check-circle-line exclamation-circle-line close-line

AirWatch v9.1 Release Notes

Released Date: April 2017

Mobile Device Management

  • Introduced Remote Management v4.0 for Android and Windows Rugged devices.

    Remote Management v4.0 now supports better remote control of your Android and Windows Rugged devices. This new version allows you to manipulate the screen on the device, launch apps, and gain device details from the remote management console.

    Contact AirWatch Support for more information on adding Remote Management to your AirWatch solution, as you must purchase the applicable SKU.

    For more information, see Introduction to Remote Management v4.1.

  • Added additional admin console notifications.

    Select the bell icon indicator, located in the top-right panel, and the Notifications popup displays.

    • App Removal Protection – If apps you have identified as critical keep getting removed from your devices, you can be notified when the number of these removals exceeds the threshold that you define.
    • List View Export – Depending on the number of users and devices in your list, the export of the Device List View and User List View to a comma-separated values file can take time to produce. This notification tells you when it is complete and ready for examination.
    • User Group Merge Pending – If you have the Auto Merge Changes setting disabled on your User Group, then you must supply admin approval each time database changes are initiated. This notification lets you know when AirWatch is ready to begin the merge process.
    • VPP App Auto Update – High priority alerts that notify you when an app installed with Apple Volume Purchase Program has an updated version you can install.

    For more information, see AirWatch Console Notifications.

  • Enhanced admin panel license information.

    License information has been made more accurate by basing its status on the active/inactive flag instead of expiration date. The license model is also now accurately reflected, which can be user-based or device based. Navigate to Hub > Admin Panel to see the new license information. You need to be in a Customer type organization group for the Admin Panel to display.

    For more information, see Admin Panel Dashboard.

  • Enhanced Security on Notifications for New Basic Users

    When you add a new basic user to AirWatch, you can send an SMS or email notification to the new user which they use to activate their account. Rather than displaying the password in plain text in the notification, a password reset link is included. The new basic user must use the link to select a new password before the link expires, automatically, in 24 hours.

    For more information, see Create Basic User Accounts.

  • SSP login page redesign and customization.

    The Self-Service Portal login page has been redesigned and now includes the ability to customize the background image. Navigate to Groups & Settings > All Settings > System > Branding and select the Upload button in the Self-Service Portal Login Page Background setting.

    For more information, see Self-Service Portal Overview.

  • Disable Captcha setting.

    You can now disable the Captcha authentication safeguard mechanism at the login prompt. Be aware that disabling Captcha may weaken the overall security. Navigate to Groups & Settings > All Settings > Admin > Console Security > General and clear the Captcha Enabled checkbox.

  • Workspace ONE labels in Device List View.

    Device List View has been enhanced to now display devices registered with and managed by Workspace ONE. The Container filter can be used to identify and produce lists of these devices. The labels will display in the same location as the "MDM" label appears. Labels include Workspace ONE Registered and Workspace ONE Managed.

    Navigate to Devices > List View to see the new label reflected on devices registered with and managed by Workspace ONE.

  • Added certificate profile batching for Android and Windows.

    When a device profile is published to multiple devices, the same profile dataset is transmitted, placing minimal strain on the server. If the profile includes credentials, however, the profile dataset is no longer identical, since authentication is user-specific. Delivering unique profiles to multiple devices places a heavy burden on the server. For this reason, AirWatch now supports Certificate Profile Batching. This feature is already in place for iOS and Mac, devices but AirWatch v9.1 brings support for Android and Windows devices. Publishing credentials-based profiles using a batch process greatly streamlines the delivery, freeing up server CPU cycles.

    There is no system setting to enable this feature; it is on by default.

  • Added support for MessageMedia.

    AirWatch v9.1 adds support for MessageMedia, an Australian text messaging vendor. MessageMedia is now an option when configuring SMS for organization groups using the Admin Console, Self-Service Portal, and MessageMedia is an SMS option in the API.


  • Added the ability to configure additional Android security settings.

    A new Security page has been added to the AirWatch Console. The Security page adds additional security settings for Android devices to protect sensitive data from unauthorized access to the device database.

    As part of the enrollment process, end users will create a passphrase code, which generates a key used to access the device database. When Key Encryption With User Input is enabled on the Security page and someone tries to access the database without that passphrase, access is denied. To enable this feature, Single Sign On must be enabled through the AirWatch SDK.

    The passphrase requirements can be set to allow the end user to only enter the passphrase during enrollment for a one-time prompt by enabling Allow Remember Authentication.

    Navigate to this setting: Settings > Devices & Users > Android > Security.

  • Added S/MIME certificates support for Samsung Knox Credentials profiles.

    Added support for S/MIME certificates in the Samsung Knox Credentials profile. S/MIME certificates allow you to encrypt emails and digitally sign them, helping the people who receive that message to be certain that what they see in their inbox is the exact message that started with the sender.

    For more information, see Configure Credentials Profile (Knox).

  • Added new PAC URL options for SAFE devices to the Android Wi-Fi profile.

    New options in the Wi-Fi profile enable you to configure a Wi-Fi PAC URL as manual or automatic. Enable Proxy Auto Configuration, which prompts you for the PAC URL.

    For more information, see Configure Wi-Fi Profile (Android).

  • Implemented various enhancements for AirWatch Launcher.

    • AirWatch Launcher is the application that locks down the device in to Kiosk mode so only the white listed applications can be directly accessed.
    • AirWatch Launcher now clears app data when multi-user devices are checked in. Previously, when devices were checked in and checked back out under a different user, the second user would be able to view the previous user's history. With this update, the app data will be cleared at check in when this option is enabled. Admins will initially need to push a Custom Profile to enable this setting until full support is implemented in the AirWatch Console. For more information, see

    • The Device Details page in the AirWatch Console now shows if Launcher is enabled on the selected device within the security section. The status shows if Launcher is set as the default home app on the device. If not, the status shows "Launcher not set as home app/not installed".

  • Added Android for Work Always On VPN functionality

    Always on VPN has been added to Android for Work VPN profile so that users can toggle between Android for Work badged apps and personal apps without posing security risks. The VPN and Wi-Fi profiles include the capability to set VPN for all work apps and configure Wi-Fi for global network connections.

  • Added support for a Work Security Challenge

    Set up a passcode policy that applies to your work apps only. This is available for devices running Android 7.0+. This ensures that complex passcode policies apply to work data only and does not force the end user to enter a complex passcode when unlocking their device, simplifying the BYOD experience.

    For more information, see Configure Passcode Profile (Android for Work).

  • Enhanced the user experience when setting up App Configuration with Android for Work

    Titles and descriptions (when available) are automatically shown in the AirWatch Console when app configuration is enabled for a public application. Simplified controls are available rather than static text fields, making it easier to configure apps. Additionally, data type support now includes bundle and bundle arrays.

    Navigate to Apps & Books > Edit App > Assignment > Policies > Send App Configuration.

  • Added additional enrollment methods for Work Managed Android for Work devices.

    Work Managed Device enrollment has been simplified with additional ways to enroll Android for Work devices:

    • AirWatch Identifier – Admins can enter an EMM-specific token provided by Google that automatically enrolls devices with AirWatch and all settings and configurations. This option is available for Android for Work accounts only.

      For more information, see Enrolling Work Managed Devices Using AirWatch Identifier.

    • QR Code – Admins scan a QR code that includes the location of the AirWatch Agent and user credentials. This option is available for Android for Work and Google account users.

      For more information, see Enrolling Work Managed Device Mode Using a QR Code.

  • Runtime permissions on Android devices.

    The AirWatch Console provides the admin the ability to view a list of all the permissions that an app is using. This list is updated when the edit app screens are loaded, so it always has the latest list of permissions.

    For certain permissions that Google defines, the admin can make the following selections: Allow, Deny, or Prompt User. This makes it so the end user does not have to manually accept app permissions when they are opening an app for the first time.

    For more information, see Configure Permissions Profile (Android for Work )

ClosedApple (iOS/tvOS)

  • Implemented new logic for locking DEP-enrolled devices into Lost Mode.

    Devices lock into Lost Mode upon exceeding the max-passcode limit for applications when a DEP-Supervised device user enters an incorrect device application passcode beyond the maximum allowed attempts. The device remains in a locked state even if an end-user attempts to unenroll and re-enroll a DEP-Supervised device..

  • Added internal application support to tvOS

    Deploy applications to tvOS devices so that you can manage internal apps on tvOS devices over-the-air. Manage an application by installing it or removing it from devices.

    For more information, see Enterprise Application Management (tvOS).

  • Added DEP support for tvOS.

    With 4th generation tvOS 10.2+ Apple tvOS devices, you can enroll Apple TVs through the Apple Device Enrollment Portal Program. This upgrade allows admins to provision Apple TVs in bulk, and simplifies the end users' set up and connection experience.

    For more information, see DEP Enrollment for tvOS Devices.


  • Added integration with Dell Command | Monitor.

    AirWatch now supports integrating with Dell Command | Monitor to configure device BIOS settings and enhance device details in the AirWatch Console. Add Dell Command | Monitor as an internal application and push it to your Dell enterprise devices.

    AirWatch now supports configuring BIOS settings on Dell enterprise devices with the BIOS profile. This profile requires integration with Dell Command | Monitor.

    For more information, see Dell Command | Monitor Integration and Configure a BIOS Profile (Windows Desktop).

  • Enhancements to BitLocker encryption profiles.

    The enhanced Encryption profile adds additional functionality to the BitLocker encryption of your Windows Desktop devices. This enhancement includes the ability to create an automatically rotating BitLocker password and BitLocker suspension that suspends encryption during specified windows for maintenance and upgrades.

    For more information, see Configure an Encryption Profile (Windows Desktop).

  • Updated the Windows Update profile with new functionality.

    The enhanced Windows Updates profile now supports deferring Feature and Quality updates for a number of days before installing on to your Windows Desktop devices. Also included in this enhancement is the ability to create active hours for devices. During these active hours, devices do not restart as part of update installation.

    AirWatch now supports approving all Windows Updates from a new Windows Update screen. Navigate to Lifecycle > Windows Updates to see a list of all available Windows Updates. Select an update to gain additional details. The Assign button begins the approval and deployment process for devices. This new screen provides the status of all updates in the assignment process.

    For more information, see Configure a Windows Updates Profile (Windows Desktop) and Windows Updates.

ClosedRugged Devices

  • Added the ability to apply custom OEM settings for MSI devices.

    AirWatch now supports pushing OEM custom settings for MSI devices through the custom settings file/action. This new action downloads the ZIP file from MSI onto the device and installs the custom settings.

  • Added event actions for product provisioning.

    AirWatch now supports a new event actions component for product provisioning. Events Actions act as a device-based "if-this-then-that" configuration that will allow for recurring actions to be performed on device upon specific predefined conditions being met.

    For more information, see Event Actions.

ClosedMobile Application Management

  • Added a workflow for deploying AirWatch proprietary applications.

    This new process applies if you deploy proprietary, non- App store, AirWatch applications such as Secure Launcher, as one of your internal applications. AirWatch added restrictions to avoid the impact of having the same application deployed from separate sections of the console (such as the Secure Launcher Profile).

    For more information, see Safeguards for Proprietary, Non-Store, AirWatch Applications.

  • Streamlined AirWatch and Appthority integration.

    AirWatch and Appthority have streamlined the integration process to make it easier and more secure. If you use Appthority app scanning services and you are interested in leveraging this new process, contact your AirWatch representative or AirWatch Support.

  • Developed automatic updates of VPP applications (device-based method).

    AirWatch offers automatic updates of your Volume Purchase Program (VPP) applications in the device-based method of the managed distribution process. Since VPP applications are related to the Apple ID but the application is assigned to the device serial number, AirWatch polls the App Store for updates for your device-based applications. This enhancement lets you enable AirWatch to automatically update the VPP apps assigned with the device-based method or manually push updates through the console.

    For more information, see Update Device-Based VPP Applications Manually or Automatically.

  • Added support for Windows Store for Business Online Licensed applications.

    AirWatch now supports the online licensing model for the Windows Store for Business. In the online licensing model, the Windows Store for Business manages the licenses and offers you the flexibility to deploy them as public applications through AirWatch.

    For more information, see The Windows Store for Business and AirWatch.

  • Added web app support in Workspace ONE.

    Deploy web applications through AirWatch and they display in Workspace ONE catalog. Workspace ONE automatically pulls the URL, description, and icon for the web app and makes it available to devices in your Workspace ONE deployment.

  • Developed more protection for your Internal Application removals with a process to hold app removal commands so that Admins can dismiss or release them.

    Use the app removal protection feature to control when the system removes critical internal applications from devices. Depending on threshold values, the system holds app removal commands until admins release commands, which results in the removal of applications, or dismisses them, which results in applicable internal applications staying on devices.

    For more information, see Application Removal Protection Overview.

ClosedMobile Content Management

  • Improved Content Locker badge count functionality.

    The Content Locker Badge Count now has a new option called 'None'. You can select the option to disable badge counts for Content Locker.

  • Added an Allow Delete option for admin repositories.

    The Admin Repository configuration now has a new option called 'Allow Delete'. The Allow Delete option for admin repositories feature is helpful for end-users who only use Mobile Devices to access their content. You can choose to allow end-users to permanently delete content from a Network Share Repository.

    When enabled, the end-user is provided with two prompts when attempting to delete content:

    • Delete local copy: Only deletes copy of content from device.

    • Delete from device and repository: Deletes local copy from the device and original content from the Network Share Repository.

ClosedMobile Email Management

  • Outbound proxy configuration for SEG (V2 Platform)

    The SEG installer for the V2 platform now has a new screen for the outbound proxy details.

    Specify the outbound proxy details for configuring the communication from V2 SEG to the API server through a proxy. The proxy details include the type of protocol used for the proxy, proxy host, port number, and authentication.

  • Added Group option to Sync Settings for PowerShell deployments.

    The Deployment page of the Add Email Configuration wizard now shows the option 'Group' under 'Sync Settings - > Limit sync results by'.

    The organizations with Office 365 implementations can now choose to sync the mailboxes at a group level while configuring the PowerShell deployment with the 'Group' sync option.

    The Sync Mailbox action on the Email > List View page now allows an ad-hoc sync for the mailboxes. A new page, the 'Sync Mailboxes Confirmation' page appears on selecting the Sync Mailbox action. On this page, either select the pre-configured sync setting or select a different sync option to quickly sync the devices.

ClosedEnterprise Integration

VMware Tunnel

  • Added a new Cascade Mode deployment model for multi-tiered deployments of VMware Tunnel.

    Provide secure communication from your end-user devices to your internal resources with the new Cascade Mode deployment for VMware Tunnel. AirWatch now supports cascade mode deployment for the Per-App Tunnel component of the VMware Tunnel. This mode uses TLS connections between the front-end and back-end servers. These servers also use SSL certificate authentication. Finally, cascade mode provides support for Server Side Traffic Rules for the Per-App Tunnel component of the VMware Tunnel.

    Existing customers using the VMware Tunnel relay-endpoint deployment model must upgrade to cascade mode in AirWatch v9.1.

    For more information, see Cascade Mode Deployment.

  • Added an Enable VMware Tunnel option to the iOS VPN profile.

    The Enable VMware Tunnel option appears when you select VMware Tunnel as your Connection Type.

    Select the option to assist in migrating from AirWatch Tunnel (the legacy mobile app) to VMware Tunnel (the updated mobile app).

  • Added Per-App Tunnel support for macOS devices.

    AirWatch now supports Per-App Tunnel functionality for macOS devices. The new VMware Tunnel for macOS app allows your end user to securely connect to your internal resources through the VMware Tunnel.

    With the new VMware Tunnel for macOS app, you can restrict network traffic for the native Safari app through the VMware Tunnel based on device traffic rules.

    For more information, see Access the VMware Tunnel App for macOS.

  • Added network traffic rule support for Windows 10 Per-App Tunnel functionality using the VPN traffic filters in the Windows 10 VPN profile.

    AirWatch now supports creating network traffic rules for Windows Desktop devices. Create these rules in the VPN profile for Windows Desktop under the Routing Policy settings.

    For more information, see Configure a VPN Profile (Windows Desktop).

Directory Services

  • Directory Services friendly name enhancement.

    Directory groups created in Active Directory have typically been updated in AirWatch with the same friendly name whenever changes are made in Active Directory. When it comes to organizational unit-based user groups, however, it can present a challenge to the admin, who now must perform a special procedure to tell the difference between two user groups with the same common name. To address this, a setting has been added enabling you to disable the automatic updating of directory groups' friendly names. This allows you to customize the friendly name of these user groups, making it possible to tell them apart, for example, for the purpose of making smart groups.

    For more information, see Map Directory Services Group Information.

Certificate Integration

  • Added certificate authority support for EJBCA.

    The AirWatch v9.1 release provides support for EJBCA (Enterprise Java Beans Certificate Authority). EJBCA is an open-source PKI (public key infrastructure) certificate authority built entirely on Java code, making it robust and cross-platform.

System Architecture

  • Added SQL Server 2016 support for the AirWatch database.
  • Updated the .NET version requirements for AirWatch components and servers to .NET 4.6.2.
  • Updated the on-premises installation process to require an installation authentication token.

    This token is used to provision the necessary secure channel certificate to your AirWatch database if it is not already present, such as in the case of a new installation. For more information, see the VMware AirWatch Installation Guide (VMware provides this document to you as part of the on-premises installation process).

  • Updated the on-premises installation process to include the Identity Service as a feature.

    Installing the Identity Service requires you to set up a separate database and meet other requirements. Once installed, it enables you to use the Workspace ONE app as your app catalog, and allow enrollment through the Workspace ONE app.

  • Added dedicated reports storage.

    AirWatch now supports a dedicated Reports Storage for your AirWatch Reports. This storage improves performance of AirWatch Reports and reduces database demand.

    For more information, see Reports Storage Overview.

  • The New Reports in AirWatch Reports now have increased coverage. The enhanced reports include Application Details by Device, Device Inventory, and Devices with User Details.

  • Changed the default setting for Historic Sampling to not save historic data that typically has not been used by most customers. Previously, it was turned on by default and could cause performance issues.

ClosedAPI Framework

  • Application Management API updates

    • Auto Update Flag for Device based VPP App
    • Delete Windows Dependency Application
    • Retrieve List of Windows App Dependency Files
    • Retrieve Windows App Dependency
    • Search and Retrieve Removal Logs for Internal Applications
    • Update Application on Devices Having Device Based Licenses
    • Update Internal Application
    • Update Removal Logs
    • Assigns Smart Groups to a BSP Application (V2)

  • Device Management API updates

    • Retrieve Compliance Attributes for an Organization Group 
    • Save Compliance Attributes for a List of Devices 
    • Retrieve Device Application Status 
    • Retrieve Device Smart Groups 
    • Create Relay Servers 
    • Create Relay Servers in Bulk 
    • Delete Relay Server 
    • Retrieve Relay Server 
    • Update Relay Servers 
    • Create Staging Bundle 
    • Delete Staging Bundle 
    • Retrieve Staging Bundle 
    • Update Staging Bundle 
    • Retrieve Printer Details Using Identifier 
    • Retrieve Printer Details Using Location Group
  • Profile Management API updates

    • Create Windows PC Device Profile (Version 2)
    • Update Windows PC Device Profile (Version 2)
  • Organization Group Management API updates

    • Create APNs Cert Request
    • Retrieve Status of APNs Config
    • Update APNs Configurations
    • Save APNs Configuration
    • Create Express Licenses
    • Create Pinned Host 
    • Query for Pinned Host 
    • Query for Pinned Host by HostGuid 
    • Update Pinned Host
    • Pin Certificate to Pinned Host
    • Unpin Certificate from Pinned Host
    • Enable SSL Pinning
    • Disable SSL Pinning
    • Synchronize Pin with Auto Discovery
    • Enable Pin Relation
    • Disable Pin Relation
  • User Group Management API updates

    • Retrieve List of Notifications

    • Retrieve Count of Notifications



  • Changed the location of the VMware AirWatch Online Help.

    You can now access the AirWatch Online Help system from myAirWatch, by using the link under Documentation in the menu. Selecting the Help icon from the AirWatch Console also redirects you to this help system. Search results from myAirWatch now include links to help articles, and you can perform a local search within the help once it is launched.

    Moving the online help to myAirWatch lets us update it more frequently with the latest updates, additions, and fixes. Most topics include a link to download a PDF of the guide a particular topic belongs to.

Bugs Fixed

  • The following list represents some of the bugs that were fixed for AirWatch v9.1. If you received an Issue ID for a submitted bug, you can search for it here to see if the issue was fixed in this release. Some of these bugs may have been addressed in feature packs for recent releases.

    Issue ID Issue Description


    Fixed an issue related to user interface inconsistencies for public Android application installation status.


    Fixed an issue where the device count did not increment under the Members list.


    Fixed an issue where the ScheduleOSUpdate REST API command triggered a 500 error.


    Fixed an issue where the DEP profile name would display in English even though the organization group locale was set to Japanese.


    Fixed an issue where a push notification message was not saved in the application if the user did not open the message.


    Fixed an issue where iOS Device-Based VPP applications were intermittently pushed twice upon enrollment.


    Fixed an issue where when an internal PDF book was pushed to devices and installed successfully, the book status would go from Pending Install to Managed but Uninstalled until the device was queried again.


    Fixed an issue where changing the platform on the Apple Configurator settings page did not hide the Default Staging User field and Save button correctly.


    Fixed an issue where the RetrieveBulkDeviceInformation API call would return the wrong supervised status.


    Fixed an issue where the iOS VPN profile would generate incorrect values for OnDemandMatchAppEnabled.


    Fixed an issue where creating an iOS Home Screen Layout profile and adding more than 10 folders on a single page would cause UI issues.


    Fixed an issue where an admin was unable to Disable Lost Mode or issue any MDM commands if an InstallApplication command was pending in the queue.


    Fixed an issue where the macOS web enrollment Continue button did not function after enrollment completed.


    Fixed an issue where the Console failed to save ePub files to Books if the file's date format was YYYY.


    Fixed an issue with iOS, macOS, and tvOS profiles using the Allow Removal "With Authorization" setting and a password where a dict tag in the XML of a payload contained incorrect information.


    Fixed an issue where the clear device passcode option would display (or not display) based on the privacy settings that were set at the Global level instead of at the organization group to which the device was enrolled.


    Fixed an issue where VPP application were not pushed to a shared EDU device when a student mapped to an enrollment user is logged in.


    Fixed an issue where if a device was unassigned and reassigned to a DEP token, the Console did not reassign the profile after syncing.


    Fixed an issue where the ApplicationProvisioning profile renewal process would fail.


    Fixed an issue where an install application command was not being sent during the macOS DEP Setup Assistant process.


    Fixed an issue where admins are unable to create classes in AirWatch School Manager with about 20,000 enrollment users.


    Fixed an issue where uploading a csv failed to map EnrollmentUsers to Apple IDs under Apple School Manager when the username was not all lowercase.


    Fixed an issue where the Change Organization Name prompt for application installation was not working for the first prompt of an app install.


    Fixed an issue where the iOS Time Scheduling profile was not working properly.


    Fixed an issue where random languages were displayed on an iOS device at enrollment.


    Fixed an issue with Apple School Manager where ClassPersonMap records were removed after a sync.


    Fixed an issue where the Activation Lock bypass code was not available when an offline device was moved to a new organization group.


    Fixed an issue where an app icon was not rendering in the Catalog for iOS 10 devices.


    Fixed an issue where false unmanaged profiles were showing up for certain devices.


    Fixed an issue where deleting an organization group with a DEP profile assigned, but not where DEP was configured, would cause a stored procedure to error out.


    Fixed a UI issue on the Energy Saver profile for macOS.


    Fixed an issue where you could not search for Find My iPhone to add as a public application.


    Fixed an issue where VPP apps Install on Filter would look for devices under the admin's organization group rather than the application's organization group.


    Fixed an issue where the Manage Devices menu was not present for Redemption Code assignments.


    Fixed an issue where the Device Details Application List did not reflect the install status changes to macOS internal applications.


    Fixed an issue where adding a new version to a macOS profile containing a custom settings payload and a credentials payload, clearing the custom settings payload, and adding a different payload would not save the new payload.


    Fixed an issue where after uploading an sToken, a sample queue accumulated many messages due to a failed request to an API endpoint.


    Fixed an issue with AirWatch School Manager where admins are unable to add class members by name.


    Fixed an issue where an app config push to one public application would queue the app config push command to purchased application assignments as well.


    Fixed an issue where a Device-Based VPP App assignment was not getting pushed to devices when a compromised status compliance policy is pending.


    Fixed an issue where the iOS VPN profile for Global Protect showed Disconnect on idle (min) when it was actually in seconds.


    Fixed an issue where the Allow Simple Value setting in the passcode profile for macOS 10.12 Sierra devices would not work.


    Fixed an issue where the public application status would change to App Already Installed for iOS devices.


    Fixed an issue where users were able to reset the Agent passcode on a DEP device after exceeding the maximum number of failed attempts as set in the security policies.


    Fixed an issue where the child permissions "Inherit Only" was not getting saved on the APNs for MDM settings page.


    Fixed an issue with the AirPlay command not working in the AirWatch Console.


    Fixed an issue where an error occurred when saving an Android for Work public application using an application configuration with imported key value pairs.


    Added new manufacturer and Enterprise OEM version values for Honeywell Version 1.2 and 1.3 for smart group assignments.


    Fixed an issue where Android was misspelled in an API response for a certain call.


    Fixed an issue where performing a Request Debug Logs command from the Console for Android resulted in a long delay and intermittent reception of the command and sending of logs from the device.


    Fixed an issue where an EAS profile would not get pushed to an end user's device that was enrolled after the AirWatch Console was upgraded.


    Fixed an issue where the push notification via API for Android was not reaching the devices.


    Fixed an issue with the AirWatch Launcher where the device passcode was removed after a logout for shared devices.


    Added option values in the AirWatch Console in support of the newest version of LG devices.


    Fixed an issue where localization was not properly applied during enrollment in the Android Agent.


    Fixed an issue where the search UI displayed legacy Android settings that are no longer modifiable in the UI.


    Fixed an issue where a stored procedure was not handling Android for Work mapping properly.

    AGGL-1406 Fixed an issue where the Console would sent a non-integer value for GroupAssignmentMode, resulting in an exception for shared device profile groups.


    Fixed an issue where profiles and apps for Android for Work did not get pushed without a manual sync.


    Fixed an issue where for Nexus devices the application list would only show managed applications after removal and re-install.


    Fixed an issue where if you had privacy for personal apps set to Do Not Collect and a user installed an Android managed public app, it would cause the compliance engine to mark the device non-compliant for not having the application even if the device did.


    Fixed an issue where a deactivated application would still appear in the managed app list in the AirWatch Agent for an Android device.


    Fixed an issue where changing a custom lookup field did not get applied correctly on Android devices when the profile was re-pushed with the new value.


    Fixed an issue where devices did not enroll into Android for Work when single or multi-user staging was enabled.


    Fixed an issue where the AirWatch Console did not support the Bundle Array data type when using managed configuration to configure an app.


    Fixed an issue where users were unable to enroll Android for Work devices in Laforge with SAML authentication.


    Fixed an issue where Android Container would try to download an IPA file when the same Bundle ID was used for iOS and Android applications.


    Fixed an issue where some appx files were returning a different Identifier in the sample than from what was parsed in the AirWatch Console.


    Fixed an issue where Windows 8.1 certificates were removed after enrollment.


    Fixed an issue where the Windows 10 Mobile Assigned Access profile would change the friendly name of an internal app on the profile following an app update.


    Fixed an issue where Windows Phone 8.1 device enrollment restrictions based on OS version were not working when using Company Hub.


    Fixed an issue with an MSI file not installing through Apps & Books assignment for Windows 10 desktop devices.


    Fixed an issue where IMEI did not show on Device Details when Cell Status is not available, even though it shows on the Device List View.


    Fixed an issue where Device Model ID was not updated when upgrading a device from Windows 8.1 to Windows 10.


    Fixed an issue where Change Device Passcode functionality was not working properly on Windows Phone 8.1 devices.


    Fixed an issue where adding the Windows Phone restriction Allow Adding Non Microsoft Accounts Manually did not populate the XML payload with the applicable data.


    Fixed an issue where a particular API for retrieving network information from a device would fail.


    Fixed an issue with the automatic generation of the installation command for transforms in the AirWatch software distribution feature.


    Fixed an issue with the installation of VPN profiles on Windows Desktop devices that was caused by enabling the authentication protocol for machine certificates.


    Fixed an issue where Windows 10 Desktop profiles were not being removed when the devices was no longer assigned the profile.


    Fixed an issue with the 'settings page' value in the Assigned Access profile in AirWatch that blocked Windows 10 Mobile devices from accessing the Work Access page.


    Fixed an issue where Bitlocker encryption was showing as pending/failed to install profile after an AirWatch Console update.


    Fixed an issue with the VPN profile in AirWatch that did not display the password option in the Authentication area when you toggled between connection types IPsec and PPTP.


    Fixed an issue with the Delete Device function that was not removing the Work Access Account from Windows Phone 10 devices.


    Fixed an issue with the UI validation for the upload of applications in the software distribution feature that included the system not reporting exact required fields missing values.


    Fixed an issue where pushing a Windows Phone 8.1 Wi-Fi profile using PEAP MSCHAPv2 would fail.


    Fixed an issue where the Windows Phone 10 passcode screen would get stuck in a pending state.


    Fixed an issue with the certificate functions for Windows 10 Phone and PC in AirWatch where the console displayed the incorrect common name for certificates that use DCOM.


    Fixed an issue where Surface Pro 3 and 4 devices were not prompting for a PIN at startup when encrypted.


    Fixed an issue with the systray Agent icon showing up multiple times on Windows 7 desktops.


    Fixed an issue where a Windows OS enrollment restriction would prevent certain Windows Phone devices from enrolling.


    Fixed an issue where the Windows 10 Windows Update payload was not providing the correct output.


    Fixed an issue with the inability to set non-FQDN URL entries in the AirWatch Console as the homepage or as bookmarks in Browser.


    Fixed an issue with enabling Caller ID for iOS Boxer in the AirWatch Console.


    Fixed an issue with the UI that displayed an errant drop-down menu in the Compromised Detection setting in Security Policies if toggled between enabled and disabled.


    Fixed an issue where an Unlimited Sync option was available in the Console but was not actually supported in Inbox.

    APC-412 Fixed an issue where whitelisted apps bundle IDs were duplicated in the email settings section for Boxer configurations.


    Fixed an issue where the addition of an application to the Apps & Books section of AirWatch would uninstall the application if it was in the Product Provisioning section and configured with the File/Action option.


    Fixed an issue where the system removed a production version of Launcher from assigned devices when a BETA version of Launcher was removed from a test smart group.

    ARES-1443 Fixed an issue where incorrect application installation numbers displayed in the AirWatch Console.


    Fixed an issue with the sort-by-version function for internal applications that displayed versions in the wrong order.


    Fixed an issue where duplicate install profile commands for a device were queued.


    Fixed an issue with the proxy section of the Wi-Fi profile for Android devices that allowed negative proxy port ranges or large number values and that displayed text below the option instead of a tooltip.


    Fixed an issue with the editing of application groups when editions followed a specific task sequence.


    Fixed an issue with the reactivation of profiles with a security PIN that displayed help text for the deactivation process and not the activation process.


    Fixed an issue in the process to upload internal applications that changed the value for the Make App MDM Managed if User Installed option from yes to no upon the initial publish process.


    Fixed an issue with the REST API that calls for public application information that did not return all information and the information it did return, was incorrect.


    Fixed an issue where app install commands were removed from the queue after a publication event of the same application at a sibling (same-level) organization group.


    Fixed an issue with the begin-installation-API that failed in environments that integrated with a content delivery network (CDN).


    Fixed an issue with the app scan feature for Windows 10 devices that did not update the information about when the device last had an app scan performed on the Device Summary page.


    Fixed an issue with a database entry for listing the public applications that caused a long loading time for the page and returned no records in the UI.


    Fixed an issue where devices were unable to download internal apps when file storage was enabled.


    Fixed an issue with the application list view for internal applications that displayed the wrong item count.


    Fixed an issue with the exchange resources feature for Android that allowed a sync interval in the restrictions to be set to negative numbers.


    Fixed an issue with the removal of smart group assignments during the versioning of internal applications that caused the UI to continuously load.


    Fixed an issue with the Hub in AirWatch that displayed compliance violations but did not display blacklisted applications found on devices unless the applications were also defined in the console.


    Fixed an issue with the application whitelist feature for iOS devices that did not adhere to the configured device-ownership type value.


    Fixed an issue where version sorting was not working properly.


    Fixed an issue with the process to add public applications that prompted to discard changes if the country value was changed during the upload process.


    Fixed an issue where the Device without Required Apps section of the Hub was not accurately reporting devices out of compliance with a required app group.


    Fixed an issue where an app would show Not Installed with the reason of Unknown or Pending Install, while under the device it would show as Installed.


    Fixed an issue with child organization groups (OGs) not inheriting application categories from parent OGs.


    Fixed an issue where an internal app icon would disappear after upgrading the Console and deleting an older version.


    Fixed an issue where if you update the content status from Installed to Viewed via Content Locker, it would not get recorded in the database.


    Fixed an issue with the share-link in the Self Service Portal that did not render correctly on Windows 8.1 and Windows 10 devices that ran IE 11.


    Fixed an issue with the content dashboard in AirWatch that displayed an error instead of displaying files.


    Fixed an issue with badges that identify application version numbers in the content feature that did not display the correct version value after editing an application.


    Fixed an issue with content templates that did not display active users when there are active users, when selected from a child organization group.


    Fixed an issue with the share-link in the Self Service Portal that did not work if files were bigger than 1 GB.


    Fixed an issue where folders and contents failed to sync on the Console when a folder name was changed in a user's personal SharePoint.


    Fixed an issue where a repository would be added on the Self-Service Portal but not displayed in the list.


    Fixed an issue with the system adding file extensions twice to files that were managed by AirWatch and uploaded to the console.


    Fixed an issue where an application was not displaying the correct Installed number of devices in the Console.


    Fixed an issue where the Status of Content display would not indicate installed after a document was viewed.


    Fixed an issue with the Content Locker add-on for Outlook 2007 that failed to install on Windows 7 32-bit devices.


    Fixed an issue with the inability to access new admin repositories from the console and from iOS devices.


    Fixed an issue with the share-folder feature in the Self Service Portal that did not load content when the language was set to French (Switzerland).


    Fixed an issue with saving admin repositories set to network share that did not have a username and password and returned errors instead of saving the repository.


    Fixed issues with inconsistent telecom corporate data recording.


    Fixed an issue with the telecom list view that displayed an error and not the list view if iOS devices were enrolled and assigned.


    Fixed an issue with the integration with GroupWise email servers that caused the corruption of WAV files when sent through the Secure Email Gateway as an encrypted attachment.


    Fixed an error with the system that created a new MEM record instead of moving the existing MEM record with the Active Directory (AD) user when moved from one AD user group to another.


    Fixed an error in the email dashboard that displayed multiple values of the same EAS device type, when it should display a single line for each type in the Top 5 EAS Device Types area.


    Fixed an error with the compliance policy for email security classifications that converted letters with linguistic characters (like acute accents and umlauts) to HTML code (&#246) when it sent block email messages in plain text.


    Fixed an error in Content Locker that did not allow the opening of email attachments that had Chinese characters in the file name.


    Fixed an error with the initial setup of a MEMconfig for PowerShell where the user group search failed if the sync results were restricted to a specific organization unit.


    Fixed an error with the filter for Last Seen on the Email List View page that returned the wrong devices.


    Fixed an issue of being unable to delete an existing MEM configuration.


    Fixed an issue with the SEG not showing in Hub > Admin Panel > Deployed Components after an upgrade.


    Fixed an error with the standalone enrollment process for Boxer where the system, when configured with PowerShell, did not send an allow-command for a user that re-enrolled with Boxer.


    Fixed an issue where encrypted calendar invite attachments could not be opened in the native iOS client.


    Fixed an error that errantly prompted for passwords on iOS native email clients after an AirWatch environment was upgraded but the Secure Email Gateway was not upgraded.


    Fixed an error where the Secure Email Gateway received 401 responses but sent 200 responses to devices after users changed their Active Directory passwords.


    Fixed an error with the email management feature that did not send whitelist and blacklist commands to Blackberry devices upon device enrollment.


    Fixed an error with the password provisioning feature that did not allow the Auto-rotate Google Password option to get disabled.


    Fixed an issue where an ActiveSync profile association to the MEM configuration was not retained after saving the configuration.


    Fixed an error with Application Install payload that was a normal priority in the queue and made it a high priority.


    Fixed an error with the saving of MEMconfig files after completion of the configuration wizard.


    Fixed an error with an inline SQL that caused timeouts by changing the alias name of a table to improve performance in smart groups.


    Fixed an issue where the smart group device map would not update and queue messages if the last OS sample was NULL.


    Fixed an error with user-activation emails that displayed date formats incorrectly because they did not match the admin locale's date formats.


    Fixed an error with the configuration of a new SAML endpoint that did not process attributes except the username and stopped users from accessing the Self-Service Portal or from enrolling due to only their username populating.


    Fixed an error with the API for smart group retrieval that failed if a smart group was configured with device exclusions.


    Fixed an error with Container enrollment that allowed users in a user group that was restricted from accessing Container to enroll with QR codes.


    Fixed issue where the Terms of Use Acceptance export function for devices only pulled the first page of results.


    Fixed an issue where the sent date in the message body of a device unenrollment notification was always displayed in UTC with certain steps of device deletion.


    Fixed issue where the enrollment QR code preview displays incorrectly when device is moved.


    Fixed an issue where the message template lookup field used the admin's locale and not the organization group locale.


    Fixed issue where the user account Additional Organization Group enrollment is disabled when a new device is added.


    Fixed an issue where whitelist enrollment restrictions would not work if Android was listed in the middle of the restriction policy.


    Fixed an issue where lifecycle notification emails are not sent when user email addresses are encrypted.


    Fixed an issue where HTML message templates are corrupted.


    Fixed an issue where resetting an edited registration token generates a device activation email in plain text.


    Fixed an issue with the token enrollment with IMEI Whitelist not stripping spaces from IMEI, which caused whitelist verification to fail.


    Fixed an issue where a device enrolled with Multi-User staging does not default to "Corporate - Shared" ownership and correct OG-UG mapping.


    Fixed an issue where the bulk message template for the Deactivate/Activate User action defaults to notifying user of the action.


    Fixed an issue where the first REST API call for UDID was slow.


    Fixed an issue where the Enrollment Organization Group for an enrolled user is changed when a device is registered to the user.


    Fixed an issue where new Smart Groups do not save correctly in certain environments.


    Fixed an issue where a Telecom Cell Data Usage compliance policy would stay as Pending.


    Fixed an issue where Android Agent users could bypass enrollment restrictions when the domain name was not specified.


    Fixed an issue where admins cannot search for usernames when previewing a selected Smart Group assignment.


    Fixed an issue where the first Android whitelist restriction for a manufacturer would fail when there were more than one.


    Fixed an issue where a search in List View omits the user display name is the user phone number is set to Do Not Display.

    CMSVC-1572 Fixed an issue where a 500 internal server error would occur when attempting to retrieve a Smart Group using an API.


    Fixed an issue where selecting a Group link opens the Dashboard page instead of the User Group List View.


    Fixed an issue where an error message "Something Unexpected Happened" appears when user accesses specific Smart Group in the Console.


    Fixed an issue where user was unable to change a basic admin password after upgrading to AirWatch


    Fixed an issue where user authentication via ACC fails if the user's password contains the "&" character.


    Fixed an issue where the Register Device API does not correctly deploy the message template specified when the API is created.


    Fixed an issue where the Automatic Directory group sync does not work as expected.


    Fixed an issue where a User Group with an Object Identifier value of 16 characters fails to save to the AirWatch Console.


    Fixed an issue where {OrganizationGroup} was attached to the device name on the device itself instead of the actual value.


    Fixed an issue where adding a lookup value converted a non-English language template to English.


    Fixed an issue where a user was able to authenticate without entering a domain in a multi-domain setup.


    Fixed an issue where importing a Directory User to the AirWatch Console with a Custom Attribute generates a Save Failed error.


    Fixed an issue where updating a user's details via REST API automatically updates the user role.


    Fixed an issue where a user's phone number cannot be deleted on the AirWatch Console.


    Fixed an issue where a device's compliance policy assignments do not migrate when a device is moved to a different Organizational Group.


    Fixed an issue where editing a non-English language User Group policy on the Restrictions tab in the AirWatch Console changes the text to a different language.


    Fixed an issue where the Update Organization Group Failed events logs event was getting triggered even if it was successful.


    Fixed an error with performance when the compliance engine processed the operators in the Apps List policy, which included whitelisted applications, contains, does not contain, required apps, and contains version.


    Fixed an issue where creating a compliance policy at a Container-level organization group could not create an All Devices smart group if a smart group containing the words All Devices already existed.


    Fixed an issue where the Free Disk Compliance Policy would time out when assigned to a smart group with many devices.


    Fixed an issue where admins are unable to edit roles of other admins created in other organization groups.


    Fixed an issue where the Add missing user option on an admin group would fail in a multi-domain environment.


    Fixed issues where the REST API errors out when retrieving smart group information if the user addition is deleted from the Console.


    Fixed an issue where no compliance action was being executed on re-enrolling a device after an initial Enterprise Wipe command.


    Fixed an issue where an upload to RFS via Content Gateway returned a JSON that was not handled by the device.


    Fixed an issue where the ACC auto-update would not function properly due to a new version of an included package.


    Fixed an issue where a user group sync would fail when the sync took longer than two minutes and AWCM clustering was used.


    Fixed an issue where asynchronous exports were getting stuck at "processing" indefinitely.


    Fixed an issue where a REST API call would fail to find a smart group if it had parenthesis in its name.


    Fixed an issue where the API Event Notification would fail when the credentials contained a question mark character.


    Fixed an issue with app catalog events to allow them to now use up to 255 maximum characters.


    Fixed an issue where AirWatch failed to add users for subscriptions.


    Fixed an issue where the ENS service would stop with an unhandled exception error.


    Fixed an issue where you could not force ENS to communicate over TLS 1.2, by now supporting the OutBoundTlsProtocols key in the config file.


    Fixed an issue where ENS failed to identify new email during a synchronization for new changes.


    Fixed an issue where the Device Application Detail report did not correctly display apps with accented characters.


    Fixed an issue where the application deployment status report would time out while retrieving the report parameters.


    Fixed an issue where the profile compliance report would only show results for one profile.


    Fixed an issue where the Report Viewer admin role did not have permission to view the Export page.


    Fixed an issue where admins were unable to add subscriptions when choosing to run a report on the 30th or 31st day of every month.


    Fixed an issue where subscriptions were marked as deprecated for all SSRS reports upon an upgrade.


    Fixed an issue where the Enrollment User Summary report and the List View did not match in terms of the number of enrolled devices.


    Fixed an issue where the Applications Details by Device report displayed multiple versions of the same application as installed.

    FBI-177500 Fixed an issue where the New Application Details by Device report would only pull a fraction of the records.


    Fixed an issue where disabling Default Locations when creating an organization group on the Console prohibits device enrollment at the organization group.


    Fixed an issue where HTML tags were displayed on the AirWatch Console when using the Czech language.


    Fixed an issue where performing a Settings Comparison with an upload from a different environment would result in mixed behavior.

    FCA-180766 Fixed an issue where users could see notifications from other Organization Groups than the user has access to.
    FCA-181212 Fixed an issue where admin accounts created at an Organization Group lower than the Organization Group the admin is assigned to would not receive notifications for their Organization Group.


    Fixed an issue where after deleting an enrolled devices via Devices List View, the device was not shown as Delete in Progress / Enterprise Wipe Pending.


    Fixed an issue where Smart Group, User Group, and Tag drop-downs would not work in the Safari browser.


    Fixed an issue to make the Login Page Background setting under Branding no longer a required field.


    Fixed issues related to adding tags to a large number of devices using Devices > List View.


    Fixed an issue where the Loading icon was visible after loading the Device Details View in Internet Explorer.


    Fixed an issue where SAML redirection was not working with Self-Service Portal and email.


    Fixed an issue where the Hub page would display incorrect information for Telecom.


    Fixed an issue where admins are unable to sort devices based on the current Telecom plan.


    Fixed an issue where the Organization Group Child drop-down would not display correctly in Firefox v.45, Internet Explorer 11, or Edge browsers.


    Fixed an issue with a script that was causing issues on the Device Details page when using Internet Explorer 11.


    Fixed an issue where the Console was not reporting Agent data usage.


    Fixed an issue where if a child organization group had the same name as the parent organization group, then during organization group assignment the hierarchy of organization groups was not ordered correctly.


    Fixed an issue where User Group mapping settings a child organization group were not being applied for Self-Service Portal logins.


    Fixed an issue where when filtering by IP ranges, the results would include some devices that had an IP outside of the specified range.


    Fixed an issue where a Global search would return results that did not contain the actual search phrase.


    Fixed an issue where admin account changes could not be saved due to an invalid initial landing page.

    FCA-182219 Fixed an issue where telecom data on the Data tab in device details and AirWatch app usage would result in an error.


    Fixed an issue where the Console was not showing results for "User" searches.


    Fixed an issue where a client with data transmission pause would still receive a host shutdown event when there was data pending.


    Fixed an issue where in the Android Launcher profile bookmarks with too many characters were not populating.


    Fixed an issue where the Total Device Count would not account for devices showing up with an Unknown status.


    Fixed an issue where attempting to save a File/Action would result in a Save Failed error message.


    Fixed an issue where the Relay Server List View would show the same entries on different pages.


    Fixed an issue where admins with custom roles could not view the Products tab and the resource controlling that access could not be modified.


    Fixed issues with improper formatting for AirWatch Launcher when the console language was set to Portuguese.


    Fixed an issue where the Console Administrator role could not access the User Categories page.


    Fixed an issue where the Launcher profile could not be added or edited if the locale was set to German.


    Fixed an issue where the file manager upload did not work on the Internet Explorer browser.


    Fixed an issue where configuring Wi-Fi for Windows Mobile Rugged devices did not correctly set the Country Code on the device.


    Fixed an issue where the Create and Update Custom Attribute API was accepting restricted characters for the Value field, which is not allowed from the AirWatch Console UI.


    Fixed inconsistencies with the Uninstall application manifest in Products.


    Fixed a typo in the uninstallation message for VMware Tunnel and Content Gateway for Linux.


    Fixed an issue where users are unable to enroll Windows 7 desktop devices when the terms of use are enabled with the new Agent.


    Fixed an issue where scripts were not running automatically on Windows Desktop devices with the Protection Agent v8.0.