VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features introduced for 2004, a list of our resolved issues and known issues.

When can I expect the latest version?

We strive to deliver high-quality products, and to ensure quality and seamless transitions, we roll out our products in phases. Each rollout may take up to four weeks to accomplish and is delivered in the following phases:

  • Phase 1: Demo and UATs
  • Phase 2: Shared SaaS environments
  • Phase 3: Dedicated latest environments

This version is only available to our SaaS customers on the Latest mode. The features and improvements incorporated in this version will be available to our on-premises or managed hosted customers with the next on-premises release. For more information, see the KB article

New Features in this Release


  • Control how widgets work in a Work Profile.
    The Allow apps to utilize widgets in the Work Profile restriction controls whether users can use widgets from apps added to your work profile. When enabled, you can add public app widgets. For more information, see Configuring Restrictions for Android Device with Workspace ONE UEM.
  • Apply custom filters to know how your devices are enrolled in Workspace ONE UEM.
    We've added a custom filter to the List View that quickly lets you view how your devices are being managed. The new Custom View column indicates if the device is Android (Legacy), Work Profile, COPE, and/or Work Managed. For more information, see Android Device Management.

Chrome OS

  • Want to document why a Chromebook is being enterprise wiped? Now you can.
    When you enterprise wipe a Chromebook device, a new option displays that lets you select if you are wiping the device for replacement or deprecated device. For more information, see Device Management Commands for Chrome OS Devices.


  • Dell Provisioning for VMware Workspace ONE got a new name. It's now called Factory Provisioning.
    We've updated the name of Dell Provisioning for VMware Workspace ONE to Factory Provisioning. The functionality remains the same. For more information, see Factory Provisioning.
  • We've updated the Antivirus profile for Windows Desktop.
    The Antivirus profile that works with your Windows Defender Antivirus system now includes more options. Set levels for Cloud Protection, identify potentially unwanted applications, enable tamper protection, and prompt for user consent. Find the Antivirus profile for Windows Desktop in the console at Devices > Profiles > List View. See Configure an Antivirus Profile (Windows Desktop) for details.
  • Defer your application installation during app assignment.
    You can now defer app installation during the app assignment. You can make these changes while adding app assignments and policies to your Win32 Applications. For more information, see Add Assignments and App Policies to your Win32 Applications.
    Note: App deferrals is a tech preview feature and may not be available in all environments. Consider limiting your use of this feature for testing purposes only. App deferrals must not be used in a production environment. Features are not final and are subject to change at any time.


  • We've made a few improvements to product provisioning deactivation.
    If you find yourself in a situation where you must cancel an ongoing product provisioning deployment (due to provisioning misuse or an issue with the product content), you can use the improved deactivation flow. In addition to clearing the device command queue, cancelling the in-progress jobs and clearing commands from content service table, the new deactivate flow checks whether the product is active before processing and deletes content items from the content service table.

App Management

  • App assignment has a fresh new look.
    Check out the new assignment experience for all your apps with complete API support. We've streamlined how our app configuration works with Smart Groups. For more information, see Add Assignments and Exclusions to your Applications.
  • Configuring Workspace ONE Boxer just got easier.
    Common configurations supported by Workspace ONE Boxer can now be configured from the Apps & Books section. You can also configure Boxer for internal app deployments. For more information, see Assign and Configure Workspace ONE Boxer.
  • Configure Notebook application from the Apps & Books section.
    Configure your Workspace ONE Notebook app for both managed and unmanaged devices using the app assignment in the Apps & Books section. This new feature is available if you are using Notebook version 1.4 or later. For more information, see Assign and Configure Workspace ONE Notebook.

Content Management

  • View the exact count of Smartfolio users who acknowledged your document.
    Smartfolio users can now acknowledge the documents that you assign to them as required content. On the Workspace ONE UEM console, you can view these acknowledgments in the Content List View and the Device Details pages. For more information, see Acknowledgement in Smartfolio.

Resolved Issues

The resolved issues are grouped as follows.

2004 Resolved Issues
  • AAPP-6539: When working with the Purchased App screen on a windowed browser, the buttons to affect updates are being hidden behind other UI elements.

  • AAPP-9135: Unable to publish the macOS Custom Settings profile.

  • AAPP-9344: Renewing VPP token can take a long time when sufficient users exist.

  • AAPP-9366: SyncDevicesForPublicAndPurchasedApp Timeouts in Multiple SaaS Environments. 

  • AAPP-9382: Make MDM Managed fails to prompt VPP Applications that are installed before the app assignment.

  • AAPP-9425: Unable to delete Apple fonts due to pending commands.

  • AAPP-9463: VPP App Publish fails when the device included in two assigned SGs.

  • AAPP-9601: When legacy catalog publishing is enabled on the console, it doesn't deploy on the device that was enrolled prior to this change unless we query the device.

  • AGGL-6822: If the cloud profile.UserPolicyAssignmentMap rows exist, and if the OG is deleted, the procedure falls into an infinite loop because the DELETE statement does not match the WHILE EXISTS statement.

  • AGGL-6903: AndroidWorkAffectedSmartGroupsExternalAppMap is not displayed after correcting the applicationsource of AE apps.

  • AGGL-6906: ChromeOS | User-based profiles do not update the assignment count.

  • AGGL-6945: Enabling/disabling Intelligent Hub Catalog does not work as expected.

  • AGGL-7272: Unable to view the complete tooltip message for AppConfig UI in Android apps.

  • AGGL-7136: Unable to uninstall public applications via REST API on COPE enrolled devices.

  • AMST-19845: FPS Tool throws XML error when the staging password has ampersand.

  • AMST-23730: Console org delete fails if the OG contains an internal Win10 app with Kiosk data row.

  • AMST-24461: Unable to remove the Proxy management of Windows 10 devices.

  • ARES-5415: Batch Status radio buttons under Devices> Profiles & Resources are not selectable.

  • ARES-9667: When an admin user does not have Edit Application Publish role, the Assignment tab of internal apps is not displayed even if the admin has the other roles. 

  • ARES-11178: Quotes in custom attributes are not resolved and hence app install command is not getting queued to devices.

  • ARES-11220: "Device Not Found" status filter is displayed in the Status History page.

  • ARES-11262: Device count is mismatched so unable to send push notification to devices with a status of Not Installed, from the apps and books screen for all the applications through "Send Message to All"

  • ARES-11414: UI Issue on the Files tab when adding/editing iOS internal app on IE Browser.

  • ARES-11424: Incorrect temp table 'PrevExcludedDevices' is dropped twice.

  • ARES-11449: Certain app installations command processor fails to generate the payload. 

  • ARES-11509: AppID configured in "Restrict documents to be opened in the following apps" option in custom SDK profile does not show up in view XML.

  • ARES-11747: The Assignment name is not displayed in the Device Details View.

  • ARES-11906: Parallel OGs Product Application gets the removal command when app sync is called. 

  • CMCM-188226: Changing the link for OneDrive repository does not change the drive linked to users.

  • CMCM-188436: The customer is unable to re-save content auto template repositories. 

  • CMSVC-10267: When adding admin there is an unnecessary "Passcode" column in the Roles tab.

  • CMSVC-12900: Devices link in Users Details View is incorrect when the user is created on parent OG.

  • CMSVC-13024: Sorting option is not passed to the user search request.

  • CMSVC-13160: POST API call takes around 4 to 5 minutes to complete.

  • CRSVC-7719: Unable to select restrictions profile in iOS compliance policy when 1000 characters limit exceeds.

  • CRSVC-9519: Compliance policy that is used to Remove/Block specific profiles fails to remove profiles.

  • CRSVC-9618: Unable to remove OG without manually purging the PolicyUserGroup rows.

  • CRSVC-8531: Device/Console events do not show 'Date/Time' the correct timezone when both 'Time Zone' and 'Locale' in 'Account Settings' are modified at the same time.

  • CRSVC-8778: Asymmetric encryption key files are never deleted, filling up disk space.

  • CRSVC-6300: Device compliance status says "Compliant" for MDM managed unenrolled devices.

  • CRSVC-9420: First UDP Syslog messages are dropped by Winsock.

  • FCA-192519: CISCO API is unable to look up a device based on the LAN MAC Address.

  • FCA-192316: HTML Title and breadcrumb changes when opening a new tab using the keyboard shortcut on Mac devices.

  • FCA-192317: The session state value (4 hours) overrides all other session-based configurations. 

  • FCA-192507: Entering The security PIN for deleting and deactivating the app does not work as expected while using the Safari browser.

  • INTEL-15990: The App Name for purchased apps are shown as blank in the Intelligence Apps Report.

  • FCA-192747: The Terms of Use settings page found at Settings > Devices & Users > General > Enrollment is no longer loading. We are getting "an error has occurred" page. Patch Resolved Issues
  • AMST-26287: Internal App version is not getting updated on Console after the App Version update.

  • CMSVC-13415: User group provisioning/de-provisioning through the AirWatch Provisioning app fails. 

  • FCA-192957: Device Delete on UEM Console does not update Intelligence correctly causing a mismatch between UEM and Intelligence device lists. Patch Resolved Issues
  • AAPP-9732: Delete Device does not wipe the device in rare occurrences when device checks in right before the command is issued. 

  • CMSVC-13447: Rule engine compilation failing for invalid SG criteria. Patch Resolved Issues
  • AAPP-9875: Not able to assign apps with devices in status "WipeInitiated" exists. 

  • AAPP-9892: Remove a modal window from Enabling Activation Lock menu. 

  • AAPP-9916: VPP assignment page incorrectly displays too many licenses are allocated even though there are not too many licenses. 

  • AGGL-7610: Allowed Accounts restriction does not work as expected. 

  • MACOS-1167: Expiration time is missing in the request made to retrieve the CDN URL in the macOS app cast endpoint. Patch Resolved Issue
  •  CMEM-185819: ArgumentException is thrown when trying to get the device model in multiple SaaS environments. 

  • CMSVC-13593: DLL installer fails on application servers. 

  • ENRL-1927: Feature Flag Cleanup. Patch Resolved Issues
  • AMST-26921: Seed Workspace ONE Intelligent Hub Release agent in Release 20.04. Patch Resolved Issues
  • AGGL-7688: Workspace ONE UEM API call gives 500 internal server error in the Sandbox.

  • AMST-26951: Compliance Status stays in pending status in the UEM console for Windows 10 devices. 

  • PPAT-7156: DTR UI does not list tunnel whitelisted apps for different platforms when they have common bundle-id for different platforms. 

  • RUGG-8154: High memory usage in PE box caused by Policy engine windows service. Patch Resolved Issues
  • AMST-27154: DCM and app-deployment agent removal commands are queued when user switch happens from staging to check-out users.

  • CRSVC-11608: CertificateDeviceDetail_GetAllCertificatesEligibleForRevoke timeouts across Shared SaaS. 

  • RUGG-8279: Adding a new app to the Launcher profile causes other app placeholder icons to disappear. Patch Resolved Issues
  • AAPP-10135: OS versions are deleted upon console upgrade. 

  • AMST-27376: Device enrollment status is stuck in progress. Patch Resolved Issues
  • ARES-13197: App Status endpoint returns incorrect shared device status for single user staging.

  • CMCM-188417: EnterpriseContent.ContentMap_ListUpdates Timeout issue. 

  • CRSVC-12330: Event notifications do not send the Authorization header when sending the post commands. Patch Resolved Issues
  • RUGG-8733: Save failed when adding a second device token with the same device information under Device Lifecycle. Patch Resolved Issues
  • AMST-29168: Check in with No alerts are treated as Unknown check-in mode Processing User level commands. Patch Resolved Issues
  • AAPP-10938: iOS devices are checking in continuously while checking for available OS Updates.

  • ARES-14941: Installation Status for assigned Internal App for Android Legacy says Not Installed on the console even when the app is installed on the device. Patch Resolved Issues
  • AAPP-11189: IPA processor throws an exception when you upload an internal app with multiple info.plists or with embedded mobileprovision profile. Patch Resolved Issues
  • AAPP-11203: Device Management profile not getting removed from the device on an enterprise wipe. 

  • AAPP-11216: Wipe deleted devices hitting the Check-in endpoint. Patch Resolved Issues
  • PPAT-8345: DTR is missing when the customer upgraded the environment from 2003 (or above) to the latest console. Patch Resolved Issues
  • ATL-5608: Timestamp missing from older patches causing signing checks to fail. Patch Resolved Issues
  • CRSVC-18459: Addressing encryption/signing issues on Device Services, leading to device communication failures due to recent changes in .NET framework released as part of latest Windows updates. Patch Resolved Issues
  • CRSVC-19540: All certificates issued to a device by some CAs are in an unknown state. Patch Resolved Issues
  • ENRL-2767: User input validation and error handling during web enrollment steps. 

Known Issues

The known issues are grouped as follows.

  • FCA-192807: REST API for devices search by Serial number as alternate identifier fails with Internal Server Error.

    When a device has more than one mail clients configured, and the device information is not cached, then the API for Device Search fails with Internal Server Error. The issue is with a stored procedure which fails to handle duplicate device Ids passed as parameter.

    As a workaround chose a different API endpoint that uses a different lookup key such as LocationGroupID/Platform/Ownership/last seen, and so on. and add a trap to the current code to recognize the error code 1000 / HTTP 500 on the first attempt and retry. 

  • AGGL-7175: Previously enabled COPE devices do not see the new Hub catalog after enabling hub services.

    If a device is already enrolled in COPE mode and the hub services is enabled after that, the device shows the old catalog instead of the new Hub catalog.

  • AGGL-7235​: Allow install from Unknown Sources setting in restriction profile does not work when deployed from AirWatch Express.

    Allow install from Unknown Sources setting was changed in UEM to an integer from Bool but AW express has old code due to which the devices will fail to apply these changes when deployed through AirWatch express.

  • AAPP-9629​: The iOS home screen layout profile xml may be malformed when more than 10 folders are added on a single page.

    While creating a Home Screen Layout profile, if more than 10 folders are added within a single page, the resulting XML is incorrectly generated.

    As a workaround, create and upload Profile XML manually created into Workspace ONE UEM.

  • AAPP-9610​: Intermittently, an Enterprise wipe command does not work as expected. 

    Enterprise wipe command is not queued when an iOS device is deleted from the device list view or device details view.

    As a workaround, you can manually remove the MDM profile must from the device.

  • AAPP-9563​: iOS profiles with the NitroTouchdown payload configuration fail to load. 

    iOS profiles with the NitroTouchdown payload configured will not load on the UI since this profile payload was deprecated.

  • AAPP-9552​: iOS Managed Settings (Bluetooth) Not Enforced on First Enrollment via DEP

    The Bluetooth managed setting is not being honored as 'OFF' on initial DEP enrollment, but instead is being toggled 'ON'. Subsequent device enrollments correctly work and Bluetooth is toggled OFF appropriately on the next enrollment.

    As a workaround, toggle Bluetooth managed setting as Off after enrollment

  • AAPP-9329​: The device enrollment status could remain stuck as wipe initiated if the Managed Device Wipe Protection threshold has been reached and the wipe is rejected in the Wipe Log for an iOS device.

    The device enrollment status on the Enrollment Status page could persist as 'Wipe Initiated' if the Managed Device Wipe Protection threshold has been reached and the wipe is rejected in the Wipe Log for an iOS device

  • AMST-24862 ​: App installation deferral does not work as expected.

    If the end-user logs out of their account before interacting with the prompt the deferral is ignored and app installation proceeds automatically.

  • AMST-25948: Compliance is not evaluated on enrollment on some devices. 

    After enrollment for certain devices, the compliance stays pending on the device. 

  • AMST-22936​: Apps are not removed when moving device to other OGs.

    Apps for Windows Desktop are not removed when moving devices to another Organization Group, which does not have that app assigned to it.

Content Management
  • CMCM-188395​: Unable to download admin content.

    Unable to download admin content using parent OG admin account.

    Using an account created at a lower OG to download content. 

  • CMCM-188952: The expiry date of a file is always one day more than what's set on the console.

    Set an expiry date for any file in the Managed Content section on the console. Sync the device and check the info of that file. The expiry date of a file is always one day more than what's set on the UEM console. 

    As a workaround, set the date one day prior to your intended expiration date. 

  • RUGG-7786 ​: The device is not going to a compliant state even though Job sample is received as completed. 

    The device is not going to a compliant state even though Job sample is received as completed. The issue happens with a timing issue, where there is a delay in receiving the samples. 

    Reprocess the device or product so that the device is put into PE for a compliance evaluation.

  • MACOS-1887: Unable to deploy Intelligent Hub (automatic installation post-enrollment), Bootstrap Packages, and Apple Business Manager (VPP) apps on macOS 11 Big Sur

    The "Require admin password to install or update apps" (restrict-store-require-admin-to-install) key has been deprecated in macOS 10.14. In macOS 11 Big Sur, installing a profile with this key will, unfortunately, cause apps deployed via native MDM commands to fail. 

    As a workaround, clear the setting for "Require admin password to install or update apps" in any macOS Restrictions profile being deployed to a macOS 11+ device.

Application Management
  • ARES-18677: Customers using the Boxer application are unable to receive certificates for Authentication or SMIME, especially if the devices did not already have these certificates prior to the upgrade.

    iOS or Android devices using Boxer with certificates are impacted by this issue. Devices that did not have the authentication or SMIME certificates installed prior to the upgrade do not receive any newly added or updated certificates. This issue only impacts newly enrolled devices, whereas existing devices with certificates installed are not impacted.

check-circle-line exclamation-circle-line close-line
Scroll to top icon