VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features introduced for 2005 and a list of the resolved issues and known issues.

When can I expect the latest version?

We strive to deliver high-quality products, and to ensure quality and seamless transitions, we roll out our products in phases. Each rollout may take up to four weeks to accomplish and is delivered in the following phases:

  • Phase 1: Demo and UATs
  • Phase 2: Shared SaaS environments
  • Phase 3: Dedicated latest environments

Once our phased rollout is complete, we will announce general availability for on-premises and managed hosted customers. For more information, see the KB article

New Features in this Release



  • We've changed the way enrollment restrictions work for Android 10+ devices.
    When you enroll Android 10 or later devices into Work Profile mode, their enrollment status will be held for an evaluation period until we can collect the IMEI and Serial number. The UEM console lists the device as "Enrollment Pending" until the UEM console confirms if the IMEI or Serial number is whitelisted or blacklisted for enrollment. This ensures that the work data (apps, profiles, etc.) are not sent to an Android 10+ device until Enrollment Restrictions are evaluated. For more information, see Enrollment Restrictions for Android.

Chrome OS

  • With the new Auto Select Certificate URLs, you no longer have to select certificates when you access certain websites.
    We’ve updated the Chrome OS Content profile with a new field, Auto Select Certificate URLs, which lets you enter which client certificates should be used to authenticate a specific website or URL. When the end-user attempts to access these sites, they are no longer prompted to select a certificate which they may not know. For more information, see Configure Content Profile (Chrome OS).
  • We've updated the Application Control profile to support additional options for Chrome Extensions.
    We now include support for self-hosted extensions and added the ability for extensions to access user certificates for authentication. For more information, see Configure Application Control Profile (Chrome OS).


  • Deploy the latest iOS 13.4 restrictions.
    You can now restrict access to deprecated TLS versions, shared iPad temporary sessions, iPhone setup from a nearby iPhone, and password requests from a nearby device.


  • Streamline your SSO experience with macOS Identity & Certificate Preferences.
    If you deploy multiple client certificates, your users may be prompted at times to choose which certificate they should use for authentication. With this feature available in macOS User Certificate or SCEP profile payloads, you can define URL(s) which should automatically use this certificate, so that users do not need to select it each time they access the service. For details, see Configure a SCEP/Credentials Profile.
  • Retrieving Intelligent Hub logs for macOS just got easier.
    You can now remotely request Intelligent Hub log retrieval from macOS devices for troubleshooting from Device Details. If you are facing elevated privacy policies, this feature includes an optional setting to prompt the end-user for approval before collecting and transmitting the logs. This feature requires Workspace ONE Intelligent Hub 20.05. For details, see Request Device Log .
  • Deploy the latest macOS restrictions.
    You can now restrict access to deprecated TLS versions on macOS 10.15.4+ and also restrict password requests from a nearby device on macOS 10.14+.

Apple Business Manager

  • Revoke your licenses automatically when you remove an Apple Business Manager iOS app.
    Apple Business Manager licenses for iOS apps that have been allocated but manually removed by the user will be automatically revoked and available for distribution. For details, see Revoke Licenses From Uninstalled Applications.


  • We let you enter your own application version for Windows SFD applications.
    You can now edit the actual application version and the version field for SFD applications of type EXE and Zip. This new feature is applicable only when you upload a new EXE or Zip file. For all the existing applications, you can add a new application version, and the version field appears as read only for the newer version you add. For details, see Configure Win32 Files for Software Distribution.
  • Re-establish communication between Windows 10 devices and the Workspace ONE Intelligent Hub for Windows.
    Certain events can cause communication problems like HMAC errors and failed upgrades of the Workspace ONE Intelligent Hub for Windows. You can fix these communication problems with the new Repair Hub action on the Device Details page of Windows 10 Devices. You can also use this action to re-install the Hub. Find this setting in Devices > List View > select the Windows Desktop Device > More Actions > Admin > Repair Hub. For details, see Windows Desktop Device Details Page.


  • We've made changes to User Certificate Credential Source behavior for SDK-built apps.
    When users are configured to receive SMIME certificates along with their other custom SDK configurations but they don't have an associated SMIME certificate, the system no longer stops other custom SDK configurations from processing. Find Certificates for the custom SDK profile in Groups & Settings > All Settings > Apps > Settings and Policies > Profiles > Add > SDK Profile > Credentials Payload.


  • Android Enterprise devices now support SCEP generation of Tunnel Client certificates with key length 4096 when using the AW (Default) Certificate Authority.
    To send a Tunnel client certificate for Android Enterprise devices via SCEP, re-save your Tunnel configuration. If you are using Workspace ONE Intelligent Hub v20.04 or later, all new certificates generated will use SCEP with the increased key length. There is no immediate impact on the devices with existing profiles.

Resolved Issues

The resolved issues are grouped as follows.

2005 Resolved Issues
  • AAPP-8775: Device Friendly name is not updated on the device when user attributes are edited in Active Directory.

  • AAPP-9280: Home Screen Layout payload displays undefined instead of the actual apps when saved and re-opened.

  • AAPP-9329: Supervised iOS Devices Remain in 'Wipe Initiated" Enrollment Status After Rejecting Break MDM Command from Wipe Log.

  • AAPP-9378: Certain VPP book contains two types of PricingParam causing license association issue.

  • AAPP-9442: The UEM console only shows 1 sim for iOS devices with multi-SIM (e-sim).

  • AAPP-9552: iOS Managed Settings (Bluetooth) Not Enforced on First Enrollment via DEP. 

  • AAPP-9553: Add functionality to send basic configuration (server URL) every time the managed app config is updated for public apps.

  • AAPP-9563: Profiles with NitroTouchdown payload is not loaded because Nitro is deprecated.

  • AAPP-9629: Home screen layout XML is malformed if more than 10 folders are added to a page. 

  • AAPP-9662: Unable to access iOS profiles that have an incorrect iOS certificate, payload group.

  • AAPP-9701: VPP assignment page says too many licenses are allocated even though there are not.

  • AAPP-9715: iPhone incorrectly shows Do Not Disturb when Find My iPhone is enabled on the device. 

  • AAPP-9798: Unable to assign apps when any device in the smart group are in "WipeInitiated" status.

  • AAPP-9927: IPA processor throws an exception when you upload an internal app with multiple info.plists or with embedded mobile provision profile.

  • AAPP-10017: IPA processor throws an exception when you upload an internal app with multiple info.plists or with embedded mobile provision profile. 

  • AAPP-10022: OS versions are deleted upon Console upgrade. 

  • AGGL-4634: With enrollment restriction policy selected to blacklist Android devices based on Manufacturer and Model set to "Is NOT" a specific model like "galaxy tab 4", enrollment of all android devices are blocked irrespective of model or manufacturer. 

  • AGGL-6074: Device blacklisting using IMEI does not work for AE on Android Q.

  • AGGL-6562: Sample History for devices is not deleted intermittently due to timeouts in the operation

  • AGGL-6593: Chrome OS User Network Profile with Uploaded Certs incorrectly displayed as SCEP on UEM Console

  • AGGL-6750: Apps that are not in the whitelist fails to auto-install.

  • AGGL-6908: Chrome OS profile save fails during the publishing of the EAP-TLS network profile when no root certificate has been uploaded.

  • AGGL-7175: Intelligent Hub Services unified catalog enabled but no catalog seen on COPE devices.

  • AGGL-7234: Unable to edit or view the Android restriction policy created from the blueprint.

  • AGGL-7266: Update to managed app config for Android apps are not pushed to the devices. 

  • AGGL-7313: We are able to add the Gmail application as a widget even after disabling the " Allow work widgets to be added to personal home screen" in the restriction profile.

  • AGGL-7314: Internal application upload for Android fails due to reference resolution issues.

  • AGGL-7481: AllowedAccounts parameter missing in XML when AllowGooglePlay for WorkProfile is disabled.

  • AGGL-7535: Compliance Status Not available for Android For Work devices when there are no compliance policies.

  • AGGL-7536: Check-in/Check-out API call does not take action on devices.

  • AMST-22936: Internal apps for Windows Desktop are not removed when moving devices to another Organization Group, which does not have that app assigned to it.

  • AMST-24841: The stored procedure is causing customer servers to experience slow response times when using the UEM console. 

  • AMST-25948: Compliance Status stays in pending status on the console for Windows 10 devices.

  • AMST-26096: DB upgrade fails due to redundant data

  • AMST-26151: Windows Updates profile Active Hours settings are not matching device settings.

  • AMST-26439: Error encountered on the dependency app details page.

  • AMST-26585: LocationGroup Cleanup failure. 

  • ARES-11668: Intelligent Hub App catalog fails to load metadata for apps that are outside the US App Store since the countryside was hardcoded. 

  • ARES-11896: App Details View > Applications hyperlink does not open the Applications Menu. 

  • ARES-12002: Assignment Status is shown as 'Unchanged' even for the removed devices. 

  • ARES-12027: Workspace one catalog on the device does not show the correct version of the installed app since app details stored in the cache were not updated.

  • ARES-12117: The device profile list view fails to load the profile status information. 

  • ARES-12188: Application Details by Device report fails when the application filter contains two records with the same AppIdentifier. 

  • ARES-12210: Custom SDK Profile proxy setting for Vmware Tunnel payload does not match with Default SDK proxy settings for VMware Tunnel payload.

  • ARES-12710: Profile removal commands are not generated correctly when devices are moved between different OGs where profiles are assigned to OG-based smart groups. 

  • ARES-12733: Editing a User-Based Smart Group Assigned to an Inactive Profile sets the Profile Active Again

  • CMCM-188415: Exporting from Content List View fails. 

  • CMCM-188477: Unable to remove the expiration date from admin configured repositories.

  • CMCM-188525: Bulk Delete Content API does not function as expected. 

  • CMCM-188539: Delete Sproc consumes high CPU memory. 

  • CMEM-185709: ActiveSync Events from Classic SEG are not processed, and MEM Device ListView not updated.

  • CMEM-185760: Exchange Connectivity fails in Powershell Configuration when special characters are present in Service Account Credentials.

  • CMEM-185787: ArgumentException is thrown when trying to get the device model in multiple SaaS environments. 

  • CMEM-185828: Intermittent failures with PS - Sync Mailboxes and Run Compliance actions​.

  • CMSVC-10950: Directory service stops working when DNS SRV enables after server upgraded. 

  • CMSVC-10951: LDAP server is unable to process Null attributes while searching for directory users. 

  • CMSVC-11046: User groups are not deleted even after assignments are removed.

  • CMSVC-11057: Users with partially enrolled devices cannot be deleted using delete user API. 

  • CMSVC-13362: User details get double encrypted during parallel enrollment for the same user

  • CMSVC-13373: User group sync does not work as expected when the DNS SRV is used with multiple domains. 

  • CMSVC-13592: Automation jobs fails to patch a set of application servers. 

  • CRSVC-9464: Syslog returns /n character which can be interpreted by syslogs as a line break causing duplicate timestamps. 

  • CRSVC-10076: Unable to access intelligence from UEM due to certificate cache issue. 

  • CRSVC-10442: Device communication over the secure channel was failing due to the certificate cache issue.

  • CRSVC-11528: CertificateDeviceDetail_GetAllCertificatesEligibleForRevoke timeouts across Shared SaaS. 

  • CRSVC-11914: Unable to load Device Details pages in Console. 

  • ENRL-1700: Devices List page and Device Details page shows different labels (UEM Managed and MDM) for MDM Managed devices.

  • FCA-192295: The highlighted text in the search filter (Device List View) does not retain focus if the mouse hovers to the export button.

  • FCA-192304: Device location details is always shown in English for Non-English locales in the device details section of SSP.

  • FCA-192369: Delete device list shows only 166 devices for bulk delete even if the selected device count is more than that.

  • FCA-192407: Hovering over the export button in the device list view automatically expands the drop-down. 

  • FCA-192511: Device list view search does not accept inputs with space.

  • FCA-192775: Apply button introduced in 2001 UEM console shows a blue color for text and cannot be managed from the branding settings.

  • FCA-192807: REST API for devices search by alternate identifier fails with Internal Server Error. 

  • FCA-192875: "Terms of use Acceptance Detail" report does not include devices/users from child OG's. 

  • FCA-192921: Unable to send push notification to iOS Hub when Hub services are configured. 

  • FCA-193111: Unused development files are disclosed in the admin console portal. 

  • INTEL-14877: Windows Device Name inconsistently getting reported in Intelligence even though in UEM console.

  • INTEL-18567: Airwatch user snapshot table does not have all the users. 

  • MACOS-637: Cannot save the macOS Energy Saver profile with the value set to 0.

  • PPAT-7040: Compliance Engine sends ComplianceChange notification, even if there is no change to the Compliance status of the device. 

  • PPAT-7132: DTR UI does not list tunnel whitelisted apps for different platforms when they have common bundle-id for different platforms.

  • RUGG-7717: Violation of Primary Key Constraint during DeviceCapability save. 

  • RUGG-7786: The device is not going to the compliant state even though the Job sample is received as completed. 

  • RUGG-7820: RSCC (Relay Server Cloud Connector) is slow at picking up content service item commands, after editing a file action that was part of a product. 

  • RUGG-7967: Manually seeded launcher APK via seed script goes missing in the DB after a day. 

  • SINST-175587: Since older certs are not cleared on ACC uninstall, new certs are skipped during re-install causing ACC to use incorrect certs. Patch Resolved Issues
  • ARES-12940 Android Profiles are not removed on OG changes. 

  • ARES-12957:  Assignment Status is shown as 'Unchanged' even for the removed devices. 

  • CRSVC-11607: CertificateDeviceDetail_GetAllCertificatesEligibleForRevoke timeouts across Shared SaaS. Patch Resolved Issues
  • AAPP-10134: OS versions are deleted upon Console upgrade. 

  • AGGL-7722: Switch on the feature flag AndroidEnterpriseTunnelScepSupportFeatureFlag. 

  • CMCM-188538: AirWatch.MobileAccessGateway.RepositoryService.WebRequestHelper.MakeWebRequest Exceptions in Kibana. 

  • CMCM-188556: Folder_Delete Sproc consuming high CPU. 

  • CRSVC-11728:  HostValidation throws error 421 for valid DS requests. 

  • FCA-193373: Intelligence option under Monitor is not available post-upgrade to 2005. Patch Resolved Issues
  • CRSVC-11916: Unable to load Device Details pages in the UEM console. Patch Resolved Issues
  • AAPP-10198: Privacy webclip and Legacy catalog are not installing on custom DEP enrolled iPads. 

  • AMST-27375: Device enrollment status is stuck in progress.

  • RUGG-8394: When you upgrade UEM console from 1907 to 2005 console, the CloudRelay server option is not shown. Patch Resolved Issues
  • AGGL-7838 Google auto-update policy appear inconsistent for some devices. 

  • RUGG-8438: Force reprocess does not work as expected. Patch Resolved Issues
  • FCA-193527 Incorrect Admin account information displayed in the console events for Change OG event. Patch Resolved Issues
  • CRSVC-12385: Cache key prefix mismatch between CN and DS nodes post urgent patches.

  • CRSVC-12421 : Extend UDID hash validation in Beacon Payload to account for UDIDs in lower case. Patch Resolved Issues
  • PPAT-7433: Blocking calls in tunnel client causing deadlocks. Patch Resolved Issues
  • AMST-27700: Push notifications messages backing up for windows devices on publishing. 

  • ARES-13196: App Status endpoint returns incorrect shared device status for a single staging user. 

  • ARES-13275: Smart Group assignments are not reflecting the updates made to the smart group. 

  • ARES-13339: Editing boxer app assignment with certificate-based authentication on the console is not saving the authentication subform hidden fields due to which boxer a​uthentication is failing on the device.

  • ARES-13340: Device summary record (Assigned, Not installed, and Installed) is not retrieving the list of devices for which profile is published with multiple configurations in a payload. 

  • CRSVC-12329: Event notifications do not send the Authorization header when sending the post commands. 

  • INTEL-21540: Long-running queries from ETL services. 

  • MACOS-1304: Managed Admin section not visible on the device details security page. Patch Resolved Issues
  • CRSVC-12615: Generic SCEP template missing the renewal checkbox. Patch Resolved Issues
  • CMSVC-13890: Open LDAP integration unable to bring in users/groups. 

  • RUGG-8616: DevicePolicyCompliance_RetrieveDeviceComplianceByDeviceID SP is taking more than 1min, which is causing high waits on DB server. 

  • RUGG-8653: Change Temp Tables to Table Variable in PolicyProductListSample_save. Patch Resolved Issues
  • ARES-13951: Sproc - interrogator.SelectiveApplicationList_Save_V2 causes high CPU load in DB Server. 

  • CRSVC-12994: Replace temp table to table variable in device state sproc. 

  • CRSVC-12996: Timeout in deviceState.GpsLogSample_Load stored procedure.

  • RUGG-8691: Not able to edit profile/FA if linked to staging profile at lower OG. Patch Resolved Issues
  • ARES-13964 Multiple entries created for an app in IAL table causing data discrepancies in Intelligence.

  • ARES-14030: Boxer configuration not landing on the devices due to a Red exclamation on Email settings Payload. 

  • RUGG-8732: Save failed when adding a second device token with the same device information under Device Lifecycle.

  • SINST-175722: Cloud connector service fails to start post-upgrade to 2006. Patch Resolved Issues
  • AGGL-8187: Saving Hub settings appear to be clearing the Knox license key.

  • AMST-28356: Navigate to Device>Device updates. The page takes time to load and errors out in "Something unexpected happened. If the issue persists, please contact your IT administrator.

  • ARES-13962: Optimize SQL Procedures. 

  • CRSVC-13317: In the compliance policy action tab, profile list dropdown for Block/Remove Profile action will not populate with exiting profiles if added multiple times. 

  • INTEL-22390: ETL Initial export took 8 hours to complete in the performance environment. SPs DeviceInventory_InitialExport and WindowsPatch_InitialExport took a lot of time to execute.

  • RUGG-8731: Stored Procedures either timing out or consuming more time during 10 products publish to 500K devices. Patch Resolved Issues
  • ARES-14156: Parent SDK profile is not pushed to the device when moved from child to parent OG. Patch Resolved Issues
  • AGGL-8210 When publishing a public app from Parent OG, it picks the child OG's assignment by default. A smart group of Parent OG is not listing.

  • AMST-28550: Azure AD user search error logs do not have sufficient context.

  • ARES-14193: Unable to log in to the catalog even when you provide valid credentials.

  • CRSVC-13797: Remove unnecessary header ContentLength and padded characters in response. 

  • FCA-194211: Internet Explorer shows duplicate options in Devices List View page.

  • INTEL-22086: It was noticed that delete events are being sent by the ETL process for personal applications even when there is a corresponding record for it in the interrogator.applicationlist table with IsInstalled = 1. Patch Resolved Issues
  • ARES-14194: Improve App Search API response. 

  • RUGG-8840: Optimal handling of delete content service items from the Relay server cloud connector. 

  • RUGG-8841: Duplicate Content Content Service Items(CSIs) getting created for the same product that is published. 

  • RUGG-8869: Begininstall change breaks uploadChunk flow. Patch Resolved Issues
  • AGGL-8324: Stored procedure interrogator.SaveTransactionInformation is called more than 100 times a second and also has a huge difference between working time and elapsed time. 

  • AMST-28727: Check in with No alerts are treated as Unknown check-in mode User level commands

  • AMST-28809: Windows Update tab missing from the device details page. 

  • AMST-28824: Improve logging around Certificate Revocation.

  • ARES-14394: VPN profiles in the assignment page does not display the OG name. 

  • ARES-14396: SmartGroup_LoadPreviewDeltaForFlexibleDeployment should consider OS version instead of DeviceOperatingSystemID. 

  • ARES-14446: Assignments are getting removed if Save is clicked before loading the assignment.

  • CMSVC-14023: Device user info API returning encrypted values when encryption enabled. Patch Resolved Issues
  • AGGL-8390: EnhancedWorkProfile Android work enrollment mode returned during new enrollments. 

  • ARES-14461: Unable to disable app tunnel proxy in the custom SDK Profile under proxy settings.

  • ARES-14539: When publishing Android Internal App, the Preview Devices page shows PO devices. 

  • FCA-194463: High Latency during console UI load (Dashboards, List Views) post-upgrade to UEM console 2005. Patch Resolved Issues
  • ARES-14675: Proxy values re-appear even after removing them.

  • FCA-194630: The performance of the Stored Procedure needs to be improved to reduce the time taken and CPU pressure on the database server. Patch Resolved Issue
  • AGGL-8546: Android improves logging in SafetyNet attestation for troubleshooting. Patch Resolved Issues
  • AAPP-10937: iOS devices are checking in continuously while checking for available OS updates. Patch Resolved Issues
  • AAPP-11149: Update the API GET : "/api/mam/apps/purchased/search/?locationgroupid={groupId}&pagesize={pagesize}" to return the OG name. 

  • CMSVC-14300: Show Correct Error Message upon Smart Group Preview Failure.

  • CMSVC-14302: Duplicate key issue in the Preview sproc smartGroup.SmartGroup_LoadDevicesByCriteria. Patch Resolved Issues
  • AAPP-11202: Device Management profile not getting removed from the device on an enterprise wipe. 

  • AAPP-11215: Wipe deleted devices hitting the Check-in endpoint. 

  • ARES-16459: Update UEM API to Include OG Name in Response.

  • FCA-195180: Firefox and Chrome browsers become unresponsive when the admin selects all the devices from the device list view page. Patch Resolved Issues
  • AAPP-11311: Additional logging and lock changes for messaging service for APNSOutboundQueue backup. Patch Resolved Issues
  • AGGL-9173: Performance improvements to smartGroup.AppsForAndroidWorkAppPublishAffectedSmartGroups_Load. 

  • ARES-16948: Unable to publish application due to 'deviceApplication.SyncDevicesForPublicAndPurchasedApp' timing out. Patch Resolved Issues
  • PPAT-8344: DTR is missing when the customer upgraded the environment from 2003 (or above) to the latest console. 

  • ARES-16937: Android Default Settings Profile is not getting pushed to the devices when Hub is added as an internal app in the OG hierarchy. 

  • MACOS-1800: Find My Mac PIN is not being sent with an EraseDevice command. Patch Resolved Issue
  • ARES-17079: Installation Status for assigned Internal App for Android Legacy says Not Installed on the console even when the app is installed on the device.

  • AGGL-9295: Bulk delete did not honor configured bulk limit due to Android Management filter. 

  • AGGL-9329: Compliance Status remains in 'pending compliance check'. 

  • AGGL-9331: Android Profiles Showing Removed on Enrollment and delay in deploying after enrollment. 

  • AGGL-9333: Android Devices stuck in "NotAvailable" compliance status when Device Events are handled out of order. Patch Resolved Issues
  • ATL-5607: Timestamp missing from older patches causing signing checks to fail. Patch Resolved Issues
  • CMSVC-14591: UserGroup Sync is taking a long time to sync users and groups from AD - DB.

  • CMSVC-14592: UserGroup sync failing with SQL Time-out.

  • FCA-195544: Reduce extra calls from the smart group component. Patch Resolved Issues
  • AGGL-9465: Safetynet Attestation for All Android work managed and cope showing with a yellow triangle and scan is invalid. On mouse over the icon, shows "Last successful scan: No Previous Scan Data”. 

  • RUGG-9531: CSI items not being processed /product delivery halted. Patch Resolved Issues
  • CRSVC-18274: Addressing encryption/signing issues on Device Services, leading to device communication failures due to recent changes in .NET framework released as part of latest Windows updates. Patch Resolved Issues
  • CMSVC-14687: Make timeout for user list search customizable. Patch Resolved Issues
  • AAPP-11790: Intelligent Hub deployed via VPP is not auto-installing on DEP enrolled Devices. 

  • CRSVC-19539: All certificates are in an unknown state. Patch Resolved Issues
  • ENRL-2736; Update the Operation value in dbo.DeviceAudit table. 

  • ENRL-2766: User input validation and error handling during web enrollment steps. Patch Resolved Issues
  • ARES-18456: Unable to upload app config xml for app assignments. Patch Resolved Issues
  • ARES-18725: SQL Exceptions - Execution Timeout Expired. Patch Resolved Issues
  • AAPP-12412: iOS WiFi profile generates a blank key for TLSTrustedServerNames.

  • AGGL-10394: Android Legacy Profiles are being added to Work Profile devices. Patch Resolved Issues
  • AAPP-12516: When you push a configuration profile, it will generate a unique PayloadIdentifier.

Known Issues

The known issues are grouped as follows.

  • FCA-193187​: Inconsistent functioning of feature Change Organization Group. 

    If the device does not qualify for the organization group change, then the admin does not get any notification regarding this in the change Organization group action.

    As a workaround, admin can see the device movement failure status in the console event log.

  • FCA-193042 ​: Running an API call to send emails for the enrolled devices does not work as expected. 

    If the API (/mdm/devices/{id}/messages/email) is used to sent mail then the mail body gets delivered in a single line.

    As a workaround, use the UI device email feature in the UEM console. 

  • AAPP-9797 ​: Privacy web clip and Legacy catalog fail to install on custom enrolled DEP iPad's on iPadOS 13+ into Workspace ONE UEM console.

    Privacy and legacy app catalog web clips do not install on DEP custom enrolled iPadOS devices in Workspace ONE UEM console.

  • AAPP-9787 ​: Unable to access or change the new section under the hub services from Workspace ONE Access console.

    Unable to access or change the new section under the hub services from Workspace ONE Access console when multiple versions of the same app exist within an OG structure.

  • MACOS-61​: App inventory reports incorrectly for a few applications.

    For some of the apps received as part of the sample from the device, the app inventory details are not shown correctly. The main reason for this is app-identifiers and few details are coming as empty. 

  • AAPP-10007​: Device Details View Books Tab does not load when more than one purchased book is assigned to an iOS device. 

    When more than one purchased book is assigned to an iOS device, the Device Details View in the Books Tab fails to load. 

  • MACOS-1887: Unable to deploy Intelligent Hub (automatic installation post-enrollment), Bootstrap Packages, and Apple Business Manager (VPP) apps on macOS 11 Big Sur

    The "Require admin password to install or update apps" (restrict-store-require-admin-to-install) key has been deprecated in macOS 10.14. In macOS 11 Big Sur, installing a profile with this key will, unfortunately, cause apps deployed via native MDM commands to fail. 

    As a workaround, clear the setting for "Require admin password to install or update apps" in any macOS Restrictions profile being deployed to a macOS 11+ device.

Application Management
  • ARES-18677: Customers using the Boxer application are unable to receive certificates for Authentication or SMIME, especially if the devices did not already have these certificates prior to the upgrade.

    iOS or Android devices using Boxer with certificates are impacted by this issue. Devices that did not have the authentication or SMIME certificates installed prior to the upgrade do not receive any newly added or updated certificates. This issue only impacts newly enrolled devices, whereas existing devices with certificates installed are not impacted.

Content Management
  • CMCM-188496​: Unable to edit file attributes from the console.

    Unable to edit and save synced file attributes for the Admin repository on the console. 

    As a workaround, the file attributes can be edited directly from the repository. 

  • CMCM-188497​: The Content gateway checkbox is not ticked by default for automatic repositories when NFS/CMIS repository is configured.

    The Content gateway checkbox is not enabled by default for automatic repositories when NFS/CMIS repository is configured.

    As a workaround, manually check the required CG Box. 

  • CMCM-188954: SQL timeout while trying to edit & save assignment for content. 

    Unable to save content repository details within the console. When saving repository details the message "Save Failed: Execution Timeout Expired. The timeout period elapses prior to completion of the operation or the serve is not responding." is displayed.

  • CMCM-188952: The expiry date of a file is always one day more than what's set on the console.

    Set an expiry date for any file in the Managed Content section on the console. Sync the device and check the info of that file. The expiry date of a file is always one day more than what's set on the UEM console. 

    As a workaround, set the date one day prior to your intended expiration date. 

  • AMST-25507 ​: Change Organization Group fails when the enrollment user is not global. 

    Changing Organization Group using Bulk change operation causes spinner to keep spinning when changing from one group to another if the enrollment user is not at the global level.

  • AMST-32922: Windows Desktop App added via BSP is failing to install on the device.

    The issue arises when BSP apps are imported for Windows Phone and the same app is supported on the Windows Desktop platform and admin imports for Windows Desktop. In such a case, the BSP app installation on Windows Desktop fails.

  • AMST-22108​: PPKG enrollment experience takes longer time than usual

    When creating a PPKG file a Workgroup character limit should be set at 15. If you do, then the PPKG file will not apply correctly, and will not apply a workgroup name at all upon first open of the device, and will cause the process to take several additional minutes before booting into Windows.

    As a workaround, make sure that the Workgroup name is under 15 characters.

  • AMST-26916 ​: OEM and device models display incorrectly. 

    When creating a smart group, we have an option to select the OEM's and Models for Windows Desktop platforms. But the models are listed under OEM's and vice-versa.

    As a workaround, creating a subsequent device sample for the enrolled device reports correctly.


check-circle-line exclamation-circle-line close-line
Scroll to top icon