Omnissa Newsletter 2025 Week 49

Upcoming Omnissa Events

Event	Link and description	Speakers	Date
Omnissa Tech Deep Dive: Introducing Omnissa Secure Access	Please join Rob Beekmans & Aaron Black for a discussion about one of Omnissa’s recent product announcements regarding the Enterprise Browser functionality in one of our newest offerings – the Omnissa Secure Access Suite.  This is an exciting evolution driven by our customer and partner base as the demand of SaaS apps drives the requirements for additional access and data security controls.  This takes us beyond management and experience into the critical realm of browser security, observability, and of course Gen AI governance. Join us with questions and feedback in this early stage of our offering. 👉 Register here: Omnissa Community Webinar: Introducing Omnissa Secure Access	Rob BeekmansAaron Black	10 December 16 GMT/17CET

The past Omnissa Event recordings can be accessed here: Omnissa Community Webinars – Omnissa Community

Release Updates:

• Workspace ONE Tunnel 25.11 for iOS
• Workspace ONE Intelligent Hub 25.11 for iOS
• Workspace ONE Assist 25.11 for Windows
• Workspace ONE Assist 25.11 for Linux
• Workspace ONE Assist 25.11 for Android
• Workspace ONE Assist 25.11 for macOS
• Horizon Control Center 25.11

Current Omnissa Security Advisories

• OMSA-2025-0003: Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability (CVE-2025-25235)
• OMSA-2025-0004: Omnissa Workspace ONE UEM addresses multiple vulnerabilities (CVE-2025-25229, CVE-2025-25231)
• OMSA-2025-0005: Omnissa Workspace ONE UEM addresses an observable response discrepancy vulnerability (CVE-2025-25236)

Find all latest advisories in the Omnissa Security Response Center

Omnissa UX Research Opportunities:

• Our goal is to gather insight into user behaviors, motivations, and goals, so we can use those insights to inform and strengthen product and design decisions.
• Interested in giving your opinion and making your voice heard? Check out what’s available!

*Great things coming soon!

KB Highlights & Announcements:

Preparing for Workspace ONE Modern SaaS Rollout (Managed Hosting / Dedicated Cloud Customers)

• Familiarize yourselves with upcoming changes with Modern SaaS, including changes in workflows, terminology, and known issues. (See – TechZone article here.)​
• Request environment migration with the Omnissa account team (CSM, TAM, AE, SE) once ready. The team will work internally to request an enablement week on your behalf.​

High Priority KBs: 

• Omnissa Access / Hub Services / Omnissa Identity Service: Upcoming URL Migration and Certificate Branding Migration (6001062)
• Preparing for Omnissa Innovation Updates (6000840)
• Legacy Domain End of support and required action for Workspace ONE Cloud-Hosted domain vmwservices.com (6000843)
• Previously announced Legacy Domain End of support and required action for Omnissa Workspace ONE and Horizon Cloud service domains  (6000836)
• Workspace ONE DEX for Horizon (URL Migration) (6000891)
• Legacy domain suggested upgrade sequence (6000894)
• Omnissa World Link Directory
  For an overview about links to customer portals and relevant information follow the above link.
  

New KBs (Links) 

• Horizon Cloud – Troubleshooting UAG issues (6001197)
• Inconsistent Application Status Reported in UEM When a New Application Version Is Added (6001198)
• Announcing End of Support for Android Native Check-in/Check-out (6001199)
• High CPU Usage reported for ws_TomcatService.exe when SAML enabled (6001200)
• Horizon Client fails to authenticate via SSO on an Image that is optimized using Horizon OSOT (6001202)

Recently updated KBs (Links)

• ARES-35749 – SDK Profiles configured for Workspace One Web and Content apps get uninstalled upon Modern SaaS architecture enablement (6001196)
• Configuring YubiKey on Horizon Agent for Linux (6001193)
• Delayed Resource Delivery for Apple Devices Due to NotNow Responses in Workspace ONE UEM (6001009)
• Horizon 8: Monitoring health of Horizon Connection Server using Load Balancer, timeout, Load Balancer persistence settings (56636)
• Horizon Cloud Naming Update (6001194)
• Omnissa Access / Hub Services / Omnissa Identity Service: UEM configuration Migration to the new Omnissa Access URL (6001090)
• Omnissa Workspace ONE Assist IP ranges for SaaS Data centers (82567)
• Removal of the “Desired State Management” Option in Windows Application Assignments (6001132)
• Workspace ONE Assist – Streaming Issues on Samsung Devices Running Android 15 and above (6001145)

Techzone, community and YouTube updates

• Network Ports in Horizon 8
• Join the Omnissa Tech Insider Program: Help shape the future of End-User Computing

3rd Party Blog Updates & Industry News 

• Omnissa Release Notes Comparison Tool
• Omnissa Horizon locked.properties Settings
• Configure Omnissa UAG with Omnissa Horizon
• Configure locked.properties for Omnissa Horizon

Beta, Lab and Tech Preview Updates 

• Omnissa Pass Beta Launch
• Get started with Omnissa Beta-program

Currently available:

• HCS for Partners – Available until 1/30/2026
• Device Trust for WS1 Tunnel* – Available until further notice
• OS Optimization Tool plugin for Microsoft Deployment Toolkit (MDT)*  – Available until 11/7/2025
• Unified Access Gateway (Horizon 8 and Horizon Cloud Service customers) – Available until 12/15/2025
• Conditional Access – iOS Global Sign-in/Sign-Out with Entra ID* – Available until 12/31/2025
• WS1 Vulnerability Defense* – Available until 12/31/2025
• Web for iOS – Available until 12/1/2025
• Web for Android – Available until 12/6/2025
• Tunnel for Android – Available until 12/4/2025
• Content for Android – Available until 12/8/2025
• Hub for macOS – Available until 12/9/2025
• Horizon Cloud Service on OpenStack* – Available until 3/26/2026
• Intelligent Hub for Linux – Available until 12/10/2025

Coming soon:

• Tunnel for macOS  
• Horizon OSOT
• MQTT Printer*
• Horizon Cloud on Nutanix*

Latest Patch & Seed Script Updates:

OS Updates Seed Script

• Most recent update :
  • iPadOS 18.7.2 (22H124)
  • iOS 18.7.2 (22H124)
  • iOS 18.7.2 (22H6124)
• Last Update: CW45

Device Model Seed Script

• Seed Script to support
  • iPad17,1 – A3357 – iPad Pro 11-inch Wi-Fi (M5)
  • iPad17,2 – A3358, A3359 – iPad Pro 11-inch Wi-Fi + Cellular (M5)
  • iPad17,3 – A3360 – iPad Pro 13-inch Wi-Fi (M5)
  • iPad17,4 – A3361, A3362 – iPad Pro 13-inch Wi-Fi + Cellular (M5)
  • Mac17,2 – A3434 – MacBook Pro 14-inch (M5)
  • RealityDevice17,1 – A3416 – Vision Pro (M5)
• Last update: CW45

Workspace ONE UEM 24.02

• Patch Level: 24.2.0.37
  • RUGG-13857: Products install repeatedly if device reports Event Actions that are deleted from UEM.
  • FCA-211788: Upgrades to multiple JavaScript libraries to avoid potential cross-site scripting vulnerabilities.
  • FCA-208451: IP Address value not returning for the Device Search API result (General Query).
  • AGGL-19105: App remains on device Play Store after deactivating Android Public App on Console.
  • AGGL-17263: Denied application names and IDs in app control are not resolved to actual values when viewed in XML.
  • AAPP-20600: Device Updates page failing to load new versions (iOS/macOS).
  • AAPP-20057: Allow for Apple device enrollment if OS version has not been seeded yet.
• Last Update: CW47

Workspace ONE UEM 2406

• Patch level 24.6.0.46
  • RUGG-13731: Product with only Reboot manifest won’t be delivered to devices without force-reprocess.
  • INTEL-73644: Data discrepancy observed while creating report in Workspace ONE Intelligence.
  • FCA-211788: Upgrades to multiple JavaScript libraries to avoid potential cross-site scripting vulnerabilities.
  • ESI-728: Launcher stuck in login loop if “Always prompt for terms of use” is enabled.
  • ARES-34536: Trusted Credentials setting under Wi-fi payload cannot be saved in DDUI Profiles.
  • AAPP-20600: Device Updates page failing to load new versions (iOS/macOS).
  • AAPP-20207: VPP application versions are not updating in the Console when the country code is non-English.
  • AAPP-20057: Allow for Apple device enrollment if OS version has not been seeded yet.
• Last Update: CW46

Workspace ONE UEM 2410

• 2410 Patch 35
  • RUGG-13770: Custom update creation is limited to loading a maximum of 10 policies.
  • RUGG-13731: Product with only Reboot manifest won’t be delivered to devices without performing force-reprocess.
  • MACOS-4459: Fix macOS restriction to lock desktop wallpaper.
  • FCA-211042: Configure admin roles with Read-Only access to All Settings.
  • FS-8831: Silent failures during script execution causes it to be stuck in progress for macOS devices..
  • FS-8580: Workflow fails on macOS 26 RC 1 devices due to step timeout persisting after completion.
  • FS-8564: Scripts unable to execute due to an unexpected reboot causing a corrupted DB on macOS devices.
  • ESI-728: Launcher stuck in login loop if “Always prompt for terms of use” is enabled.
  • CRSVC-67576: Throttle event log sync failure notifications.
  • CRSVC-67375: Add Windows Pure SCEP Flow Support for OID-SAN Scenario in 24.10.
  • CRSVC-67264: Improvements in throttling event log sync failure notifications.
  • CRSVC-66851: Devices are part of compliance target despite not being in assignment group.
  • CMCM-191640: Admin repo empty after clicking on ‘sign-in’ in Content app.
  • ATL-27188: Seeding SFD 24.10.10 build to UEM 2410 patch release.
  • ATL-27173: Seed latest Machost to 2410.
  • ARES-35269: Error occurs intermittently while viewing Profile List View.
  • ARES-35213: Profile of another tenant sometimes displayed on Device Profile list.
  • ARES-34661: Removing Smart Group from profile assignments may show devices from other assigned Smart Groups as removed.
  • ARES-33874: Email settings of Boxer app cannot be accessed or updated sometimes.
  • ARES-33477: Few profiles installed on devices of Smart Group previously assigned through a deleted Workflow.
  • ARES-33343: Declarative profile not visible on Device Profiles list when accessed from any Parent Organization Group.
  • ARES-32810: Error occurs while accessing App Removal Log page if any app is in ‘Reset’ state.
  • AMST-44385: App removal failing instantly for a Windows internal application.
  • AGGL-19140: Maintenance Window is pushed even when Auto Update Policy is “Never” .
  • AGGL-17150: Internal apps stop installing automatically after configuring app control profile and Allow list app group.
  • AAPP-20215: Delay in VPP app installation across large iOS device fleet.
  • AAPP-19620: Unable to install/upgrade VPP apps on selected devices using ‘Install on Selected’ option.
• Last Update: CW49

Workspace ONE UEM 2506

• Patch 16
  • RUGG-13731: Product with only Reboot manifest won’t be delivered to devices without performing force-reprocess.
  • FS-8831: Silent failures during script execution causes it to be stuck in progress for macOS devices.
  • FS-8564: Scripts unable to execute due to an unexpected reboot causing a corrupted DB on macOS devices.
  • FCA-211751: OG filters applied in the Device List View are not applied when Exported.
  • FCA-211387: Admin password reset emails are not sent.
  • FCA-211339: Update mdm/device/search v2 API to report PhysicalMemory in Bytes.
  • ESI-728: Launcher stuck in login loop if “Always prompt for terms of use” is enabled.
  • CRSVC-70627: Tunnel App Showing Access Denied Until Reinstalled.
  • CRSVC-55456: Certificate list api and UI are showing incorrect number of certificates.
  • ATL-27195: Seed latest Machost to 2506.
  • ATL-27069: Seed Workspace ONE Intelligent Hub v25.06.5 for Windows.
  • ARES-35269: Error occurs intermittently while viewing Profile List View.
  • ARES-34142: Remove last evaluation dependency and apply changes to retain Deployment Tracking metrics.
  • AGGL-19412: Outdated settings shown when viewing ChromeOS Credentials Profiles.
  • AGGL-17740: App configuration, App policy, and per-app VPN settings unexpectedly removed from AMAPI devices.
  • AAPP-20593: Fix SKU mapping for Device Attestation & Release Device from ABM.
  • AAPP-20215: Delay in VPP app installation across large iOS device fleet.
  • AAPP-20207: VPP application versions are not updating in the Console when the country code is non English.
  • AAPP-20016: Apple TV – VPP License is not revoked after removing app from device details page.
  • AAPP-20207: VPP application versions are not updating in the Console when the country code is non English.
  • AAPP-19826: VPP Sync application improvements.
  • AAPP-19620: Unable to install/upgrade VPP apps on selected devices using ‘Install on Selected’ option.
• Last Update: CW49

Workspace ONE UEM 2509

• Patch 1
  • FS-8831: Enhanced error handling for socket exceptions to prevent silent failures during script execution.
  • FS-8564: Scripts unable to execute due to an unexpected reboot causing a corrupted DB on macOS devices.
  • FCA-211680: Add link to collect logs in the user details dropdown.
  • ATL-27185: Seed Machost v2509.4802 to 2509 patch 1.
  • ATL-27071: Seed Workspace ONE Intelligent Hub v25.06.5 for Windows to UEM 2509.
  • ARES-35268: Apps delivered through Product Provisioning removed from devices when they lose assignment.
  • ARES-34933: “An error has occurred” sometimes appears while performing actions related to apps and profiles.
  • AGGL-19412: Outdated settings shown when viewing ChromeOS Credentials profiles.
  • AAPP-20600: Device Updates page failing to load new versions (iOS/macOS).
  • AAPP-20593: Fix SKU mapping for Device Attestation and Release Device from ABM.
  • AAPP-20016: Apple TV – VPP License is not revoked after removing app from Device Details page..
• Last Update: CW49

Disclaimer

Please note: All information in this Newsletter is statically copied from various sources. Once published, these sources won’t be checked and the Newsletter won’t be updated retrospectively. In case of doubts, always check and refer to the linked source in Omnissa Docs, Techzone or Knowledgebase.