.👉 Register here: Omnissa Tech Deep Dive: Horizon 8 and Nutanix AHV hypervisor!		28 August5 PM – 6 PM CEST 11 AM – 12 PM EDT 8 AM – 9 AM PDT
Omnissa ONE returns in 2025	Omnissa ONE Global Las Vegas, Cosmopolitan Hotel Sept 15th – Sept 17th👉 More information and registration: Omnissa ONE 2025. Omnissa ONE EMEA Hilton Amsterdam Airport Schiphol Oct 7th – Oct 9th 👉 More information and registration: Omnissa ONE Amsterdam 2025. Omnissa ONE Japan Tokyo, ANA InterContinental Hotel  Nov 17th – Nov 19th 👉 More information and registration: Omnissa ONE TOKYO 2025

Release Updates:

Workspace ONE Hub Services

Conditional Entitlements Phase 2: Show or Hide Apps based on Access Policies

Access policy rules set by admins in Omnissa Access determine which apps an end user can launch, based on factors such as their network range, device type, or group membership. The new conditional entitlements enhancement to the Hub Catalog improves the user experience by hiding apps that a user is restricted from launching based on Access policy rules.

This is Phase 2 of the two-phase rollout of conditional entitlements. Hub Services admins now have the option to either display (as locked) restricted apps or hide them entirely from end users.

Workspace ONE Intelligent Hub 25.06 for Linux

The Workspace ONE Intelligent Hub 25.06 release adds some great new features and capabilities.

• Python3 Support
  Added Python3 as a language option for authoring Workspace ONE Sensors, adding more flexibility for this powerful feature.
• Support for Firewall Profile
  Now both simple and complex firewall rules can be easily configured in Workspace ONE UEM and pushed to your enrolled Linux devices.

Omnissa Secure Email Gateway 2.33

We are always working to improve Workspace ONE Secure Email Gateway with every release. There are no new features to introduce for this release.

Current Omnissa Security Advisories

• OMSA-2025-0001: Horizon Client for Windows addresses local privilege escalation vulnerability (CVE-2025-25230)
• OMSA-2025-0002: Omnissa Unified Access Gateway (UAG) updates address Cross-Origin Resource Sharing Bypass vulnerability (CVE-2025-25234)

Find all latest advisories in the Omnissa Security Response Center

Omnissa UX Research Opportunities:

• Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
• Interested in giving your opinion and making your voice heard? Check out what’s available!

NEW Opportunity: Test new workflow triggers in Freestyle Orchestrator

• About: There’s a new way to let Admins decide when workflows run — whether on device onboarding, on a schedule, or based on events like app crashes.
• Opportunity: 8-minute interaction where you’ll get to play with a clickable prototype and rate how intuitive it is. This won’t require talking or typing, just multiple choice, AND you can do this in your own time. It will ask to record your computer screen which is optional.
• Who’s this relevant for: Admins using/manage Freestyle in Intelligence or UEM.
• Test the new workflow triggers here → available until end of day 8/13

[DATES EXTENDED]: Sound the alarm – what custom alerts matter most to you?

• About: Omnissa Intelligence has a new feature called Custom Alerts, which will allow users to define conditions that trigger notifications based on metric thresholds. These can be aggregated across entities or evaluated over time windows.
• Opportunity: 5-minute survey via Qualtrics where you’ll get to rank different features/use cases. This won’t require talking or typing, just multiple choice, AND you can do this in your own time.
• Who’s this relevant for: Admins using/managing Omnissa Intelligence, Horizon, WS1 UEM, Experience Management, MTD, and/or Vulnerability Defense.
• Drag/drop and rank features HERE → available until end of day 8/13
  

KB Highlights & Announcements:

Preparing for Workspace ONE Modern SaaS Rollout (Managed Hosting / Dedicated Cloud Customers)

• For Shared SaaS, environments have already been enabled or will be enabled automatically in the near future
• Familiarize yourselves with upcoming changes with Modern SaaS, including changes in workflows, terminology, and known issues. (See – TechZone article here.)​
• Request environment migration with the Omnissa account team (CSM, TAM, AE, SE) once ready. The team will work internally to request an enablement week on your behalf.​
• Environment clean-up* (resources outside of tenant boundary e.g., global resources).​
  • Remove/migrate invalid resources (apps, profiles, policies) from the console.​
  • Remove/migrate invalid SGs.​
  • Ensure all users/devices are at or under Customer/Partner OGs. If users exist above Customer/Partner OGs with devices enrolled, device enrollment may be required.​
  • Validate Smart Group & app exclusion. See KB here.​
• Update Workspace ONE UEM to the latest version prior to Mod Stack enablement, minimum UEM 24.10.​
• Review the list of known issues and changes aggregated in the weekly newsletter below. Ensure resolutions/workaround are implemented as applicable.​
• Develop a testing plan post migration and communicate with internal stakeholders.​
• KB Article Overview
  • Announcement & Updates​
    • Administration changes for Workspace ONE UEM Modern SaaS Architecture | Omnissa​
    • Workspace ONE UEM – Modern SaaS Architecture Rollout – December Update (6000206)​​
    • Smart Group exclusions now managed at version level in modern SaaS architecture enabled Workspace ONE UEM Environments (6000662)​
    • Application and Profile management restricted to Customer Organization Group (and Partner Organization Group) or below in Modern SaaS architecture enabled UEM environments (6000196)​
    • Introducing WS1 UEM Next-Gen SaaS: Device List View, Resource Delivery and Deployment Tracking Modernization Improvements in Tech Preview Environment CN135 (94042)​
    • Modernization Update: Consolidated Modernized Services for Hosted SaaS (91520)​
  • Known Issues – Resolved​
    • Intelligent Hub for macOS must be upgraded to version 24.07.1 to prevent macOS Profile removal from being blocked with Mod Stack (Resolved in macOS Hub 24.07.1+)​
    • Profiles Assigned Through Freestyle Workflows Installed on Unintended Devices (6000667) (Resolved in UEM 24.06.0.13+)​
    • macOS Profiles shows “Installed but not assigned” and contains profile duplicates (6000682) (Resolved in macOS Hub 24.07.2+)​
    • [Modern Architecture] ChromeOS Device Sync fails (6000731)
    • ARES-28824 – Known Issue with Sorting Applications on Device Details Page with Modern SaaS Architecture Enabled UEM Environments (6000670)
    • [Resolved] Tagging Operations Behavior Change in Mod Stack Enabled Environments (6000180) (Enhanced in Workspace ONE UEM 2406 Patch 22 and 2410)
  • Known Issues – Ongoing​
    • ARES-28824 – Known Issue with Sorting Applications on Device Details Page with Modern SaaS Architecture Enabled UEM Environments (6000670)​
    • Evaluated device count higher than Assigned count in Deployment Tracking for Modern SaaS architecture enabled UEM Environments (6000191)​
    • Known issues of Product Provisioning in the UEM modernized stack (6000686)​
    • Workspace ONE UEM – Modern Stack Device-Based Events are not exported via Syslog Integration (6000677)​
    • ARES-30657 – For some internal apps, devices receive lower app version instead of the highest assigned version in modern-architecture enabled UEM environments (6000718)
    • FileVault Recovery Keys are missing for macOS devices after Modern Stack Migration (6000719)
    • FileVault Disk Encryption Pop Up for macOS Devices after Modern Stack Update (6000722)
    • [Modern Architecture] Devices Removed from Assignment Groups with “Enterprise Version” Filter (6000730)

High Priority KBs: 

• Upcoming Changes to the Cloud Distribution Network (CDN) URL for Omnissa Access and Hub Services (6000795)
• Horizon Cloud Service transition to Omnissa (6000824)
• Preparing for Omnissa Innovation Updates (6000840)
• Legacy Domain End of support and required action for Workspace ONE Cloud-Hosted domain vmwservices.com (6000843)
• Workspace ONE UEM – Upcoming Update to the Intelligence, Token Service, ESR, and CNS URL scheme – Action Required (6000867)
• Update Workspace ONE Boxer for iOS and Android with new Workspace ONE domain (6000868)
• Update Workspace ONE Content for iOS and Android with new Workspace ONE domain (6000869)
• Update Workspace ONE SDK for iOS and Android with new Workspace ONE domain (6000872)
• Update Workspace ONE Web for iOS and Android with new Workspace ONE domain (6000873)
• Update Workspace ONE Intelligent Hub for iOS and Android with new Workspace ONE domain (6000874)
• Update Workspace ONE PIV-D Manager for iOS and Android with new Workspace ONE domain (6000875)
• Omnissa Intelligence Migration to New Domains (6000876)
• Upcoming Changes to the Cloud Notification Service (CNS) URL for Omnissa Hub Services (6000877)
• Update Workspace ONE Email Notification Service (ENS) for OnPrem with updated Omnissa domain (6000878)
• Updates for WS1 Intelligence integration in UAG (6000879)
• Update to Workspace ONE Launcher (6000880)
• Update Workspace ONE App Wrapping & Plugins with new Workspace ONE domain (6000881)
• Upcoming Changes: Required Update to Intelligence SDK to Continue Sending Analytics Data to Omnissa Intelligence (6000882)
• Domain Migration :: Upcoming Changes to the Token URLs and Intelligence API URLs for Omnissa Workspace ONE ITSM Connector app for ServiceNow (6000883)
• Update Workspace ONE Intelligent Hub for MacOS with updated Omnissa domain (6000885)
• Update Workspace ONE Tunnel for iOS and Android and ChromeOS with updated Omnissa domain (6000886)
• Workspace ONE (on-prem) DEX for Windows and macOS (6000890)
• Workspace ONE DEX for Horizon (URL Migration) (6000891)
• DEX for UEM SaaS for Windows and macOS (URL updates) (6000892)
• Legacy domain suggested upgrade sequence (6000894)
  
• Omnissa World Link Directory
  For an overview about links to customer portals and relevant information follow the above link.
• System Migration Changes Impacting Workspace ONE and Horizon Customers (97841)
  The end-user computing (EUC) division of Broadcom will transition from VMware-hosted systems to EUC-hosted systems in April and May 2024. This transition is part of our preparation to become a standalone entity following the acquisition of EUC by KKR.
  

Recently added KBs (Links) 

• iOS VPN issue with Custom VPN Type and Custom data on UEM 2506 (6000998)
• SAML authentication fails in the Connection Server due to a ClassCastException encountered while resolving the SAML artifact. (6001000)

Recently updated KBs (Links)

• Auto-Update from macOS Intelligent Hub 24.11.1 and 24.11.2 Not Working as Expected (6000946)
• Horizon 8 support for Nutanix AHV Limited Availability (6000988)
• AD LDS Application Partition Migration (6000797)
• Omnissa Workspace ONE Applications Policy (81271)
• Omnissa Workspace ONE Assist IP ranges for SaaS Data centers (82567)
• On scheduling Horizon Agent upgrade for unmanaged Agent on RDSH, Horizon Agent upgrade fails (6000992)
• Supported Windows 10 and Windows 11 Guest Operating Systems for Horizon Agent and Remote Experience, for Omnissa Horizon 8.x (2006 and Later) (78714)
• UAG cannot receive Access-Accept from the Radius server unexpectedly, when the reply delays 30+ seconds after the request (93796)
• Enabling Windows 2025 Support in Horizon Brownfield Environments (6000960)

Community and YouTube Updates 

• Omnissa Workspace ONE Drop Ship Provisioning program guide
• Using Automation to Create Optimized Windows Images for Horizon VMs

Beta, Lab and Tech Preview Updates 

• Get started with Omnissa Beta-program

Currently available:

• Intelligent Hub for Android Managed API Feature – Available until further notice
• MSAL Global Sign-in/Sign-out for Shared Devices– Available until further notice
• HCS for Partners – Available until 01/30/2026
• Horizon 8 on VCD – Available until 12/31/2025
• HCS vSphere Edge – Available until 01/30/2026
• Windows Server Management (Select customers only) – Available until 7/31/2025
• Conditional Access – iOS Shared Device Mode for Entra ID Beta– Available until further notice
• Apple macOS Platform SSO with Omnissa Access* – Available until 8/15/2025
• Device Trust for WS1 Tunnel* – Available until further notice
• Identity Services – Migration to Entra ID for UEM (Limited Availability) – Available until 10/31/2025
• Launcher – Available until 8/8/2025
• Content for iOS – Available until 8/12/2025
• Content for Android – Available until 8/12/2025

Coming soon:

• MQTT Printer*
• Omnissa Pass*
• Digital Employee Experience Management (DEX) for Windows/Mac*
• Horizon Clients (Linux, Windows, Mac)

Past Omnissa Event Recordings

Omnissa Online	Recording of Omnissa Online Event: YouTube Recording	Various
Omnissa Tech Deep Dive: Provisioning, Enrolling, and Onboarding Windows devices into Workspace ONE UEM	What’s the difference between Provisioning, Enrolling, and Onboarding? What are the options for registering Workspace ONE devices with Entra ID? In this technical session, not only will you gain an understanding of all the options for new and existing Windows devices, but you’ll also have a group of experts on hand to address your questions in real time. Bonus is the announcement of two new features, along with a full explanation of each.Omnissa Tech Deep Dive: Provisioning, Enrolling, and Onboarding Windows devices into Workspace ONE UEM	Jenn GodwinJo HarderPhil HelmingJosh Spencer	28 Jul 2025
Omnissa Tech Deep Dive: Bringing VDI goodies to your physical desktops and laptops	We invite you to a demo-packed session, where you will learn how to bring the benefits of App Volumes and DEM (Dynamic Environment Manager) to your physical Windows devices.This brings the same benefits and features you know from your Horizon VDI environments to your desktops and laptops. You have full control over the application lifecycle, ensuring the best user experience and more! Omnissa Tech Deep Dive: Bringing VDI goodies to your physical desktops and laptops	Pim van de Vis	18 Jun 2025
Unified Windows Management: Windows Server Management (Beta) and Windows Multi-user in Workspace ONE UEM	This webcast will focus on the Omnissa Workspace ONE Windows Server Management Beta and Windows Multi-user management support.Unified Windows Management: Windows Server Management (Beta) and Windows Multi-user in Workspace ONE UEM	Grischa Ernst, Product Line ManagerCamille Debay, Product Line Manager – Windows ManagementSaurabh Jhunjhunwala, Staff Customer Success Engineer	17 Jun 2025

Latest Patch & Seed Script Updates:

OS Updates Seed Script

• Most recent update :
  • iPadOS 18.6 (22G86)
    iOS 18.6 (22G86)
    visionOS 2.6 (22O785)
    tvOS 18.6 (22M84)
    macOS 15.6 (24G84)
• Last Update: CW31

Device Model Seed Script

• Seed Script to support
  • iPad Air 11-inch (M3) Wi-Fi
• Last update: CW26

Workspace ONE UEM 23.10

• Patch level 23.10.0.53
  • FCA-210523 – Add fallback support for old domain.
• Patch level 23.10.0.55
  • AAPP-19421 – Improvements to dissociation logic for Apple VPP.
• Last Update: CW30

Workspace ONE UEM 24.02

• Patch Level: 24.2.0.34
  • AAPP-18714 – Unable to install a few internal and purchased apps due to error 12008 – MDM Command invalid.
• Last Update: CW29

Workspace ONE UEM 2406

• Patch level 24.6.0.42All EnvironmentsModernized Enviroments
  • MACOS-6224 – Extensible Single Sign-on Kerberos payload updates.
  • MACOS-4586 – System Policy Control payload updates.
  • MACOS-4581 – Extensible Single Sign-on Kerberos payload updates.
  • ESI-608 – Staging User unable to enroll an Android device registered to an end user in Registered Devices Only mode.
  • ESI-549 – Launcher CICO fails when enrolment restriction for device model is present, despite device being in allowlist.
  • AGGL-18954 – Profile installation and removal intermittently fails on shared iPads.
• Last Update: CW31

Workspace ONE UEM 2410

• Patch level 24.10.0.22
  • MACOS-5574- Modify XML to allow base 64 encoded data for a valid font and perform E2E testing on iOS and MacOs device.
  • ESI-608- Staging User unable to enroll an Android device registered to an end user in Registered Devices Only mode.
  • ATL-25637- Seeding macOS Hub v24.11.3 to UEM 24.10 Patch.
  • ARES-33173- Spaceman error displayed when clicked on ‘View’ on Profile List.
  • AMST-44100- Application deployments are very slow during Enrolment.
  • AMST-44014- Add logs to capture exceptions from the resources/status endpoint.
  • AMST-43813- Validate the profile XML for custom settings before delivering the XML to the device.
  • AMST-43450- Continue Checking Intel ECS for Capabilities.
  • AGGL-18815- Fix start time switching from PM to AM in System Updates Profile.
  • AAPP-19393- iOS Device Updates Details page update-status grid filters are not functioning as expected.
• Last Update: CW32

Workspace ONE UEM 2506

• Patch level 25.06 Patch 2

All Environments

• UM-9806: Permissions cannot be deleted for user groups with app, profile assignments or policy mapping for enrollment grouping, restrictions, and user roles.
• RUGG-13652: Apps and Profiles counts in Device Details Summary tab should consider unassigned resources and apps should move to Installed once it is reassigned.
• MACOS-5913: Adding the rebranded bundle-id of Hubd process to intelligent hub settings profile.
• MACOS-5768: macOS SSOExtension profile failing due to incorrect use of UseSharedDeviceKeys.
• MACOS-5574: Modify XML to allow base 64 encoded data for a valid font and perform E2E testing on iOS and MacOs device.
• MACOS-4581: Extensible Single Sign-on Kerberos payload updates.
• FCA-210742: Errors while navigating to different pages in the UEM console.
• ESI-608: Staging User unable to enroll an Android device registered to an end user in Registered Devices Only mode.
• ESI-549: Launcher CICO fails when enrollment restriction for device model is present despite device being in allowlist.
• CRSVC-65441: Need to batch event log publish when count of events goes beyond a threshold.
• CRSVC-64725: Need to batch event log publish when count of events goes beyond a threshold.
• CRSVC-64484: Add support for nullable conflict resolution properties.
• CRSVC-63373: Gumdrop – Logging parameter association has no parameters too frequent.
• CRSVC-63160: Include offline checkin resource types for requests to IH DSM from drift evaluation service.
• CRSVC-62176: Add EventLogDisableDBWriteFeatureFlag and EventLogServiceExportFeatureFlag in the orchestrator.
• CMSVC-18564: Support LDS deployment and automate SGS Drift enablement based on Mod Stack feature flags.
• ATL-25652: Seeding – latest SFD 24.10.7 build to UEM 2506.
• ATL-25596: Bundle latest AWCM (2506) with UEM 2506.
• AMST-43813: Validate the profile XML for custom settings before delivering the XML to the device.
• AGGL-19047: Denied application names and IDs in app control are not resolved to actual values when viewed in XML.
• AGGL-18988: Certificate profiles are installed twice after Android device enrollment when a compliance policy is assigned.
• AGGL-18954: Profile installation and removal intermittently fails on shared iPads.
• AGGL-18884: Credential payload upload certificate failing for ChromeOS.
• AGGL-18821: PhoneNumber Lookup returns blank when used in App Configuration.
• AGGL-17263 Denied application names and IDs in app control are not resolved to actual values when viewed in XML.
• AAPP-19722: VPP License sync error for some applications in the console.
• AAPP-19618: Split DDUIForAutoGeneratedProfilesFeatureFlag into 2 separate FFs.
• AAPP-19394: Readability updates to iOS Device Updates Details page.
• AAPP-19306: Cannot edit a profile with exchange ActiveSync payload.
• AAPP-19271: Custom DEP now supports minimum OS version enforcement.

Modernized Environments

• ARES-33458: Multiple version-level entries displayed for an Internal app on Windows Device App list.
• AGGL-18692: Profile installation and removal intermittently fails on shared iPads.
• Last Update: CW32

Disclaimer

Please note: All information in this Newsletter is statically copied from various sources. Once published, these sources won’t be checked and the Newsletter won’t be updated retrospectively. In case of doubts, always check and refer to the linked source in Omnissa Docs, Techzone or Knowledgebase.