check-circle-line exclamation-circle-line close-line

VMware Workspace ONE UEM Release Notes provide information on the new features and improvements in each release. This page includes a summary of the new features introduced for 2005 and a list of the resolved issues and known issues.

New Features in this Release

  • We've changed the way enrollment restrictions work for Android 10+ devices.
    When you enroll Android 10 or later devices into Work Profile mode, their enrollment status will be held for an evaluation period until we can collect the IMEI and Serial number. The UEM console lists the device as "Enrollment Pending" until the UEM console confirms if the IMEI or Serial number is whitelisted or blacklisted for enrollment. This ensures that the work data (apps, profiles, etc.) are not sent to an Android 10+ device until Enrollment Restrictions are evaluated. For more information, see Enrollment Restrictions for Android.
  • With the new Auto Select Certificate URLs, you no longer have to select certificates when you access certain websites.
    We’ve updated the Chrome OS Content profile with a new field, Auto Select Certificate URLs, which lets you enter which client certificates should be used to authenticate a specific website or URL. When the end-user attempts to access these sites, they are no longer prompted to select a certificate which they may not know. For more information, see Configure Content Profile (Chrome OS).
  • We've updated the Application Control profile to support additional options for Chrome Extensions.
    We now include support for self-hosted extensions and added the ability for extensions to access user certificates for authentication. For more information, see Configure Application Control Profile (Chrome OS).
  • Deploy the latest iOS 13.4 restrictions.
    You can now restrict access to deprecated TLS versions, shared iPad temporary sessions, iPhone setup from a nearby iPhone, and password requests from a nearby device.
  • Streamline your SSO experience with macOS Identity & Certificate Preferences.
    If you deploy multiple client certificates, your users may be prompted at times to choose which certificate they should use for authentication. With this feature available in macOS User Certificate or SCEP profile payloads, you can define URL(s) which should automatically use this certificate, so that users do not need to select it each time they access the service. For details, see Configure a SCEP/Credentials Profile.
  • Retrieving Intelligent Hub logs for macOS just got easier.
    You can now remotely request Intelligent Hub log retrieval from macOS devices for troubleshooting from Device Details. If you are facing elevated privacy policies, this feature includes an optional setting to prompt the end-user for approval before collecting and transmitting the logs. This feature requires Workspace ONE Intelligent Hub 20.05. For details, see Request Device Log .
  • Deploy the latest macOS restrictions.
    You can now restrict access to deprecated TLS versions on macOS 10.15.4+ and also restrict password requests from a nearby device on macOS 10.14+.
  • Revoke your licenses automatically when you remove an Apple Business Manager iOS app.
    Apple Business Manager licenses for iOS apps that have been allocated but manually removed by the user will be automatically revoked and available for distribution. For details, see Revoke Licenses From Uninstalled Applications.
  • We let you enter your own application version for Windows SFD applications.
    You can now edit the actual application version and the version field for SFD applications of type EXE and Zip. This new feature is applicable only when you upload a new EXE or Zip file. For all the existing applications, you can add a new application version, and the version field appears as read only for the newer version you add. For details, see Configure Win32 Files for Software Distribution.
  • Re-establish communication between Windows 10 devices and the Workspace ONE Intelligent Hub for Windows.
    Certain events can cause communication problems like HMAC errors and failed upgrades of the Workspace ONE Intelligent Hub for Windows. You can fix these communication problems with the new Repair Hub action on the Device Details page of Windows 10 Devices. You can also use this action to re-install the Hub. Find this setting in Devices > List View > select the Windows Desktop Device > More Actions > Admin > Repair Hub. For details, see Windows Desktop Device Details Page.
  • We've made changes to User Certificate Credential Source behavior for SDK-built apps.
    When users are configured to receive SMIME certificates along with their other custom SDK configurations but they don't have an associated SMIME certificate, the system no longer stops other custom SDK configurations from processing. Find Certificates for the custom SDK profile in Groups & Settings > All Settings > Apps > Settings and Policies > Profiles > Add > SDK Profile > Credentials Payload.
  • Android Enterprise devices now support SCEP generation of Tunnel Client certificates with key length 4096 when using the AW (Default) Certificate Authority.
    To send a Tunnel client certificate for Android Enterprise devices via SCEP, re-save your Tunnel configuration. If you are using Workspace ONE Intelligent Hub v20.04 or later, all new certificates generated will use SCEP with the increased key length. There is no immediate impact on the devices with existing profiles.

Resolved Issues

The resolved issues are grouped as follows.

2005 Resolved Issues
  • AAPP-8368: Cannot save the macOS Energy Saver profile with the value set to 0. 

  • AAPP-8775: Device Friendly name is not updated on the device when user attributes are edited in Active Directory.

  • AAPP-9329: Supervised iOS Devices Remain in 'Wipe Initiated" Enrollment Status After Rejecting Break MDM Command from Wipe Log.

  • AAPP-9280: Home Screen Layout payload displays undefined instead of the actual apps when saved and re-opened.

  • AAPP-9378: Certain VPP book contains two types of PricingParam causing license association issue.

  • AAPP-9382: Make MDM Managed not prompting VPP Apps installed before the assignment.

  • AAPP-9425: Unable to delete Apple fonts due to pending commands. 

  • AAPP-9442: The UEM console only shows 1 sim for iOS devices with multi-SIM (e-sim).

  • AAPP-9552: iOS Managed Settings (Bluetooth) Not Enforced on First Enrollment via DEP. 

  • AAPP-9553: Add functionality to send basic configuration (server URL) every time the managed app config is updated for public apps.

  • AAPP-9563: Profiles with NitroTouchdown payload is not loaded because Nitro is deprecated.

  • AAPP-9610: Delete Device does not wipe the device in rare occurrences when device checks in right before the command is issued

  • AAPP-9620: macOS Encryption Profile can no longer access the encryption section.

  • AAPP-9629: Home screen layout XML is malformed if more than 10 folders are added to a page. 

  • AAPP-9662: Unable to access iOS profiles that have an incorrect iOS certificate, payload group.

  • AAPP-9701: VPP assignment page says too many licenses are allocated even though there are not.

  • AAPP-9927: IPA processor throws an exception when you upload an internal app with multiple info.plists or with embedded mobile provision profile.

  • AAPP-9715: iPhone incorrectly shows Do Not Disturb when Find My iPhone is enabled on the device. 

  • AGGL-4634: With enrollment restriction policy selected to blacklist Android devices based on Manufacturer and Model set to "Is NOT" a specific model like "galaxy tab 4", enrollment of all android devices are blocked irrespective of model or manufacturer. 

  • AGGL-6074: Device blacklisting using IMEI does not work for AE on Android Q.

  • AGGL-6562: Sample History for devices is not deleted intermittently due to timeouts in the operation

  • AGGL-6593: Chrome OS User Network Profile with Uploaded Certs incorrectly displayed as SCEP on UEM Console

  • AGGL-6750: Apps that are not in the whitelist fails to auto-install.

  • AGGL-6908: Chrome OS profile save fails during the publishing of the EAP-TLS network profile when no root certificate has been uploaded.

  • AGGL-7175: Intelligent Hub Services unified catalog enabled but no catalog seen on COPE devices.

  • AGGL-7234: Unable to edit or view the Android restriction policy created from the blueprint.

  • AGGL-7266: Update to managed app config for Android apps are not pushed to the devices. 

  • AGGL-7313: We are able to add the Gmail application as a widget even after disabling the " Allow work widgets to be added to personal home screen" in the restriction profile.

  • AGGL-7314: Internal application upload for Android fails due to reference resolution issues.

  • AGGL-7481: AllowedAccounts parameter missing in XML when AllowGooglePlay for WorkProfile is disabled.

  • AMST-16588: DCM and app-deployment agent removal commands are queued when user switch happens from staging to check-out user.

  • AMST-22936: Internal apps for Windows Desktop are not removed when moving devices to another Organization Group, which does not have that app assigned to it.

  • AMST-24461: Unable to remove the Proxy management of Windows 10 devices.

  • AMST-24841: The stored procedure is causing customer servers to experience slow response times when using the UEM console. 

  • AMST-25948: Compliance Status stays in pending status on the console for Windows 10 devices.

  • AMST-26096: DB upgrade fails due to redundant data

  • AMST-26151: Windows Updates profile Active Hours settings are not matching device settings.

  • AMST-26286: Internal App version does not get updated in the UEM console after the App Version update. 

  • AMST-26585: LocationGroup Cleanup failure. 

  • ARES-11668: Intelligent Hub App catalog fails to load metadata for apps that are outside the US App Store since the countryside was hardcoded. 

  • ARES-11896: App Details View > Applications hyperlink does not open the Applications Menu. 

  • ARES-11903: Unable to assign the internal application to the Android VPN profile on App Assignment Screen.

  • ARES-11906: Parallel OGs Product Application gets removal command when app sync is called. 

  • ARES-12027: Workspace one catalog on the device does not show the correct version of the installed app since app details stored in the cache were not updated.

  • ARES-12117: The device profile list view fails to load the profile status information. 

  • ARES-12188: Application Details by Device report fails when the application filter contains two records with the same AppIdentifier. 

  • CMCM-188415: Exporting from Content List View fails. 

  • CMCM-188477: Unable to remove the expiration date from admin configured repositories.

  • CMEM-185709: ActiveSync Events from Classic SEG are not processed, and MEM Device ListView not updated.

  • CMEM-185760: Exchange Connectivity fails in Powershell Configuration when special characters are present in Service Account Credentials.

  • CMEM-185828: Intermittent failures with PS - Sync Mailboxes and Run Compliance actions​.

  • CMSVC-10951: LDAP server is unable to process Null attributes while searching for directory users. 

  • CMSVC-11046: User groups are not deleted even after assignments are removed.

  • CMSVC-11057: Users with partially enrolled devices cannot be deleted using delete user API. 

  • CMSVC-13362: User details get double encrypted during parallel enrollment for the same user

  • CMSVC-13373: User group sync does not work as expected when the DNS SRV is used with multiple domains. 

  • CMSVC-13404: User group provisioning/de-provisioning through the AirWatch Provisioning app fails. 

  • CRSVC-9464: Syslog returns /n character which can be interpreted by syslogs as a line break causing duplicate timestamps. 

  • CRSVC-10076: Unable to access intelligence from UEM due to certificate cache issue. 

  • CMSVC-10950: Directory service stops working when DNS SRV enables after server upgraded. 

  • CRSVC-10442: Device communication over the secure channel was failing due to the certificate cache issue.

  • ENRL-1700: Devices List page and Device Details page shows different labels (UEM Managed and MDM) for MDM Managed devices.

  • FCA-192295: The highlighted text in the search filter (Device List View) does not retain focus if the mouse hovers to the export button.

  • FCA-192304: Device location details is always shown in English for Non-English locales in the device details section of SSP.

  • FCA-192369: Delete device list shows only 166 devices for bulk delete even if the selected device count is more than that.

  • FCA-192407: Hovering over the export button in the device list view automatically expands the drop-down. 

  • FCA-192511: Device list view search does not accept inputs with space.

  • FCA-192775: Apply button introduced in 2001 UEM console shows a blue color for text and cannot be managed from the branding settings.

  • FCA-192807: REST API for devices search by alternate identifier fails with Internal Server Error. 

  • FCA-192875: "Terms of use Acceptance Detail" report does not include devices/users from child OG's. 

  • FCA-192885: Device Delete on the UEM Console does not update Intelligence correctly causing a mismatch between UEM and Intelligence device lists. 

  • FCA-192304: Different device locations are seen on console(Japanese language) and SSP (English Language).

  • FCA-192921: Unable to send push notification to iOS Hub when Hub services are configured. 

  • FCA-193111: Unused development files are disclosed in the admin console portal. 

  • INTEL-14877: Windows Device Name inconsistently getting reported in Intelligence even though in UEM console.

  • PPAT-7040: Compliance Engine sends ComplianceChange notification, even if there is no change to the Compliance status of the device. 

  • PPAT-7132: DTR UI does not list tunnel whitelisted apps for different platforms when they have common bundle-id for different platforms.

  • RUGG-7717: Violation of Primary Key Constraint during DeviceCapability save. 

  • RUGG-7820: RSCC (Relay Server Cloud Connector) is slow at picking up content service item commands, after editing a file action that was part of a product. 

  • RUGG-7786: The device is not going to the compliant state even though the Job sample is received as completed. 

  • RUGG-7967: Manually seeded launcher APK via seed script goes missing in the DB after a day. 

  • SINST-175587: Since older certs are not cleared on ACC uninstall, new certs are skipped during re-install causing ACC to use incorrect certs.

20.5.0.1 Patch Resolved Issues
  • ARES-12940 Android Profiles are not removed on OG changes. 

  • ARES-12957:  Assignment Status is shown as 'Unchanged' even for the removed devices. 

  • CRSVC-11607: CertificateDeviceDetail_GetAllCertificatesEligibleForRevoke timeouts across Shared SaaS. 

Known Issues

The known issues are grouped as follows.

Console
  • FCA-193187​: Inconsistent functioning of feature Change Organization Group. 

    If the device does not qualify for the organization group change, then the admin does not get any notification regarding this in the change Organization group action.

    As a workaround, admin can see the device movement failure status in the console event log.

  • FCA-193042 ​: Running an API call to send emails for the enrolled devices does not work as expected. 

    If the API (/mdm/devices/{id}/messages/email) is used to sent mail then the mail body gets delivered in a single line.

    As a workaround, use the UI device email feature in the UEM console. 

  • FCA-192974​: Unable to push the optional profile from SSP.

    From the SSP portal if the user tries to push the optional profile in bulk then he/she will get unauthorized access error pop up. 

    As a workaround, admin can push profiles from UEM console, or Users can individually push profiles from SSP. 

Apple
  • AAPP-9927: IPA processor throws exception when you upload internal applications. 

    iOS internal applications with multiple files embedded inside the IPA file will fail to upload to the Workspace ONE UEM console.

  • AAPP-9797 ​: Privacy web clip and Legacy catalog fail to install on custom enrolled DEP iPad's on iPadOS 13+ into Workspace ONE UEM console.

    Privacy and legacy app catalog web clips do not install on DEP custom enrolled iPadOS devices in Workspace ONE UEM console.

  • AAPP-9787 ​: Unable to access or change the new section under the hub services from Workspace ONE Access console.

    Unable to access or change the new section under the hub services from Workspace ONE Access console when multiple versions of the same app exist within an OG structure.

  • MACOS-61​: App inventory reports incorrectly for a few applications.

    For some of the apps received as part of the sample from the device, the app inventory details are not shown correctly. The main reason for this is app-identifiers and few details are coming as empty. 

  • AAPP-10007​: Device Details View Books Tab does not load when more than one purchased book is assigned to an iOS device. 

    When more than one purchased book is assigned to an iOS device, the Device Details View in the Books Tab fails to load. 

Content Management
  • CMCM-188496​: Unable to edit file attributes from the console.

    Unable to edit and save synced file attributes for the Admin repository on the console. 

    As a workaround, the file attributes can be edited directly from the repository. 

  • CMCM-188497​: The Content gateway checkbox is not ticked by default for automatic repositories when NFS/CMIS repository is configured.

    The Content gateway checkbox is not enabled by default for automatic repositories when NFS/CMIS repository is configured.

    As a workaround, manually check the required CG Box. 

Windows
  • AMST-25507 ​: Change Organization Group fails when the enrollment user is not global. 

    Changing Organization Group using Bulk change operation causes spinner to keep spinning when changing from one group to another if the enrollment user is not at the global level.

  • AMST-22108​: PPKG enrollment experience takes longer time than usual

    When creating a PPKG file a Workgroup character limit should be set at 15. If you do, then the PPKG file will not apply correctly, and will not apply a workgroup name at all upon first open of the device, and will cause the process to take several additional minutes before booting into Windows.

    As a workaround, make sure that the Workgroup name is under 15 characters.

  • AMST-26916 ​: OEM and device models display incorrectly. 

    When creating a smart group, we have an option to select the OEM's and Models for Windows Desktop platforms. But the models are listed under OEM's and vice-versa.

    As a workaround, creating a subsequent device sample for the enrolled device reports correctly.