VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features introduced for1912, a list of our resolved issues, and known issues

When can I expect the latest version?

We strive to deliver high-quality products, and to ensure quality and seamless transitions, we roll out our products in phases. Each rollout may take up to four weeks to accomplish and is delivered in the following phases:

  • Phase 1: Demo and UATs
  • Phase 2: Shared SaaS environments
  • Phase 3: Dedicated latest environments

This version is only available to our SaaS customers on the Latest mode. The features and improvements incorporated in this version will be available to our on-premises or managed hosted customers with the next on-premises release. For more information, see the KB article

New Features in this Release

Workspace ONE UEM Console

  • VMware Identity Manager is now Workspace ONE Access.
    Our Intelligent Access for the Digital Workspace is now called Workspace ONE Access.
  • We've enhanced the console response for deleted devices.
    When you delete a device from the console, the response you see no longer conceals the device's friendly name, allowing you to identify it.
  • It’s time to upgrade your .net framework to 4.8.
    For the VMware AirWatch Cloud Connector to auto-update, servers which have ACC installed needs .NET Framework 4.8.


  • PIV-D Manager is not limited to Android Legacy devices anymore. PIV-D Manager now supports Android Enterprise devices.
    Push the PIV-D Manager to your Android Enterprise deployment. Use it with Workspace ONE Boxer, Web, Wi-Fi, and VPN systems along with your derived credential provider. This iteration does not support using Gmail with derived credentials on Android Enterprise. For details, access Use Profiles to Control How Android (Enterprise) Devices use Derived Credentials Certificates.


  • Keep your iOS devices up to date and running the latest, feature-rich iOS releases.
    Manage the operating system updates of your iOS devices with the new Updates framework. With the new framework, you can force devices to download and install any iOS update available for the device. You can also notify users when each step finishes. A new reporting dashboard allows you to track the rollout of each update to your devices and drill into specific devices for a more detailed list of updates for the device.
  • Experience a modern UI for User Enrollment and Custom Enrollment.
    Users enrolling with the newly released User Enrollment for BYOD and Custom Enrollment for devices added to Apple Business Manager will experience a modern and refreshed interface to align with Workspace ONE Intelligent Hub's enrollment view.
  • Provide additional controls to your corporate iOS 13+ devices for Wi-Fi and the Files app.
    You can now force on Wi-Fi for iOS 13 supervised devices as well as prevent connections to network drives from the Files app in the Restriction Profile.
  • Better deploy Custom Apps by seeing rich metadata in the Workspace ONE UEM console.
    You can now automatically sync in the metadata for Custom Apps being added via integration to Apple Business Manager similar to how public apps are achieved. For more information, see Activate Management of Custom Applications.


  • HelpDesk support just got easier with the cross-platform remote assist solution.
    Workspace ONE Assist is now available for macOS.For more information, see Remote View.
  • Enhanced security for managing local admin account with a unique randomized password for each device that can be viewed in the admin console.
    We've improved security for managing local admin account on macOS. Workspace ONE UEM also takes it a step further and automatically triggers a password rotation in 8 hours of when someone attempts to view the password in the console for a particular device.
  • We now automaticaly remediate devices missing the required certificates.
    We've improved the desired state management of macOS certificates by automatically remediating devices missing required certificates. To know more, see Certificate Profile Resiliency.


  • Control when your Windows 10 devices update with the improved Windows Update profile.
    We've enhanced the Windows Update profile to improve the user experience. We've condensed some fields, removed legacy options, and reorganized the layout a bit. We've also added the new Active Hours Maximum option that allows you to limit the number of active hours for device updates. You can also set reboot deadlines based on the type of update with the Engaged Restart Deadline options.
  • Creating Baselines is easier with our improved UI.
    We've improved the user experience for creating Baselines. Navigate custom policies easier with the new vertical layout. Reviewing additional policies is easier with the new collapsible layout.
  • Know the build your Windows 10 devices are using.
    We've improved the Device Details page to show the latest patch version or 4th decimal of the OS version of your Windows 10 devices under the Build Number field.

App Management

  • We've stopped collecting personal app information from your devices, even while enforcing app compliance or app control policies.
    We've made some changes to the personal app information collection when you set the privacy policy as ‘Do not collect'. For more information, see the Impact of Privacy Settings on the Application List Compliance and Application Control profile.
  • We’ve improved the user experience for all your Windows app installation.
    You can now choose to defer reboots until a more convenient time, or install multiple applications and reboot once they have all installed. For more information, see Device Restart.

Content Management

  • Managing your existing Manual Templates just got easier.
    You can now add links to an existing template.

Email Management

  • Rotate your G Suite Password without all the hassle as before.
    Rotate the Google Suite password for G Suite user accounts without having to enroll or unenroll a device.


  • We've added support for domain usernames in Stage Now relay server credentials.
    You can now use domain-based usernames to authenticate Stage Now relay servers. Accepted formats for domain usernames are username@domain and domain\username. For more information, see Step 3 in Zebra Stage Now Special Characters, Android.
  • We're making your VMware launcher experience as close as possible to that of the native launchers. Pin icons to the hot seat bar and vice versa while using Workspace ONE Launcher.
    Add an app to the bottom bar while using Workspace ONE Launcher. This bar remains visible as users swipe to different launcher screens.

Resolved Issues

The resolved issues are grouped as follows.

1912 Resolved Issues
  • AAPP-7500: macOS FileVault Payload does not work as expected when the locale is set to French. 

  • AAPP-7868: Restrictions with Security and Privacy payload settings do not work as expected for macOS devices.

  • AAPP-7897: macOS API that is used to create a Profile with the Passcode payload does not work as expected. 

  • AAPP-8040: iOS profile gets orphaned and stays on the device even after deleting the profile. 

  • AAPP-8090: Show/Hide apps list does not work as expected in the iOS Restrictions payload.

  • AAPP-8166: Unable to update iOS profile with the Content Filter payload when the URL has a comma.

  • AAPP-8293: DeviceModel seed script does not work as expected.

  • AAPP-8343: Profiles with Allow removal set to "with authorization" is not displayed on iOS 13 devices.

  • AAPP-8373: ManagedApplicationList samples fail to save. 

  • AAPP-8405: Unable to add more than one Email Domain to the Managed Domains payload. 

  • AAPP-8425: iOS SDK integrated internal app fails to get token during initialization. 

  • AAPP-8484: macOS DEP devices remain stuck on re-enrollment without deleting the device in the Workspace one UEM.

  • AAPP-8504: Unable to send push notifications to any Workspace ONE productivity apps. 

  • AAPP-8620: Support "apns-push-type" for APNs via HTTP/2. 

  • AAPP-8635: User-Interface crashes while loading a NetworkUsage profile that is bundled with another payload. 

  • AAPP-8700: Students devices shows offline on teachers' devices due to certificate violation.

  •  AGGL-5959: SSP still gives the option to "Change Passcode" for Huawei devices (Android 7 +). 

  • AGGL-6067: SoftResetConfirmedUser device event does not get sent to Syslog on post 9.6 environments after a device reboot command is sent to the device. 

  • AGGL-6524: When creating an Enterprise Factory Reset Protection profile, the UEM console provides admins a URL where they can get the Google User ID of the currently-authenticated Google account.

  • AGGL-6537: Enrolling a device with the old record on the console, fails to change the new enrollment date. 

  • AGGL-6608: ChromeOS fails to retrieve an access token.

  • AMST-19858: Application version values over 32767 displays an error on save. 

  • AMST-20963: Manual sync on OMA-DM results in "The sync could not be initiated" error.

  • AMST-21003: When using the API to upload a Win32 app, the beginInstall API call fails if the install timeout is configured to be greater than 60.

  • AMST-21028: Updated version of the Bitlocker profile does not land on devices.

  • AMST-21080: Removing Firewall Profile from Devices -> Details View -> Profiles page results in 'Install Failed' status.

  • AMST-21615: Out-of-box experience devices displays entrust cert revoked issue. 

  • AMST-21627: Max length validation error is displayed for interactive logon message policy restricting admins from entering long legal text.

  • AMST-22482: Wifi auto-connect does not work for Windows desktop devices.

  • AMST-22483: Windows Devices does not honor the auto-logout setting.

  • AMST-22484: Windows Devices does not honor the auto-logout setting.

  • AMST-22481: Wifi auto-connect does not work as expected for Windows desktop devices.

  • AMST-22485: Windows Devices does not honor the auto-logout setting.

  • AMST-22493: Assigned and approved device count mismatch for Windows updates. 

  • AMST-22517: Update validation in Remote Address Ranges in Firewall rules to allow string values. 

  • AMST-22519: Firewall rules inaccurately maps UI to SyncML.

  • AMST-22520: Firewall rules inaccurately mapping UI to SyncML.

  • ARES-9779: Manual app installation does not work as expected from App Details View > Devices tab.

  • ARES-9890: On Android 9 devices such as Samsung S10, S8, OnePlus 7 pro the console shows incorrect OS version number during a standalone catalog enrollment. 

  • ARES-10519: Publishing public application results in the "Save Failed" error. 

  • ARES-10634: /profiles/search throws an error if the platform is not specified. 

  • CMEM-185406: Admin Panel page fails to load.

  • CMEM-185464: Google Token Revocation fails intermittently upon enterprise wipe or un-enrollment event.

  • CMSVC-10846: Unable to view the enrollment LG when exporting the User list view as a CSV from console.

  • CMSVC-10852: Zebra devices are being dropped randomly from a smart group that selects android devices running 6.0.1 and 7.1.2.

  • CRSVC-6554: Selecting different filters for Device Events at Global, results in incorrect, incomplete or no results.

  • CRSVC-7395: Unable to update the value of "max retries when pending" in the certificate authority page in the console. 

  • CRSVC-7462: The device list view shows incorrect compliance status.

  • CRSVC-7858: Blacklisted apps compliance policy is not displayed in the application list.

  •  CRSVC-7692: iOS and Android Boxer is unable to fetch SCEP certificate for authentication in the first attempt and fails with an error "unable to fetch certificate".

  • CRSVC-7698: Multiple emails are received for the Reports Subscription.

  •  CRSVC-7878: Sample Job does not pick up expected devices for check-in within the sample intervals.

  • ENRL-1568: User is not created in real-time via HUB enrollment and the enrollment halts.

  • FCA-189123: Unable to reset the password when the "required password recovery questions" are set to 0.

  • FCA-191370: The customized admin role does not honor access control.

  • FCA-191581: Unable to create DEP Administrator with "> <" in password.

  • FCA-191775: Unable to run “Application Details by Device” report on IE11 Browser.

  • FCA-191855: Unable to export the Device Inventory Report.

  • FCA-191865: GPS samples do not load the actual Bing maps interface.

  • FCA-191870: dbo.CoreUserDelete deletion takes long time. 

  • FCA-191917: Clear SSO passcode is deprecated but is displayed under the user roles. 

  • INTEL-13876: ETL | Resync fails to remove deleted entities from the EntityList.

  • INTEL-15232: ADP Entities Sync PK Violation Error.

  • PPAT-5823: Verify compliance of Tunnel Gateway TLS certificates with iOS 13 and macOS Catalina.

  • PPAT-5629: Navigation to the Tunnel configuration page displays an error message. 

  • PPAT-6339: Request Method API calls fail when the API URL Is different from the Console URL.

  • SINST-175459: UEM installer fails to set website bindings if the non-HTTP bindings exist. 

  • PPAT-6192: Patch installer fails with constraint error around Tunnel DTR tables. 

  • PPAT-6372: Unable to create tunnel configuration when any certificate authority friendly name matches the GroupID.

  • PPAT-6409: Tunnel Service is unable to add a new encryption key in the registry to decrypt the connection string. 

  • RUGG-7236: Unable to edit an Android Enterprise Launcher profile when the Android Intelligent hub is added as a hidden app in a single app mode.

  • RUGG-7258: While filling out the form to generate a Honeywell Barcode, within the UEM Console, the "Staging Profile" field does not provide any WiFi Profiles that were created as "Android" profiles.

  • SINST-175455: Update check for startModeSuspend and alwaysRunning to only execute on IIS 8.5 and higher. Patch Resolved Issues
  • AAPP-8886: Enrollment fails for Apple devices when the DB Query plan changes to use the non-clustered index for DevicePlatformLookups_List sproc. Patch Resolved Issues
  • ARES-11146: Unable to send boxer app configs for older assignments where app configs are not saved in the blob table.

  • CRSVC-8730: API causes Internal Server Error. Patch Resolved Issues
  • AAPP-8961: 80K + Commands are in queue for a long time but not being picked up for processing.

  • AMST-23497 : When a zip upload includes a script for detection, the content manifest includes DecompressZip component  for the script as well, despite it not applying. Patch Resolved Issues
  • AAPP-9005: Seed 19.12.1 macOS Intelligent Hub to UEM 1912 console. 

  • AAPP-9016: iOS Credentials Profile fails to install. 

  • AAPP-9029: VPP apps are not being installed for a device that is custom enrolled. 

  • AAPP-9061: Class Sync fails due to SQL timeout. Patch Resolved Issues
  • AGGL-6872 ChromeOS sync process attempts to publish extension to users without email addresses

  • ENRL-1759 User is not created real-time via HUB enrollment as such the enrollment fails Patch Resolved Issues
  • CRSVC-9187: Multi Notifications triggered based on the MDM TOU compliance policy. 

  • CRSVC-9097: Third-Party CA Certificates are cached by device ID for SDK apps that causes issues with CICO. Patch Resolved Issues
  • CMSVC-13017: User attributes fail to update due to SQL Timeout and Multiple Concurrent Calls. Patch Resolved Issue
  • ARES-11560: iOS Outlook ExternalAppAssignment mapping removal does not work as expected. 

  • CRSVC-9633: Manual certificate renewal does not revoke on old certificate. Patch Resolved Issues
  • CRSVC-10020: Device compliance status save sproc fails to save the status due to concurrency ID change. Patch Resolved Issues
  • AAPP-9656: Upgrading to Workspace ONE UEM 1912+ triggers re-install of macOS Certificate profiles. Patch Resolved Issues
  • AAPP-9765: Delete Device does not wipe the device in rare occurrences when device checks in right before the command is issued. Patch Resolved Issues
  • AAPP-10082: APNS for HTTP/2. Patch Resolved Issues
  • AMST-27379: Device enrollment status is stuck in progress. Patch Resolved Issues
  • AGGL-8234: Android Profiles Shows Removed on Enrollment and delay in deploying after enrollment. 

  • AGGL-8235: Compliance Status Not available for AFW devices when there are no compliance policies. Patch Resolved Issue
  • AGGL-8543: Compliance Status remains in 'pending compliance check' status. Patch Resolved Issue
  • AAPP-11206: Device Management profile not getting removed from the device on an enterprise wipe. 

  • AAPP-11219: Wipe deleted devices hitting the Check-in endpoint. Patch Resolved Issues
  • AAPP-11408: iOS devices are checking in continuously while checking for available OS Updates. Patch Resolved Issues
  • CRSVC-18461: Addressing encryption or signing issues on Device Services, leading to device communication failures due to recent changes in the .NET framework released as part of the latest Windows updates. Patch Resolved Issues
  • CRSVC-19543: All certificates are in an unknown state. Patch Resolved Issues
  • ENRL-2770: User input validation and error handling during web enrollment steps

Known Issues

  • AAPP-8725: iOS device details page displays incorrect IMEI report for an iOS multi-SIM device(e-sim). 

     When e-sim is used on iOS devices, the same IMEI number is displayed for both physical sim and e-sim under networks. 

  • AAPP-8554: VPP apps do not get installed on iPods even if the supported devices include the iPhone and iPod touch. 

     Licenses do not associate as expected and the install app command does not queue for iPod models.

  • AGGL-6074​: Device Blacklisting, Whitelisting, and registration with IMEI/Serial Number does not work on Android Q devices in the AE work profile.

    In Android Q, Google has removed the ability for Hub to get the Serial number and IMEI for work profile enrollment until the work profile is created. As a result, any rules set for blacklisting, Whitelisting and Registration are not applied during enrollment.

  • AMST-21542: The compliance policy displays "Not Available" on the device list view for certain users.

    If you use the staging enrollment and do not set the compliance policy, then the compliance policy displays as not available on the device list view page.

    As a workaround, set the compliance policy and the status updates correctly. 

  • AMST-22894 ​: Sensor Trigger Option Shows another Option with Name "Unknown" along with Event and Schedule.

    Sensor Details Option trigger Event displays "Unknown"  in the sensor creation wizard. 

  • AMST-22900​: Custom baseline with added policy goes to compliance "Not Available" status when LGPO is missing.

    If LGPO is missing for custom baseline the compliance will read as not available on the console dashboard

    As a workaround, create a compliance policy and add LGPO.

  • RUGG-7435: Multiple copies of a file are created when files are uploaded via multiple browser tabs.

    Adding files through Devices > Provisioning > Components > Files / Actions in the multiple browser tabs may result in multiple copies of the files being uploaded into the Workspace ONE UEM Console.

    As a workaround, add files through a single browser tab, rather than multiple concurrent browser tabs.

  • PPAT-6208 ​: Tunnel configurations share the same gatewayUID.

    Two Tunnel configurations share the same gatewayUID in a specific scenario. 

  • MACOS-1887: Unable to deploy Intelligent Hub (automatic installation post-enrollment), Bootstrap Packages, and Apple Business Manager (VPP) apps on macOS 11 Big Sur

    The "Require admin password to install or update apps" (restrict-store-require-admin-to-install) key has been deprecated in macOS 10.14. In macOS 11 Big Sur, installing a profile with this key will, unfortunately, cause apps deployed via native MDM commands to fail. 

    As a workaround, clear the setting for "Require admin password to install or update apps" in any macOS Restrictions profile being deployed to a macOS 11+ device.

  • CMCM-188952: The expiry date of a file is always one day more than what's set on the console.

    Set an expiry date for any file in the Managed Content section on the console. Sync the device and check the info of that file. The expiry date of a file is always one day more than what's set on the UEM console. 

    As a workaround, set the date one day prior to your intended expiration date. 

check-circle-line exclamation-circle-line close-line
Scroll to top icon