Omnissa Newsletter 2025 Week 41

Upcoming Omnissa Events

Event	Link and description	Speakers	Date
Omnissa Tech Deep Dive: Beyond Zero trust by integrating compliance and conditional access form Workspace ONE	In today’s hybrid work environment, verifying user identity is no longer enough. True Zero Trust requires validating the device as well.Join this session to learn how Workspace ONE integrates with other IdPs to enforce device compliance during authentication. We’ll explore the various options to secure access to Office 365, Google Workspace, and other cloud apps – without compromising user experience.This session will show you how to turn device posture into a powerful access control signal. 👉 Register here:Omnissa Tech Deep Dive: Beyond Identity: Enforcing Zero trust by integrating compliance and conditional access from Workspace ONE	Sascha Warno	17 November 16 BST /17 CEST
Omnissa ONE returns in 2025	Omnissa ONE Japan Tokyo, ANA InterContinental Hotel  Nov 17th – Nov 19th 👉 More information and registration: Omnissa ONE TOKYO 2025

The past Omnissa Event recordings can be accessed here: Omnissa Community Webinars – Omnissa Community

Release Updates:

Workspace ONE Intelligent Hub for Android  25.09

Current Omnissa Security Advisories

• OMSA-2025-0003: Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability (CVE-2025-25235)
• OMSA-2025-0004: Omnissa Workspace ONE UEM addresses multiple vulnerabilities (CVE-2025-25229, CVE-2025-25231)

Find all latest advisories in the Omnissa Security Response Center

Omnissa UX Research Opportunities:

• Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
• Interested in giving your opinion and making your voice heard? Check out what’s available!

[NEW] Help make DEX navigation a breeze 

• About: We’re bringing together Experience Management features with the rest of Intelligence navigation, alongside Dashboards, Reports, and Data Explorer. Designs needs your help to identify, group, and organize key features into a unified, intuitive experience that makes sense. 
• Opportunity: 5-minute multiple choice survey with a drag and drop card exercise via a user testing tool called Maze. This won’t require talking and you can do it in your own time. Upon fully completing the survey, you can enter for a chance to win Omnissa swag!
• Relevant for: IT Admins using/managing WS1 Experience Management.
• ACTIVITY HERE —> available until end of day 10/17

[NEW] UEM + DEX: The Dynamic Duo of Digital Workspace Management 

• About: DEX and UEM may be integrating, and Design wants to understand how combining these tools could transform your workflows, such as streamlining troubleshooting, enhancing patch compliance, and improving performance analysis. 
• Opportunity: Your choice of 1-hour focus group via Zoom on October 15 and 16 where we’ll discuss your thoughts on DEX for UEM. Upon completing the Zoom conversation, Customers will receive Omnissa swag as a thank you!
• Who’s this relevant for: IT Admins using/managing BOTH WS1 UEM and Experience Management.
• SIGN UP HERE

[NEW] Simplify access, amplify control: updating RBAC in Omnissa Connect 

• About: Design’s looking to improve the role assignment experience. We’re exploring questions like: How easy is it to understand and assign roles? Should we allow for custom roles? And how can we make privilege inheritance and role management more straightforward?
• Opportunity: Your choice of 1-hour focus group via Zoom on October 15 and 16 where we’ll discuss your thoughts on DEX for UEM. Upon completing the Zoom conversation, Customers will receive Omnissa swag as a thank you!
• Who’s this relevant for: IT Admins involved in role-based access control for Workspace ONE.
• SIGN UP HERE

KB Highlights & Announcements:

Preparing for Workspace ONE Modern SaaS Rollout (Managed Hosting / Dedicated Cloud Customers)

• Familiarize yourselves with upcoming changes with Modern SaaS, including changes in workflows, terminology, and known issues. (See – TechZone article here.)​
• Request environment migration with the Omnissa account team (CSM, TAM, AE, SE) once ready. The team will work internally to request an enablement week on your behalf.​

High Priority KBs: 

• Omnissa Access / Hub Services / Omnissa Identity Service: Upcoming URL Migration and Certificate Branding Migration (6001062)
• Preparing for Omnissa Innovation Updates (6000840)
• Legacy Domain End of support and required action for Workspace ONE Cloud-Hosted domain vmwservices.com (6000843)
• Previously announced Legacy Domain End of support and required action for Omnissa Workspace ONE and Horizon Cloud service domains  (6000836)
• Workspace ONE DEX for Horizon (URL Migration) (6000891)
• Legacy domain suggested upgrade sequence (6000894)
• Omnissa World Link Directory
  For an overview about links to customer portals and relevant information follow the above link.
  

New KBs (Links) 

• Windows 10 22H2 Support Update for Horizon 8 and Horizon Cloud on Azure (HCS) (6001105)
• Microsoft Teams screensharing is slow on Horizon Client with Intel GPU and H.264/HEVC/AV1 when using Intel GPU driver older than 32.0.101.6972 (6001107)

Recently updated KBs (Links)

• Omnissa Access / Hub Services / Omnissa Identity Service: Upcoming URL Migration and Certificate Branding Migration (6001062)
• Omnissa Access and Hub Services – Pre-Migration Allowlist Requirement (6001023)
• Workspace ONE UEM on-premises End of Support (EOS) (6000887)

Techzone, Community and YouTube Updates 

• Horizon Ready Hypervisor
• Workspace ONE UEM Windows Multiuser
• Omnissa Privacy Overview

3rd Party Blog Updates & Industry News 

• Discover a modern path to a sovereign digital workspace
• Architecting the future: Inside the Omnissa Mod Stack

Beta, Lab and Tech Preview Updates 

• Get started with Omnissa Beta-program

Currently available:

• HCS for Partners – Available until 1/30/2026
• Horizon 8 on VCD – Available until 6/30/2026
• HCS vSphere Edge – Available until 01/30/2026
• Device Trust for WS1 Tunnel* – Available until further notice
• Identity Services – Migration to Entra ID for UEM (Limited Availability) – Available until 10/31/2025
• Horizon Clients New UI (Linux, Windows, Mac) –  Available until 10/17/2025 (Extended)
• Content for Android – Available until 10/9/2025
• OS Optimization Tool plugin for Microsoft Deployment Toolkit (MDT)*  – Available until 10/31/2025

Coming soon:

• MQTT Printer*  
• Omnissa Pass*
• Intelligent Hub for macOS
• Content for iOS
• Launcher

Latest Patch & Seed Script Updates:

OS Updates Seed Script

• Most recent update :
  • visionOS 26.0.1 (23M341)
  • tvOS 26.0.1 (23J362)
  • macOS 26.0.1 (25A362)
  • iPadOS 26.0.1 (23A355)
  • iOS 26.0.1 (23A355)
  • iOS 18.7.1 (22H6031)
  • macOS 14.8.1 (23J30)
  • macOS 15.7.1 (24G231)
  • tvOS 26.0.1 (23J6362)
  • iOS  26.0.1 (23A6355)
  • Vision 26.0.1 (23M6341)
• Last Update: CW40

Device Model Seed Script

• Seed Script to support
  • iPhone 17
• Last update: CW38

Workspace ONE UEM 24.02

• Patch Level: 24.2.0.36
  • AGGL-17263 – Denied application names and IDs in app control are not resolved to actual values when viewed in XML.
  • PPAT-17627 – Unable edit iOS device profile with VPN payload when IosTunnelSupportFullDeviceVPNFeatureFlag is enabled.
• Last Update: CW36

Workspace ONE UEM 2406

• Patch level 24.6.0.45
  • PPAT-19095: Improved performance of console UI while editing profiles containing Tunnel configuration payloads.
  • ESI-727: Tags are not getting applied to devices as part of Drop Ship Provisioning enrolment.
  • CRSVC-67078: Update to Telstra Custom SMS Gateway Connector.
  • ATL-26180: Seeding MacOS Hub 24.07.8 to UEM 2406 Next Patch.
  • AAPP-20191: APNS for apps cert getting renewed with expired cert during 24.06.0.43 and 24.06.0.44 patching.
  • AAPP-19167: Denied URLs is blank when editing an iOS Content Filter profile.
• Last Update: CW40

Workspace ONE UEM 2410

• Patch 28All EnvironmentsModernized Environments
  • PPAT-20330: Implement changes to upload certificate without client or server authentication EKU.
  • FS-8432: Workflow steps getting stuck on macOS post environment upgrade.
  • CRSVC-64367: Customer has a compliance policy wherein if the device is not encrypted then a push notification is sent, vpn profile is blocked, and a compliance profile for encryption is pushed. Original compliance policy.png is attached.
  • CRSVC-67208: Remove SID Check for Strong Mapping (OID/SID) certificate generation to allow custom systemcode override values on 24.10.
  • CMSVC-20517: Error occurs while creating OAuth token in Partner OG.
  • ATL-26565: Seed – Machost to canonical release PR2410-Patch28
  • ATL-26537: Seeding SFD 24.10.9 build to UEM 2410 patch release
  • ARES-33742: App Search API does not return highest app version under an OG when ‘distinctApplicationsPerOg’ is True.
  • AMST-44769: Windows Autopilot Enrollment stuck at OOBE “Setting up Work or School” screen post Patch 24 upgrade.
  • AGGL-19201: Patching AMAPI device policy fails when passcode profile uses L/M/H Complexity.
  • AAPP-19871: VPP Apps not uninstalled when switching from staging to end user on iOS devices.
  • ARES-33301: App scheduled for future deployment installs immediately.
• Last Update: CW40

Workspace ONE UEM 2506

• Patch 9
  • PRNT-71: Files and profiles no longer reporting accurately on Zebra printers following 24.10 upgrade.
  • PPAT-20208: Unable to install VPN profile on both iOS and Android devices.
  • MACOS-4996: Removing assignment from credential profile is not moving certificate to revoked state.
  • MACOS-4472: MacOS Install Fonts profile has incorrect setting “FontName” in the xml sent to the device.
  • FS-8296: Scripts wrongly displayed under Devices -> Workflow tab.
  • ESI-727: Tags are not getting applied to devices as part of Drop Ship Provisioning enrolment.
  • CRSVC-64367: Customer has a compliance policy wherein if the device is not encrypted then a push notification is sent, vpn profile is blocked, and a compliance profile for encryption is pushed. original compliance policy.png is attached.
  • CRSVC-64700: Updated Digicert profile fetch API to version 3.
  • ATL-26539: Seed: Machost to canonical release PR2506-Patch9.
  • ARES-33719: Profile publish fails when ‘Next’ button is clicked repeatedly on payload page.
  • AMST-44769: Windows Autopilot Enrollment stuck at OOBE “Setting up Work or School” screen post Patch 24 upgrade.
  • AMST-44665: SFD not getting automatically upgraded when WindowsAgentAutoUpgrade is not enabled.
  • AGGL-19201: Patching AMAPI device policy fails when passcode profile uses L/M/H Complexity.
  • AAPP-20057: UK users are unable to enroll their devices and are receiving the error 403.
  • AAPP-18714: Some Internal and Purchased iOS apps fail with error 12008 MDM Command invalid.
• Last Update: CW40

Disclaimer

Please note: All information in this Newsletter is statically copied from various sources. Once published, these sources won’t be checked and the Newsletter won’t be updated retrospectively. In case of doubts, always check and refer to the linked source in Omnissa Docs, Techzone or Knowledgebase.