check-circle-line exclamation-circle-line close-line

< meta property="og:type" content="article" />

Workspace ONE UEM | 8 October 2018

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

New Features in this Release

Workspace ONE UEM console

  • Our console releases follow a new versioning format.
    VMware Workspace ONE UEM is moving away from our traditional major.minor version numbers to a date driven model represented by a year and month (YYMM). This release is version 1810 with a build of (YY.MM.M.P) where M = maintenance and P = patch. 
  • Your Feedback Matters. Participate in an optional survey and tell us about your experience with Workspace ONE UEM console.
    You can provide feedback by completing an optional survey about your experience with the Workspace ONE UEM console. Your feedback is positively used to make improvements to our software. Start the survey yourself by selecting your username in the upper-right corner and then select Send Feedback or you can opt-into the pop-up window that appears after the 25th login within a 30-day period. If you opt-out of this pop-up window, you will not be prompted again.

  • Integrate VMware Identity Manager and VMware Workspace ONE UEM without Active Directory in Getting Started.
    In the Getting Started Settings page, we have decoupled the dependency for Active Directory so that you can set up VMware Identity Manager without it.
  • We made login security for basic administrators better with the removal of the lockout time limit. 
    A Basic admin can be locked out either by exceeding the configurable maximum number of invalid login attempts or answering the security questions incorrectly more than three times.
    When they are locked out, they must either reset their password using the troubleshooting link on the login page or they must get another admin to unlock their account using the Admin List View. The locked-out admin also receives an email notification when their account is locked and again when it becomes unlocked.
    Basic administrators can also be locked out through the API, and while they must reset their passwords using the same methods, they are not notified by email in such a case.
    The lockout time limit has been removed which means when a basic admin is locked out, they can no longer just wait it out and try again. There is no additional setting required to enable this new behavior, it is enabled by default.
    To configure the maximum number of invalid login attempts, navigate to Groups & Settings > All Settings > Admin > Console Security > Passwords.
  • We gave a new name to Hub in the UEM console. It's now called Monitor.
    The central portal that gives you fast access to all critical information is now called Monitor
  • Direct enrollment with LDAP.
    We have improved external ID handling to make sure that the UEM console supports direct enrollment with LDAP.
  • Quick-start your Mobile Flow setup with automated tenant provisioning.
    UEM console now provides end-to-end automated tenant provisioning capability from the UEM console using VMware Identity Manager.
  • Mobile Flows accessibility got more flexible. Administrators can now access mobile flows without any restrictions.
    We have removed the access restriction of VMware Identity Manager to use Mobile Flows in the UEM console. Administrators can now access Mobile Flows within the UEM console.
  • Mobile Flow user synchronization and authentication process got better.
    Mobile Flows does not require user synchronization from the UEM console to VMware Identity Manager. If the user account is present in VMware Identity Manager, Mobile Flows automatically authenticate client's requests.
  • The AirWatch Agent productivity app has been renamed VMware Workspace ONE Intelligent Hub.
    This new app gives you the flexibility you need to provide employees with a unified onboarding experience across virtually any iOS and Android device. Hub Services makes delivering a true digital workspace experience easier than ever with helpful, new functionality including:
    • Unifiied App Catalog with App Ratings
    • Notifications
    • People
    For more information on the services offered, see the Guide to Deploying Workspace ONE Intelligent Hub Services.

AirWatch Cloud Connector

  • We changed the name of the VMware Enterprise Systems Connector System Settings page.
    The VMware Enterprise Systems Connector System Settings page is now the Cloud Connector page. 
  • Install AirWatch Cloud Connector or VMware Identity Manager Connector with their own installers.
    We have created two separate installers, one for AirWatch Cloud Connector and one for VMware Identity Manager Connector. Now you can install VMware AirWatch Cloud Connector and the VMware Identity Manager Connector separately or together.
    Download the AirWatch Cloud Connector installer from the Workspace ONE UEM console Cloud Connector page. Download the VMware Identity Manager Connector installer from or


  • Deploy corporate owned devices with fully managed device functionality while giving your users the experience of a work profile.
    Administrators now get the flexibility of controlling device management features while deploying a work profile to the user. Administrators can now set separate policy settings for work and personal applications and achieve flexible deployment options for Android devices by using Corporate Owned Personally Enabled (COPE) deployment method.  
  • Protect your Android devices against security threats with SafetyNet attestation API.
    You can now assess the security and compatibility of the Android environments in which your applications run. Administrators can use Google's SafetyNet Attestation API that validates software and hardware information on the device where your application is installed to create a profile of that device. The attestation API helps you determine if a particular device has been tampered or modified.
    Enable SafetyNet Attestation API in the UEM console by navigating to Groups & Settings >All Settings > Apps > Settings & Policies > Settings > Custom Settings and paste {"SafetyNetEnabled":true} custom XML in the Custom Settings field.
  • Enterprise Factory Reset Protection policy got more flexible. Let your administrators change the settings during a device wipe.
    Factory Reset Protection can now be removed while performing a device wipe from the device management commands.
  • Managing Samsung Knox features from the UEM console got better.
    • The new ​Firewall profile is now available for Samsung Knox and Android Enterprise configuration that allows administrators to configure firewall rules for Android devices. The Firewall profile is displayed only when the OEM Settings field is enabled and Samsung is selected from the Select OEM field.
    • The Passcode profile has been updated for Samsung Knox to include Allow Iris Scanner, Allow Face Unlock and Lockscreen Overlay restrictions.
    • The Restrictions profile is updated to include additional capabilities specific to Knox devices. You can now see a new section called Samsung Knox that lets you change the settings.
  • We made Per-App VPN client configuration more flexible. You can now choose to select Tunnel for both Android Enterprise and Legacy Android.
    Per-app VPN allows you to configure VPN traffic rules based on specific applications. When configuring Per-App VPN (internal apps), administrators can now individually select VMware Tunnel for both Android Enterprise and Legacy Android. Previously, VMware Tunnel selection was applied to both Legacy Android and Android Enterprise.

Chrome OS

  • Installed Status column in the Profiles List View got better. 
    Administrators can now get the details of Not InstalledInstalled, and Assigned counts and view the list of users who have the profile in a specific state
    Take advantage of this update by filtering the Profiles List View by Platform. The Installed Status column, gives you the Not InstalledInstalled, and Assigned count. You can use the status link to view the User Details in a separate window. 


  • Managing your enterprise developed tvOS applications just got better.
    Now you can more easily manage your enterprise developed tvOS applications the same as iOS by adding new versions, renewing mobile provisioning profiles, setting app configuration values, and installing these applications on demand.
  • Skip the SIM setup configuration in the Setup Assistant.
    For iOS 12.1 devices configured for DEP in Apple Business Manager, administrators can now skip the option for configuring the SIM setup step in the Setup Assistant.


  • We let you define applications that can block the clean installation of an app.
    To enhance the end-user experience when updating apps, we have added the ability to define applications that might block the clean installation of an app. By defining a blocking application, administrators can ensure that the end user is notified if an application needs to be updated but is unable to update the app because a currently running application needs to be closed. If the end-user declines to close the blocking application, the Workspace ONE Intelligent Hub retries the installation on next sync.
  • The macOS Bootstrap Package feature now supports the newest MDM command for enterprise application deployment.
    We have enhanced the macOS Bootstrap Package feature to support the newest MDM command for enterprise application deployment for macOS 10.13.6 and above. There is no impact on the existing packages and devices.
  • macOS Mojave 10.14 brings enhancements to security around user consent for data access.
    To help administrators manage data access consent on behalf of the user, we have added a new MDM configuration profile payload called Privacy Preferences Control. In this payload, administrators can selectively allow or disallow access to various macOS services for a list of applications and processes.


  • Use our new Role Based Access Control to reprocess a product. 
    Two new resources have been created allowing you to include permissions for product reprocessing when you make admin roles. Admins with this permission can reprocess a product on a specific device or they can request reprocessing for all the affected devices.
    To make an admin role with the reprocessing ability, navigate to Accounts > Administrators > Roles and select Add Role. On the Create Role page, enter reprocess in the Search Resources text box to use the new permissions.


  • Software Distribution for Win32 apps is turned on by default for all on-premises customers.
    Software distribution is now turned on by default in the UEM console for all on-premises customers. By default, customers get up to 5 GB of storage for applications in the database before they choose to use File Storage.
  • Turn your Windows 10 devices into multi-app kiosk devices with the new Kiosk profile.
    The new Kiosk profile allows you to configure the device Start menu with the apps and groupings you want. Kiosk mode supports most apps and includes some built-in apps such as Microsoft Edge and Maps. You can create the profile using your own custom XML or the included designer.
  • Remove custom profiles with ease by adding removal code to the Custom profile for Windows devices.
    We have added a new text box to the profile so you can add the removal code for your custom XML. This removal code enables the Remove Profile and Deactivate Profile functionality. You no longer need to push a custom profile to remove your custom profiles.
  • Auto-approve all Feature Updates and Drivers for download with the Windows Update profile.
    We have added Feature Updates and Drivers to the Approved Updates functionality of the profile. Now you can set these update types for automatic approval to ensure that your devices receive these updates when they are available.


Resolved Issues

  • AAPP-5764 :DEP assignment page takes a longer time to display the drop-down menu with DEP profiles.

  • AGGL-2320 : Device Passcode is removed on auto log out when "Clear Default passcode on Logout" Flag is disabled.

  • AGGL-3495 : Android EMM Registration drop-down menu has globalization issues.

  • AGGL-3577 : Adding android public applications does not work as expected after 9.4 upgrade through installer.

  • AGGL-3781 : Android enterprise device enrollment with user-mapping and SAML fails to send the Android for Work token.

  • AGGL-3782 : Symantec CA certificates deployment to Chrome OS does not work as expected.

  • AGGL-3792 : Push ELM Service from Play Store fails if the Android for Work OG is configured with the enrollment restriction set to 'Limit to smart group'.

  • AGGL-3808 : Android for Work applications do not display in Play Store when assigned as On-Demand.

  • AGGL-4085 : Console installation in advanced staging fails if there are more than 13 products in the  staging package.

  • AGGL-4128 : Applications once installed and then removed from Android for Work devices can still be installed on the device even though they do not show up in managed Play Store.

  • AMST-6000 : BSP application query status does not get updated and display incorrect status on Desktops and Phone.

  • AMST-6552 : Production server throws pre-compiled exceptions for '/DeviceServices/WindowsPhone/WpProcessor.aspx'.

  • AMST-7732 : Application total size under Device Details View > Apps for Windows Desktop devices are showing in Kilobytes in the console and interrogator.

  • AMST-7830: Enterprise Cloud Resources in DataProtection Profile does not work as expected.

  • AMST-8289 : Migration script reset fails windows update metadata. 

  • AMST-8308 : Bulk API returns incorrect Encryption Status value for BitLocker encrypted devices.

  • AMST-8350 : Windows UpdateClassificationID sets incorrectly and fails auto approval update.

  • AMST-8353 : Windows 10 Surface Hubs and HoloLens Enrollment does not work as expected.

  • AMST-8355 : Install app deployment arguments fail to read database value.

  • AMST-8356 : api/mdm/devices/extensivesearch API does not return all the adapters MAC addresses.

  • AMST-8386 : Windows 10 HoloLens Enrollment does not work as expected.

  • AMST-8511 : Interactive profile containing credentials payload fails to install.

  • AMST-8556 : Device serial number lookup value is not displayed when receiving enrollment completion email notification.

  • AMST-9402 : The Lifecycle menu for Windows Updates shows NULL classification for features and drivers.

  • AMST-9894 : HoloLens enrollment does not work as expected.

  • ARES-5516 : Pop-up window that is displayed post standalone catalog enrollment has user interface issues.

  • ARES-5952 : Application catalog applies the incorrect navigation font color.

  • ARES-5991 : Application notify devices resource does not work as expected.

  • ARES-6133 : The App Catalog search screen abruptly disappears if a Japanese Character is used during search.

  • ARES-6297 : The pop-up window that demands for the user's confirmation upon profile deactivation fails to specify the name of the profile in the confirmation alert.

  • ARES-6329 : Profile installation on device sync does not work as expected.

  • ARES-6418 : Managed Access user interface button does not work as expected.

  • ARES-6449 : Password response to /AirWatch/ProfileResource/Edit/ProfileResourceEdit/<resourceID> is being transmitted as plain text.

  • ARES-6513 : MEM Config addition to VPP Boxer application does not work as expected.

  • CMCM-187838 :  SSP does not display the Manual template.

  • CMCM-187878 : Content List View displays the incorrect status number.

  • CMEM-184746 : Device whitelist fails from the UEM Console UI.

  • CMEM-184749 : MEM configuration page is displayed as HTML character codes clicking ADD button.

  • CMEM-184757 : Secure Email Gateway AW.Eas.Integration.Service.log displays an error while getting the latest valid encryption key.

  • CMEM-184812 : Pushing an email profile to the device does not work as expected.

  • CMSVC-7301 : Compliance UI displays incorrect  profile information.

  • CMSVC-7835 : Compliance violation email fetches incorrect OG timezone.

  • CRSVC-2933 : Scheduler fails to handle larger intervals of DB outages.

  • CRSVC-3459 : DS App pool creates multiple files and piles up the disk space.

  • CRSVC-3675 : HTTP response header is displayed  in the web server that causes security threat. 

  • CRSVC-3692 :  api/mdm/devices/uuid API is not exposed and is behind the feature flag.

  • CRSVC-3897 : Change OG API help page contains a parameter called 'organizationgroupid' which is incorrect. The parameter should be 'ogid'.

  • ENRL-278 : Bulk Import for network ranges does not upload or save successfully.

  • ENRL-306 : Enrollment page does not display devices when you order by or sort using Enrollment status.

  • ENRL-373 : patch /devices/{id}/enrollmentuser/{enrollmentuserid} API does not work as expected.

  • FBI-178009 : Device Inventory report for the field EAS DeviceID is empty for all the devices except for iOS native email client.

  • FBI-178020 : Blacklisted apps report fails to display any records even if the enrolled device has the blacklisted apps defined in a Blacklisted App group.

  • FCA-179680 : Radio button grid in the application search result page fails to align with the Select App in the console user interface.

  • FCA-187231 : Location tab in Device Details View fails to update when changing the OG using REST API.

  • FCA-187395 : Device Search API does not work as expected.

  • FCA-187467 : Asset Number column displays incorrect sort icon.

  • FDB-1853 : List of devices disappear from the Enrollment Status console page on clicking Enrollment Status.

  • FDB-1855 : UEM console performance is slow while accessing the application detailed view from App & books > Application > Native > Internal.

  • FDB-1869 : The Admin_LocationGroupDelete sproc results in an FK error on deleting an org when MEM is configured.

  • FDB-1900 : Organization Group cannot be deleted due to an FK error on mobileManagement.CertifcateTemplate.

  • FDB-1952 : Customer OG being deleted was blocked by an FK error.

  • FDB-2024 : UEM console users experience a high number of SQL Query timeouts.

  • FDB-2033 : Accessing terms of use for customers in the top OG hierarchy results in a timeout error. 

  • INTEL-7350 : The BitLocker encrypted device number is inaccurate when compared to the console data. 

  • LOC-9767 : Smart group creation screen displays localization errors on setting the local to German.

  • RUGG-3885 : CICO failure displays an incorrect message on setting the locale to Chinese.

  • RUGG-4634 : Bookmark is removed from the Launcher home screen after adding a new version of the profile from any OG other than where the Launcher or the bookmark profile is managed. 

  • RUGG-4860 : File Action removal under Product Provisioning fails to remove the File Action from the inventory sample in the UEM Console. 

  • RUGG-5006 : Setting the Provisioning Policy to Read and Reprocess Product to Edit does not the honor force reprocess. It is required to set the Provisioning Policy to Edit to force reprocess. 

  • RUGG-5395 : Zebra Printer Mirror Profile does not work as expected. 

  • SINST-174852 : Path in the "ImagePath" key under "SYSTEM\\CurrentControlSet\\Services AirWatch_Google_Play_Search" registry does not contain quotes around it.

Known Issues

  • AAPP-5500 - Changes in the app deployment parameters for an existing macOS software distribution assignment are not automatically installed.

    Any changes to the app deployment parameters for an existing macOS software distribution assignment are not automatically installed.

  • AAPP-5749 - FriendlyName and User details are not updated on the Enrollment Status page for DEP-enrolled devices.

    On the Enrollment Status page, the entries for DEP-enrolled devices do not display the FriendlyName, User, First Name, Last Name, and other details. The only columns that are populated are the Enrollment Status and Compliance Status columns.

  • AAPP-5927 - Book catalog does not properly render when 24+ books are present.

    The Book catalog does not properly render when 24 books or more are present.

  • AAPP-5929 - Incorrect key for Group Notifications in iOS Notifications profile.

    The incorrect key is used for Group Notifications in the iOS Notifications profile. The key used is GroupNotificationType instead of GroupType

    Instead of creating a Notifications profile, create a Custom Settings profile. Ensure that you use the GroupType key.

  • AAPP-5992 : Bulk push notification API does not work for macOS

    The bulk push notification API (https://\{host}/API/mdm/devices/messages/bulkpush?searchBy={alternateid}) does not work for macOS devices. The API returns a "202 Accepted" message, but no push notification is sent.

    Bulk push does not currently work for anything except APNS for iOS devices

  • AAPP-5612 - iBeacon Area profiles are not sent to iOS devices

    The iBeacon Area profiles are not sent to iOS devices when assigned.

  • AAPP-5676 - Cannot add cart for Apple Eduction from child organization group

    Carts cannot be added for Apple Education from a child OG.

    Navigate to the Hub > Education > Cart List at the OG where Education is configured, then navigate to the child OG.

  • AAPP-6027 - Custom Attribute values with colons are not saved to the database.

    Custom attribute values that include a colon do not save to the database.

  • AAPP - 6040 - iOS VPN profile with connection type IKEv2 and Machine Authentication type certificate fails to install on devices.

    The iOS VPN profile configured with the connection type set to IKEv2  and the Machine Authentication type set to Certificate fails to install on devices.

  • AAPP-6259: Bulk deleting devices will occasionally get stuck on “Delete in Progress”

    Deletion of devices will occasionally get stuck on “Delete in Progress” when performing the deletion in bulk. As a workaround, perform the delete device action from the device details page.

  • AGGL-4005 - Grant permission screen is being skipped during PBE passcode enrollment

    After Grant permissions you should activate device admin and create passcode. Currently after secure prompt the app intermittently skips the activate device admin step and goes straight to passcode creation.

  • AGGL-4355 - AFW AppControl includes both Work Managed and Work Profile in XML even though only Work Managed is selected post migration

    After migrating to 1810, AFW AppControl profiles only have Work Managed selected in UI and not Work Profile but the XML has both Work Managed and Work Profile.

    Simply click edit, add new version and save and profile will correct itself.

  • AGGL-4448 - Unable to open Android Samsung Knox Firewall Profile

    When creating an Android Knox Firewall profile and you click add rule but leave it blank the profiles saves and then throws an exception when you try to open or edit it.

    Do not add an empty rule. If an empty rule is added and the profile is then saved you must create a new profile.

  • AGGL-4392 - Unable to create a profile with Custom Settings payload

    When you try and create an Android profile through the API the Custom Settings payload causes it to fail.

    There is no work around for adding Custom Settings profile through API.

  • AMST-10575 - When creating Kiosk profile, adding an empty file path to an app breaks the profile.

    If you add an empty file path to an app when creating a Kiosk profile, the profile breaks and you can no longer add apps. The apps that should display no longer display.

    Do not add empty file paths. If you do, you must cancel the profile and start again.

  • ARES-6395 - Encrypt and Export buttons do not work for all the platforms except iOS

    The Encrypt and Export button does not work for all the platforms except iOS. A profile is encrypted for iOS but for other platforms, the exported profile is not encrypted. 

  • ARES-6450 - Unable assign groups/smart groups to apps If the OG type is container.

    When you try to assign a group or smart group to an app, the assignment fails if the OG is a Container type OG.

    An error displayed as "Something unexpected happened. If the issue persists, please contact your system administrator."

  • ARES-6665 - The wrong platform name is fetched when creating an SDK profile.

    When you create an SDK profile, the wrong platform is fetched. For example, if you create an SDK profile for Android, the platform is set to iOS.

    This issue only happens once per login. To create a profile for the correct platform, cancel the current profile and start again.

  • ARES-6692 - Creating a Profile with a Custom VPN type and using a working ADCS configuration for the certificate throws an error.

    Additional payloads for a VPN profile with a custom connection type fails to install on the device. The install fails with the error code 1000, 2000 and 2002 on the device.

  • ARES-6763 - Purchased app status doesn't update to 'Installing' after the command is queued

    After configuring VPP and setting a purchased app to auto-publish, the app status does not update to "Installing" after the command is queued.

  • ARES-6822 - Public App description appears in the App Catalog for Android EMM-configured OG

    Public App description is appearing in the App Catalog for Android-configured OGs. If 'Android EMM registration' is configured in an OG and device is enrolled with AFW mode disable, Adding Apps will get approved through google. In this case also, we do not see an app description in the App Catalog.

  • ARES-6830 - App Count for WS1 App on Console does not match with DB

    The Installed App count displayed in the UEM console does not match the count in the DB.

  • ARES - 6832 - Application Status Endpoint returns Not Supported / Not Assigned for old app versions.

    The current app status endpoint has a design flaw which does not safely handle application version updates. For example, once an admin "adds version" to an app, the app status endpoint will start returning "unassigned" for the older app version. This will cause an inadvertent enterprise wipe in the SDK app if the user has not had a chance to update to the latest version

  • CMSVC-8173 - The Directory Services wizard Cancel button does not close the window and on multiple attempts takes you to the IDP config page.

    Directory Services wizard page incorrectly displays two cancel buttons. If you select the Cancel button multiple times, you are sent to the IDP config page.

  • FBI-178029 -     Public managed apps cause an error when they change to un-managed

    Legacy Reports : Application Details by Device report parameters issue

  • FCA-187578 - When you push an updated Terms of Use is pushed, users are not getting the notification to accept the TOU in the Self-Service Portal.

    Users can see the TOU tab in the Self-Service Portal but they do not get prompted to accept it when logging in after the TOU is updated.

    The only time the prompt for TOU works is when the TOU is pushed at the same OG as the active directory setup and where the default Self-Service Portal authentication type is configured.

  • FCA-187832 - When using the Select All option on the Device List View to send a bulk action, the browser crashes due to JavaScript error.

    When you select all the devices in the Device List View to perform a bulk action, the browser crashes. The bulk action Confirm Security PIN prompt will display a spinner that continues to spin without performing the action.

    Instead of using the Select All button, manually select each item.

  • INTEL-7349 - Managed apps incorrect values set

    Invalid values are shown for the Managed App Status (app_install_status) filter

  • INTEL-8288 - Database Installer fails when upgrading from 9.7 to 1810.

    This failure occurs when CDC has been manually enabled in a 9.7 database (by running the ADP Export - Enable CDC job). The following error is seen in the database installer logs :

    [dbo].[CoreUser] is under change data capture control and cannot be modified
    [dbo].[LocationGroup] is under change data capture control and cannot be modified
    Analyzing deployment plan (Failed)

    If CDC isenabled, you must disable CDC before running the installer by running the CDC disable job in 9.7 "ADP Export - Disable CDC"

  • RUGG-5601 - Multiple duplicate entries in the RelayServer.ContentServiceItem queue causing a spike in DB CPU usage.

    Multiple duplicate entries in the RelayServer.ContentServiceItem queue is causing a spike in DB CPU usage. The multiple entries happen when multiple staging definition profiles exist and changes are made to the profiles or linked components. The spike caused can reach upwards of 95% usage. The relayServer.ContentServiceItem_GetNextRelayServerItems sproc is what is causing the DB CPU spike.

  • RUGG-5697 - Products are not properly assigned when a Custom Attribute Applicability Rule is present.

    The issue happens only when a custom attribute was created using pre 9.x console, another custom attribute was created in a post 9.x console, and both attributes link to the same value.

    TVP passed to SPC has duplicate keys for same value causing an exception.

    Clean up the old applicability rule that has Attributes stored instead of "A". Change the value to A.

  • RUGG-5701 - Incorrect products are assigned to a device from a product set.

    An incorrect product is assigned when the Policy Engine processes a device for product sets. This issue does not happen during a Product Set Activation command.

    To ensure products are properly assigned, use standalone products instead of a product set.

  • CMSVC-8437: Devices added using the “Additional Devices and Users” option are not added to smart groups if the devices are not in the Organization Group the smart group uses.

    If you create a smart group and select an Organization Group for the smart group, the Additional Devices and Users option does not work as intended. The devices are not added to the smart group if the devices are part of a different OG than the OG selected when creating the smart group.

    If you must add Additional Devices that do not belong to the selected OG, create a new "User Device Type" smart group for these additional devices. Next, assign both smart groups to the devices.

  • CRSVC-3589: Device Friendly Name display as NA in the Syslog server

    Syslog configuration in the UEM Console supports the configuration of the message content which should be delivered to the Syslog server. In the Message content configuration one can also specify the device friendly name as the look up value so that this value gets replaced when the syslog message is constructed by the event framework to be send to Syslog server.

    For all the console events, since the device-friendly name does not apply, it is shown as “N/A” in the Syslog server.

    As a workaround, do not use device friendly name for identifying the device. The device friendly name is a dynamic value that can change over time and may lead to inconsistent logging.

  • CRSVC-4591: End users are unable to access internal resources that are protected by a certificate. The certificate is expired even though Workspace ONE was set to auto-renew the cert.

    End users may experience and report being unable to access internal resources that are protected by a certificate. In these cases the certificate installed on the device is expired even though the certificate was set to be auto-renewed by Workspace ONE.

    To prevent any potential impact to end users administrators can navigate to the certificates list view page and identify certificates that are scheduled to expire within the next month. Administrators can select these certificates and select the option to force renewal. In the event the certificate has already expired, administrators can select the option to force renewal or re-push the profile to individual devices that are impacted.

  • AGGL-4720: Checked Android restrictions may be unchecked under Work Profile.

    In Workspace ONE UEM 1810, the Android restrictions profile was enhanced. In some cases when you create a new version of the Restrictions profile for Android devices, settings applied to the Work Profile (managed profile) are not migrated to the new profile payload layout. If this is not corrected manually before publishing the new version of the profile, an undesired setting may inadvertently be applied to devices. Without publishing a new version of the profile, exist and new devices are not impacted.

    For customers upgrading to Workspace ONE UEM 1810 from a previous version, if a new version of a restrictions profile payload is deployed, restrictions related to Work Profile are not automatically retaining the same value as before 1810. Existing devices will not be impacted unless a new profile is published.

    A current workaround is to reset the values under Work profile that were lost during migration before publishing a new version, as this will prevent the issue from impacting any devices

  • ARES-7116: Delay while loading legacy app catalog or hub catalog for large environments (all platforms)

    In Workspace ONE UEM 9.6 and above, a delay of 10 - 20 secs is observed while loading legacy app catalog or hub catalog for large environments on all platforms.

  • ARES-6867: Font color of the navigation bar deviates from the configured branding theme on the legacy App Catalog

    On console version 9.4 or above, font color of the navigation bar deviates from the admin configured branding theme on the legacy App Catalog

  • ARES-7033: Legacy App Catalog CSS does not render intermittently

    On all supported console versions (9.2 and above), intermittently CSS does not render. As a result, end-users see a distorted page that is difficult to navigate.

  • ARES-7074: App Catalog fails to load intermittently on iOS devices

    On iOS 12 or higher OS version devices, legacy App Catalog is stuck after launch with just the branding logo and spinning icon, intermittently.

    Closing and relaunching the catalog should address the issue.

  • ARES-6971: Incorrect number of reviews displayed to end-users on Legacy App Catalog

    In Workspace ONE UEM 9.6 and above, incorrect number of reviews displayed to end-users on Legacy App Catalog when they navigate to details of the applications.

  • CRSVC-5048: The UEM console fails to reset invalid login attempts.

    After you unlock an account and log in to the UEM console successfully for the first time and then try to enter an invalid credentials for the second time, fails to show a locked out message. A locked out message is shown on using the password recovery flow to unlock the account.

  • CRSVC-4391: Changes to Bluecoat VPN profiles fail with error "Save failed - unable to fetch trusted certificates".

    The integration between Workspace ONE UEM and Bluecoat leverages an authentication certificate seeded in the console and tenant identifier 'customer ID' input by an administrator in the VPN payload to initiate the integration. The seeded authentication certificate has expired which results in an error when the administrator attempts to make changes to the Bluecoat profile.

    At this time we have asked Bluecoat to provide a new certificate leveraging SHA-512 and we recommended that they offer tenant level certificates or vendor generated authentication certificates for added security.